rpms/selinux-policy/F-8 policy-20070703.patch, 1.221, 1.222 selinux-policy.spec, 1.640, 1.641

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Tue Aug 12 20:15:26 UTC 2008 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26062

Modified Files:
	policy-20070703.patch selinux-policy.spec 
Log Message:
* Tue Aug 12 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-113
- dontaudit semanage config_tty
- Allow samba to share fusefs
- Allow bluetooth to read hwdate


policy-20070703.patch:

Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.221
retrieving revision 1.222
diff -u -r1.221 -r1.222
--- policy-20070703.patch	5 Aug 2008 14:05:20 -0000	1.221
+++ policy-20070703.patch	12 Aug 2008 20:14:56 -0000	1.222
@@ -8384,7 +8384,7 @@
 +/var/run/bluetoothd_address	gen_context(system_u:object_r:bluetooth_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.0.8/policy/modules/services/bluetooth.te
 --- nsaserefpolicy/policy/modules/services/bluetooth.te	2008-06-12 23:37:57.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/bluetooth.te	2008-06-12 23:37:59.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/bluetooth.te	2008-08-12 16:11:25.000000000 -0400
 @@ -37,14 +37,14 @@
  # Bluetooth services local policy
  #
@@ -8402,7 +8402,15 @@
  allow bluetooth_t self:tcp_socket create_stream_socket_perms;
  allow bluetooth_t self:udp_socket create_socket_perms;
  
-@@ -110,6 +110,8 @@
+@@ -92,6 +92,7 @@
+ dev_rw_usbfs(bluetooth_t)
+ dev_rw_generic_usb_dev(bluetooth_t)
+ dev_read_urand(bluetooth_t)
++dev_rw_input_dev(bluetooth_t)
+ 
+ fs_getattr_all_fs(bluetooth_t)
+ fs_search_auto_mountpoints(bluetooth_t)
+@@ -110,6 +111,8 @@
  files_read_etc_runtime_files(bluetooth_t)
  files_read_usr_files(bluetooth_t)
  
@@ -8411,12 +8419,14 @@
  libs_use_ld_so(bluetooth_t)
  libs_use_shared_libs(bluetooth_t)
  
-@@ -118,20 +120,20 @@
+@@ -117,21 +120,22 @@
+ 
  miscfiles_read_localization(bluetooth_t)
  miscfiles_read_fonts(bluetooth_t)
- 
--sysnet_read_config(bluetooth_t)
 -
+-sysnet_read_config(bluetooth_t)
++miscfiles_read_hwdata(bluetooth_t)
+ 
  userdom_dontaudit_use_unpriv_user_fds(bluetooth_t)
  userdom_dontaudit_use_sysadm_ptys(bluetooth_t)
  userdom_dontaudit_search_sysadm_home_dirs(bluetooth_t)
@@ -12835,7 +12845,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.0.8/policy/modules/services/networkmanager.te
 --- nsaserefpolicy/policy/modules/services/networkmanager.te	2008-06-12 23:37:57.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/networkmanager.te	2008-07-02 15:53:02.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/networkmanager.te	2008-08-11 15:45:47.000000000 -0400
 @@ -1,5 +1,5 @@
  
 -policy_module(networkmanager,1.7.1)
@@ -12958,10 +12968,11 @@
  ')
  
  optional_policy(`
-@@ -162,19 +178,20 @@
+@@ -162,19 +178,21 @@
  	ppp_domtrans(NetworkManager_t)
  	ppp_read_pid_files(NetworkManager_t)
  	ppp_signal(NetworkManager_t)
++	ppp_signull(NetworkManager_t)
 +	ppp_read_config(NetworkManager_t)
  ')
  
@@ -14374,8 +14385,33 @@
  # Fix pptp sockets
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.0.8/policy/modules/services/ppp.if
 --- nsaserefpolicy/policy/modules/services/ppp.if	2008-06-12 23:37:57.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/ppp.if	2008-06-12 23:37:58.000000000 -0400
-@@ -159,6 +159,25 @@
++++ serefpolicy-3.0.8/policy/modules/services/ppp.if	2008-08-11 15:46:05.000000000 -0400
+@@ -76,6 +76,24 @@
+ 
+ ########################################
+ ## <summary>
++##	Send a generic signull to PPP.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`ppp_signull',`
++	gen_require(`
++		type pppd_t;
++	')
++
++	allow $1 pppd_t:process signull;
++')
++
++########################################
++## <summary>
+ ##	 Execute domain in the ppp domain.
+ ## </summary>
+ ## <param name="domain">
+@@ -159,6 +177,25 @@
  
  ########################################
  ## <summary>
@@ -14403,7 +14439,16 @@
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.0.8/policy/modules/services/ppp.te
 --- nsaserefpolicy/policy/modules/services/ppp.te	2008-06-12 23:37:57.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/ppp.te	2008-06-12 23:37:58.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/ppp.te	2008-08-11 16:47:54.000000000 -0400
+@@ -71,7 +71,7 @@
+ # PPPD Local policy
+ #
+ 
+-allow pppd_t self:capability { net_admin setuid setgid fsetid fowner net_raw dac_override };
++allow pppd_t self:capability { kill net_admin setuid setgid fsetid fowner net_raw dac_override };
+ dontaudit pppd_t self:capability sys_tty_config;
+ allow pppd_t self:process signal;
+ allow pppd_t self:fifo_file rw_fifo_file_perms;
 @@ -116,7 +116,7 @@
  
  kernel_read_kernel_sysctls(pppd_t)
@@ -17645,6 +17690,16 @@
  ')
 +
 +
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.fc serefpolicy-3.0.8/policy/modules/services/stunnel.fc
+--- nsaserefpolicy/policy/modules/services/stunnel.fc	2008-06-12 23:37:57.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/stunnel.fc	2008-08-07 12:46:30.000000000 -0400
+@@ -2,5 +2,6 @@
+ /etc/stunnel(/.*)?          	gen_context(system_u:object_r:stunnel_etc_t,s0)
+ 
+ /usr/sbin/stunnel	--	gen_context(system_u:object_r:stunnel_exec_t,s0)
++/usr/bin/stunnel	--	gen_context(system_u:object_r:stunnel_exec_t,s0)
+ 
+ /var/run/stunnel(/.*)?		gen_context(system_u:object_r:stunnel_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.if serefpolicy-3.0.8/policy/modules/services/stunnel.if
 --- nsaserefpolicy/policy/modules/services/stunnel.if	2008-06-12 23:37:57.000000000 -0400
 +++ serefpolicy-3.0.8/policy/modules/services/stunnel.if	2008-06-12 23:37:59.000000000 -0400


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/selinux-policy.spec,v
retrieving revision 1.640
retrieving revision 1.641
diff -u -r1.640 -r1.641
--- selinux-policy.spec	5 Aug 2008 13:11:58 -0000	1.640
+++ selinux-policy.spec	12 Aug 2008 20:14:56 -0000	1.641
@@ -381,9 +381,10 @@
 %endif
 
 %changelog
-* Tue Aug 5 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-113
+* Tue Aug 12 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-113
 - dontaudit semanage config_tty
 - Allow samba to share fusefs
+- Allow bluetooth to read hwdate
 
 * Thu Jul 24 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-112
 - Change dhclient to be able to red networkmanager_var_run

More information about the fedora-extras-commits mailing list