rpms/selinux-policy/devel policy-20070703.patch, 1.87, 1.88 selinux-policy.spec, 1.544, 1.545
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Sat Oct 13 14:15:42 UTC 2007
- Previous message (by thread): rpms/kdebase/devel kdebase-3.5.8-konsole-bz#244906.patch, NONE, 1.1 kdebase-3.5.8-redhat-startkde.patch, NONE, 1.1 .cvsignore, 1.57, 1.58 kdebase.spec, 1.269, 1.270 sources, 1.78, 1.79 kdebase-3.5.7-1-redhat-startkde.patch, 1.1, NONE kdebase-3.5.7-bz#244906.patch, 1.1, NONE post-3.5.7-kdebase-kdm.diff, 1.1, NONE post-3.5.7-kdebase-konqueror-2.diff, 1.1, NONE
- Next message (by thread): rpms/xpa/devel xpa.spec,1.14,1.15
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26675
Modified Files:
policy-20070703.patch selinux-policy.spec
Log Message:
* Fri Oct 12 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-22
- Pass the UNK_PERMS param to makefile
- Fix gdm location
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20070703.patch,v
retrieving revision 1.87
retrieving revision 1.88
diff -u -r1.87 -r1.88
--- policy-20070703.patch 12 Oct 2007 11:00:35 -0000 1.87
+++ policy-20070703.patch 13 Oct 2007 14:15:08 -0000 1.88
@@ -2763,6 +2763,22 @@
auth_manage_pam_pid($1_userhelper_t)
auth_manage_var_auth($1_userhelper_t)
auth_search_pam_console_data($1_userhelper_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.fc serefpolicy-3.0.8/policy/modules/apps/vmware.fc
+--- nsaserefpolicy/policy/modules/apps/vmware.fc 2007-09-12 10:34:49.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/apps/vmware.fc 2007-10-12 08:22:18.000000000 -0400
+@@ -30,10 +30,12 @@
+ /usr/lib/vmware/config -- gen_context(system_u:object_r:vmware_sys_conf_t,s0)
+ /usr/lib/vmware/bin/vmware-mks -- gen_context(system_u:object_r:vmware_exec_t,s0)
+ /usr/lib/vmware/bin/vmware-ui -- gen_context(system_u:object_r:vmware_exec_t,s0)
++/usr/lib/vmware/bin/vmplayer -- gen_context(system_u:object_r:vmware_exec_t,s0)
+
+ /usr/lib64/vmware/config -- gen_context(system_u:object_r:vmware_sys_conf_t,s0)
+ /usr/lib64/vmware/bin/vmware-mks -- gen_context(system_u:object_r:vmware_exec_t,s0)
+ /usr/lib64/vmware/bin/vmware-ui -- gen_context(system_u:object_r:vmware_exec_t,s0)
++/usr/lib64/vmware/bin/vmplayer -- gen_context(system_u:object_r:vmware_exec_t,s0)
+
+ ifdef(`distro_gentoo',`
+ /opt/vmware/workstation/bin/vmnet-bridge -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.te serefpolicy-3.0.8/policy/modules/apps/vmware.te
--- nsaserefpolicy/policy/modules/apps/vmware.te 2007-09-12 10:34:49.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/apps/vmware.te 2007-10-03 11:10:24.000000000 -0400
@@ -3609,7 +3625,7 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.0.8/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2007-08-22 07:14:06.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/filesystem.if 2007-10-10 16:06:13.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/kernel/filesystem.if 2007-10-12 11:58:32.000000000 -0400
@@ -271,45 +271,6 @@
########################################
@@ -4117,7 +4133,7 @@
+/etc/rc\.d/init\.d/httpd -- gen_context(system_u:object_r:httpd_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.0.8/policy/modules/services/apache.if
--- nsaserefpolicy/policy/modules/services/apache.if 2007-08-22 07:14:07.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/apache.if 2007-10-03 11:10:24.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/apache.if 2007-10-12 09:25:42.000000000 -0400
@@ -18,10 +18,6 @@
attribute httpd_script_exec_type;
type httpd_t, httpd_suexec_t, httpd_log_t;
@@ -7433,16 +7449,17 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.0.8/policy/modules/services/mailman.te
--- nsaserefpolicy/policy/modules/services/mailman.te 2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/mailman.te 2007-10-03 11:10:24.000000000 -0400
-@@ -55,6 +55,7 @@
++++ serefpolicy-3.0.8/policy/modules/services/mailman.te 2007-10-12 09:27:35.000000000 -0400
+@@ -55,6 +55,8 @@
apache_use_fds(mailman_cgi_t)
apache_dontaudit_append_log(mailman_cgi_t)
apache_search_sys_script_state(mailman_cgi_t)
+ apache_read_config(mailman_cgi_t)
++ apache_dontaudit_rw_stream_sockets(mailman_cgi_t)
optional_policy(`
nscd_socket_use(mailman_cgi_t)
-@@ -96,6 +97,7 @@
+@@ -96,6 +98,7 @@
kernel_read_proc_symlinks(mailman_queue_t)
auth_domtrans_chk_passwd(mailman_queue_t)
@@ -8616,7 +8633,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.0.8/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/postfix.te 2007-10-03 11:10:24.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/postfix.te 2007-10-12 09:13:21.000000000 -0400
@@ -6,6 +6,14 @@
# Declarations
#
@@ -8656,7 +8673,15 @@
########################################
#
# Postfix master process local policy
-@@ -164,10 +182,9 @@
+@@ -93,6 +111,7 @@
+ allow postfix_master_t self:fifo_file rw_fifo_file_perms;
+ allow postfix_master_t self:tcp_socket create_stream_socket_perms;
+ allow postfix_master_t self:udp_socket create_socket_perms;
++allow postfix_master_t self:process setrlimit;
+
+ allow postfix_master_t postfix_etc_t:file rw_file_perms;
+
+@@ -164,10 +183,11 @@
# postfix does a "find" on startup for some reason - keep it quiet
seutil_dontaudit_search_config(postfix_master_t)
@@ -8664,11 +8689,13 @@
-
mta_rw_aliases(postfix_master_t)
mta_read_sendmail_bin(postfix_master_t)
++mta_getattr_spool(postfix_master_t)
++
+term_dontaudit_search_ptys(postfix_master_t)
optional_policy(`
cyrus_stream_connect(postfix_master_t)
-@@ -179,7 +196,11 @@
+@@ -179,7 +199,11 @@
')
optional_policy(`
@@ -8681,7 +8708,7 @@
')
###########################################################
-@@ -263,6 +284,8 @@
+@@ -263,6 +287,8 @@
files_read_etc_files(postfix_local_t)
@@ -8690,7 +8717,15 @@
mta_read_aliases(postfix_local_t)
mta_delete_spool(postfix_local_t)
# For reading spamassasin
-@@ -336,8 +359,6 @@
+@@ -275,6 +301,7 @@
+ optional_policy(`
+ # for postalias
+ mailman_manage_data_files(postfix_local_t)
++ mailman_append_log(postfix_local_t)
+ ')
+
+ optional_policy(`
+@@ -336,8 +363,6 @@
seutil_read_config(postfix_map_t)
@@ -8699,7 +8734,7 @@
tunable_policy(`read_default_t',`
files_list_default(postfix_map_t)
files_read_default_files(postfix_map_t)
-@@ -377,7 +398,7 @@
+@@ -377,7 +402,7 @@
# Postfix pipe local policy
#
@@ -8708,7 +8743,7 @@
write_sock_files_pattern(postfix_pipe_t,postfix_private_t,postfix_private_t)
-@@ -386,6 +407,10 @@
+@@ -386,6 +411,10 @@
rw_files_pattern(postfix_pipe_t,postfix_spool_t,postfix_spool_t)
optional_policy(`
@@ -8719,7 +8754,18 @@
procmail_domtrans(postfix_pipe_t)
')
-@@ -418,14 +443,17 @@
+@@ -394,6 +423,10 @@
+ ')
+
+ optional_policy(`
++ mta_manage_spool(postfix_pipe_t)
++')
++
++optional_policy(`
+ uucp_domtrans_uux(postfix_pipe_t)
+ ')
+
+@@ -418,14 +451,17 @@
term_dontaudit_use_all_user_ptys(postfix_postdrop_t)
term_dontaudit_use_all_user_ttys(postfix_postdrop_t)
@@ -8739,7 +8785,7 @@
optional_policy(`
ppp_use_fds(postfix_postqueue_t)
ppp_sigchld(postfix_postqueue_t)
-@@ -454,8 +482,6 @@
+@@ -454,8 +490,6 @@
init_sigchld_script(postfix_postqueue_t)
init_use_script_fds(postfix_postqueue_t)
@@ -8748,7 +8794,7 @@
########################################
#
# Postfix qmgr local policy
-@@ -498,15 +524,11 @@
+@@ -498,15 +532,11 @@
term_use_all_user_ptys(postfix_showq_t)
term_use_all_user_ttys(postfix_showq_t)
@@ -8764,7 +8810,7 @@
# connect to master process
stream_connect_pattern(postfix_smtp_t,{ postfix_private_t postfix_public_t },{ postfix_private_t postfix_public_t },postfix_master_t)
-@@ -514,6 +536,8 @@
+@@ -514,6 +544,8 @@
allow postfix_smtp_t postfix_spool_t:file rw_file_perms;
@@ -8773,7 +8819,7 @@
optional_policy(`
cyrus_stream_connect(postfix_smtp_t)
')
-@@ -538,9 +562,45 @@
+@@ -538,9 +570,45 @@
mta_read_aliases(postfix_smtpd_t)
optional_policy(`
@@ -10831,7 +10877,7 @@
dev_read_sysfs(xfs_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.0.8/policy/modules/services/xserver.fc
--- nsaserefpolicy/policy/modules/services/xserver.fc 2007-08-22 07:14:07.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/xserver.fc 2007-10-08 13:25:36.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/xserver.fc 2007-10-13 10:12:41.000000000 -0400
@@ -32,11 +32,6 @@
/etc/X11/wdm/Xstartup.* -- gen_context(system_u:object_r:xsession_exec_t,s0)
/etc/X11/Xsession[^/]* -- gen_context(system_u:object_r:xsession_exec_t,s0)
@@ -10844,7 +10890,15 @@
#
# /opt
#
-@@ -92,13 +87,16 @@
+@@ -59,6 +54,7 @@
+
+ /usr/(s)?bin/gdm-binary -- gen_context(system_u:object_r:xdm_exec_t,s0)
+ /usr/bin/[xgkw]dm -- gen_context(system_u:object_r:xdm_exec_t,s0)
++/usr/sbin/gdm -- gen_context(system_u:object_r:xdm_exec_t,s0)
+ /usr/bin/gpe-dm -- gen_context(system_u:object_r:xdm_exec_t,s0)
+ /usr/bin/iceauth -- gen_context(system_u:object_r:iceauth_exec_t,s0)
+ /usr/bin/Xair -- gen_context(system_u:object_r:xserver_exec_t,s0)
+@@ -92,13 +88,16 @@
/var/lib/[xkw]dm(/.*)? gen_context(system_u:object_r:xdm_var_lib_t,s0)
/var/lib/xkb(/.*)? gen_context(system_u:object_r:xkb_var_lib_t,s0)
@@ -15135,7 +15189,7 @@
/tmp/gconfd-USER -d gen_context(system_u:object_r:ROLE_tmp_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.8/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-08-27 09:18:17.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2007-10-11 16:34:44.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2007-10-12 11:59:04.000000000 -0400
@@ -29,8 +29,9 @@
')
@@ -15730,7 +15784,7 @@
samba_stream_connect_winbind($1_t)
')
-@@ -954,21 +886,165 @@
+@@ -954,21 +886,167 @@
## </summary>
## </param>
#
@@ -15823,6 +15877,8 @@
+ fs_search_auto_mountpoints($1_usertype)
+ fs_list_inotifyfs($1_usertype)
+
++ fs_rw_anon_inodefs_files($1_usertype)
++
+ # Stop warnings about access to /dev/console
+ init_dontaudit_rw_utmp($1_usertype)
+ init_dontaudit_use_fds($1_usertype)
@@ -15902,7 +15958,7 @@
domain_interactive_fd($1_t)
typeattribute $1_devpts_t user_ptynode;
-@@ -977,23 +1053,51 @@
+@@ -977,23 +1055,51 @@
typeattribute $1_tmp_t user_tmpfile;
typeattribute $1_tty_device_t user_ttynode;
@@ -15965,31 +16021,24 @@
# port access is audited even if dac would not have allowed it, so dontaudit it here
corenet_dontaudit_tcp_bind_all_reserved_ports($1_t)
-@@ -1029,20 +1133,12 @@
+@@ -1029,15 +1135,7 @@
# and may change other protocols
tunable_policy(`user_tcp_server',`
corenet_tcp_bind_all_nodes($1_t)
- corenet_tcp_bind_generic_port($1_t)
-+ corenet_tcp_bind_all_unreserved_ports($1_t)
- ')
-
- optional_policy(`
-- kerberos_use($1_t)
- ')
-
- optional_policy(`
-- loadkeys_run($1_t,$1_r,$1_tty_device_t)
+- kerberos_use($1_t)
- ')
-
- optional_policy(`
-- netutils_run_ping_cond($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
-- netutils_run_traceroute_cond($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
-+ netutils_run_ping_cond($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
-+ netutils_run_traceroute_cond($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
+- loadkeys_run($1_t,$1_r,$1_tty_device_t)
++ corenet_tcp_bind_all_unreserved_ports($1_t)
')
- # Run pppd in pppd_t by default for user
-@@ -1054,17 +1150,6 @@
+ optional_policy(`
+@@ -1054,17 +1152,6 @@
setroubleshoot_stream_connect($1_t)
')
@@ -16007,7 +16056,7 @@
')
#######################################
-@@ -1102,6 +1187,8 @@
+@@ -1102,6 +1189,8 @@
class passwd { passwd chfn chsh rootok crontab };
')
@@ -16016,7 +16065,7 @@
##############################
#
# Declarations
-@@ -1127,7 +1214,7 @@
+@@ -1127,7 +1216,7 @@
# $1_t local policy
#
@@ -16025,7 +16074,7 @@
allow $1_t self:process { setexec setfscreate };
# Set password information for other users.
-@@ -1139,7 +1226,11 @@
+@@ -1139,7 +1228,11 @@
# Manipulate other users crontab.
allow $1_t self:passwd crontab;
@@ -16038,7 +16087,7 @@
kernel_read_software_raid_state($1_t)
kernel_getattr_core_if($1_t)
-@@ -1642,9 +1733,13 @@
+@@ -1642,9 +1735,13 @@
template(`userdom_user_home_content',`
gen_require(`
attribute $1_file_type;
@@ -16052,7 +16101,7 @@
files_type($2)
')
-@@ -1894,10 +1989,46 @@
+@@ -1894,10 +1991,46 @@
template(`userdom_manage_user_home_content_dirs',`
gen_require(`
type $1_home_dir_t, $1_home_t;
@@ -16100,7 +16149,7 @@
')
########################################
-@@ -3078,7 +3209,7 @@
+@@ -3078,7 +3211,7 @@
#
template(`userdom_tmp_filetrans_user_tmp',`
gen_require(`
@@ -16109,7 +16158,7 @@
')
files_tmp_filetrans($2,$1_tmp_t,$3)
-@@ -4609,11 +4740,29 @@
+@@ -4609,11 +4742,29 @@
#
interface(`userdom_search_all_users_home_dirs',`
gen_require(`
@@ -16140,7 +16189,7 @@
')
########################################
-@@ -4633,6 +4782,14 @@
+@@ -4633,6 +4784,14 @@
files_list_home($1)
allow $1 home_dir_type:dir list_dir_perms;
@@ -16155,7 +16204,7 @@
')
########################################
-@@ -5323,7 +5480,7 @@
+@@ -5323,7 +5482,7 @@
attribute user_tmpfile;
')
@@ -16164,7 +16213,7 @@
')
########################################
-@@ -5559,3 +5716,380 @@
+@@ -5559,3 +5718,380 @@
interface(`userdom_unconfined',`
refpolicywarn(`$0($*) has been deprecated.')
')
@@ -16932,8 +16981,8 @@
+## <summary>Policy for guest user</summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.te serefpolicy-3.0.8/policy/modules/users/guest.te
--- nsaserefpolicy/policy/modules/users/guest.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.8/policy/modules/users/guest.te 2007-10-03 11:10:25.000000000 -0400
-@@ -0,0 +1,9 @@
++++ serefpolicy-3.0.8/policy/modules/users/guest.te 2007-10-12 12:03:20.000000000 -0400
+@@ -0,0 +1,13 @@
+policy_module(guest,1.0.0)
+userdom_unpriv_login_user(guest)
+userdom_unpriv_login_user(gadmin)
@@ -16943,6 +16992,10 @@
+optional_policy(`
+ hal_dbus_chat(xguest_t)
+')
++
++optional_policy(`
++ bluetooth_dbus_chat(xguest_t)
++')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.fc serefpolicy-3.0.8/policy/modules/users/logadm.fc
--- nsaserefpolicy/policy/modules/users/logadm.fc 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.0.8/policy/modules/users/logadm.fc 2007-10-03 11:10:25.000000000 -0400
@@ -17103,21 +17156,53 @@
Binary files nsaserefpolicy/ru/ypbind_selinux.8.gz and serefpolicy-3.0.8/ru/ypbind_selinux.8.gz differ
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.0.8/Rules.modular
--- nsaserefpolicy/Rules.modular 2007-05-25 09:09:10.000000000 -0400
-+++ serefpolicy-3.0.8/Rules.modular 2007-10-03 11:10:25.000000000 -0400
-@@ -219,6 +219,16 @@
++++ serefpolicy-3.0.8/Rules.modular 2007-10-12 08:57:13.000000000 -0400
+@@ -96,6 +96,9 @@
+ @test -d $(builddir) || mkdir -p $(builddir)
+ $(verbose) $(SEMOD_PKG) -o $@ -m $(base_mod) -f $(base_fc) -u $(users_extra) -s $(tmpdir)/seusers
+
++ifneq "$(UNK_PERMS)" ""
++$(base_mod): CHECKMODULE += -U $(UNK_PERMS)
++endif
+ $(base_mod): $(base_conf)
+ @echo "Compiling $(NAME) base module"
+ $(verbose) $(CHECKMODULE) $^ -o $@
+@@ -144,6 +147,7 @@
+
+ $(tmpdir)/rolemap.conf: M4PARAM += -D self_contained_policy
+ $(tmpdir)/rolemap.conf: $(rolemap)
++ $(verbose) echo "" > $@
+ $(call parse-rolemap,base,$@)
+
+ $(tmpdir)/all_te_files.conf: M4PARAM += -D self_contained_policy
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.monolithic serefpolicy-3.0.8/Rules.monolithic
+--- nsaserefpolicy/Rules.monolithic 2007-05-25 09:09:10.000000000 -0400
++++ serefpolicy-3.0.8/Rules.monolithic 2007-10-12 08:57:21.000000000 -0400
+@@ -63,6 +63,9 @@
+ #
+ # Build a binary policy locally
+ #
++ifneq "$(UNK_PERMS)" ""
++$(polver): CHECKPOLICY += -U $(UNK_PERMS)
++endif
+ $(polver): $(policy_conf)
+ @echo "Compiling $(NAME) $(polver)"
+ ifneq ($(pv),$(kv))
+@@ -76,6 +79,9 @@
+ #
+ # Install a binary policy
+ #
++ifneq "$(UNK_PERMS)" ""
++$(loadpath): CHECKPOLICY += -U $(UNK_PERMS)
++endif
+ $(loadpath): $(policy_conf)
+ @mkdir -p $(policypath)
+ @echo "Compiling and installing $(NAME) $(loadpath)"
+@@ -127,6 +133,7 @@
+ @echo "divert" >> $@
+
+ $(tmpdir)/rolemap.conf: $(rolemap)
++ $(verbose) echo "" > $@
+ $(call parse-rolemap,base,$@)
- ########################################
- #
-+# Validate File Contexts
-+#
-+validatefc: $(base_pkg) $(base_fc)
-+ @echo "Validating file context."
-+ $(verbose) $(SEMOD_EXP) $(base_pkg) $(tmpdir)/policy.tmp
-+ $(verbose) $(SETFILES) -c $(tmpdir)/policy.tmp $(base_fc)
-+ @echo "Success."
-+
-+########################################
-+#
- # Clean the sources
- #
- clean:
+ $(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(all_te_files) $(tmpdir)/rolemap.conf
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.544
retrieving revision 1.545
diff -u -r1.544 -r1.545
--- selinux-policy.spec 11 Oct 2007 18:57:00 -0000 1.544
+++ selinux-policy.spec 13 Oct 2007 14:15:08 -0000 1.545
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.8
-Release: 21%{?dist}
+Release: 22%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -77,8 +77,8 @@
exit 0
%define setupCmds() \
-make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 bare \
-make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 conf \
+make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 bare \
+make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 conf \
cp -f $RPM_SOURCE_DIR/modules-%1.conf ./policy/modules.conf \
cp -f $RPM_SOURCE_DIR/booleans-%1.conf ./policy/booleans.conf \
@@ -86,10 +86,10 @@
awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "-i %%s.pp ", $1 }' %{_sourcedir}/modules-%{1}.conf )
%define installCmds() \
-make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 base.pp \
-make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 modules \
-make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 install \
-make NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 install-appconfig \
+make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 base.pp \
+make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 modules \
+make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 install \
+make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 install-appconfig \
#%{__cp} *.pp %{buildroot}/%{_usr}/share/selinux/%1/ \
%{__mkdir} -p %{buildroot}/%{_sysconfdir}/selinux/%1/policy \
%{__mkdir} -p %{buildroot}/%{_sysconfdir}/selinux/%1/modules/active \
@@ -192,24 +192,24 @@
%if %{BUILD_TARGETED}
# Build targeted policy
# Commented out because only targeted ref policy currently builds
-%setupCmds targeted mcs n y
-%installCmds targeted mcs n y
+%setupCmds targeted mcs n y allow
+%installCmds targeted mcs n y allow
%endif
%if %{BUILD_MLS}
# Build mls policy
-%setupCmds mls mls n y
-%installCmds mls mls n y
+%setupCmds mls mls n y deny
+%installCmds mls mls n y deny
%endif
%if %{BUILD_OLPC}
# Build targeted policy
# Commented out because only targeted ref policy currently builds
-%setupCmds olpc mcs n y
-%installCmds olpc mcs n y
+%setupCmds olpc mcs n y allow
+%installCmds olpc mcs n y allow
%endif
-make NAME=targeted TYPE=targeted-mcs DISTRO=%{distro} DIRECT_INITRC=n MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} POLY=y MLS_CATS=1024 MCS_CATS=1024 install-headers install-docs
+make UNK_PERMS=allow NAME=targeted TYPE=targeted-mcs DISTRO=%{distro} DIRECT_INITRC=n MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} POLY=y MLS_CATS=1024 MCS_CATS=1024 install-headers install-docs
mkdir %{buildroot}%{_usr}/share/selinux/devel/
mv %{buildroot}%{_usr}/share/selinux/targeted/include %{buildroot}%{_usr}/share/selinux/devel/include
install -m 755 $RPM_SOURCE_DIR/policygentool %{buildroot}%{_usr}/share/selinux/devel/
@@ -371,6 +371,10 @@
%endif
%changelog
+* Fri Oct 12 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-22
+- Pass the UNK_PERMS param to makefile
+- Fix gdm location
+
* Wed Oct 10 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-21
- Make alsa work
- Previous message (by thread): rpms/kdebase/devel kdebase-3.5.8-konsole-bz#244906.patch, NONE, 1.1 kdebase-3.5.8-redhat-startkde.patch, NONE, 1.1 .cvsignore, 1.57, 1.58 kdebase.spec, 1.269, 1.270 sources, 1.78, 1.79 kdebase-3.5.7-1-redhat-startkde.patch, 1.1, NONE kdebase-3.5.7-bz#244906.patch, 1.1, NONE post-3.5.7-kdebase-kdm.diff, 1.1, NONE post-3.5.7-kdebase-konqueror-2.diff, 1.1, NONE
- Next message (by thread): rpms/xpa/devel xpa.spec,1.14,1.15
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list