rpms/selinux-policy/devel policy-20070703.patch,1.96,1.97
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Thu Oct 18 21:33:32 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27693
Modified Files:
policy-20070703.patch
Log Message:
* Thu Oct 16 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-25
- Fix vpn to bind to port 4500
- Allow ssh to create shm
- Allow rshd to bind to ports > 1023
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20070703.patch,v
retrieving revision 1.96
retrieving revision 1.97
diff -u -r1.96 -r1.97
--- policy-20070703.patch 18 Oct 2007 21:09:26 -0000 1.96
+++ policy-20070703.patch 18 Oct 2007 21:33:00 -0000 1.97
@@ -1128,8 +1128,8 @@
+/var/log/kismet(/.*)? gen_context(system_u:object_r:kismet_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.if serefpolicy-3.0.8/policy/modules/admin/kismet.if
--- nsaserefpolicy/policy/modules/admin/kismet.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.8/policy/modules/admin/kismet.if 2007-10-18 16:33:14.000000000 -0400
-@@ -0,0 +1,328 @@
++++ serefpolicy-3.0.8/policy/modules/admin/kismet.if 2007-10-18 17:32:20.000000000 -0400
+@@ -0,0 +1,277 @@
+
+## <summary>policy for kismet</summary>
+
@@ -1297,26 +1297,6 @@
+
+########################################
+## <summary>
-+## Allow the specified domain to manage
-+## kismet log files.
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain allowed to transition.
-+## </summary>
-+## </param>
-+#
-+interface(`kismet_manage_log',`
-+ gen_require(`
-+ type var_log_t, kismet_log_t;
-+ ')
-+
-+ logging_search_logs($1)
-+ manage_files_pattern($1, kismet_log_t, kismet_log_t)
-+')
-+
-+########################################
-+## <summary>
+## Allow the specified domain to append
+## kismet log files.
+## </summary>
@@ -1427,37 +1407,6 @@
+
+')
+
-+########################################
-+## <summary>
-+## Execute kismet programs in the kismet domain.
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## The type of the process performing this action.
-+## </summary>
-+## </param>
-+## <param name="role">
-+## <summary>
-+## The role to allow the kismet domain.
-+## </summary>
-+## </param>
-+## <param name="terminal">
-+## <summary>
-+## The type of the terminal allow the kismet domain to use.
-+## </summary>
-+## </param>
-+## <rolecap/>
-+#
-+interface(`kismet_run',`
-+ gen_require(`
-+ type kismet_t;
-+ ')
-+
-+ kismet_domtrans($1)
-+ role $2 types kismet_t;
-+ allow kismet_t $3:chr_file rw_term_perms;
-+')
-+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.0.8/policy/modules/admin/kismet.te
--- nsaserefpolicy/policy/modules/admin/kismet.te 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.0.8/policy/modules/admin/kismet.te 2007-10-18 16:30:41.000000000 -0400
@@ -3414,7 +3363,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.0.8/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2007-08-22 07:14:06.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/corecommands.fc 2007-10-03 11:10:24.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/kernel/corecommands.fc 2007-10-18 17:16:04.000000000 -0400
@@ -36,6 +36,11 @@
/etc/cipe/ip-up.* -- gen_context(system_u:object_r:bin_t,s0)
/etc/cipe/ip-down.* -- gen_context(system_u:object_r:bin_t,s0)
@@ -3448,7 +3397,7 @@
/usr/sbin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
-@@ -259,3 +265,9 @@
+@@ -259,3 +265,18 @@
ifdef(`distro_suse',`
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
')
@@ -3458,6 +3407,15 @@
+/etc/gdm/[^/]+/.* gen_context(system_u:object_r:bin_t,s0)
+/lib/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:bin_t,s0)
+/lib64/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:bin_t,s0)
++
++/etc/apcupsd/apccontrol -- gen_context(system_u:object_r:bin_t,s0)
++/etc/apcupsd/changeme -- gen_context(system_u:object_r:bin_t,s0)
++/etc/apcupsd/commfailure -- gen_context(system_u:object_r:bin_t,s0)
++/etc/apcupsd/commok -- gen_context(system_u:object_r:bin_t,s0)
++/etc/apcupsd/masterconnect -- gen_context(system_u:object_r:bin_t,s0)
++/etc/apcupsd/mastertimeout -- gen_context(system_u:object_r:bin_t,s0)
++/etc/apcupsd/offbattery -- gen_context(system_u:object_r:bin_t,s0)
++/etc/apcupsd/onbattery -- gen_context(system_u:object_r:bin_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.if.in serefpolicy-3.0.8/policy/modules/kernel/corenetwork.if.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.if.in 2007-07-03 07:05:38.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/kernel/corenetwork.if.in 2007-10-17 16:11:40.000000000 -0400
@@ -15366,7 +15324,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.0.8/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2007-09-12 10:34:51.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/udev.te 2007-10-15 13:54:06.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/udev.te 2007-10-18 17:22:34.000000000 -0400
@@ -132,6 +132,7 @@
init_read_utmp(udev_t)
@@ -15388,6 +15346,17 @@
brctl_domtrans(udev_t)
')
+@@ -220,6 +227,10 @@
+ ')
+
+ optional_policy(`
++ raid_domtrans_mdadm(udev_t)
++')
++
++optional_policy(`
+ kernel_write_xen_state(udev_t)
+ kernel_read_xen_state(udev_t)
+ xen_manage_log(udev_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.0.8/policy/modules/system/unconfined.fc
--- nsaserefpolicy/policy/modules/system/unconfined.fc 2007-05-29 14:10:58.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/system/unconfined.fc 2007-10-03 11:10:25.000000000 -0400
More information about the fedora-extras-commits
mailing list