rpms/selinux-policy/F-8 policy-20070703.patch, 1.118, 1.119 selinux-policy.spec, 1.564, 1.565
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Wed Oct 31 13:51:02 UTC 2007
- Previous message (by thread): rpms/strigi/F-7 strigi-multilib-fix.patch, NONE, 1.1 .cvsignore, 1.3, 1.4 sources, 1.3, 1.4 strigi.spec, 1.4, 1.5
- Next message (by thread): rpms/busybox/devel busybox-1.7.2-sed.patch, 1.1, 1.2 busybox.spec, 1.66, 1.67
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1667
Modified Files:
policy-20070703.patch selinux-policy.spec
Log Message:
* Tue Oct 30 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-43
- Add type definition for /dev/kvm
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.118
retrieving revision 1.119
diff -u -r1.118 -r1.119
--- policy-20070703.patch 31 Oct 2007 01:12:45 -0000 1.118
+++ policy-20070703.patch 31 Oct 2007 13:50:55 -0000 1.119
@@ -3643,7 +3643,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.0.8/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2007-10-22 13:21:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/devices.fc 2007-10-29 23:59:29.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/kernel/devices.fc 2007-10-31 09:43:13.000000000 -0400
@@ -20,6 +20,7 @@
/dev/evtchn -c gen_context(system_u:object_r:xen_device_t,s0)
/dev/fb[0-9]* -c gen_context(system_u:object_r:framebuf_device_t,s0)
@@ -3652,7 +3652,15 @@
/dev/fw.* -c gen_context(system_u:object_r:usb_device_t,s0)
/dev/hiddev.* -c gen_context(system_u:object_r:usb_device_t,s0)
/dev/hpet -c gen_context(system_u:object_r:clock_device_t,s0)
-@@ -98,6 +99,7 @@
+@@ -30,6 +31,7 @@
+ /dev/js.* -c gen_context(system_u:object_r:mouse_device_t,s0)
+ /dev/kmem -c gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
+ /dev/kmsg -c gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh)
++/dev/kvm -c gen_context(system_u:object_r:kvm_device_t,mls_systemhigh)
+ /dev/logibm -c gen_context(system_u:object_r:mouse_device_t,s0)
+ /dev/lp.* -c gen_context(system_u:object_r:printer_device_t,s0)
+ /dev/mcelog -c gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh)
+@@ -98,6 +100,7 @@
/dev/input/event.* -c gen_context(system_u:object_r:event_device_t,s0)
/dev/input/mice -c gen_context(system_u:object_r:mouse_device_t,s0)
/dev/input/js.* -c gen_context(system_u:object_r:mouse_device_t,s0)
@@ -3662,7 +3670,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.0.8/policy/modules/kernel/devices.if
--- nsaserefpolicy/policy/modules/kernel/devices.if 2007-10-22 13:21:41.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/devices.if 2007-10-29 23:59:29.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/kernel/devices.if 2007-10-31 09:46:00.000000000 -0400
@@ -1306,6 +1306,44 @@
########################################
@@ -3708,6 +3716,102 @@
## Read input event devices (/dev/input).
## </summary>
## <param name="domain">
+@@ -1623,6 +1661,78 @@
+
+ ########################################
+ ## <summary>
++## Get the attributes of the kvm devices.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`dev_getattr_kvm_dev',`
++ gen_require(`
++ type device_t, kvm_device_t;
++ ')
++
++ getattr_chr_files_pattern($1,device_t,kvm_device_t)
++')
++
++########################################
++## <summary>
++## Set the attributes of the kvm devices.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`dev_setattr_kvm_dev',`
++ gen_require(`
++ type device_t, kvm_device_t;
++ ')
++
++ setattr_chr_files_pattern($1,device_t,kvm_device_t)
++')
++
++########################################
++## <summary>
++## Read the kvm devices.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`dev_read_kvm',`
++ gen_require(`
++ type device_t, kvm_device_t;
++ ')
++
++ read_chr_files_pattern($1,device_t,kvm_device_t)
++')
++
++########################################
++## <summary>
++## Read and write to kvm devices.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`dev_rw_kvm',`
++ gen_require(`
++ type device_t, kvm_device_t;
++ ')
++
++ rw_chr_files_pattern($1,device_t,kvm_device_t)
++')
++
++########################################
++## <summary>
+ ## Get the attributes of miscellaneous devices.
+ ## </summary>
+ ## <param name="domain">
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.0.8/policy/modules/kernel/devices.te
+--- nsaserefpolicy/policy/modules/kernel/devices.te 2007-10-22 13:21:42.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/kernel/devices.te 2007-10-31 09:43:37.000000000 -0400
+@@ -72,6 +72,13 @@
+ dev_node(kmsg_device_t)
+
+ #
++# kvm_device_t is the type of
++# /dev/kvm
++#
++type kvm_device_t;
++dev_node(kvm_device_t)
++
++#
+ # Type for /dev/mapper/control
+ #
+ type lvm_control_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.0.8/policy/modules/kernel/domain.if
--- nsaserefpolicy/policy/modules/kernel/domain.if 2007-10-22 13:21:42.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/kernel/domain.if 2007-10-30 19:48:13.000000000 -0400
@@ -8543,7 +8647,7 @@
+files_type(mailscanner_spool_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.0.8/policy/modules/services/mta.if
--- nsaserefpolicy/policy/modules/services/mta.if 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/mta.if 2007-10-29 23:59:29.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/mta.if 2007-10-31 07:35:43.000000000 -0400
@@ -142,6 +142,12 @@
sendmail_create_log($1_mail_t)
')
@@ -8606,7 +8710,32 @@
create_lnk_files_pattern($1,mail_spool_t,mail_spool_t)
read_lnk_files_pattern($1,mail_spool_t,mail_spool_t)
-@@ -447,20 +481,18 @@
+@@ -436,6 +470,24 @@
+
+ ########################################
+ ## <summary>
++## Make the specified type readable for a system_mail_t
++## </summary>
++## <param name="type">
++## <summary>
++## Type to be used as a mail client.
++## </summary>
++## </param>
++#
++interface(`mta_mailcontent',`
++ gen_require(`
++ attribute mailcontent_type;
++ ')
++
++ typeattribute $1 mailcontent_type;
++')
++
++########################################
++## <summary>
+ ## Send mail from the system.
+ ## </summary>
+ ## <param name="domain">
+@@ -447,20 +499,18 @@
interface(`mta_send_mail',`
gen_require(`
attribute mta_user_agent;
@@ -8633,7 +8762,7 @@
')
########################################
-@@ -595,6 +627,25 @@
+@@ -595,6 +645,25 @@
files_search_etc($1)
allow $1 etc_aliases_t:file { rw_file_perms setattr };
')
@@ -8661,16 +8790,17 @@
## <summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.0.8/policy/modules/services/mta.te
--- nsaserefpolicy/policy/modules/services/mta.te 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/mta.te 2007-10-29 23:59:29.000000000 -0400
-@@ -6,6 +6,7 @@
++++ serefpolicy-3.0.8/policy/modules/services/mta.te 2007-10-31 07:35:09.000000000 -0400
+@@ -6,6 +6,8 @@
# Declarations
#
++attribute mailcontent_type;
+attribute mailclient_exec_type;
attribute mta_user_agent;
attribute mailserver_delivery;
attribute mailserver_domain;
-@@ -27,6 +28,7 @@
+@@ -27,6 +29,7 @@
type sendmail_exec_t;
application_executable_file(sendmail_exec_t)
@@ -8678,7 +8808,12 @@
mta_base_mail_template(system)
role system_r types system_mail_t;
-@@ -44,23 +46,33 @@
+@@ -40,27 +43,38 @@
+ allow system_mail_t self:capability { dac_override };
+
+ read_files_pattern(system_mail_t,etc_mail_t,etc_mail_t)
++read_files_pattern(system_mail_t,mailcontent_type,mailcontent_type)
+
kernel_read_system_state(system_mail_t)
kernel_read_network_state(system_mail_t)
@@ -8712,7 +8847,7 @@
')
optional_policy(`
-@@ -73,6 +85,7 @@
+@@ -73,6 +87,7 @@
optional_policy(`
cron_read_system_job_tmp_files(system_mail_t)
@@ -11670,6 +11805,18 @@
seutil_sigchld_newrole(soundd_t)
')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.0.8/policy/modules/services/spamassassin.te
+--- nsaserefpolicy/policy/modules/services/spamassassin.te 2007-10-22 13:21:36.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/spamassassin.te 2007-10-31 09:26:27.000000000 -0400
+@@ -81,7 +81,7 @@
+
+ # var/lib files for spamd
+ allow spamd_t spamd_var_lib_t:dir list_dir_perms;
+-read_files_pattern(spamd_t,spamd_var_lib_t,spamd_var_lib_t)
++manage_files_pattern(spamd_t,spamd_var_lib_t,spamd_var_lib_t)
+
+ manage_dirs_pattern(spamd_t, spamd_var_run_t, spamd_var_run_t)
+ manage_files_pattern(spamd_t, spamd_var_run_t, spamd_var_run_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.fc serefpolicy-3.0.8/policy/modules/services/squid.fc
--- nsaserefpolicy/policy/modules/services/squid.fc 2007-10-22 13:21:36.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/services/squid.fc 2007-10-29 23:59:29.000000000 -0400
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/selinux-policy.spec,v
retrieving revision 1.564
retrieving revision 1.565
diff -u -r1.564 -r1.565
--- selinux-policy.spec 30 Oct 2007 21:02:53 -0000 1.564
+++ selinux-policy.spec 31 Oct 2007 13:50:55 -0000 1.565
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.8
-Release: 42%{?dist}
+Release: 43%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -373,6 +373,9 @@
%endif
%changelog
+* Tue Oct 30 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-43
+- Add type definition for /dev/kvm
+
* Tue Oct 30 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-42
- Make tcbdomain
- Allow domain domain:fd use
- Previous message (by thread): rpms/strigi/F-7 strigi-multilib-fix.patch, NONE, 1.1 .cvsignore, 1.3, 1.4 sources, 1.3, 1.4 strigi.spec, 1.4, 1.5
- Next message (by thread): rpms/busybox/devel busybox-1.7.2-sed.patch, 1.1, 1.2 busybox.spec, 1.66, 1.67
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list