rpms/selinux-policy/F-7 policy-20070501.patch,1.54,1.55
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Tue Sep 11 15:56:06 UTC 2007
- Previous message (by thread): rpms/suck/devel README.Fedora, 1.2, 1.3 suck-4.3.2-samples.patch, 1.1, 1.2 suck.spec, 1.13, 1.14
- Next message (by thread): rpms/selinux-policy/devel policy-20070703.patch, 1.53, 1.54 selinux-policy.spec, 1.519, 1.520
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14645
Modified Files:
policy-20070501.patch
Log Message:
* Mon Sep 10 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-42
- Allow modprobe to setsched on kernel
policy-20070501.patch:
Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.54
retrieving revision 1.55
diff -u -r1.54 -r1.55
--- policy-20070501.patch 11 Sep 2007 14:08:33 -0000 1.54
+++ policy-20070501.patch 11 Sep 2007 15:56:03 -0000 1.55
@@ -1713,8 +1713,53 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.if.in serefpolicy-2.6.4/policy/modules/kernel/corenetwork.if.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.if.in 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/corenetwork.if.in 2007-08-07 09:42:35.000000000 -0400
-@@ -2061,3 +2061,61 @@
++++ serefpolicy-2.6.4/policy/modules/kernel/corenetwork.if.in 2007-09-11 11:35:53.000000000 -0400
+@@ -1449,6 +1449,44 @@
+
+ ########################################
+ ## <summary>
++## Connect TCP sockets to rpc ports.
++## </summary>
++## <param name="domain">
++## <summary>
++## The type of the process performing this action.
++## </summary>
++## </param>
++#
++interface(`corenet_tcp_connect_all_rpc_ports',`
++ gen_require(`
++ attribute rpc_port_type;
++ ')
++
++ allow $1 rpc_port_type:tcp_socket name_connect;
++')
++
++########################################
++## <summary>
++## Do not audit attempts to connect TCP sockets
++## all rpc ports.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain to not audit.
++## </summary>
++## </param>
++#
++interface(`corenet_dontaudit_tcp_connect_all_rpc_ports',`
++ gen_require(`
++ attribute rpc_port_type;
++ ')
++
++ dontaudit $1 rpc_port_type:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
+ ## Read and write the TUN/TAP virtual network device.
+ ## </summary>
+ ## <param name="domain">
+@@ -2061,3 +2099,61 @@
typeattribute $1 corenet_unconfined_type;
')
- Previous message (by thread): rpms/suck/devel README.Fedora, 1.2, 1.3 suck-4.3.2-samples.patch, 1.1, 1.2 suck.spec, 1.13, 1.14
- Next message (by thread): rpms/selinux-policy/devel policy-20070703.patch, 1.53, 1.54 selinux-policy.spec, 1.519, 1.520
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list