rpms/selinux-policy/devel .cvsignore, 1.142, 1.143 policy-20080710.patch, 1.12, 1.13 selinux-policy.spec, 1.694, 1.695 sources, 1.157, 1.158
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Thu Aug 7 20:06:27 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3776
Modified Files:
.cvsignore policy-20080710.patch selinux-policy.spec sources
Log Message:
* Thu Aug 7 2008 Dan Walsh <dwalsh at redhat.com> 3.5.3-1
- Update to upstream
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/.cvsignore,v
retrieving revision 1.142
retrieving revision 1.143
diff -u -r1.142 -r1.143
--- .cvsignore 7 Aug 2008 12:22:07 -0000 1.142
+++ .cvsignore 7 Aug 2008 20:05:57 -0000 1.143
@@ -144,3 +144,4 @@
serefpolicy-3.4.2.tgz
serefpolicy-3.5.1.tgz
serefpolicy-3.5.2.tgz
+serefpolicy-3.5.3.tgz
policy-20080710.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.12 -r 1.13 policy-20080710.patch
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080710.patch,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- policy-20080710.patch 7 Aug 2008 12:22:07 -0000 1.12
+++ policy-20080710.patch 7 Aug 2008 20:05:57 -0000 1.13
@@ -1,5 +1,5 @@
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.5.2/Makefile
---- nsaserefpolicy/Makefile 2008-08-05 11:42:20.000000000 -0400
+--- nsaserefpolicy/Makefile 2008-08-07 11:15:00.000000000 -0400
+++ serefpolicy-3.5.2/Makefile 2008-08-06 16:19:00.000000000 -0400
@@ -311,20 +311,22 @@
@@ -46,7 +46,7 @@
@mkdir -p $(appdir)
$(verbose) $(INSTALL) -m 644 $< $@
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.5.2/Rules.modular
---- nsaserefpolicy/Rules.modular 2008-08-05 11:42:22.000000000 -0400
+--- nsaserefpolicy/Rules.modular 2008-08-07 11:15:00.000000000 -0400
+++ serefpolicy-3.5.2/Rules.modular 2008-08-06 16:19:00.000000000 -0400
@@ -73,8 +73,8 @@
$(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
@@ -78,7 +78,7 @@
$(tmpdir)/all_te_files.conf: M4PARAM += -D self_contained_policy
$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(tmpdir)/rolemap.conf
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.5.2/config/appconfig-mcs/default_contexts
---- nsaserefpolicy/config/appconfig-mcs/default_contexts 2008-08-05 11:42:20.000000000 -0400
+--- nsaserefpolicy/config/appconfig-mcs/default_contexts 2008-08-07 11:15:14.000000000 -0400
+++ serefpolicy-3.5.2/config/appconfig-mcs/default_contexts 2008-08-06 16:19:00.000000000 -0400
@@ -2,7 +2,7 @@
system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
@@ -90,7 +90,7 @@
staff_r:staff_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.5.2/config/appconfig-mcs/failsafe_context
---- nsaserefpolicy/config/appconfig-mcs/failsafe_context 2008-08-05 11:42:20.000000000 -0400
+--- nsaserefpolicy/config/appconfig-mcs/failsafe_context 2008-08-07 11:15:14.000000000 -0400
+++ serefpolicy-3.5.2/config/appconfig-mcs/failsafe_context 2008-08-06 16:19:00.000000000 -0400
@@ -1 +1 @@
-sysadm_r:sysadm_t:s0
@@ -104,7 +104,7 @@
+system_r:sshd_t:s0 guest_r:guest_t:s0
+system_r:crond_t:s0 guest_r:guest_crond_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.5.2/config/appconfig-mcs/root_default_contexts
---- nsaserefpolicy/config/appconfig-mcs/root_default_contexts 2008-08-05 11:42:20.000000000 -0400
+--- nsaserefpolicy/config/appconfig-mcs/root_default_contexts 2008-08-07 11:15:14.000000000 -0400
+++ serefpolicy-3.5.2/config/appconfig-mcs/root_default_contexts 2008-08-06 16:19:00.000000000 -0400
@@ -1,11 +1,7 @@
system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
@@ -120,7 +120,7 @@
-#system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.5.2/config/appconfig-mcs/userhelper_context
---- nsaserefpolicy/config/appconfig-mcs/userhelper_context 2008-08-05 11:42:20.000000000 -0400
+--- nsaserefpolicy/config/appconfig-mcs/userhelper_context 2008-08-07 11:15:14.000000000 -0400
+++ serefpolicy-3.5.2/config/appconfig-mcs/userhelper_context 2008-08-06 16:19:00.000000000 -0400
@@ -1 +1 @@
-system_u:sysadm_r:sysadm_t:s0
@@ -151,7 +151,7 @@
+system_r:sshd_t guest_r:guest_t
+system_r:crond_t guest_r:guest_crond_t
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/root_default_contexts serefpolicy-3.5.2/config/appconfig-standard/root_default_contexts
---- nsaserefpolicy/config/appconfig-standard/root_default_contexts 2008-08-05 11:42:20.000000000 -0400
+--- nsaserefpolicy/config/appconfig-standard/root_default_contexts 2008-08-07 11:15:14.000000000 -0400
+++ serefpolicy-3.5.2/config/appconfig-standard/root_default_contexts 2008-08-06 16:19:00.000000000 -0400
@@ -1,11 +1,7 @@
system_r:crond_t unconfined_r:unconfined_t sysadm_r:sysadm_crond_t staff_r:staff_crond_t user_r:user_crond_t
@@ -176,7 +176,7 @@
+system_r:crond_t xguest_r:xguest_crond_t
+system_r:xdm_t xguest_r:xguest_t
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 serefpolicy-3.5.2/man/man8/ftpd_selinux.8
---- nsaserefpolicy/man/man8/ftpd_selinux.8 2008-08-05 11:42:20.000000000 -0400
+--- nsaserefpolicy/man/man8/ftpd_selinux.8 2008-08-07 11:15:14.000000000 -0400
+++ serefpolicy-3.5.2/man/man8/ftpd_selinux.8 2008-08-06 16:19:00.000000000 -0400
@@ -1,52 +1,65 @@
-.TH "ftpd_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "ftpd Selinux Policy documentation"
@@ -283,7 +283,7 @@
+selinux(8), ftpd(8), setsebool(8), semanage(8), restorecon(8)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/httpd_selinux.8 serefpolicy-3.5.2/man/man8/httpd_selinux.8
---- nsaserefpolicy/man/man8/httpd_selinux.8 2008-08-05 11:42:20.000000000 -0400
+--- nsaserefpolicy/man/man8/httpd_selinux.8 2008-08-07 11:15:14.000000000 -0400
+++ serefpolicy-3.5.2/man/man8/httpd_selinux.8 2008-08-06 16:19:00.000000000 -0400
@@ -22,23 +22,19 @@
.EX
@@ -315,7 +315,7 @@
httpd_unconfined_script_exec_t
.EE
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.5.2/policy/global_tunables
---- nsaserefpolicy/policy/global_tunables 2008-08-05 11:42:22.000000000 -0400
+--- nsaserefpolicy/policy/global_tunables 2008-08-07 11:15:13.000000000 -0400
+++ serefpolicy-3.5.2/policy/global_tunables 2008-08-06 16:19:00.000000000 -0400
@@ -34,7 +34,7 @@
@@ -356,7 +356,7 @@
+
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-3.5.2/policy/modules/admin/alsa.te
---- nsaserefpolicy/policy/modules/admin/alsa.te 2008-08-05 11:42:22.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/alsa.te 2008-08-07 11:15:13.000000000 -0400
+++ serefpolicy-3.5.2/policy/modules/admin/alsa.te 2008-08-06 16:19:00.000000000 -0400
@@ -51,6 +51,8 @@
@@ -367,42 +367,10 @@
libs_use_ld_so(alsa_t)
libs_use_shared_libs(alsa_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.fc serefpolicy-3.5.2/policy/modules/admin/amanda.fc
---- nsaserefpolicy/policy/modules/admin/amanda.fc 2008-08-05 11:42:22.000000000 -0400
-+++ serefpolicy-3.5.2/policy/modules/admin/amanda.fc 2008-08-06 16:19:00.000000000 -0400
-@@ -3,6 +3,7 @@
- /etc/amanda/.*/tapelist(/.*)? gen_context(system_u:object_r:amanda_data_t,s0)
- /etc/amandates gen_context(system_u:object_r:amanda_amandates_t,s0)
- /etc/dumpdates gen_context(system_u:object_r:amanda_dumpdates_t,s0)
-+/etc/amanda/.*/index(/.*)? gen_context(system_u:object_r:amanda_data_t,s0)
-
- /root/restore -d gen_context(system_u:object_r:amanda_recover_dir_t,s0)
-
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-3.5.2/policy/modules/admin/amanda.te
---- nsaserefpolicy/policy/modules/admin/amanda.te 2008-08-05 11:42:22.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/amanda.te 2008-08-07 11:15:13.000000000 -0400
+++ serefpolicy-3.5.2/policy/modules/admin/amanda.te 2008-08-06 16:19:00.000000000 -0400
-@@ -82,8 +82,9 @@
- allow amanda_t amanda_config_t:file { getattr read };
-
- # access to amandas data structure
--allow amanda_t amanda_data_t:dir { read search write };
--allow amanda_t amanda_data_t:file manage_file_perms;
-+manage_dirs_pattern(amanda_t, amanda_data_t, amanda_data_t)
-+manage_files_pattern(amanda_t, amanda_data_t, amanda_data_t)
-+filetrans_pattern(amanda_t, amanda_config_t, amanda_data_t, { file dir })
-
- # access to amanda_dumpdates_t
- allow amanda_t amanda_dumpdates_t:file { getattr lock read write };
-@@ -146,6 +147,8 @@
- fs_list_all(amanda_t)
-
- storage_raw_read_fixed_disk(amanda_t)
-+storage_read_tape(amanda_t)
-+storage_write_tape(amanda_t)
-
- # Added for targeted policy
- term_use_unallocated_ttys(amanda_t)
-@@ -220,6 +223,7 @@
+@@ -223,6 +223,7 @@
auth_use_nsswitch(amanda_recover_t)
fstools_domtrans(amanda_t)
@@ -411,38 +379,18 @@
libs_use_ld_so(amanda_recover_t)
libs_use_shared_libs(amanda_recover_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-3.5.2/policy/modules/admin/anaconda.te
---- nsaserefpolicy/policy/modules/admin/anaconda.te 2008-08-05 11:42:22.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/anaconda.te 2008-08-07 11:15:13.000000000 -0400
+++ serefpolicy-3.5.2/policy/modules/admin/anaconda.te 2008-08-06 16:19:00.000000000 -0400
-@@ -31,16 +31,11 @@
+@@ -31,6 +31,7 @@
modutils_domtrans_insmod(anaconda_t)
seutil_domtrans_semanage(anaconda_t)
--
--unconfined_domain(anaconda_t)
+seutil_domtrans_setsebool(anaconda_t)
unprivuser_home_dir_filetrans_home_content(anaconda_t, { dir file lnk_file fifo_file sock_file })
- optional_policy(`
-- dmesg_domtrans(anaconda_t)
--')
--
--optional_policy(`
- kudzu_domtrans(anaconda_t)
- ')
-
-@@ -58,5 +53,9 @@
- ')
-
- optional_policy(`
-+ unconfined_domain(anaconda_t)
-+')
-+
-+optional_policy(`
- usermanage_domtrans_admin_passwd(anaconda_t)
- ')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.if serefpolicy-3.5.2/policy/modules/admin/bootloader.if
---- nsaserefpolicy/policy/modules/admin/bootloader.if 2008-08-05 11:42:22.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/bootloader.if 2008-08-07 11:15:13.000000000 -0400
+++ serefpolicy-3.5.2/policy/modules/admin/bootloader.if 2008-08-06 16:19:00.000000000 -0400
@@ -49,6 +49,11 @@
@@ -457,7 +405,7 @@
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-3.5.2/policy/modules/admin/bootloader.te
---- nsaserefpolicy/policy/modules/admin/bootloader.te 2008-08-05 11:42:22.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/bootloader.te 2008-08-07 11:15:13.000000000 -0400
+++ serefpolicy-3.5.2/policy/modules/admin/bootloader.te 2008-08-06 16:19:00.000000000 -0400
@@ -218,3 +218,7 @@
[...3619 lines suppressed...]
@@ -19,7 +19,7 @@
# Local policy
@@ -31269,7 +31072,7 @@
fs_search_auto_mountpoints(mdadm_t)
fs_dontaudit_list_tmpfs(mdadm_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.5.2/policy/modules/system/selinuxutil.fc
---- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2008-08-05 11:42:21.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2008-08-07 11:15:12.000000000 -0400
+++ serefpolicy-3.5.2/policy/modules/system/selinuxutil.fc 2008-08-06 16:19:00.000000000 -0400
@@ -38,7 +38,7 @@
/usr/sbin/restorecond -- gen_context(system_u:object_r:restorecond_exec_t,s0)
@@ -31290,7 +31093,7 @@
+#
+/var/lib/selinux(/.*)? gen_context(system_u:object_r:selinux_var_lib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.5.2/policy/modules/system/selinuxutil.if
---- nsaserefpolicy/policy/modules/system/selinuxutil.if 2008-08-05 11:42:21.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/selinuxutil.if 2008-08-07 11:15:12.000000000 -0400
+++ serefpolicy-3.5.2/policy/modules/system/selinuxutil.if 2008-08-06 16:19:00.000000000 -0400
@@ -555,6 +555,59 @@
@@ -31753,7 +31556,7 @@
+')
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.5.2/policy/modules/system/selinuxutil.te
---- nsaserefpolicy/policy/modules/system/selinuxutil.te 2008-08-05 11:42:21.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2008-08-07 11:15:12.000000000 -0400
+++ serefpolicy-3.5.2/policy/modules/system/selinuxutil.te 2008-08-06 16:19:00.000000000 -0400
@@ -23,6 +23,9 @@
type selinux_config_t;
@@ -32104,7 +31907,7 @@
+ unconfined_domain(setfiles_mac_t)
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.if serefpolicy-3.5.2/policy/modules/system/setrans.if
---- nsaserefpolicy/policy/modules/system/setrans.if 2008-08-05 11:42:21.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/setrans.if 2008-08-07 11:15:12.000000000 -0400
+++ serefpolicy-3.5.2/policy/modules/system/setrans.if 2008-08-06 16:19:00.000000000 -0400
@@ -13,7 +13,6 @@
interface(`setrans_translate_context',`
@@ -32115,7 +31918,7 @@
allow $1 self:unix_stream_socket create_stream_socket_perms;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.te serefpolicy-3.5.2/policy/modules/system/setrans.te
---- nsaserefpolicy/policy/modules/system/setrans.te 2008-08-05 11:42:21.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/setrans.te 2008-08-07 11:15:12.000000000 -0400
+++ serefpolicy-3.5.2/policy/modules/system/setrans.te 2008-08-06 16:19:00.000000000 -0400
@@ -28,7 +28,7 @@
#
@@ -32135,7 +31938,7 @@
selinux_compute_access_vector(setrans_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.5.2/policy/modules/system/sysnetwork.fc
---- nsaserefpolicy/policy/modules/system/sysnetwork.fc 2008-08-05 11:42:21.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/sysnetwork.fc 2008-08-07 11:15:12.000000000 -0400
+++ serefpolicy-3.5.2/policy/modules/system/sysnetwork.fc 2008-08-06 16:19:00.000000000 -0400
@@ -57,3 +57,5 @@
ifdef(`distro_gentoo',`
@@ -32144,7 +31947,7 @@
+
+/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.5.2/policy/modules/system/sysnetwork.if
---- nsaserefpolicy/policy/modules/system/sysnetwork.if 2008-08-05 11:42:21.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/sysnetwork.if 2008-08-07 11:15:12.000000000 -0400
+++ serefpolicy-3.5.2/policy/modules/system/sysnetwork.if 2008-08-06 16:19:00.000000000 -0400
@@ -553,6 +553,7 @@
type net_conf_t;
@@ -32225,7 +32028,7 @@
+ role_transition $1 dhcpc_exec_t system_r;
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.5.2/policy/modules/system/sysnetwork.te
---- nsaserefpolicy/policy/modules/system/sysnetwork.te 2008-08-05 11:42:21.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2008-08-07 11:15:12.000000000 -0400
+++ serefpolicy-3.5.2/policy/modules/system/sysnetwork.te 2008-08-06 16:19:00.000000000 -0400
@@ -20,6 +20,10 @@
init_daemon_domain(dhcpc_t,dhcpc_exec_t)
@@ -32397,7 +32200,7 @@
kernel_write_xen_state(ifconfig_t)
xen_append_log(ifconfig_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.if serefpolicy-3.5.2/policy/modules/system/udev.if
---- nsaserefpolicy/policy/modules/system/udev.if 2008-08-05 11:42:21.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/udev.if 2008-08-07 11:15:12.000000000 -0400
+++ serefpolicy-3.5.2/policy/modules/system/udev.if 2008-08-06 16:19:00.000000000 -0400
@@ -96,6 +96,24 @@
@@ -32453,7 +32256,7 @@
+ allow $1 udev_tbl_t:file rw_file_perms;
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.5.2/policy/modules/system/udev.te
---- nsaserefpolicy/policy/modules/system/udev.te 2008-08-05 11:42:21.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/udev.te 2008-08-07 11:15:12.000000000 -0400
+++ serefpolicy-3.5.2/policy/modules/system/udev.te 2008-08-06 16:19:00.000000000 -0400
@@ -83,6 +83,7 @@
kernel_rw_unix_dgram_sockets(udev_t)
@@ -32511,7 +32314,7 @@
xserver_read_xdm_pid(udev_t)
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.5.2/policy/modules/system/unconfined.fc
---- nsaserefpolicy/policy/modules/system/unconfined.fc 2008-08-05 11:42:21.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/unconfined.fc 2008-08-07 11:15:12.000000000 -0400
+++ serefpolicy-3.5.2/policy/modules/system/unconfined.fc 2008-08-06 16:19:00.000000000 -0400
@@ -2,15 +2,11 @@
# e.g.:
@@ -32552,7 +32355,7 @@
+
+/opt/real/(.*/)?realplay\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.5.2/policy/modules/system/unconfined.if
---- nsaserefpolicy/policy/modules/system/unconfined.if 2008-08-05 11:42:21.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/unconfined.if 2008-08-07 11:15:12.000000000 -0400
+++ serefpolicy-3.5.2/policy/modules/system/unconfined.if 2008-08-06 16:19:00.000000000 -0400
@@ -12,14 +12,13 @@
#
@@ -32917,7 +32720,7 @@
+')
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.5.2/policy/modules/system/unconfined.te
---- nsaserefpolicy/policy/modules/system/unconfined.te 2008-08-05 11:42:21.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/unconfined.te 2008-08-07 11:15:12.000000000 -0400
+++ serefpolicy-3.5.2/policy/modules/system/unconfined.te 2008-08-06 16:19:00.000000000 -0400
@@ -6,35 +6,75 @@
# Declarations
@@ -33253,7 +33056,7 @@
+rpm_transition_script(unconfined_notrans_t)
+domain_ptrace_all_domains(unconfined_notrans_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.5.2/policy/modules/system/userdomain.fc
---- nsaserefpolicy/policy/modules/system/userdomain.fc 2008-08-05 11:42:21.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/userdomain.fc 2008-08-07 11:15:12.000000000 -0400
+++ serefpolicy-3.5.2/policy/modules/system/userdomain.fc 2008-08-06 16:19:00.000000000 -0400
@@ -1,4 +1,5 @@
-HOME_DIR -d gen_context(system_u:object_r:ROLE_home_dir_t,s0-mls_systemhigh)
@@ -33266,7 +33069,7 @@
+/tmp/gconfd-USER -d gen_context(system_u:object_r:user_tmp_t,s0)
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.5.2/policy/modules/system/userdomain.if
---- nsaserefpolicy/policy/modules/system/userdomain.if 2008-08-05 11:42:21.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-08-07 11:15:12.000000000 -0400
+++ serefpolicy-3.5.2/policy/modules/system/userdomain.if 2008-08-06 16:19:00.000000000 -0400
@@ -28,10 +28,14 @@
class context contains;
@@ -35822,7 +35625,7 @@
+')
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.5.2/policy/modules/system/userdomain.te
---- nsaserefpolicy/policy/modules/system/userdomain.te 2008-08-05 11:42:21.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/userdomain.te 2008-08-07 11:15:12.000000000 -0400
+++ serefpolicy-3.5.2/policy/modules/system/userdomain.te 2008-08-06 16:19:00.000000000 -0400
@@ -8,13 +8,6 @@
@@ -35939,7 +35742,7 @@
+')
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-3.5.2/policy/modules/system/xen.fc
---- nsaserefpolicy/policy/modules/system/xen.fc 2008-08-05 11:42:21.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/xen.fc 2008-08-07 11:15:12.000000000 -0400
+++ serefpolicy-3.5.2/policy/modules/system/xen.fc 2008-08-06 16:19:00.000000000 -0400
@@ -20,6 +20,7 @@
/var/run/xenconsoled\.pid -- gen_context(system_u:object_r:xenconsoled_var_run_t,s0)
@@ -35950,7 +35753,7 @@
/var/run/xenstored(/.*)? gen_context(system_u:object_r:xenstored_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.5.2/policy/modules/system/xen.if
---- nsaserefpolicy/policy/modules/system/xen.if 2008-08-05 11:42:21.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/xen.if 2008-08-07 11:15:12.000000000 -0400
+++ serefpolicy-3.5.2/policy/modules/system/xen.if 2008-08-06 16:19:00.000000000 -0400
@@ -167,11 +167,14 @@
#
@@ -35994,7 +35797,7 @@
+ rw_files_pattern($1, xen_image_t, xen_image_t)
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.5.2/policy/modules/system/xen.te
---- nsaserefpolicy/policy/modules/system/xen.te 2008-08-05 11:42:21.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/xen.te 2008-08-07 11:15:12.000000000 -0400
+++ serefpolicy-3.5.2/policy/modules/system/xen.te 2008-08-06 16:19:00.000000000 -0400
@@ -6,6 +6,13 @@
# Declarations
@@ -36233,7 +36036,7 @@
+ unconfined_domain(xend_t)
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/file_patterns.spt serefpolicy-3.5.2/policy/support/file_patterns.spt
---- nsaserefpolicy/policy/support/file_patterns.spt 2008-08-05 11:42:22.000000000 -0400
+--- nsaserefpolicy/policy/support/file_patterns.spt 2008-08-07 11:15:13.000000000 -0400
+++ serefpolicy-3.5.2/policy/support/file_patterns.spt 2008-08-06 16:19:00.000000000 -0400
@@ -537,3 +537,23 @@
allow $1 $2:dir rw_dir_perms;
@@ -36260,7 +36063,7 @@
+ relabelfrom_sock_files_pattern($1,$2,$2)
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.5.2/policy/support/obj_perm_sets.spt
---- nsaserefpolicy/policy/support/obj_perm_sets.spt 2008-08-05 11:42:22.000000000 -0400
+--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2008-08-07 11:15:13.000000000 -0400
+++ serefpolicy-3.5.2/policy/support/obj_perm_sets.spt 2008-08-06 16:19:00.000000000 -0400
@@ -316,3 +316,13 @@
#
@@ -36277,7 +36080,7 @@
+
+define(`manage_key_perms', `{ create link read search setattr view write } ')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.5.2/policy/users
---- nsaserefpolicy/policy/users 2008-08-05 11:42:20.000000000 -0400
+--- nsaserefpolicy/policy/users 2008-08-07 11:15:13.000000000 -0400
+++ serefpolicy-3.5.2/policy/users 2008-08-06 16:19:00.000000000 -0400
@@ -25,11 +25,8 @@
# permit any access to such users, then remove this entry.
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.694
retrieving revision 1.695
diff -u -r1.694 -r1.695
--- selinux-policy.spec 7 Aug 2008 12:22:07 -0000 1.694
+++ selinux-policy.spec 7 Aug 2008 20:05:57 -0000 1.695
@@ -16,8 +16,8 @@
%define CHECKPOLICYVER 2.0.16-1
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 3.5.2
-Release: 2%{?dist}
+Version: 3.5.3
+Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -379,6 +379,9 @@
%endif
%changelog
+* Thu Aug 7 2008 Dan Walsh <dwalsh at redhat.com> 3.5.3-1
+- Update to upstream
+
* Wed Aug 2 2008 Dan Walsh <dwalsh at redhat.com> 3.5.2-2
- Allow system-config-selinux to work with policykit
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/sources,v
retrieving revision 1.157
retrieving revision 1.158
diff -u -r1.157 -r1.158
--- sources 7 Aug 2008 12:22:07 -0000 1.157
+++ sources 7 Aug 2008 20:05:57 -0000 1.158
@@ -1 +1 @@
-38b1ef4a766d5a546d7cd19e8333dda7 serefpolicy-3.5.2.tgz
+8c6ba5ba2c9bde35a902840bd7092e91 serefpolicy-3.5.3.tgz
More information about the fedora-extras-commits
mailing list