rpms/selinux-policy/devel policy-20070703.patch, 1.78, 1.79 selinux-policy.spec, 1.537, 1.538

[Daniel J Walsh (dwalsh)]

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19554

Modified Files:
	policy-20070703.patch selinux-policy.spec 
Log Message:
* Mon Oct 1 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-16
- Fix exim policy


policy-20070703.patch:

Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20070703.patch,v
retrieving revision 1.78
retrieving revision 1.79
diff -u -r1.78 -r1.79
--- policy-20070703.patch	1 Oct 2007 17:03:12 -0000	1.78
+++ policy-20070703.patch	1 Oct 2007 21:20:16 -0000	1.79
@@ -5854,8 +5854,8 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.fc serefpolicy-3.0.8/policy/modules/services/exim.fc
 --- nsaserefpolicy/policy/modules/services/exim.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.8/policy/modules/services/exim.fc	2007-09-29 08:32:19.000000000 -0400
-@@ -0,0 +1,17 @@
++++ serefpolicy-3.0.8/policy/modules/services/exim.fc	2007-10-01 15:30:10.000000000 -0400
+@@ -0,0 +1,16 @@
 +# $Id$
 +# Draft SELinux refpolicy module for the Exim MTA
 +# 
@@ -5865,7 +5865,6 @@
 +/var/run/exim4?(/.*)?     gen_context(system_u:object_r:exim_var_run_t,s0)
 +/var/log/exim4?(/.*)?     gen_context(system_u:object_r:exim_log_t,s0)
 +/usr/sbin/exim4?          gen_context(system_u:object_r:exim_exec_t,s0)
-+/usr/sbin/eximstats       gen_context(system_u:object_r:exim_stats_exec_t, s0)
 +ifdef(`distro_debian', `
 +/usr/sbin/update-exim4\.conf    gen_context(system_u:object_r:exim_conf_update_exec_t,s0)
 +# work around a misparse if the word template appears without adjustment
@@ -8771,7 +8770,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.0.8/policy/modules/services/samba.te
 --- nsaserefpolicy/policy/modules/services/samba.te	2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/samba.te	2007-09-25 17:09:36.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/samba.te	2007-10-01 16:00:57.000000000 -0400
 @@ -137,6 +137,11 @@
  type winbind_var_run_t;
  files_pid_file(winbind_var_run_t)
@@ -9133,7 +9132,7 @@
  ')
  
  ########################################
-@@ -828,3 +837,36 @@
+@@ -828,3 +837,37 @@
  		domtrans_pattern(smbd_t, samba_unconfined_script_exec_t, samba_unconfined_script_t)
  	')
  ')
@@ -9161,6 +9160,7 @@
 +samba_read_winbind_pid(smbcontrol_t)
 +
 +allow smbcontrol_t smbd_t:process signal;
++domain_use_interactive_fds(smbcontrol_t)
 +allow smbd_t smbcontrol_t:process { signal signull };
 +
 +allow nmbd_t smbcontrol_t:process signal;
@@ -10348,7 +10348,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.0.8/policy/modules/services/xserver.te
 --- nsaserefpolicy/policy/modules/services/xserver.te	2007-08-22 07:14:07.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/xserver.te	2007-09-26 09:40:50.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/xserver.te	2007-10-01 15:49:15.000000000 -0400
 @@ -16,6 +16,13 @@
  
  ## <desc>
@@ -10363,6 +10363,15 @@
  ## Allow xdm logins as sysadm
  ## </p>
  ## </desc>
+@@ -96,7 +103,7 @@
+ #
+ 
+ allow xdm_t self:capability { setgid setuid sys_resource kill sys_tty_config mknod chown dac_override dac_read_search fowner fsetid ipc_owner sys_nice sys_rawio net_bind_service };
+-allow xdm_t self:process { setexec setpgid getsched setsched setrlimit signal_perms setkeycreate };
++allow xdm_t self:process { setexec setpgid getsched ptrace setsched setrlimit signal_perms setkeycreate };
+ allow xdm_t self:fifo_file rw_fifo_file_perms;
+ allow xdm_t self:shm create_shm_perms;
+ allow xdm_t self:sem create_sem_perms;
 @@ -132,15 +139,20 @@
  manage_fifo_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
  manage_sock_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.537
retrieving revision 1.538
diff -u -r1.537 -r1.538
--- selinux-policy.spec	1 Oct 2007 17:03:12 -0000	1.537
+++ selinux-policy.spec	1 Oct 2007 21:20:16 -0000	1.538
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.0.8
-Release: 15%{?dist}
+Release: 16%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -365,6 +365,9 @@
 %endif
 
 %changelog
+* Mon Oct 1 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-16
+- Fix exim policy
+
 * Thu Sep 24 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-15
 - Allow tmpreadper to read man_t
 - Allow racoon to bind to all nodes