rpms/selinux-policy/F-7 policy-20070501.patch,1.67,1.68

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Thu Oct 18 21:30:34 UTC 2007 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27493

Modified Files:
	policy-20070501.patch 
Log Message:
* Fri Oct 12 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-49
- Change context on vmplayer
- Allow eclipse to dbus_chat with hal


policy-20070501.patch:

Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.67
retrieving revision 1.68
diff -u -r1.67 -r1.68
--- policy-20070501.patch	18 Oct 2007 21:08:24 -0000	1.67
+++ policy-20070501.patch	18 Oct 2007 21:30:29 -0000	1.68
@@ -1807,7 +1807,7 @@
  /opt/vmware/workstation/bin/vmnet-bridge --	gen_context(system_u:object_r:vmware_host_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.6.4/policy/modules/kernel/corecommands.fc
 --- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/corecommands.fc	2007-09-04 15:55:30.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/corecommands.fc	2007-10-18 17:18:18.000000000 -0400
 @@ -36,6 +36,11 @@
  /etc/cipe/ip-up.*		--	gen_context(system_u:object_r:bin_t,s0)
  /etc/cipe/ip-down.*		--	gen_context(system_u:object_r:bin_t,s0)
@@ -1820,17 +1820,30 @@
  /etc/hotplug/.*agent		--	gen_context(system_u:object_r:bin_t,s0)
  /etc/hotplug/.*rc		-- 	gen_context(system_u:object_r:bin_t,s0)
  /etc/hotplug/hotplug\.functions --	gen_context(system_u:object_r:bin_t,s0)
-@@ -131,7 +136,8 @@
+@@ -72,10 +77,6 @@
+ /etc/mysql/debian-start		--	gen_context(system_u:object_r:bin_t,s0)
+ ')
+ 
+-ifdef(`targeted_policy',`
+-/etc/X11/prefdm			--	gen_context(system_u:object_r:bin_t,s0)
+-')
+-
+ #
+ # /lib
+ #
+@@ -131,7 +132,10 @@
  /usr/lib(64)?/apt/methods.+	--	gen_context(system_u:object_r:bin_t,s0)
  /usr/lib(64)?/courier(/.*)?		gen_context(system_u:object_r:bin_t,s0)
  /usr/lib(64)?/cups/cgi-bin/.*	--	gen_context(system_u:object_r:bin_t,s0)
 -/usr/lib(64)?/cups/filter/.*	--	gen_context(system_u:object_r:bin_t,s0)
 +/usr/lib(64)?/cups/filter(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 +/usr/lib(64)?/cups/backend(/.*)? 	gen_context(system_u:object_r:bin_t,s0)
++/usr/lib(64)?/cups/daemon(/.*)? 	gen_context(system_u:object_r:bin_t,s0)
++
  /usr/lib(64)?/cyrus-imapd/.*	--	gen_context(system_u:object_r:bin_t,s0)
  /usr/lib(64)?/dpkg/.+		--	gen_context(system_u:object_r:bin_t,s0)
  /usr/lib(64)?/emacsen-common/.*		gen_context(system_u:object_r:bin_t,s0)
-@@ -164,6 +170,8 @@
+@@ -164,6 +168,8 @@
  /usr/libexec/openssh/sftp-server --	gen_context(system_u:object_r:bin_t,s0)
  
  /usr/local/lib(64)?/ipsec/.*	-- 	gen_context(system_u:object_r:bin_t,s0)
@@ -1839,6 +1852,22 @@
  
  /usr/sbin/sesh			--	gen_context(system_u:object_r:shell_exec_t,s0)
  
+@@ -189,6 +195,7 @@
+ ifdef(`distro_redhat', `
+ /usr/lib/.*/program(/.*)?		gen_context(system_u:object_r:bin_t,s0)
+ /usr/lib/bluetooth(/.*)?	--      gen_context(system_u:object_r:bin_t,s0)
++/usr/lib/vmware-tools/sbin32(/.*)?      gen_context(system_u:object_r:bin_t,s0)
+ /usr/lib64/bluetooth(/.*)?	--      gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/authconfig/authconfig-gtk\.py -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/authconfig/authconfig-tui\.py -- gen_context(system_u:object_r:bin_t,s0)
+@@ -220,6 +227,7 @@
+ /usr/share/system-config-network/neat-control\.py -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/system-config-nfs/nfs-export\.py -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/system-config-nfs/system-config-nfs\.py -- gen_context(system_u:object_r:bin_t,s0)
++/usr/share/system-config-printer/applet\.py -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/system-config-rootpassword/system-config-rootpassword -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/system-config-samba/system-config-samba\.py -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/system-config-securitylevel/system-config-securitylevel\.py -- gen_context(system_u:object_r:bin_t,s0)
 @@ -248,6 +256,7 @@
  /var/ftp/bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
  
@@ -1847,11 +1876,16 @@
  
  /var/qmail/bin                  -d      gen_context(system_u:object_r:bin_t,s0)
  /var/qmail/bin(/.*)?                    gen_context(system_u:object_r:bin_t,s0)
-@@ -256,3 +265,14 @@
+@@ -256,3 +265,18 @@
  ifdef(`distro_suse',`
  /var/lib/samba/bin/.+			gen_context(system_u:object_r:bin_t,s0)
  ')
-+/usr/lib/vmware-tools/sbin32(/.*)?      gen_context(system_u:object_r:bin_t,s0)
++
++/etc/gdm/XKeepsCrashing[^/]*	--	gen_context(system_u:object_r:bin_t,s0)
++/etc/gdm/[^/]+			-d	gen_context(system_u:object_r:bin_t,s0)
++/etc/gdm/[^/]+/.*			gen_context(system_u:object_r:bin_t,s0)
++/lib/dbus-1/dbus-daemon-launch-helper --    gen_context(system_u:object_r:bin_t,s0)
++/lib64/dbus-1/dbus-daemon-launch-helper --    gen_context(system_u:object_r:bin_t,s0)
 +
 +/etc/apcupsd/apccontrol  --    gen_context(system_u:object_r:bin_t,s0)
 +/etc/apcupsd/changeme  --    gen_context(system_u:object_r:bin_t,s0)
@@ -1861,7 +1895,6 @@
 +/etc/apcupsd/mastertimeout  --    gen_context(system_u:object_r:bin_t,s0)
 +/etc/apcupsd/offbattery  --    gen_context(system_u:object_r:bin_t,s0)
 +/etc/apcupsd/onbattery  --    gen_context(system_u:object_r:bin_t,s0)
-+
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-2.6.4/policy/modules/kernel/corecommands.if
 --- nsaserefpolicy/policy/modules/kernel/corecommands.if	2007-05-07 14:51:04.000000000 -0400
 +++ serefpolicy-2.6.4/policy/modules/kernel/corecommands.if	2007-08-07 09:42:35.000000000 -0400
@@ -2061,8 +2094,16 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.6.4/policy/modules/kernel/devices.fc
 --- nsaserefpolicy/policy/modules/kernel/devices.fc	2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/devices.fc	2007-09-22 08:12:51.000000000 -0400
-@@ -19,6 +19,8 @@
++++ serefpolicy-2.6.4/policy/modules/kernel/devices.fc	2007-10-18 17:12:33.000000000 -0400
+@@ -12,6 +12,7 @@
+ /dev/atibm		-c	gen_context(system_u:object_r:mouse_device_t,s0)
+ /dev/audio.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
+ /dev/beep		-c	gen_context(system_u:object_r:sound_device_t,s0)
++/dev/dmfm		-c	gen_context(system_u:object_r:sound_device_t,s0)
+ /dev/dsp.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
+ /dev/efirtc		-c	gen_context(system_u:object_r:clock_device_t,s0)
+ /dev/em8300.*		-c	gen_context(system_u:object_r:v4l_device_t,s0)
+@@ -19,6 +20,8 @@
  /dev/evtchn		-c	gen_context(system_u:object_r:xen_device_t,s0)
  /dev/fb[0-9]*		-c	gen_context(system_u:object_r:framebuf_device_t,s0)
  /dev/full		-c	gen_context(system_u:object_r:null_device_t,s0)
@@ -2071,7 +2112,7 @@
  /dev/hiddev.*		-c	gen_context(system_u:object_r:usb_device_t,s0)
  /dev/hpet		-c	gen_context(system_u:object_r:clock_device_t,s0)
  /dev/hw_random		-c	gen_context(system_u:object_r:random_device_t,s0)
-@@ -52,7 +54,7 @@
+@@ -52,7 +55,7 @@
  /dev/radio.*		-c	gen_context(system_u:object_r:v4l_device_t,s0)
  /dev/random		-c	gen_context(system_u:object_r:random_device_t,s0)
  /dev/raw1394.*		-c	gen_context(system_u:object_r:v4l_device_t,s0)
@@ -2080,15 +2121,17 @@
  /dev/sequencer		-c	gen_context(system_u:object_r:sound_device_t,s0)
  /dev/sequencer2		-c	gen_context(system_u:object_r:sound_device_t,s0)
  /dev/smpte.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
-@@ -64,6 +66,7 @@
+@@ -63,7 +66,9 @@
+ /dev/sonypi		-c	gen_context(system_u:object_r:v4l_device_t,s0)
  /dev/tlk[0-3]		-c	gen_context(system_u:object_r:v4l_device_t,s0)
  /dev/urandom		-c	gen_context(system_u:object_r:urandom_device_t,s0)
++/dev/usbmon[0-9]+	-c	gen_context(system_u:object_r:usb_device_t,s0)
  /dev/usbdev.*		-c	gen_context(system_u:object_r:usb_device_t,s0)
 +/dev/usb[0-9]+		-c	gen_context(system_u:object_r:usb_device_t,s0)
  /dev/usblp.*		-c	gen_context(system_u:object_r:printer_device_t,s0)
  ifdef(`distro_suse', `
  /dev/usbscanner		-c	gen_context(system_u:object_r:scanner_device_t,s0)
-@@ -81,6 +84,8 @@
+@@ -81,6 +86,8 @@
  
  /dev/bus/usb/.*/[0-9]+	-c	gen_context(system_u:object_r:usb_device_t,s0)
  
@@ -2097,7 +2140,7 @@
  /dev/cpu/.*		-c	gen_context(system_u:object_r:cpu_device_t,s0)
  /dev/cpu/mtrr		-c	gen_context(system_u:object_r:mtrr_device_t,s0)
  
-@@ -92,6 +97,7 @@
+@@ -92,6 +99,7 @@
  /dev/input/event.*	-c	gen_context(system_u:object_r:event_device_t,s0)
  /dev/input/mice		-c	gen_context(system_u:object_r:mouse_device_t,s0)
  /dev/input/js.*		-c	gen_context(system_u:object_r:mouse_device_t,s0)
@@ -2105,6 +2148,17 @@
  
  /dev/mapper/control	-c	gen_context(system_u:object_r:lvm_control_t,s0)
  
+@@ -107,6 +115,10 @@
+ /dev/xen/blktap.*	-c	gen_context(system_u:object_r:xen_device_t,s0)
+ /dev/xen/evtchn		-c	gen_context(system_u:object_r:xen_device_t,s0)
+ 
++/etc/udev/devices -d	gen_context(system_u:object_r:device_t,s0)
++
++/lib/udev/devices -d	gen_context(system_u:object_r:device_t,s0)
++
+ ifdef(`distro_debian',`
+ # used by udev init script as temporary mount point
+ /lib/udev/devices	-d		gen_context(system_u:object_r:device_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.6.4/policy/modules/kernel/devices.if
 --- nsaserefpolicy/policy/modules/kernel/devices.if	2007-05-07 14:51:02.000000000 -0400
 +++ serefpolicy-2.6.4/policy/modules/kernel/devices.if	2007-09-22 08:13:07.000000000 -0400
@@ -2402,7 +2456,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.6.4/policy/modules/kernel/files.fc
 --- nsaserefpolicy/policy/modules/kernel/files.fc	2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/files.fc	2007-08-07 09:42:35.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/files.fc	2007-10-18 17:13:23.000000000 -0400
 @@ -45,7 +45,6 @@
  /etc			-d	gen_context(system_u:object_r:etc_t,s0)
  /etc/.*				gen_context(system_u:object_r:etc_t,s0)
@@ -2419,14 +2473,24 @@
  /etc/motd		--	gen_context(system_u:object_r:etc_runtime_t,s0)
  /etc/nohotplug		--	gen_context(system_u:object_r:etc_runtime_t,s0)
  /etc/nologin.*		--	gen_context(system_u:object_r:etc_runtime_t,s0)
-@@ -210,6 +210,7 @@
+@@ -209,7 +209,8 @@
+ /usr/lost\+found		-d	gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
  /usr/lost\+found/.*		<<none>>
  
- /usr/share(/.*)?/lib(64)?(/.*)?	gen_context(system_u:object_r:usr_t,s0)
-+/usr/share/doc(/.*)?		gen_context(system_u:object_r:usr_t,s0)
+-/usr/share(/.*)?/lib(64)?(/.*)?	gen_context(system_u:object_r:usr_t,s0)
++#/usr/share(/.*)?/lib(64)?(/.*)?	gen_context(system_u:object_r:usr_t,s0)
++/usr/share/doc(/.*)?/README.*	gen_context(system_u:object_r:usr_t,s0)
  
  /usr/src(/.*)?			gen_context(system_u:object_r:src_t,s0)
  /usr/src/kernels/.+/lib(/.*)?	gen_context(system_u:object_r:usr_t,s0)
+@@ -249,3 +250,7 @@
+ /var/tmp/lost\+found	-d	gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
+ /var/tmp/lost\+found/.*		<<none>>
+ /var/tmp/vi\.recover	-d	gen_context(system_u:object_r:tmp_t,s0)
++
++ifdef(`distro_debian',`
++/var/run/motd		--	gen_context(system_u:object_r:etc_runtime_t,s0)
++')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.6.4/policy/modules/kernel/files.if
 --- nsaserefpolicy/policy/modules/kernel/files.if	2007-05-07 14:51:02.000000000 -0400
 +++ serefpolicy-2.6.4/policy/modules/kernel/files.if	2007-10-18 16:07:57.000000000 -0400
@@ -3211,7 +3275,7 @@
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-2.6.4/policy/modules/kernel/storage.fc
 --- nsaserefpolicy/policy/modules/kernel/storage.fc	2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/storage.fc	2007-09-13 12:46:00.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/storage.fc	2007-10-18 17:12:50.000000000 -0400
 @@ -23,6 +23,7 @@
  /dev/loop.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
  /dev/lvm		-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
@@ -3220,9 +3284,20 @@
  /dev/mmcblk.*		-b	gen_context(system_u:object_r:removable_device_t,s0)
  /dev/nb[^/]+		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
  /dev/optcd		-b	gen_context(system_u:object_r:removable_device_t,s0)
-@@ -51,7 +52,7 @@
+@@ -38,6 +39,7 @@
+ ')
+ /dev/s(cd|r)[^/]*	-b	gen_context(system_u:object_r:removable_device_t,s0)
+ /dev/sbpcd.*		-b	gen_context(system_u:object_r:removable_device_t,s0)
++/dev/bsg/.+		-c	gen_context(system_u:object_r:scsi_generic_device_t,s0)
+ /dev/sg[0-9]+		-c	gen_context(system_u:object_r:scsi_generic_device_t,s0)
+ /dev/sjcd		-b	gen_context(system_u:object_r:removable_device_t,s0)
+ /dev/sonycd		-b	gen_context(system_u:object_r:removable_device_t,s0)
+@@ -49,9 +51,9 @@
  
- /dev/cciss/[^/]*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+ /dev/ataraid/.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+ 
+-/dev/cciss/[^/]*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
++/dev/cciss/[^/]*	-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
  
 -/dev/fuse		-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 +/dev/fuse		-c	gen_context(system_u:object_r:fuse_device_t,mls_systemhigh)
@@ -11431,6 +11506,27 @@
 +optional_policy(`
 +	unconfined_dontaudit_rw_pipes(hostname_t)
 +')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-2.6.4/policy/modules/system/init.fc
+--- nsaserefpolicy/policy/modules/system/init.fc	2007-05-07 14:51:01.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/init.fc	2007-10-18 17:19:24.000000000 -0400
+@@ -9,15 +9,13 @@
+ 
+ /etc/rc\.d/init\.d/.*	--	gen_context(system_u:object_r:initrc_exec_t,s0)
+ 
++/etc/X11/prefdm		--	gen_context(system_u:object_r:initrc_exec_t,s0)
++
+ ifdef(`distro_gentoo',`
+ /etc/vmware/init\.d/vmware --	gen_context(system_u:object_r:initrc_exec_t,s0)
+ /etc/x11/startDM.sh	--	gen_context(system_u:object_r:initrc_exec_t,s0)
+ ')
+ 
+-ifdef(`strict_policy',`
+-/etc/X11/prefdm		--	gen_context(system_u:object_r:initrc_exec_t,s0)
+-')
+-
+ #
+ # /dev
+ #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-2.6.4/policy/modules/system/init.if
 --- nsaserefpolicy/policy/modules/system/init.if	2007-05-07 14:51:02.000000000 -0400
 +++ serefpolicy-2.6.4/policy/modules/system/init.if	2007-09-04 11:59:57.000000000 -0400
@@ -13122,7 +13218,7 @@
  allow ifconfig_t self:udp_socket create_socket_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-2.6.4/policy/modules/system/udev.te
 --- nsaserefpolicy/policy/modules/system/udev.te	2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/udev.te	2007-10-15 13:46:47.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/udev.te	2007-10-18 17:22:16.000000000 -0400
 @@ -18,11 +18,6 @@
  type udev_etc_t alias etc_udev_t;
  files_config_file(udev_etc_t)
@@ -13223,7 +13319,7 @@
  	hal_dgram_send(udev_t)
  ')
  
-@@ -194,5 +219,24 @@
+@@ -194,5 +219,28 @@
  ')
  
  optional_policy(`
@@ -13237,6 +13333,10 @@
 +')
 +
 +optional_policy(`
++	raid_domtrans_mdadm(udev_t)
++')
++
++optional_policy(`
 +	xen_manage_log(udev_t)
 +	kernel_write_xen_state(udev_t)
 +	kernel_read_xen_state(udev_t)

More information about the fedora-extras-commits mailing list