rpms/selinux-policy/devel modules-mls.conf, 1.40, 1.41 policy-20081111.patch, 1.2, 1.3

Tue Dec 2 20:00:06 UTC 2008

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv3225

Modified Files:
	modules-mls.conf policy-20081111.patch 
Log Message:
* Fri Nov 5 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-19
- Fix labeling on /var/spool/rsyslog



Index: modules-mls.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/modules-mls.conf,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -r1.40 -r1.41

--- modules-mls.conf	25 Nov 2008 19:18:01 -0000	1.40
+++ modules-mls.conf	2 Dec 2008 19:59:35 -0000	1.41
@@ -1143,7 +1143,7 @@
 #
 # X windows window manager
 # 
-wm = module
+#wm = module
 
 # Layer: services
 # Module: virt

policy-20081111.patch:

Index: policy-20081111.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20081111.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- policy-20081111.patch	2 Dec 2008 19:41:59 -0000	1.2
+++ policy-20081111.patch	2 Dec 2008 19:59:35 -0000	1.3
@@ -3638,7 +3638,7 @@
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.te serefpolicy-3.6.1/policy/modules/apps/wm.te
 --- nsaserefpolicy/policy/modules/apps/wm.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.1/policy/modules/apps/wm.te	2008-11-25 09:45:43.000000000 -0500
++++ serefpolicy-3.6.1/policy/modules/apps/wm.te	2008-12-02 14:52:51.000000000 -0500
 @@ -0,0 +1,104 @@
 +policy_module(wm,0.0.4)
 +
@@ -3684,22 +3684,22 @@
 +allow wm_t self:fifo_file { write read };
 +
 +
-+allow wm_t $2_client_xevent_t:x_synthetic_event send;
-+allow wm_t $2_focus_xevent_t:x_event receive;
-+allow wm_t $2_input_xevent_t:x_event receive;
-+allow wm_t $2_manage_xevent_t:x_event receive;
-+allow wm_t $2_manage_xevent_t:x_synthetic_event { receive send };
-+allow wm_t $2_property_xevent_t:x_event receive;
-+allow wm_t $2_xproperty_t:x_property { read write destroy };
-+allow wm_t $2_rootwindow_t:x_colormap { install uninstall use add_color remove_color read };
-+allow wm_t $2_rootwindow_t:x_drawable { read write manage setattr get_property hide show receive set_property create send add_child remove_child getattr list_property blend list_child destroy override };
-+allow wm_t $2_xproperty_t:x_property { write read };
++allow wm_t client_xevent_t:x_synthetic_event send;
++allow wm_t focus_xevent_t:x_event receive;
++allow wm_t input_xevent_t:x_event receive;
++allow wm_t manage_xevent_t:x_event receive;
++allow wm_t manage_xevent_t:x_synthetic_event { receive send };
++allow wm_t property_xevent_t:x_event receive;
++allow wm_t xproperty_t:x_property { read write destroy };
++allow wm_t rootwindow_t:x_colormap { install uninstall use add_color remove_color read };
++allow wm_t rootwindow_t:x_drawable { read write manage setattr get_property hide show receive set_property create send add_child remove_child getattr list_property blend list_child destroy override };
++allow wm_t xproperty_t:x_property { write read };
 +allow wm_t xserver_t:x_device { force_cursor setfocus use setattr grab manage getattr freeze write };
 +allow wm_t xserver_t:x_resource { read write };
 +allow wm_t xserver_t:x_screen setattr;
 +allow wm_t xselection_t:x_selection setattr;
 +
-+allow wm_t $2_t:x_drawable { get_property setattr show receive manage send read getattr list_child set_property };
++allow wm_t :x_drawable { get_property setattr show receive manage send read getattr list_child set_property };
 +allow wm_t $2_t:x_resource { read write };
 +
 +ifdef(`enable_mls',`
@@ -25126,7 +25126,7 @@
 +/root(/.*)?	 	gen_context(system_u:object_r:admin_home_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.1/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2008-11-13 18:40:02.000000000 -0500
-+++ serefpolicy-3.6.1/policy/modules/system/userdomain.if	2008-12-02 14:39:39.000000000 -0500
++++ serefpolicy-3.6.1/policy/modules/system/userdomain.if	2008-12-02 14:58:08.000000000 -0500
 @@ -30,8 +30,9 @@
  	')
  
@@ -26414,7 +26414,7 @@
  ##	Send a dbus message to all user domains.
  ## </summary>
  ## <param name="domain">
-@@ -2981,3 +3165,247 @@
+@@ -2981,3 +3165,245 @@
  
  	allow $1 userdomain:dbus send_msg;
  ')
@@ -26636,14 +26636,12 @@
 +#
 +interface(`userdom_dgram_send',`
 +	gen_require(`
-+		attribute 
++		attribute unpriv_userdomain;
 +	')
 +
 +	allow $1 unpriv_userdomain:unix_dgram_socket sendto;
 +')
 +
-+
-+
 +#######################################
 +## <summary>
 +##	Allow execmod on files in homedirectory 


