rpms/selinux-policy/F-9 policy-20071130.patch,1.201,1.202
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Aug 29 20:55:33 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv17655
Modified Files:
policy-20071130.patch
Log Message:
* Tue Aug 26 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-87
- Allow crontab to work for unconfined users
- Allow courier_authdaemon_t to create sock_file in courier_spool directories
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.201
retrieving revision 1.202
diff -u -r1.201 -r1.202
--- policy-20071130.patch 29 Aug 2008 20:40:27 -0000 1.201
+++ policy-20071130.patch 29 Aug 2008 20:55:32 -0000 1.202
@@ -7396,7 +7396,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in 2008-08-15 15:31:02.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in 2008-08-29 16:52:50.000000000 -0400
@@ -1,5 +1,5 @@
-policy_module(corenetwork,1.2.15)
@@ -7424,7 +7424,7 @@
network_port(dict, tcp,2628,s0)
network_port(distccd, tcp,3632,s0)
network_port(dns, udp,53,s0, tcp,53,s0)
-+network_port(dogtag, tcp,9080,s0, tcp,9443,s0)
++network_port(dogtag, tcp,9443,s0)
network_port(fingerd, tcp,79,s0)
+network_port(flash, tcp,1935,s0, udp,1935,s0)
network_port(ftp_data, tcp,20,s0)
@@ -9076,7 +9076,7 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.3.1/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/kernel/kernel.if 2008-07-15 14:02:51.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/kernel/kernel.if 2008-08-29 16:50:55.000000000 -0400
@@ -851,9 +851,8 @@
type proc_t, proc_afs_t;
')
@@ -9104,6 +9104,40 @@
')
########################################
+@@ -2508,3 +2509,33 @@
+
+ typeattribute $1 kern_unconfined;
+ ')
++
++########################################
++## <summary>
++## Relabel from unlabeled database objects.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`kernel_relabelfrom_unlabeled_database',`
++ gen_require(`
++ type unlabeled_t;
++ class db_database { setattr relabelfrom };
++ class db_table { setattr relabelfrom };
++ class db_procedure { setattr relabelfrom };
++ class db_column { setattr relabelfrom };
++ class db_tuple { update relabelfrom };
++ class db_blob { setattr relabelfrom };
++ ')
++
++ allow $1 unlabeled_t:db_database { setattr relabelfrom };
++ allow $1 unlabeled_t:db_table { setattr relabelfrom };
++ allow $1 unlabeled_t:db_procedure { setattr relabelfrom };
++ allow $1 unlabeled_t:db_column { setattr relabelfrom };
++ allow $1 unlabeled_t:db_tuple { update relabelfrom };
++ allow $1 unlabeled_t:db_blob { setattr relabelfrom };
++')
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.3.1/policy/modules/kernel/kernel.te
--- nsaserefpolicy/policy/modules/kernel/kernel.te 2008-06-12 23:38:02.000000000 -0400
+++ serefpolicy-3.3.1/policy/modules/kernel/kernel.te 2008-07-15 14:02:51.000000000 -0400
@@ -32351,7 +32385,7 @@
+/var/cfengine/outputs(/.*)? gen_context(system_u:object_r:var_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.3.1/policy/modules/system/logging.if
--- nsaserefpolicy/policy/modules/system/logging.if 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/logging.if 2008-08-29 16:21:41.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/logging.if 2008-08-29 16:47:43.000000000 -0400
@@ -213,12 +213,7 @@
## </param>
#
@@ -32553,7 +32587,7 @@
+ role system_r types $1;
+
+ domtrans_pattern(audisp_t,$2,$1)
-+ allow audisp_t $1:process { sigkill sigstop signull signal }
++ allow audisp_t $1:process { sigkill sigstop signull signal };
+ allow audisp_t $2:file getattr;
+ allow $1 audisp_t:unix_stream_socket rw_socket_perms;
+')
More information about the fedora-extras-commits
mailing list