rpms/selinux-policy/devel policy-20070703.patch, 1.76, 1.77 selinux-policy.spec, 1.535, 1.536
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Wed Sep 26 22:01:31 UTC 2007
- Previous message (by thread): rpms/bzr-gtk/devel bzr-gtk.spec,1.12,1.13
- Next message (by thread): rpms/setroubleshoot/F-7 .cvsignore, 1.73, 1.74 setroubleshoot.init, 1.9, 1.10 setroubleshoot.spec, 1.88, 1.89 sources, 1.84, 1.85
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21782
Modified Files:
policy-20070703.patch selinux-policy.spec
Log Message:
* Tue Sep 24 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-14
- Allow xdm to talk to input device (fingerprint reader)
- Allow octave to run as java
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20070703.patch,v
retrieving revision 1.76
retrieving revision 1.77
diff -u -r1.76 -r1.77
--- policy-20070703.patch 25 Sep 2007 15:03:25 -0000 1.76
+++ policy-20070703.patch 26 Sep 2007 22:01:27 -0000 1.77
@@ -314,7 +314,7 @@
+/var/lib/alsa(/.*)? gen_context(system_u:object_r:alsa_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.if serefpolicy-3.0.8/policy/modules/admin/alsa.if
--- nsaserefpolicy/policy/modules/admin/alsa.if 2007-05-29 14:10:59.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/admin/alsa.if 2007-09-22 06:43:02.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/admin/alsa.if 2007-09-25 15:03:17.000000000 -0400
@@ -74,3 +74,39 @@
read_files_pattern($1,alsa_etc_rw_t,alsa_etc_rw_t)
read_lnk_files_pattern($1,alsa_etc_rw_t,alsa_etc_rw_t)
@@ -1508,7 +1508,7 @@
application_executable_file(gconfd_exec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-3.0.8/policy/modules/apps/java.fc
--- nsaserefpolicy/policy/modules/apps/java.fc 2007-05-29 14:10:48.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/apps/java.fc 2007-09-20 18:08:22.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/apps/java.fc 2007-09-25 17:13:09.000000000 -0400
@@ -11,6 +11,7 @@
#
/usr/(.*/)?bin/java.* -- gen_context(system_u:object_r:java_exec_t,s0)
@@ -1528,7 +1528,7 @@
+/usr/lib/jvm/java(.*/)bin(/.*)? -- gen_context(system_u:object_r:java_exec_t,s0)
+
+/usr/lib(64)?/openoffice\.org/program/soffice\.bin -- gen_context(system_u:object_r:java_exec_t,s0)
-+
++/usr/bin/octave-[^/]* -- gen_context(system_u:object_r:java_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.0.8/policy/modules/apps/java.if
--- nsaserefpolicy/policy/modules/apps/java.if 2007-08-02 08:17:26.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/apps/java.if 2007-09-20 18:26:14.000000000 -0400
@@ -2565,7 +2565,7 @@
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.0.8/policy/modules/kernel/domain.if
--- nsaserefpolicy/policy/modules/kernel/domain.if 2007-06-19 16:23:34.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/domain.if 2007-09-17 16:20:18.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/kernel/domain.if 2007-09-25 12:10:32.000000000 -0400
@@ -45,6 +45,11 @@
# start with basic domain
domain_base_type($1)
@@ -5117,7 +5117,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.0.8/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2007-09-12 10:34:50.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/cups.te 2007-09-24 14:34:13.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/cups.te 2007-09-25 15:01:58.000000000 -0400
@@ -48,9 +48,7 @@
type hplip_t;
type hplip_exec_t;
@@ -5280,15 +5280,7 @@
seutil_sigchld_newrole(cupsd_t)
')
-@@ -331,6 +355,7 @@
- dev_read_sysfs(cupsd_config_t)
- dev_read_urand(cupsd_config_t)
- dev_read_rand(cupsd_config_t)
-+dev_rw_generic_usb_dev(cupsd_config_t)
-
- fs_getattr_all_fs(cupsd_config_t)
- fs_search_auto_mountpoints(cupsd_config_t)
-@@ -377,6 +402,14 @@
+@@ -377,6 +401,14 @@
')
optional_policy(`
@@ -5303,19 +5295,22 @@
cron_system_entry(cupsd_config_t, cupsd_config_exec_t)
')
-@@ -526,11 +559,6 @@
+@@ -525,11 +557,9 @@
+ allow hplip_t cupsd_etc_t:dir search;
cups_stream_connect(hplip_t)
-
+-
-allow hplip_t hplip_etc_t:dir list_dir_perms;
-read_files_pattern(hplip_t,hplip_etc_t,hplip_etc_t)
-read_lnk_files_pattern(hplip_t,hplip_etc_t,hplip_etc_t)
-files_search_etc(hplip_t)
--
++# For CUPS to run as a backend
++allow cupsd_t hplip_t:process signal;
++allow hplip_t cupsd_t:unix_stream_socket connected_stream_socket_perms;
+
manage_files_pattern(hplip_t,hplip_var_run_t,hplip_var_run_t)
files_pid_filetrans(hplip_t,hplip_var_run_t,file)
-
-@@ -560,7 +588,7 @@
+@@ -560,7 +590,7 @@
dev_read_urand(hplip_t)
dev_read_rand(hplip_t)
dev_rw_generic_usb_dev(hplip_t)
@@ -5324,7 +5319,7 @@
fs_getattr_all_fs(hplip_t)
fs_search_auto_mountpoints(hplip_t)
-@@ -587,8 +615,6 @@
+@@ -587,8 +617,6 @@
userdom_dontaudit_search_sysadm_home_dirs(hplip_t)
userdom_dontaudit_search_all_users_home_content(hplip_t)
@@ -6465,7 +6460,7 @@
+/var/tmp/host_0 -- gen_context(system_u:object_r:krb5_host_rcache_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.0.8/policy/modules/services/kerberos.if
--- nsaserefpolicy/policy/modules/services/kerberos.if 2007-07-03 07:06:27.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/kerberos.if 2007-09-25 11:00:13.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/kerberos.if 2007-09-25 13:08:41.000000000 -0400
@@ -42,6 +42,10 @@
dontaudit $1 krb5_conf_t:file write;
dontaudit $1 krb5kdc_conf_t:dir list_dir_perms;
@@ -6477,7 +6472,7 @@
tunable_policy(`allow_kerberos',`
allow $1 self:tcp_socket create_socket_perms;
-@@ -172,3 +176,47 @@
+@@ -172,3 +176,51 @@
allow $1 krb5kdc_conf_t:file read_file_perms;
')
@@ -6498,11 +6493,15 @@
+ type krb5_host_rcache_t;
+ ')
+
-+ files_search_tmp($1)
-+ allow $1 self:process setfscreate;
-+ selinux_validate_context($1)
-+ seutil_read_file_contexts($1)
-+ allow $1 krb5_host_rcache_t:file manage_file_perms;
++ tunable_policy(`allow_kerberos',`
++ files_search_tmp($1)
++ allow $1 self:process setfscreate;
++ selinux_validate_context($1)
++ seutil_read_file_contexts($1)
++ allow $1 krb5_host_rcache_t:file manage_file_perms;
++ ')
++ # creates files as system_u no matter what the selinux user
++ domain_obj_id_change_exemption($1)
+')
+
+########################################
@@ -7649,7 +7648,7 @@
/usr/lib/postfix/cleanup -- gen_context(system_u:object_r:postfix_cleanup_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.0.8/policy/modules/services/postfix.if
--- nsaserefpolicy/policy/modules/services/postfix.if 2007-07-03 07:06:27.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/postfix.if 2007-09-17 16:20:18.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/postfix.if 2007-09-26 10:26:56.000000000 -0400
@@ -41,6 +41,8 @@
allow postfix_$1_t self:unix_stream_socket connectto;
@@ -7659,7 +7658,16 @@
allow postfix_$1_t postfix_etc_t:dir list_dir_perms;
read_files_pattern(postfix_$1_t,postfix_etc_t,postfix_etc_t)
-@@ -66,6 +68,7 @@
+@@ -56,6 +58,8 @@
+ allow postfix_$1_t postfix_var_run_t:file manage_file_perms;
+ files_pid_filetrans(postfix_$1_t,postfix_var_run_t,file)
+
++ auth_use_nsswitch(postfix_$1_t)
++
+ kernel_read_system_state(postfix_$1_t)
+ kernel_read_network_state(postfix_$1_t)
+ kernel_read_all_sysctls(postfix_$1_t)
+@@ -66,6 +70,7 @@
fs_search_auto_mountpoints(postfix_$1_t)
fs_getattr_xattr_fs(postfix_$1_t)
@@ -7667,19 +7675,19 @@
term_dontaudit_use_console(postfix_$1_t)
-@@ -132,10 +135,8 @@
+@@ -132,11 +137,6 @@
corenet_tcp_connect_all_ports(postfix_$1_t)
corenet_sendrecv_all_client_packets(postfix_$1_t)
- sysnet_read_config(postfix_$1_t)
-
- optional_policy(`
+- optional_policy(`
- nis_use_ypbind(postfix_$1_t)
-+ auth_use_nsswitch(postfix_$1_t)
- ')
+- ')
')
-@@ -269,6 +270,42 @@
+ ########################################
+@@ -269,6 +269,42 @@
########################################
## <summary>
@@ -7722,7 +7730,7 @@
## Do not audit attempts to use
## postfix master process file
## file descriptors.
-@@ -434,6 +471,25 @@
+@@ -434,6 +470,25 @@
########################################
## <summary>
@@ -7748,7 +7756,7 @@
## Execute postfix user mail programs
## in their respective domains.
## </summary>
-@@ -450,3 +506,22 @@
+@@ -450,3 +505,22 @@
typeattribute $1 postfix_user_domtrans;
')
@@ -7773,7 +7781,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.0.8/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/postfix.te 2007-09-25 10:06:53.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/postfix.te 2007-09-26 10:27:53.000000000 -0400
@@ -6,6 +6,14 @@
# Declarations
#
@@ -7813,37 +7821,32 @@
########################################
#
# Postfix master process local policy
-@@ -168,6 +186,11 @@
+@@ -164,10 +182,9 @@
+ # postfix does a "find" on startup for some reason - keep it quiet
+ seutil_dontaudit_search_config(postfix_master_t)
+-sysnet_read_config(postfix_master_t)
+-
mta_rw_aliases(postfix_master_t)
mta_read_sendmail_bin(postfix_master_t)
+term_dontaudit_search_ptys(postfix_master_t)
-+
-+optional_policy(`
-+ auth_use_nsswitch(postfix_master_t)
-+')
optional_policy(`
cyrus_stream_connect(postfix_master_t)
-@@ -179,9 +202,17 @@
+@@ -179,7 +196,11 @@
')
optional_policy(`
+- nis_use_ypbind(postfix_master_t)
+ mysql_stream_connect(postfix_master_t)
+')
+
+optional_policy(`
- nis_use_ypbind(postfix_master_t)
++ sendmail_signal(postfix_master_t)
')
-+optional_policy(`
-+ sendmail_signal(postfix_master_t)
-+')
-+
###########################################################
- #
- # Partially converted rules. THESE ARE ONLY TEMPORARY
-@@ -263,6 +294,8 @@
+@@ -263,6 +284,8 @@
files_read_etc_files(postfix_local_t)
@@ -7852,7 +7855,16 @@
mta_read_aliases(postfix_local_t)
mta_delete_spool(postfix_local_t)
# For reading spamassasin
-@@ -377,7 +410,7 @@
+@@ -336,8 +359,6 @@
+
+ seutil_read_config(postfix_map_t)
+
+-sysnet_read_config(postfix_map_t)
+-
+ tunable_policy(`read_default_t',`
+ files_list_default(postfix_map_t)
+ files_read_default_files(postfix_map_t)
+@@ -377,7 +398,7 @@
# Postfix pipe local policy
#
@@ -7861,7 +7873,7 @@
write_sock_files_pattern(postfix_pipe_t,postfix_private_t,postfix_private_t)
-@@ -386,6 +419,10 @@
+@@ -386,6 +407,10 @@
rw_files_pattern(postfix_pipe_t,postfix_spool_t,postfix_spool_t)
optional_policy(`
@@ -7872,7 +7884,15 @@
procmail_domtrans(postfix_pipe_t)
')
-@@ -426,6 +463,11 @@
+@@ -418,14 +443,17 @@
+ term_dontaudit_use_all_user_ptys(postfix_postdrop_t)
+ term_dontaudit_use_all_user_ttys(postfix_postdrop_t)
+
+-sysnet_dns_name_resolve(postfix_postdrop_t)
+-
+ mta_rw_user_mail_stream_sockets(postfix_postdrop_t)
+
+ optional_policy(`
cron_system_entry(postfix_postdrop_t, postfix_postdrop_exec_t)
')
@@ -7884,7 +7904,23 @@
optional_policy(`
ppp_use_fds(postfix_postqueue_t)
ppp_sigchld(postfix_postqueue_t)
-@@ -505,8 +547,6 @@
+@@ -454,8 +482,6 @@
+ init_sigchld_script(postfix_postqueue_t)
+ init_use_script_fds(postfix_postqueue_t)
+
+-sysnet_dontaudit_read_config(postfix_postqueue_t)
+-
+ ########################################
+ #
+ # Postfix qmgr local policy
+@@ -498,15 +524,11 @@
+ term_use_all_user_ptys(postfix_showq_t)
+ term_use_all_user_ttys(postfix_showq_t)
+
+-sysnet_dns_name_resolve(postfix_showq_t)
+-
+ ########################################
+ #
# Postfix smtp delivery local policy
#
@@ -7893,7 +7929,7 @@
# connect to master process
stream_connect_pattern(postfix_smtp_t,{ postfix_private_t postfix_public_t },{ postfix_private_t postfix_public_t },postfix_master_t)
-@@ -514,6 +554,8 @@
+@@ -514,6 +536,8 @@
allow postfix_smtp_t postfix_spool_t:file rw_file_perms;
@@ -7902,7 +7938,7 @@
optional_policy(`
cyrus_stream_connect(postfix_smtp_t)
')
-@@ -538,9 +580,45 @@
+@@ -538,9 +562,45 @@
mta_read_aliases(postfix_smtpd_t)
optional_policy(`
@@ -8265,8 +8301,17 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.te serefpolicy-3.0.8/policy/modules/services/rlogin.te
--- nsaserefpolicy/policy/modules/services/rlogin.te 2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/rlogin.te 2007-09-22 07:43:42.000000000 -0400
-@@ -64,9 +64,10 @@
++++ serefpolicy-3.0.8/policy/modules/services/rlogin.te 2007-09-25 11:50:50.000000000 -0400
+@@ -36,6 +36,8 @@
+ allow rlogind_t rlogind_devpts_t:chr_file { rw_chr_file_perms setattr };
+ term_create_pty(rlogind_t,rlogind_devpts_t)
+
++domain_interactive_fd(rlogind_t)
++
+ # for /usr/lib/telnetlogin
+ can_exec(rlogind_t, rlogind_exec_t)
+
+@@ -64,9 +66,10 @@
fs_getattr_xattr_fs(rlogind_t)
fs_search_auto_mountpoints(rlogind_t)
@@ -8278,7 +8323,7 @@
files_read_etc_files(rlogind_t)
files_read_etc_runtime_files(rlogind_t)
-@@ -82,21 +83,17 @@
+@@ -82,21 +85,17 @@
miscfiles_read_localization(rlogind_t)
@@ -8702,7 +8747,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.0.8/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/samba.te 2007-09-17 16:20:18.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/samba.te 2007-09-25 17:09:36.000000000 -0400
@@ -137,6 +137,11 @@
type winbind_var_run_t;
files_pid_file(winbind_var_run_t)
@@ -9302,7 +9347,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.0.8/policy/modules/services/setroubleshoot.te
--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2007-09-12 10:34:50.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/setroubleshoot.te 2007-09-17 16:20:18.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/setroubleshoot.te 2007-09-26 11:12:03.000000000 -0400
@@ -67,6 +67,7 @@
corenet_sendrecv_smtp_client_packets(setroubleshootd_t)
@@ -9618,7 +9663,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.0.8/policy/modules/services/ssh.if
--- nsaserefpolicy/policy/modules/services/ssh.if 2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/ssh.if 2007-09-17 16:20:18.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/ssh.if 2007-09-25 12:18:11.000000000 -0400
@@ -202,6 +202,7 @@
#
template(`ssh_per_role_template',`
@@ -9743,8 +9788,8 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/telnet.te serefpolicy-3.0.8/policy/modules/services/telnet.te
--- nsaserefpolicy/policy/modules/services/telnet.te 2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/telnet.te 2007-09-22 07:45:00.000000000 -0400
-@@ -32,7 +32,6 @@
++++ serefpolicy-3.0.8/policy/modules/services/telnet.te 2007-09-25 11:50:42.000000000 -0400
+@@ -32,12 +32,13 @@
allow telnetd_t self:udp_socket create_socket_perms;
# for identd; cjp: this should probably only be inetd_child rules?
allow telnetd_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
@@ -9752,7 +9797,14 @@
allow telnetd_t self:capability { setuid setgid };
allow telnetd_t telnetd_devpts_t:chr_file { rw_chr_file_perms setattr };
-@@ -62,10 +61,12 @@
+ term_create_pty(telnetd_t,telnetd_devpts_t)
+
++domain_interactive_fd(telnetd_t)
++
+ manage_dirs_pattern(telnetd_t,telnetd_tmp_t,telnetd_tmp_t)
+ manage_files_pattern(telnetd_t,telnetd_tmp_t,telnetd_tmp_t)
+ files_tmp_filetrans(telnetd_t, telnetd_tmp_t, { file dir })
+@@ -62,10 +63,12 @@
fs_getattr_xattr_fs(telnetd_t)
@@ -9765,7 +9817,7 @@
files_read_etc_files(telnetd_t)
files_read_etc_runtime_files(telnetd_t)
# for identd; cjp: this should probably only be inetd_child rules?
-@@ -80,27 +81,26 @@
+@@ -80,27 +83,26 @@
miscfiles_read_localization(telnetd_t)
@@ -10272,7 +10324,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.0.8/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2007-08-22 07:14:07.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/xserver.te 2007-09-21 19:21:31.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/xserver.te 2007-09-26 09:40:50.000000000 -0400
@@ -16,6 +16,13 @@
## <desc>
@@ -10317,7 +10369,15 @@
corenet_tcp_connect_all_ports(xdm_t)
corenet_sendrecv_all_client_packets(xdm_t)
# xdm tries to bind to biff_port_t
-@@ -246,6 +259,7 @@
+@@ -197,6 +210,7 @@
+ dev_getattr_mouse_dev(xdm_t)
+ dev_setattr_mouse_dev(xdm_t)
+ dev_rw_apm_bios(xdm_t)
++dev_rw_input_dev(xdm_t)
+ dev_setattr_apm_bios_dev(xdm_t)
+ dev_rw_dri(xdm_t)
+ dev_rw_agp(xdm_t)
+@@ -246,6 +260,7 @@
auth_domtrans_pam_console(xdm_t)
auth_manage_pam_pid(xdm_t)
auth_manage_pam_console_data(xdm_t)
@@ -10325,7 +10385,7 @@
auth_rw_faillog(xdm_t)
auth_write_login_records(xdm_t)
-@@ -257,6 +271,7 @@
+@@ -257,6 +272,7 @@
libs_exec_lib_files(xdm_t)
logging_read_generic_logs(xdm_t)
@@ -10333,7 +10393,7 @@
miscfiles_read_localization(xdm_t)
miscfiles_read_fonts(xdm_t)
-@@ -268,9 +283,14 @@
+@@ -268,9 +284,14 @@
userdom_create_all_users_keys(xdm_t)
# for .dmrc
userdom_read_unpriv_users_home_content_files(xdm_t)
@@ -10348,7 +10408,7 @@
xserver_rw_session_template(xdm,xdm_t,xdm_tmpfs_t)
-@@ -306,6 +326,11 @@
+@@ -306,6 +327,11 @@
optional_policy(`
consolekit_dbus_chat(xdm_t)
@@ -10360,7 +10420,7 @@
')
optional_policy(`
-@@ -348,12 +373,8 @@
+@@ -348,12 +374,8 @@
')
optional_policy(`
@@ -10374,7 +10434,7 @@
ifdef(`distro_rhel4',`
allow xdm_t self:process { execheap execmem };
-@@ -385,7 +406,7 @@
+@@ -385,7 +407,7 @@
allow xdm_xserver_t xdm_var_lib_t:file { getattr read };
dontaudit xdm_xserver_t xdm_var_lib_t:dir search;
@@ -10383,7 +10443,7 @@
# Label pid and temporary files with derived types.
manage_files_pattern(xdm_xserver_t,xdm_tmp_t,xdm_tmp_t)
-@@ -425,6 +446,10 @@
+@@ -425,6 +447,10 @@
')
optional_policy(`
@@ -10394,7 +10454,7 @@
resmgr_stream_connect(xdm_t)
')
-@@ -434,47 +459,20 @@
+@@ -434,47 +460,20 @@
')
optional_policy(`
@@ -13472,12 +13532,13 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.0.8/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2007-09-12 10:34:51.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/udev.te 2007-09-22 06:43:22.000000000 -0400
-@@ -184,6 +184,10 @@
++++ serefpolicy-3.0.8/policy/modules/system/udev.te 2007-09-25 15:03:25.000000000 -0400
+@@ -184,6 +184,11 @@
')
optional_policy(`
+ alsa_search_lib(udev_t)
++ alsa_read_lib(udev_t)
+')
+
+optional_policy(`
@@ -15559,7 +15620,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.0.8/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/xen.te 2007-09-17 16:20:18.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/xen.te 2007-09-25 15:21:46.000000000 -0400
@@ -45,9 +45,7 @@
type xenstored_t;
@@ -15679,15 +15740,24 @@
corenet_tcp_sendrecv_generic_if(xm_t)
corenet_tcp_sendrecv_all_nodes(xm_t)
-@@ -353,6 +355,7 @@
+@@ -351,8 +353,11 @@
+
+ storage_raw_read_fixed_disk(xm_t)
++fs_getattr_all_fs(xm_t)
++
term_use_all_terms(xm_t)
+init_stream_connect_script(xm_t)
init_rw_script_stream_sockets(xm_t)
init_use_fds(xm_t)
-@@ -366,3 +369,14 @@
+@@ -363,6 +368,19 @@
+
+ sysnet_read_config(xm_t)
+
++userdom_dontaudit_search_sysadm_home_dirs(xm_t)
++
xen_append_log(xm_t)
xen_stream_connect(xm_t)
xen_stream_connect_xenstore(xm_t)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.535
retrieving revision 1.536
diff -u -r1.535 -r1.536
--- selinux-policy.spec 25 Sep 2007 14:20:38 -0000 1.535
+++ selinux-policy.spec 26 Sep 2007 22:01:27 -0000 1.536
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.8
-Release: 13%{?dist}
+Release: 14%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -365,6 +365,10 @@
%endif
%changelog
+* Tue Sep 24 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-14
+- Allow xdm to talk to input device (fingerprint reader)
+- Allow octave to run as java
+
* Tue Sep 24 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-13
- Allow login programs to set ioctl on /proc
- Previous message (by thread): rpms/bzr-gtk/devel bzr-gtk.spec,1.12,1.13
- Next message (by thread): rpms/setroubleshoot/F-7 .cvsignore, 1.73, 1.74 setroubleshoot.init, 1.9, 1.10 setroubleshoot.spec, 1.88, 1.89 sources, 1.84, 1.85
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list