rpms/selinux-policy/F-7 policy-20070501.patch, 1.63, 1.64 selinux-policy.spec, 1.498, 1.499
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Tue Oct 9 20:57:03 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12006
Modified Files:
policy-20070501.patch selinux-policy.spec
Log Message:
* Mon Oct 8 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-48
- Allow rsync to backup all files on a system via a boolean
policy-20070501.patch:
Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.63
retrieving revision 1.64
diff -u -r1.63 -r1.64
--- policy-20070501.patch 6 Oct 2007 13:01:10 -0000 1.63
+++ policy-20070501.patch 9 Oct 2007 20:56:30 -0000 1.64
@@ -186,21 +186,87 @@
logging_log_file(acct_data_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc serefpolicy-2.6.4/policy/modules/admin/alsa.fc
--- nsaserefpolicy/policy/modules/admin/alsa.fc 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/alsa.fc 2007-10-02 11:59:34.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/alsa.fc 2007-10-09 16:20:44.000000000 -0400
@@ -1,4 +1,9 @@
/etc/alsa/pcm(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0)
-+/etc/alsa/asound\.state -- gen_context(system_u:object_r:alsa_etc_rw_t,s0)
++/etc/alsa/asound\.state -- gen_context(system_u:object_r:alsa_etc_rw_t,s0)
+/etc/asound(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0)
+/etc/asound\.state -- gen_context(system_u:object_r:alsa_etc_rw_t,s0)
/usr/bin/ainit -- gen_context(system_u:object_r:alsa_exec_t,s0)
+/sbin/alsactl -- gen_context(system_u:object_r:alsa_exec_t,s0)
+/sbin/salsa -- gen_context(system_u:object_r:alsa_exec_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.if serefpolicy-2.6.4/policy/modules/admin/alsa.if
+--- nsaserefpolicy/policy/modules/admin/alsa.if 2007-05-07 14:51:04.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/alsa.if 2007-10-09 16:21:00.000000000 -0400
+@@ -74,3 +74,39 @@
+ read_files_pattern($1,alsa_etc_rw_t,alsa_etc_rw_t)
+ read_lnk_files_pattern($1,alsa_etc_rw_t,alsa_etc_rw_t)
+ ')
++
++########################################
++## <summary>
++## search alsa lib config files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`alsa_search_lib',`
++ gen_require(`
++ type alsa_var_lib_t;
++ ')
++
++ allow $1 alsa_var_lib_t:dir search_dir_perms;
++')
++
++########################################
++## <summary>
++## Read alsa lib config files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`alsa_read_lib',`
++ gen_require(`
++ type alsa_var_lib_t;
++ ')
++
++ read_files_pattern($1,alsa_var_lib_t,alsa_var_lib_t)
++')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-2.6.4/policy/modules/admin/alsa.te
--- nsaserefpolicy/policy/modules/admin/alsa.te 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/alsa.te 2007-08-07 09:42:34.000000000 -0400
-@@ -20,20 +20,24 @@
++++ serefpolicy-2.6.4/policy/modules/admin/alsa.te 2007-10-09 16:22:07.000000000 -0400
+@@ -1,5 +1,5 @@
+
+-policy_module(alsa,1.1.0)
++policy_module(alsa,1.1.1)
+
+ ########################################
+ #
+@@ -8,32 +8,44 @@
+
+ type alsa_t;
+ type alsa_exec_t;
+-domain_type(alsa_t)
+-domain_entry_file(alsa_t, alsa_exec_t)
++init_system_domain(alsa_t, alsa_exec_t)
+ role system_r types alsa_t;
+
+ type alsa_etc_rw_t;
+ files_type(alsa_etc_rw_t)
+
++type alsa_var_lib_t;
++files_type(alsa_var_lib_t)
++
+ ########################################
+ #
# Local policy
#
@@ -219,20 +285,27 @@
manage_files_pattern(alsa_t,alsa_etc_rw_t,alsa_etc_rw_t)
manage_lnk_files_pattern(alsa_t,alsa_etc_rw_t,alsa_etc_rw_t)
++files_search_var_lib(alsa_t)
++manage_dirs_pattern(alsa_t,alsa_var_lib_t,alsa_var_lib_t)
++manage_files_pattern(alsa_t,alsa_var_lib_t,alsa_var_lib_t)
++
+files_search_home(alsa_t)
files_read_etc_files(alsa_t)
-term_use_generic_ptys(alsa_t)
-term_dontaudit_use_unallocated_ttys(alsa_t)
++init_dontaudit_use_fds(alsa_t)
++
+kernel_read_system_state(alsa_t)
libs_use_ld_so(alsa_t)
libs_use_shared_libs(alsa_t)
-@@ -44,7 +48,17 @@
+@@ -44,7 +56,17 @@
userdom_manage_unpriv_user_semaphores(alsa_t)
userdom_manage_unpriv_user_shared_mem(alsa_t)
+userdom_search_generic_user_home_dirs(alsa_t)
++userdom_dontaudit_search_sysadm_home_dirs(alsa_t)
+
+term_use_generic_ptys(alsa_t)
+term_dontaudit_use_unallocated_ttys(alsa_t)
@@ -245,7 +318,6 @@
+ hal_use_fds(alsa_t)
+ hal_write_log(alsa_t)
+')
-+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.if serefpolicy-2.6.4/policy/modules/admin/amanda.if
--- nsaserefpolicy/policy/modules/admin/amanda.if 2007-05-07 14:51:04.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/admin/amanda.if 2007-09-11 09:15:10.000000000 -0400
@@ -5268,7 +5340,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.6.4/policy/modules/services/dovecot.te
--- nsaserefpolicy/policy/modules/services/dovecot.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/dovecot.te 2007-08-14 08:16:15.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/dovecot.te 2007-10-09 10:28:10.000000000 -0400
@@ -15,6 +15,12 @@
domain_entry_file(dovecot_auth_t,dovecot_auth_exec_t)
role system_r types dovecot_auth_t;
@@ -5372,7 +5444,7 @@
files_read_usr_symlinks(dovecot_auth_t)
files_search_tmp(dovecot_auth_t)
files_read_var_lib_files(dovecot_t)
-@@ -190,12 +195,54 @@
+@@ -190,12 +195,58 @@
seutil_dontaudit_search_config(dovecot_auth_t)
@@ -5389,6 +5461,10 @@
+')
+
+optional_policy(`
++ nis_authenticate(dovecot_auth_t)
++')
++
++optional_policy(`
+ postfix_create_pivate_sockets(dovecot_auth_t)
+ postfix_search_spool(dovecot_auth_t)
+')
@@ -6947,7 +7023,7 @@
/usr/sbin/rpc\.ypxfrd -- gen_context(system_u:object_r:ypxfr_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-2.6.4/policy/modules/services/nis.if
--- nsaserefpolicy/policy/modules/services/nis.if 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/nis.if 2007-08-07 09:42:35.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/nis.if 2007-10-09 10:27:32.000000000 -0400
@@ -48,8 +48,8 @@
corenet_udp_bind_all_nodes($1)
corenet_tcp_bind_generic_port($1)
@@ -6959,6 +7035,31 @@
corenet_dontaudit_tcp_bind_all_ports($1)
corenet_dontaudit_udp_bind_all_ports($1)
corenet_tcp_connect_portmap_port($1)
+@@ -243,3 +243,24 @@
+ corecmd_search_bin($1)
+ domtrans_pattern($1,ypxfr_exec_t,ypxfr_t)
+ ')
++
++########################################
++## <summary>
++## Use the ypbind service to access NIS services.
++## </summary>
++## <param name="domain">
++## <summary>
++## The type of the process performing this action.
++## </summary>
++## </param>
++## <rolecap/>
++#
++interface(`nis_authenticate',`
++ tunable_policy(`allow_ypbind',`
++ nis_use_ypbind_uncond($1)
++ # Needs to bind to a port < 1024
++ allow $1 self:capability net_bind_service;
++ corenet_tcp_bind_all_rpc_ports($1)
++ corenet_udp_bind_all_rpc_ports($1)
++ ')
++')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-2.6.4/policy/modules/services/nis.te
--- nsaserefpolicy/policy/modules/services/nis.te 2007-05-07 14:50:57.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/services/nis.te 2007-10-01 16:16:04.000000000 -0400
@@ -7319,8 +7420,8 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.fc serefpolicy-2.6.4/policy/modules/services/openvpn.fc
--- nsaserefpolicy/policy/modules/services/openvpn.fc 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/openvpn.fc 2007-08-07 09:42:35.000000000 -0400
-@@ -11,5 +11,5 @@
++++ serefpolicy-2.6.4/policy/modules/services/openvpn.fc 2007-10-09 16:13:12.000000000 -0400
+@@ -11,5 +11,6 @@
#
# /var
#
@@ -7328,6 +7429,7 @@
-/var/run/openvpn.* -- gen_context(system_u:object_r:openvpn_var_run_t,s0)
+/var/log/openvpn(/.*)? gen_context(system_u:object_r:openvpn_var_log_t,s0)
+/var/run/openvpn(/.*)? gen_context(system_u:object_r:openvpn_var_run_t,s0)
++/var/log/openvpn.*\.log -- gen_context(system_u:object_r:openvpn_var_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.if serefpolicy-2.6.4/policy/modules/services/openvpn.if
--- nsaserefpolicy/policy/modules/services/openvpn.if 2007-05-07 14:51:01.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/services/openvpn.if 2007-08-07 09:42:35.000000000 -0400
@@ -8528,8 +8630,29 @@
-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-2.6.4/policy/modules/services/rsync.te
--- nsaserefpolicy/policy/modules/services/rsync.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/rsync.te 2007-08-07 09:42:35.000000000 -0400
-@@ -17,6 +17,7 @@
++++ serefpolicy-2.6.4/policy/modules/services/rsync.te 2007-10-08 11:45:53.000000000 -0400
+@@ -1,5 +1,5 @@
+
+-policy_module(rsync,1.4.0)
++policy_module(rsync,1.5.0)
+
+ ########################################
+ #
+@@ -8,6 +8,13 @@
+
+ ## <desc>
+ ## <p>
++## Allow rsync export files read only
++## </p>
++## </desc>
++gen_tunable(rsync_export_all_ro,false)
++
++## <desc>
++## <p>
+ ## Allow rsync to modify public files
+ ## used for public file transfer services.
+ ## </p>
+@@ -17,6 +24,7 @@
type rsync_t;
type rsync_exec_t;
init_daemon_domain(rsync_t,rsync_exec_t)
@@ -8537,6 +8660,46 @@
role system_r types rsync_t;
type rsync_data_t;
+@@ -57,11 +65,14 @@
+ manage_files_pattern(rsync_t,rsync_var_run_t,rsync_var_run_t)
+ files_pid_filetrans(rsync_t,rsync_var_run_t,file)
+
++auth_use_nsswitch(rsync_t)
++
+ kernel_read_kernel_sysctls(rsync_t)
+ kernel_read_system_state(rsync_t)
+ kernel_read_network_state(rsync_t)
+
+-corenet_non_ipsec_sendrecv(rsync_t)
++corenet_all_recvfrom_unlabeled(rsync_t)
++corenet_all_recvfrom_netlabel(rsync_t)
+ corenet_tcp_sendrecv_all_if(rsync_t)
+ corenet_udp_sendrecv_all_if(rsync_t)
+ corenet_tcp_sendrecv_all_nodes(rsync_t)
+@@ -88,8 +99,6 @@
+ miscfiles_read_localization(rsync_t)
+ miscfiles_read_public_files(rsync_t)
+
+-sysnet_read_config(rsync_t)
+-
+ tunable_policy(`allow_rsync_anon_write',`
+ miscfiles_manage_public_files(rsync_t)
+ ')
+@@ -106,10 +115,8 @@
+ inetd_service_domain(rsync_t,rsync_exec_t)
+ ')
+
+-optional_policy(`
+- nis_use_ypbind(rsync_t)
+-')
+-
+-optional_policy(`
+- nscd_socket_use(rsync_t)
++tunable_policy(`rsync_export_all_ro',`
++ allow rsync_t self:capability dac_override;
++ fs_read_noxattr_fs_files(rsync_t)
++ auth_read_all_files_except_shadow(rsync_t)
+ ')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho.if serefpolicy-2.6.4/policy/modules/services/rwho.if
--- nsaserefpolicy/policy/modules/services/rwho.if 2007-05-07 14:50:57.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/services/rwho.if 2007-08-07 09:42:35.000000000 -0400
@@ -8893,7 +9056,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.6.4/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/samba.te 2007-10-01 16:01:17.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/samba.te 2007-10-09 10:45:19.000000000 -0400
@@ -16,6 +16,14 @@
## <desc>
@@ -9216,11 +9379,11 @@
+allow swat_t nmbd_port_t:udp_socket name_bind;
+allow swat_t nmbd_t:process { signal signull };
+allow swat_t nmbd_var_run_t:file { lock read unlink };
-
--rw_files_pattern(swat_t,samba_etc_t,samba_etc_t)
++
+init_read_utmp(swat_t)
+init_dontaudit_write_utmp(swat_t)
-+
+
+-rw_files_pattern(swat_t,samba_etc_t,samba_etc_t)
+manage_dirs_pattern(swat_t,samba_log_t,samba_log_t)
+create_files_pattern(swat_t,samba_log_t,samba_log_t)
+
@@ -9360,26 +9523,35 @@
seutil_sigchld_newrole(winbind_t)
')
-@@ -736,6 +810,7 @@
+@@ -736,8 +810,11 @@
read_files_pattern(winbind_helper_t,samba_etc_t,samba_etc_t)
read_lnk_files_pattern(winbind_helper_t,samba_etc_t,samba_etc_t)
+files_list_var_lib(winbind_helper_t)
allow winbind_helper_t samba_var_t:dir search;
++auth_use_nsswitch(winbind_helper_t)
++
stream_connect_pattern(winbind_helper_t,winbind_var_run_t,winbind_var_run_t,winbind_t)
-@@ -763,4 +838,66 @@
+
+ term_list_ptys(winbind_helper_t)
+@@ -757,10 +834,68 @@
+ ')
+
optional_policy(`
- squid_read_log(winbind_helper_t)
- squid_append_log(winbind_helper_t)
+- nscd_socket_use(winbind_helper_t)
++ squid_read_log(winbind_helper_t)
++ squid_append_log(winbind_helper_t)
+ squid_rw_stream_sockets(winbind_helper_t)
-+')
-+
+ ')
+
+########################################
+#
+# samba_unconfined_script_t local policy
+#
-+optional_policy(`
+ optional_policy(`
+- squid_read_log(winbind_helper_t)
+- squid_append_log(winbind_helper_t)
+ type samba_unconfined_script_t;
+ domain_type(samba_unconfined_script_t)
+ role system_r types samba_unconfined_script_t;
@@ -10080,8 +10252,8 @@
dev_read_sysfs(xfs_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-2.6.4/policy/modules/services/xserver.fc
--- nsaserefpolicy/policy/modules/services/xserver.fc 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/xserver.fc 2007-10-02 11:51:15.000000000 -0400
-@@ -92,7 +92,7 @@
++++ serefpolicy-2.6.4/policy/modules/services/xserver.fc 2007-10-08 13:26:18.000000000 -0400
+@@ -92,10 +92,11 @@
/var/lib/[xkw]dm(/.*)? gen_context(system_u:object_r:xdm_var_lib_t,s0)
/var/lib/xkb(/.*)? gen_context(system_u:object_r:xkb_var_lib_t,s0)
@@ -10090,6 +10262,10 @@
/var/log/gdm(/.*)? gen_context(system_u:object_r:xserver_log_t,s0)
/var/log/XFree86.* -- gen_context(system_u:object_r:xserver_log_t,s0)
/var/log/Xorg.* -- gen_context(system_u:object_r:xserver_log_t,s0)
++/var/log/nvidia-installer\.log.* -- gen_context(system_u:object_r:xserver_log_t,s0)
+
+ /var/run/[gx]dm\.pid -- gen_context(system_u:object_r:xdm_var_run_t,s0)
+ /var/run/xdmctl(/.*)? gen_context(system_u:object_r:xdm_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.6.4/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2007-05-07 14:51:01.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/services/xserver.if 2007-08-07 09:42:35.000000000 -0400
@@ -10284,7 +10460,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-2.6.4/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/authlogin.if 2007-10-01 16:38:06.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/authlogin.if 2007-10-09 10:29:42.000000000 -0400
@@ -27,11 +27,9 @@
domain_type($1_chkpwd_t)
domain_entry_file($1_chkpwd_t,chkpwd_exec_t)
@@ -10395,15 +10571,24 @@
init_rw_utmp($1)
logging_send_syslog_msg($1)
-@@ -221,6 +229,7 @@
+@@ -221,6 +229,16 @@
seutil_read_config($1)
seutil_read_default_contexts($1)
++ userdom_set_rlimitnh($1)
++
++ optional_policy(`
++ nis_authenticate($1)
++ ')
++
++ optional_policy(`
++ unconfined_set_rlimitnh($1)
++ ')
+
tunable_policy(`allow_polyinstantiation',`
files_polyinstantiate_all($1)
')
-@@ -320,10 +329,6 @@
+@@ -320,10 +338,6 @@
type system_chkpwd_t, chkpwd_exec_t, shadow_t;
')
@@ -10414,7 +10599,7 @@
corecmd_search_bin($1)
domtrans_pattern($1,chkpwd_exec_t,system_chkpwd_t)
-@@ -332,6 +337,8 @@
+@@ -332,6 +346,8 @@
dev_read_rand($1)
dev_read_urand($1)
@@ -10423,7 +10608,7 @@
miscfiles_read_certs($1)
sysnet_dns_name_resolve($1)
-@@ -357,6 +364,37 @@
+@@ -357,6 +373,37 @@
########################################
## <summary>
@@ -10461,7 +10646,7 @@
## Get the attributes of the shadow passwords file.
## </summary>
## <param name="domain">
-@@ -1357,6 +1395,8 @@
+@@ -1357,6 +1404,8 @@
optional_policy(`
samba_stream_connect_winbind($1)
@@ -10470,7 +10655,7 @@
')
')
-@@ -1391,3 +1431,114 @@
+@@ -1391,3 +1440,114 @@
typeattribute $1 can_write_shadow_passwords;
typeattribute $1 can_relabelto_shadow_passwords;
')
@@ -10819,14 +11004,32 @@
/sbin/partx -- gen_context(system_u:object_r:fsadm_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.if serefpolicy-2.6.4/policy/modules/system/fstools.if
--- nsaserefpolicy/policy/modules/system/fstools.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/fstools.if 2007-08-07 09:42:35.000000000 -0400
-@@ -124,3 +124,22 @@
++++ serefpolicy-2.6.4/policy/modules/system/fstools.if 2007-10-08 17:26:44.000000000 -0400
+@@ -124,3 +124,40 @@
allow $1 swapfile_t:file getattr;
')
+
+########################################
+## <summary>
++## Read swapfile
++## </summary>
++## <param name="domain">
++## <summary>
++## The type of the process performing this action.
++## </summary>
++## </param>
++#
++interface(`fstools_read_swap_files',`
++ gen_require(`
++ type swapfile_t;
++ ')
++
++ allow $1 swapfile_t:file r_file_perms;
++')
++
++########################################
++## <summary>
+## Read fstools unnamed pipes.
+## </summary>
+## <param name="domain">
@@ -12134,7 +12337,7 @@
-/usr/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.6.4/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/mount.te 2007-09-13 12:47:13.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/mount.te 2007-10-08 17:27:32.000000000 -0400
@@ -9,6 +9,13 @@
ifdef(`targeted_policy',`
## <desc>
@@ -12162,7 +12365,7 @@
type mount_loopback_t; # customizable
files_type(mount_loopback_t)
-@@ -38,14 +49,15 @@
+@@ -38,21 +49,26 @@
#
# setuid/setgid needed to mount cifs
@@ -12180,7 +12383,9 @@
can_exec(mount_t, mount_exec_t)
files_tmp_filetrans(mount_t,mount_tmp_t,{ file dir })
-@@ -53,6 +65,8 @@
+
++fstools_read_swap_files(mount_t)
++
kernel_read_system_state(mount_t)
kernel_read_kernel_sysctls(mount_t)
kernel_dontaudit_getattr_core_if(mount_t)
@@ -12189,7 +12394,7 @@
dev_getattr_all_blk_files(mount_t)
dev_list_all_dev_nodes(mount_t)
-@@ -65,6 +79,7 @@
+@@ -65,6 +81,7 @@
storage_raw_write_fixed_disk(mount_t)
storage_raw_read_removable_device(mount_t)
storage_raw_write_removable_device(mount_t)
@@ -12197,7 +12402,7 @@
fs_getattr_xattr_fs(mount_t)
fs_getattr_cifs(mount_t)
-@@ -103,6 +118,8 @@
+@@ -103,6 +120,8 @@
init_use_fds(mount_t)
init_use_script_ptys(mount_t)
init_dontaudit_getattr_initctl(mount_t)
@@ -12206,7 +12411,7 @@
libs_use_ld_so(mount_t)
libs_use_shared_libs(mount_t)
-@@ -130,10 +147,15 @@
+@@ -130,10 +149,15 @@
')
ifdef(`targeted_policy',`
@@ -12223,7 +12428,7 @@
')
')
-@@ -162,13 +184,8 @@
+@@ -162,13 +186,8 @@
fs_search_rpc(mount_t)
@@ -12237,7 +12442,7 @@
')
optional_policy(`
-@@ -192,9 +209,6 @@
+@@ -192,9 +211,6 @@
samba_domtrans_smbmount(mount_t)
')
@@ -12247,7 +12452,7 @@
########################################
#
-@@ -204,4 +218,30 @@
+@@ -204,4 +220,30 @@
ifdef(`targeted_policy',`
files_etc_filetrans_etc_runtime(unconfined_mount_t,file)
unconfined_domain(unconfined_mount_t)
@@ -12255,7 +12460,7 @@
+ hal_dbus_chat(unconfined_mount_t)
+ ')
+
-+')
+ ')
+
+########################################
+#
@@ -12276,7 +12481,7 @@
+ hal_write_log(mount_t)
+ hal_use_fds(mount_t)
+ hal_rw_pipes(mount_t)
- ')
++')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/netlabel.te serefpolicy-2.6.4/policy/modules/system/netlabel.te
--- nsaserefpolicy/policy/modules/system/netlabel.te 2007-05-07 14:51:02.000000000 -0400
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/selinux-policy.spec,v
retrieving revision 1.498
retrieving revision 1.499
diff -u -r1.498 -r1.499
--- selinux-policy.spec 6 Oct 2007 13:01:10 -0000 1.498
+++ selinux-policy.spec 9 Oct 2007 20:56:30 -0000 1.499
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.6.4
-Release: 47%{?dist}
+Release: 48%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -361,6 +361,9 @@
%endif
%changelog
+* Mon Oct 8 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-48
+- Allow rsync to backup all files on a system via a boolean
+
* Thu Oct 4 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-47
- Fixes for proftp
More information about the fedora-extras-commits
mailing list