rpms/selinux-policy/devel policy-20070703.patch, 1.78, 1.79 selinux-policy.spec, 1.537, 1.538
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Mon Oct 1 21:20:50 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19554
Modified Files:
policy-20070703.patch selinux-policy.spec
Log Message:
* Mon Oct 1 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-16
- Fix exim policy
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20070703.patch,v
retrieving revision 1.78
retrieving revision 1.79
diff -u -r1.78 -r1.79
--- policy-20070703.patch 1 Oct 2007 17:03:12 -0000 1.78
+++ policy-20070703.patch 1 Oct 2007 21:20:16 -0000 1.79
@@ -5854,8 +5854,8 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.fc serefpolicy-3.0.8/policy/modules/services/exim.fc
--- nsaserefpolicy/policy/modules/services/exim.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.8/policy/modules/services/exim.fc 2007-09-29 08:32:19.000000000 -0400
-@@ -0,0 +1,17 @@
++++ serefpolicy-3.0.8/policy/modules/services/exim.fc 2007-10-01 15:30:10.000000000 -0400
+@@ -0,0 +1,16 @@
+# $Id$
+# Draft SELinux refpolicy module for the Exim MTA
+#
@@ -5865,7 +5865,6 @@
+/var/run/exim4?(/.*)? gen_context(system_u:object_r:exim_var_run_t,s0)
+/var/log/exim4?(/.*)? gen_context(system_u:object_r:exim_log_t,s0)
+/usr/sbin/exim4? gen_context(system_u:object_r:exim_exec_t,s0)
-+/usr/sbin/eximstats gen_context(system_u:object_r:exim_stats_exec_t, s0)
+ifdef(`distro_debian', `
+/usr/sbin/update-exim4\.conf gen_context(system_u:object_r:exim_conf_update_exec_t,s0)
+# work around a misparse if the word template appears without adjustment
@@ -8771,7 +8770,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.0.8/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/samba.te 2007-09-25 17:09:36.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/samba.te 2007-10-01 16:00:57.000000000 -0400
@@ -137,6 +137,11 @@
type winbind_var_run_t;
files_pid_file(winbind_var_run_t)
@@ -9133,7 +9132,7 @@
')
########################################
-@@ -828,3 +837,36 @@
+@@ -828,3 +837,37 @@
domtrans_pattern(smbd_t, samba_unconfined_script_exec_t, samba_unconfined_script_t)
')
')
@@ -9161,6 +9160,7 @@
+samba_read_winbind_pid(smbcontrol_t)
+
+allow smbcontrol_t smbd_t:process signal;
++domain_use_interactive_fds(smbcontrol_t)
+allow smbd_t smbcontrol_t:process { signal signull };
+
+allow nmbd_t smbcontrol_t:process signal;
@@ -10348,7 +10348,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.0.8/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2007-08-22 07:14:07.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/xserver.te 2007-09-26 09:40:50.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/xserver.te 2007-10-01 15:49:15.000000000 -0400
@@ -16,6 +16,13 @@
## <desc>
@@ -10363,6 +10363,15 @@
## Allow xdm logins as sysadm
## </p>
## </desc>
+@@ -96,7 +103,7 @@
+ #
+
+ allow xdm_t self:capability { setgid setuid sys_resource kill sys_tty_config mknod chown dac_override dac_read_search fowner fsetid ipc_owner sys_nice sys_rawio net_bind_service };
+-allow xdm_t self:process { setexec setpgid getsched setsched setrlimit signal_perms setkeycreate };
++allow xdm_t self:process { setexec setpgid getsched ptrace setsched setrlimit signal_perms setkeycreate };
+ allow xdm_t self:fifo_file rw_fifo_file_perms;
+ allow xdm_t self:shm create_shm_perms;
+ allow xdm_t self:sem create_sem_perms;
@@ -132,15 +139,20 @@
manage_fifo_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
manage_sock_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.537
retrieving revision 1.538
diff -u -r1.537 -r1.538
--- selinux-policy.spec 1 Oct 2007 17:03:12 -0000 1.537
+++ selinux-policy.spec 1 Oct 2007 21:20:16 -0000 1.538
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.8
-Release: 15%{?dist}
+Release: 16%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -365,6 +365,9 @@
%endif
%changelog
+* Mon Oct 1 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-16
+- Fix exim policy
+
* Thu Sep 24 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-15
- Allow tmpreadper to read man_t
- Allow racoon to bind to all nodes
More information about the fedora-extras-commits
mailing list