rpms/selinux-policy/devel policy-20070703.patch, 1.50, 1.51 selinux-policy.spec, 1.517, 1.518
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Fri Sep 7 20:10:11 UTC 2007
- Previous message (by thread): rpms/java-1.7.0-icedtea/devel .cvsignore, 1.2, 1.3 Makefile, 1.1, 1.2 java-1.7.0-icedtea-makefile.patch, 1.1, 1.2 java-1.7.0-icedtea.spec, 1.3, 1.4 sources, 1.2, 1.3 generate-cacerts.pl, 1.1, NONE
- Next message (by thread): rpms/gtk2/devel workaround.patch,NONE,1.1 gtk2.spec,1.253,1.254
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24599
Modified Files:
policy-20070703.patch selinux-policy.spec
Log Message:
* Fri Sep 7 2007 Dan Walsh <dwalsh at redhat.com> 3.0.7-7
- Turn off direct transition
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20070703.patch,v
retrieving revision 1.50
retrieving revision 1.51
diff -u -r1.50 -r1.51
--- policy-20070703.patch 7 Sep 2007 19:03:11 -0000 1.50
+++ policy-20070703.patch 7 Sep 2007 20:10:07 -0000 1.51
@@ -12734,7 +12734,7 @@
/tmp/gconfd-USER -d gen_context(system_u:object_r:ROLE_tmp_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.7/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-08-27 09:18:17.000000000 -0400
-+++ serefpolicy-3.0.7/policy/modules/system/userdomain.if 2007-09-06 15:43:06.000000000 -0400
++++ serefpolicy-3.0.7/policy/modules/system/userdomain.if 2007-09-07 15:05:57.000000000 -0400
@@ -45,7 +45,7 @@
type $1_tty_device_t;
term_user_tty($1_t,$1_tty_device_t)
@@ -13106,7 +13106,7 @@
samba_stream_connect_winbind($1_t)
')
-@@ -954,21 +881,162 @@
+@@ -954,21 +881,163 @@
## </summary>
## </param>
#
@@ -13166,6 +13166,7 @@
+ dontaudit $1_t self:capability { sys_nice fsetid };
+
+ allow $1_t self:process ~{ setcurrent setexec setrlimit execmem execstack execheap };
++ dontaudit $1_t self:process setrlimit;
+ dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
+
+ allow $1_t self:context contains;
@@ -13275,7 +13276,7 @@
domain_interactive_fd($1_t)
typeattribute $1_devpts_t user_ptynode;
-@@ -977,23 +1045,51 @@
+@@ -977,23 +1046,51 @@
typeattribute $1_tmp_t user_tmpfile;
typeattribute $1_tty_device_t user_ttynode;
@@ -13338,7 +13339,7 @@
# port access is audited even if dac would not have allowed it, so dontaudit it here
corenet_dontaudit_tcp_bind_all_reserved_ports($1_t)
-@@ -1029,15 +1125,7 @@
+@@ -1029,15 +1126,7 @@
# and may change other protocols
tunable_policy(`user_tcp_server',`
corenet_tcp_bind_all_nodes($1_t)
@@ -13355,7 +13356,7 @@
')
optional_policy(`
-@@ -1054,17 +1142,6 @@
+@@ -1054,17 +1143,6 @@
setroubleshoot_stream_connect($1_t)
')
@@ -13373,7 +13374,7 @@
')
#######################################
-@@ -1102,6 +1179,8 @@
+@@ -1102,6 +1180,8 @@
class passwd { passwd chfn chsh rootok crontab };
')
@@ -13382,7 +13383,7 @@
##############################
#
# Declarations
-@@ -1127,7 +1206,7 @@
+@@ -1127,7 +1207,7 @@
# $1_t local policy
#
@@ -13391,7 +13392,7 @@
allow $1_t self:process { setexec setfscreate };
# Set password information for other users.
-@@ -1139,7 +1218,11 @@
+@@ -1139,7 +1219,11 @@
# Manipulate other users crontab.
allow $1_t self:passwd crontab;
@@ -13404,7 +13405,7 @@
kernel_read_software_raid_state($1_t)
kernel_getattr_core_if($1_t)
-@@ -1856,17 +1939,53 @@
+@@ -1856,17 +1940,53 @@
## </summary>
## </param>
#
@@ -13462,7 +13463,7 @@
## in a user home subdirectory.
## </summary>
## <desc>
-@@ -1891,13 +2010,12 @@
+@@ -1891,13 +2011,12 @@
## </summary>
## </param>
#
@@ -13479,7 +13480,7 @@
')
########################################
-@@ -3078,7 +3196,7 @@
+@@ -3078,7 +3197,7 @@
#
template(`userdom_tmp_filetrans_user_tmp',`
gen_require(`
@@ -13488,7 +13489,7 @@
')
files_tmp_filetrans($2,$1_tmp_t,$3)
-@@ -4615,6 +4733,24 @@
+@@ -4615,6 +4734,24 @@
files_list_home($1)
allow $1 home_dir_type:dir search_dir_perms;
')
@@ -13513,7 +13514,7 @@
########################################
## <summary>
-@@ -5323,7 +5459,7 @@
+@@ -5323,7 +5460,7 @@
attribute user_tmpfile;
')
@@ -13522,7 +13523,7 @@
')
########################################
-@@ -5559,3 +5695,299 @@
+@@ -5559,3 +5696,299 @@
interface(`userdom_unconfined',`
refpolicywarn(`$0($*) has been deprecated.')
')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.517
retrieving revision 1.518
diff -u -r1.517 -r1.518
--- selinux-policy.spec 7 Sep 2007 19:03:11 -0000 1.517
+++ selinux-policy.spec 7 Sep 2007 20:10:07 -0000 1.518
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.7
-Release: 6%{?dist}
+Release: 7%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -194,8 +194,8 @@
%if %{BUILD_TARGETED}
# Build targeted policy
# Commented out because only targeted ref policy currently builds
-%setupCmds targeted mcs y y
-%installCmds targeted mcs y y
+%setupCmds targeted mcs n y
+%installCmds targeted mcs n y
%endif
%if %{BUILD_MLS}
@@ -207,8 +207,8 @@
%if %{BUILD_OLPC}
# Build targeted policy
# Commented out because only targeted ref policy currently builds
-%setupCmds olpc mcs y y
-%installCmds olpc mcs y y
+%setupCmds olpc mcs n y
+%installCmds olpc mcs n y
%endif
make NAME=targeted TYPE=targeted-mcs DISTRO=%{distro} DIRECT_INITRC=n MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} POLY=y MLS_CATS=1024 MCS_CATS=1024 install-headers install-docs
@@ -362,6 +362,9 @@
%endif
%changelog
+* Fri Sep 7 2007 Dan Walsh <dwalsh at redhat.com> 3.0.7-7
+- Turn off direct transition
+
* Fri Sep 7 2007 Dan Walsh <dwalsh at redhat.com> 3.0.7-6
- Allow wine to run in system role
- Previous message (by thread): rpms/java-1.7.0-icedtea/devel .cvsignore, 1.2, 1.3 Makefile, 1.1, 1.2 java-1.7.0-icedtea-makefile.patch, 1.1, 1.2 java-1.7.0-icedtea.spec, 1.3, 1.4 sources, 1.2, 1.3 generate-cacerts.pl, 1.1, NONE
- Next message (by thread): rpms/gtk2/devel workaround.patch,NONE,1.1 gtk2.spec,1.253,1.254
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list