rpms/selinux-policy/F-7 policy-20070501.patch,1.64,1.65

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Tue Oct 9 21:10:17 UTC 2007 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18848

Modified Files:
	policy-20070501.patch 
Log Message:
* Mon Oct 8 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-48
- Allow rsync to backup all files on a system via a boolean


policy-20070501.patch:

Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.64
retrieving revision 1.65
diff -u -r1.64 -r1.65
--- policy-20070501.patch	9 Oct 2007 20:56:30 -0000	1.64
+++ policy-20070501.patch	9 Oct 2007 21:09:45 -0000	1.65
@@ -13040,7 +13040,7 @@
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.6.4/policy/modules/system/unconfined.if
 --- nsaserefpolicy/policy/modules/system/unconfined.if	2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/unconfined.if	2007-08-07 09:42:35.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/unconfined.if	2007-10-09 17:07:01.000000000 -0400
 @@ -18,7 +18,7 @@
  	')
  
@@ -13084,7 +13084,7 @@
  		nscd_unconfined($1)
  	')
  
-@@ -556,3 +559,39 @@
+@@ -556,3 +559,57 @@
  
  	allow $1 unconfined_t:dbus acquire_svc;
  ')
@@ -13124,6 +13124,24 @@
 +
 +	allow $1 unconfined_tmp_t:file { getattr write append };
 +')
++
++########################################
++## <summary>
++##	Allow apps to set rlimits on userdomain
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`unconfined_set_rlimitnh',`
++	gen_require(`
++		type unconfined_t;
++	')
++
++	allow $1 unconfined_t:process rlimitinh;
++')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.6.4/policy/modules/system/unconfined.te
 --- nsaserefpolicy/policy/modules/system/unconfined.te	2007-05-07 14:51:02.000000000 -0400
 +++ serefpolicy-2.6.4/policy/modules/system/unconfined.te	2007-10-01 16:12:39.000000000 -0400
@@ -13229,7 +13247,7 @@
  		init_dbus_chat_script(unconfined_execmem_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.6.4/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/userdomain.if	2007-08-07 09:42:35.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/userdomain.if	2007-10-09 17:05:07.000000000 -0400
 @@ -114,6 +114,22 @@
  		# Allow making the stack executable via mprotect.
  		allow $1_t self:process execstack;
@@ -13675,7 +13693,7 @@
  ')
  
  ########################################
-@@ -5721,3 +5717,112 @@
+@@ -5721,3 +5717,129 @@
  	allow $1 user_home_dir_t:dir manage_dir_perms;
  	files_home_filetrans($1,user_home_dir_t,dir)
  ')
@@ -13788,6 +13806,23 @@
 +	allow $1 userdomain:process ptrace;
 +')
 +
++########################################
++## <summary>
++##	Allow apps to set rlimits on userdomain
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`userdom_set_rlimitnh',`
++	gen_require(`
++		attribute userdomain;
++	')
++	allow $1 userdomain:process rlimitinh;
++')
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.6.4/policy/modules/system/userdomain.te
 --- nsaserefpolicy/policy/modules/system/userdomain.te	2007-05-07 14:51:01.000000000 -0400
 +++ serefpolicy-2.6.4/policy/modules/system/userdomain.te	2007-08-07 09:42:35.000000000 -0400

More information about the fedora-extras-commits mailing list