rpms/selinux-policy/F-8 policy-20070703.patch,1.204,1.205
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Tue Apr 22 20:00:51 UTC 2008
- Previous message (by thread): rpms/pam/devel pam-1.0.1-selinux-restore-execcon.patch, NONE, 1.1 pam.spec, 1.177, 1.178
- Next message (by thread): rpms/selinux-policy/F-9 policy-20071130.patch, 1.128, 1.129 booleans-strict.conf, 1.6, NONE modules-strict.conf, 1.30, NONE policy-init.patch, 1.1, NONE policy-udev_tbl.patch, 1.1, NONE securetty_types-strict, 1.1, NONE setrans-strict.conf, 1.2, NONE seusers-strict, 1.3, NONE users_extra-strict, 1.1, NONE xm.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21769
Modified Files:
policy-20070703.patch
Log Message:
* Thu Apr 17 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-101
- Allow nfs to look at all filesystem directories
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.204
retrieving revision 1.205
diff -u -r1.204 -r1.205
--- policy-20070703.patch 22 Apr 2008 19:32:11 -0000 1.204
+++ policy-20070703.patch 22 Apr 2008 20:00:15 -0000 1.205
@@ -4675,7 +4675,7 @@
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.0.8/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2007-10-22 13:21:41.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/corenetwork.te.in 2008-04-04 16:11:03.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/kernel/corenetwork.te.in 2008-04-22 15:54:37.341464000 -0400
@@ -55,6 +55,11 @@
type reserved_port_t, port_type, reserved_port_type;
@@ -4688,15 +4688,18 @@
# server_packet_t is the default type of IPv4 and IPv6 server packets.
#
type server_packet_t, packet_type, server_packet_type;
-@@ -67,6 +72,7 @@
+@@ -67,8 +72,10 @@
network_port(amanda, udp,10080,s0, tcp,10080,s0, udp,10081,s0, tcp,10081,s0, tcp,10082,s0, tcp,10083,s0)
network_port(amavisd_recv, tcp,10024,s0)
network_port(amavisd_send, tcp,10025,s0)
+network_port(aol, udp,5190,s0, tcp,5190,s0, udp,5191,s0, tcp,5191,s0, udp,5192,s0, tcp,5192,s0, udp,5193,s0, tcp,5193,s0)
network_port(apcupsd, tcp,3551,s0, udp,3551,s0)
network_port(asterisk, tcp,1720,s0, udp,2427,s0, udp,2727,s0, udp,4569,s0, udp,5060,s0)
++network_port(audit, tcp,60,s0)
network_port(auth, tcp,113,s0)
-@@ -93,27 +99,34 @@
+ network_port(bgp, tcp,179,s0, udp,179,s0, tcp,2605,s0, udp,2605,s0)
+ type biff_port_t, port_type, reserved_port_type; dnl network_port(biff) # no defined portcon in current strict
+@@ -93,27 +100,34 @@
network_port(http_cache, tcp,3128,s0, udp,3130,s0, tcp,8080,s0, tcp,8118,s0) # 8118 is for privoxy
network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0, tcp,8443,s0) #8443 is mod_nss default port
network_port(howl, tcp,5335,s0, udp,5353,s0)
@@ -4735,7 +4738,7 @@
network_port(nessus, tcp,1241,s0)
network_port(netsupport, tcp,5405,s0, udp,5405,s0)
network_port(nmbd, udp,137,s0, udp,138,s0)
-@@ -122,10 +135,12 @@
+@@ -122,10 +136,12 @@
network_port(openvpn, tcp,1194,s0, udp,1194,s0)
network_port(pegasus_http, tcp,5988,s0)
network_port(pegasus_https, tcp,5989,s0)
@@ -4748,7 +4751,7 @@
network_port(printer, tcp,515,s0)
network_port(ptal, tcp,5703,s0)
network_port(pxe, udp,4011,s0)
-@@ -137,16 +152,16 @@
+@@ -137,16 +153,16 @@
network_port(ricci_modcluster, tcp,16851,s0, udp,16851,s0)
network_port(rlogind, tcp,513,s0)
network_port(rndc, tcp,953,s0)
@@ -4768,7 +4771,7 @@
type socks_port_t, port_type; dnl network_port(socks) # no defined portcon
type stunnel_port_t, port_type; dnl network_port(stunnel) # no defined portcon in current strict
network_port(squid, udp,3401,s0, tcp,3401,s0, udp,4827,s0, tcp,4827,s0) # snmp and htcp
-@@ -160,13 +175,20 @@
+@@ -160,13 +176,20 @@
type utcpserver_port_t, port_type; dnl network_port(utcpserver) # no defined portcon
network_port(uucpd, tcp,540,s0)
network_port(vnc, tcp,5900,s0)
@@ -5390,7 +5393,7 @@
/usr/src/kernels/.+/lib(/.*)? gen_context(system_u:object_r:usr_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.0.8/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2007-10-22 13:21:41.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/files.if 2008-04-04 16:11:03.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/kernel/files.if 2008-04-21 16:41:56.920656000 -0400
@@ -343,8 +343,7 @@
########################################
@@ -5673,7 +5676,7 @@
## Read all tmp files.
## </summary>
## <param name="domain">
-@@ -3323,6 +3439,42 @@
+@@ -3323,6 +3439,60 @@
########################################
## <summary>
@@ -5695,6 +5698,24 @@
+
+########################################
+## <summary>
++## dontaudit write of /usr files
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`files_dontaudit_write_usr_files',`
++ gen_require(`
++ type usr_t;
++ ')
++
++ dontaudit $1 usr_t:file write;
++')
++
++########################################
++## <summary>
+## Create, read, write, and delete files in the /usr directory.
+## </summary>
+## <param name="domain">
@@ -5716,7 +5737,7 @@
## Get the attributes of files in /usr.
## </summary>
## <param name="domain">
-@@ -3381,7 +3533,7 @@
+@@ -3381,7 +3551,7 @@
########################################
## <summary>
@@ -5725,7 +5746,7 @@
## </summary>
## <param name="domain">
## <summary>
-@@ -3389,17 +3541,17 @@
+@@ -3389,17 +3559,17 @@
## </summary>
## </param>
#
@@ -5746,7 +5767,7 @@
## </summary>
## <param name="domain">
## <summary>
-@@ -3407,12 +3559,12 @@
+@@ -3407,12 +3577,12 @@
## </summary>
## </param>
#
@@ -5761,7 +5782,7 @@
')
########################################
-@@ -4043,7 +4195,7 @@
+@@ -4043,7 +4213,7 @@
type var_t, var_lock_t;
')
@@ -5770,7 +5791,7 @@
')
########################################
-@@ -4285,6 +4437,25 @@
+@@ -4285,6 +4455,25 @@
########################################
## <summary>
@@ -5796,7 +5817,7 @@
## Do not audit attempts to write to daemon runtime data files.
## </summary>
## <param name="domain">
-@@ -4560,6 +4731,8 @@
+@@ -4560,6 +4749,8 @@
# Need to give access to /selinux/member
selinux_compute_member($1)
@@ -5805,7 +5826,7 @@
# Need sys_admin capability for mounting
allow $1 self:capability { chown fsetid sys_admin };
-@@ -4582,6 +4755,11 @@
+@@ -4582,6 +4773,11 @@
# Default type for mountpoints
allow $1 poly_t:dir { create mounton };
fs_unmount_xattr_fs($1)
@@ -5817,7 +5838,7 @@
')
########################################
-@@ -4619,3 +4797,28 @@
+@@ -4619,3 +4815,28 @@
allow $1 { file_type -security_file_type }:dir manage_dir_perms;
')
@@ -10635,7 +10656,7 @@
+/var/run/fail2ban\.sock -s gen_context(system_u:object_r:fail2ban_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-3.0.8/policy/modules/services/fail2ban.te
--- nsaserefpolicy/policy/modules/services/fail2ban.te 2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/fail2ban.te 2008-04-04 16:11:03.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/fail2ban.te 2008-04-21 16:05:47.948344000 -0400
@@ -1,5 +1,5 @@
-policy_module(fail2ban,1.0.0)
@@ -10663,7 +10684,7 @@
kernel_read_system_state(fail2ban_t)
-@@ -46,15 +47,25 @@
+@@ -46,15 +47,26 @@
domain_use_interactive_fds(fail2ban_t)
files_read_etc_files(fail2ban_t)
@@ -10673,6 +10694,7 @@
+files_search_var_lib(fail2ban_t)
+
+fs_list_inotifyfs(fail2ban_t)
++fs_getattr_all_fs(fail2ban_t)
+
+auth_use_nsswitch(fail2ban_t)
+corenet_tcp_connect_whois_port(fail2ban_t)
@@ -10690,7 +10712,7 @@
optional_policy(`
apache_read_log(fail2ban_t)
')
-@@ -64,5 +75,11 @@
+@@ -64,5 +76,11 @@
')
optional_policy(`
@@ -21110,7 +21132,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-3.0.8/policy/modules/system/miscfiles.if
--- nsaserefpolicy/policy/modules/system/miscfiles.if 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/miscfiles.if 2008-04-04 16:11:03.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/miscfiles.if 2008-04-21 16:59:26.254295000 -0400
@@ -57,6 +57,26 @@
## </param>
## <rolecap/>
@@ -21147,6 +21169,30 @@
delete_dirs_pattern($1,man_t,man_t)
delete_files_pattern($1,man_t,man_t)
delete_lnk_files_pattern($1,man_t,man_t)
+@@ -467,3 +489,23 @@
+ manage_lnk_files_pattern($1,locale_t,locale_t)
+ ')
+
++########################################
++## <summary>
++## dontaudit_attempts to write locale files
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <rolecap/>
++#
++interface(`miscfiles_dontaudit_write_locale',`
++ gen_require(`
++ type locale_t;
++ ')
++
++ dontaudit $1 locale_t:dir write;
++ dontaudit $1 locale_t:file write;
++')
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.if serefpolicy-3.0.8/policy/modules/system/modutils.if
--- nsaserefpolicy/policy/modules/system/modutils.if 2007-10-22 13:21:40.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/system/modutils.if 2008-04-04 16:11:03.000000000 -0400
- Previous message (by thread): rpms/pam/devel pam-1.0.1-selinux-restore-execcon.patch, NONE, 1.1 pam.spec, 1.177, 1.178
- Next message (by thread): rpms/selinux-policy/F-9 policy-20071130.patch, 1.128, 1.129 booleans-strict.conf, 1.6, NONE modules-strict.conf, 1.30, NONE policy-init.patch, 1.1, NONE policy-udev_tbl.patch, 1.1, NONE securetty_types-strict, 1.1, NONE setrans-strict.conf, 1.2, NONE seusers-strict, 1.3, NONE users_extra-strict, 1.1, NONE xm.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list