rpms/selinux-policy/F-10 policy-20080710.patch, 1.105, 1.106 selinux-policy.spec, 1.755, 1.756

Daniel J Walsh dwalsh at fedoraproject.org
Tue Dec 2 20:48:22 UTC 2008 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9539

Modified Files:
	policy-20080710.patch selinux-policy.spec 
Log Message:
* Tue Dec 2 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-28
- Allow kismet to kill itself


policy-20080710.patch:

Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.105
retrieving revision 1.106
diff -u -r1.105 -r1.106
--- policy-20080710.patch	1 Dec 2008 22:28:27 -0000	1.105
+++ policy-20080710.patch	2 Dec 2008 20:47:51 -0000	1.106
@@ -515,11 +515,13 @@
  init_use_fds(consoletype_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.5.13/policy/modules/admin/kismet.te
 --- nsaserefpolicy/policy/modules/admin/kismet.te	2008-10-17 08:49:14.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/admin/kismet.te	2008-11-24 10:49:49.000000000 -0500
-@@ -26,10 +26,12 @@
++++ serefpolicy-3.5.13/policy/modules/admin/kismet.te	2008-12-02 11:02:32.000000000 -0500
+@@ -25,11 +25,13 @@
+ # kismet local policy
  #
  
- allow kismet_t self:capability { net_admin net_raw setuid setgid };
+-allow kismet_t self:capability { net_admin net_raw setuid setgid };
++allow kismet_t self:capability { kill net_admin net_raw setuid setgid };
 +allow kismet_t self:process signal;
  allow kismet_t self:fifo_file rw_file_perms;
  allow kismet_t self:packet_socket create_socket_perms;
@@ -2195,8 +2197,8 @@
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te serefpolicy-3.5.13/policy/modules/apps/gnome.te
 --- nsaserefpolicy/policy/modules/apps/gnome.te	2008-10-17 08:49:14.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/apps/gnome.te	2008-11-24 10:49:49.000000000 -0500
-@@ -8,8 +8,34 @@
++++ serefpolicy-3.5.13/policy/modules/apps/gnome.te	2008-12-02 15:46:33.000000000 -0500
+@@ -8,8 +8,33 @@
  
  attribute gnomedomain;
  
@@ -2220,7 +2222,6 @@
 +typealias gconf_home_t alias unconfined_gconf_home_t;
 +typealias gconf_tmp_t alias unconfined_gconf_tmp_t;
 +
-+
 +##############################
 +#
 +# Declarations
@@ -14091,7 +14092,7 @@
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.5.13/policy/modules/services/cups.te
 --- nsaserefpolicy/policy/modules/services/cups.te	2008-10-17 08:49:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/cups.te	2008-11-24 10:49:49.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/services/cups.te	2008-12-02 10:19:35.000000000 -0500
 @@ -20,6 +20,12 @@
  type cupsd_etc_t;
  files_config_file(cupsd_etc_t)
@@ -14423,7 +14424,16 @@
  
  fs_getattr_all_fs(hplip_t)
  fs_search_auto_mountpoints(hplip_t)
-@@ -564,12 +626,14 @@
+@@ -552,6 +614,8 @@
+ files_read_etc_runtime_files(hplip_t)
+ files_read_usr_files(hplip_t)
+ 
++fs_read_anon_inodefs_files(hplip_t)
++
+ libs_use_ld_so(hplip_t)
+ libs_use_shared_libs(hplip_t)
+ 
+@@ -564,12 +628,14 @@
  userdom_dontaudit_use_unpriv_user_fds(hplip_t)
  userdom_dontaudit_search_all_users_home_content(hplip_t)
  
@@ -14439,7 +14449,7 @@
  ')
  
  optional_policy(`
-@@ -651,3 +715,44 @@
+@@ -651,3 +717,44 @@
  optional_policy(`
  	udev_read_db(ptal_t)
  ')
@@ -17366,7 +17376,7 @@
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.5.13/policy/modules/services/munin.te
 --- nsaserefpolicy/policy/modules/services/munin.te	2008-10-17 08:49:11.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/munin.te	2008-11-24 10:49:49.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/services/munin.te	2008-12-02 15:11:02.000000000 -0500
 @@ -13,6 +13,9 @@
  type munin_etc_t alias lrrd_etc_t;
  files_config_file(munin_etc_t)
@@ -17461,7 +17471,7 @@
  sysadm_dontaudit_search_home_dirs(munin_t)
  
  optional_policy(`
-@@ -109,7 +127,21 @@
+@@ -109,7 +127,30 @@
  ')
  
  optional_policy(`
@@ -17472,6 +17482,7 @@
 +optional_policy(`
 +	mta_read_config(munin_t)
 +	mta_send_mail(munin_t)
++	mta_read_queue(munin_t)
 +')
 +
 +optional_policy(`
@@ -17480,11 +17491,19 @@
 +')
 +
 +optional_policy(`
++	postfix_list_spool(munin_t)
++')
++
++optional_policy(`
++	rpc_search_nfs_state_data(munin_t)
++')
++
++optional_policy(`
 +	sendmail_read_log(munin_t)
  ')
  
  optional_policy(`
-@@ -119,3 +151,9 @@
+@@ -119,3 +160,9 @@
  optional_policy(`
  	udev_read_db(munin_t)
  ')
@@ -17889,7 +17908,7 @@
  ## <param name="domain">
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.5.13/policy/modules/services/networkmanager.te
 --- nsaserefpolicy/policy/modules/services/networkmanager.te	2008-10-17 08:49:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/networkmanager.te	2008-11-27 17:38:06.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/services/networkmanager.te	2008-12-02 11:37:43.000000000 -0500
 @@ -33,9 +33,9 @@
  
  # networkmanager will ptrace itself if gdb is installed
@@ -17956,7 +17975,7 @@
  libs_use_ld_so(NetworkManager_t)
  libs_use_shared_libs(NetworkManager_t)
  
-@@ -119,27 +131,41 @@
+@@ -119,27 +131,42 @@
  
  seutil_read_config(NetworkManager_t)
  
@@ -17979,6 +17998,7 @@
 +sysnet_read_dhcpc_state(NetworkManager_t)
 +sysnet_signal_dhcpc(NetworkManager_t)
  
++userdom_dgram_send(NetworkManager_t)
  userdom_dontaudit_use_unpriv_user_fds(NetworkManager_t)
  userdom_dontaudit_use_unpriv_users_ttys(NetworkManager_t)
  # Read gnome-keyring
@@ -18005,7 +18025,7 @@
  ')
  
  optional_policy(`
-@@ -151,8 +177,25 @@
+@@ -151,8 +178,25 @@
  ')
  
  optional_policy(`
@@ -18033,7 +18053,7 @@
  ')
  
  optional_policy(`
-@@ -160,23 +203,48 @@
+@@ -160,23 +204,48 @@
  ')
  
  optional_policy(`
@@ -18084,7 +18104,7 @@
  ')
  
  optional_policy(`
-@@ -194,7 +262,9 @@
+@@ -194,7 +263,9 @@
  
  optional_policy(`
  	vpn_domtrans(NetworkManager_t)
@@ -26648,7 +26668,7 @@
  /var/lib/pam_devperm/:0	--	gen_context(system_u:object_r:xdm_var_lib_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.5.13/policy/modules/services/xserver.if
 --- nsaserefpolicy/policy/modules/services/xserver.if	2008-10-17 08:49:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/xserver.if	2008-11-24 10:49:49.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/services/xserver.if	2008-12-02 15:46:34.000000000 -0500
 @@ -16,6 +16,7 @@
  	gen_require(`
  		type xkb_var_lib_t, xserver_exec_t, xserver_log_t;
@@ -27930,7 +27950,7 @@
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.5.13/policy/modules/services/xserver.te
 --- nsaserefpolicy/policy/modules/services/xserver.te	2008-10-17 08:49:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/xserver.te	2008-11-27 06:38:45.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/services/xserver.te	2008-12-02 15:46:42.000000000 -0500
 @@ -8,6 +8,14 @@
  
  ## <desc>
@@ -28003,7 +28023,7 @@
  # type for /var/lib/xkb
  type xkb_var_lib_t;
  files_type(xkb_var_lib_t)
-@@ -122,6 +150,31 @@
+@@ -122,6 +150,37 @@
  type xserver_log_t;
  logging_log_file(xserver_log_t)
  
@@ -28032,10 +28052,16 @@
 +type xauth_tmp_t;
 +files_tmp_file(xauth_tmp_t)
 +
++typealias fonts_home_t alias unconfined_fonts_t;
++typealias fonts_cache_home_t alias unconfined_fonts_cache_t;
++typealias fonts_config_home_t alias unconfined_fonts_config_t;
++typealias iceauth_home_t alias uncofined_iceauth_home_t;
++typealias xauth_home_t alias unconfiend_xauth_rw_t;
++
  xserver_common_domain_template(xdm)
  xserver_common_x_domain_template(xdm, xdm, xdm_t)
  init_system_domain(xdm_xserver_t, xserver_exec_t)
-@@ -140,13 +193,14 @@
+@@ -140,13 +199,14 @@
  # XDM Local policy
  #
  
@@ -28053,7 +28079,7 @@
  allow xdm_t self:tcp_socket create_stream_socket_perms;
  allow xdm_t self:udp_socket create_socket_perms;
  allow xdm_t self:socket create_socket_perms;
-@@ -154,6 +208,12 @@
+@@ -154,6 +214,12 @@
  allow xdm_t self:key { search link write };
  
  allow xdm_t xconsole_device_t:fifo_file { getattr setattr };
@@ -28066,7 +28092,7 @@
  
  # Allow gdm to run gdm-binary
  can_exec(xdm_t, xdm_exec_t)
-@@ -169,6 +229,8 @@
+@@ -169,6 +235,8 @@
  manage_files_pattern(xdm_t, xdm_tmp_t, xdm_tmp_t)
  manage_sock_files_pattern(xdm_t, xdm_tmp_t, xdm_tmp_t)
  files_tmp_filetrans(xdm_t, xdm_tmp_t, { file dir sock_file })
@@ -28075,7 +28101,7 @@
  
  manage_dirs_pattern(xdm_t, xdm_tmpfs_t, xdm_tmpfs_t)
  manage_files_pattern(xdm_t, xdm_tmpfs_t, xdm_tmpfs_t)
-@@ -176,15 +238,32 @@
+@@ -176,15 +244,32 @@
  manage_fifo_files_pattern(xdm_t, xdm_tmpfs_t, xdm_tmpfs_t)
  manage_sock_files_pattern(xdm_t, xdm_tmpfs_t, xdm_tmpfs_t)
  fs_tmpfs_filetrans(xdm_t, xdm_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
@@ -28110,7 +28136,7 @@
  
  allow xdm_t xdm_xserver_t:process signal;
  allow xdm_t xdm_xserver_t:unix_stream_socket connectto;
-@@ -198,6 +277,7 @@
+@@ -198,6 +283,7 @@
  allow xdm_t xdm_xserver_t:process { noatsecure siginh rlimitinh signal sigkill };
  
  allow xdm_t xdm_xserver_t:shm rw_shm_perms;
@@ -28118,7 +28144,7 @@
  
  # connect to xdm xserver over stream socket
  stream_connect_pattern(xdm_t, xdm_xserver_tmp_t, xdm_xserver_tmp_t, xdm_xserver_t)
-@@ -229,11 +309,13 @@
+@@ -229,11 +315,13 @@
  corenet_udp_sendrecv_all_ports(xdm_t)
  corenet_tcp_bind_all_nodes(xdm_t)
  corenet_udp_bind_all_nodes(xdm_t)
@@ -28132,7 +28158,7 @@
  dev_read_rand(xdm_t)
  dev_read_sysfs(xdm_t)
  dev_getattr_framebuffer_dev(xdm_t)
-@@ -241,6 +323,7 @@
+@@ -241,6 +329,7 @@
  dev_getattr_mouse_dev(xdm_t)
  dev_setattr_mouse_dev(xdm_t)
  dev_rw_apm_bios(xdm_t)
@@ -28140,7 +28166,7 @@
  dev_setattr_apm_bios_dev(xdm_t)
  dev_rw_dri(xdm_t)
  dev_rw_agp(xdm_t)
-@@ -253,14 +336,17 @@
+@@ -253,14 +342,17 @@
  dev_setattr_video_dev(xdm_t)
  dev_getattr_scanner_dev(xdm_t)
  dev_setattr_scanner_dev(xdm_t)
@@ -28160,7 +28186,7 @@
  
  files_read_etc_files(xdm_t)
  files_read_var_files(xdm_t)
-@@ -271,9 +357,13 @@
+@@ -271,9 +363,13 @@
  files_read_usr_files(xdm_t)
  # Poweroff wants to create the /poweroff file when run from xdm
  files_create_boot_flag(xdm_t)
@@ -28174,7 +28200,7 @@
  
  storage_dontaudit_read_fixed_disk(xdm_t)
  storage_dontaudit_write_fixed_disk(xdm_t)
-@@ -282,6 +372,7 @@
+@@ -282,6 +378,7 @@
  storage_dontaudit_raw_write_removable_device(xdm_t)
  storage_dontaudit_setattr_removable_dev(xdm_t)
  storage_dontaudit_rw_scsi_generic(xdm_t)
@@ -28182,7 +28208,7 @@
  
  term_setattr_console(xdm_t)
  term_use_unallocated_ttys(xdm_t)
-@@ -290,6 +381,7 @@
+@@ -290,6 +387,7 @@
  auth_domtrans_pam_console(xdm_t)
  auth_manage_pam_pid(xdm_t)
  auth_manage_pam_console_data(xdm_t)
@@ -28190,7 +28216,7 @@
  auth_rw_faillog(xdm_t)
  auth_write_login_records(xdm_t)
  
-@@ -301,21 +393,26 @@
+@@ -301,21 +399,26 @@
  libs_exec_lib_files(xdm_t)
  
  logging_read_generic_logs(xdm_t)
@@ -28222,7 +28248,7 @@
  
  xserver_rw_session_template(xdm, xdm_t, xdm_tmpfs_t)
  xserver_unconfined(xdm_t)
-@@ -348,10 +445,12 @@
+@@ -348,10 +451,12 @@
  
  optional_policy(`
  	alsa_domtrans(xdm_t)
@@ -28235,7 +28261,7 @@
  ')
  
  optional_policy(`
-@@ -359,6 +458,22 @@
+@@ -359,6 +464,22 @@
  ')
  
  optional_policy(`
@@ -28258,7 +28284,7 @@
  	# Talk to the console mouse server.
  	gpm_stream_connect(xdm_t)
  	gpm_setattr_gpmctl(xdm_t)
-@@ -382,16 +497,34 @@
+@@ -382,16 +503,34 @@
  ')
  
  optional_policy(`
@@ -28294,7 +28320,7 @@
  
  	ifndef(`distro_redhat',`
  		allow xdm_t self:process { execheap execmem };
-@@ -411,6 +544,10 @@
+@@ -411,6 +550,10 @@
  ')
  
  optional_policy(`
@@ -28305,7 +28331,7 @@
  	xfs_stream_connect(xdm_t)
  ')
  
-@@ -427,7 +564,7 @@
+@@ -427,7 +570,7 @@
  allow xdm_xserver_t xdm_var_lib_t:file { getattr read };
  dontaudit xdm_xserver_t xdm_var_lib_t:dir search;
  
@@ -28314,7 +28340,7 @@
  
  # Label pid and temporary files with derived types.
  manage_files_pattern(xdm_xserver_t, xdm_tmp_t, xdm_tmp_t)
-@@ -439,6 +576,15 @@
+@@ -439,6 +582,15 @@
  can_exec(xdm_xserver_t, xkb_var_lib_t)
  files_search_var_lib(xdm_xserver_t)
  
@@ -28330,7 +28356,7 @@
  # VNC v4 module in X server
  corenet_tcp_bind_vnc_port(xdm_xserver_t)
  
-@@ -450,10 +596,19 @@
+@@ -450,10 +602,19 @@
  # xdm_xserver_t may no longer have any reason
  # to read ROLE_home_t - examine this in more detail
  # (xauth?)
@@ -28351,7 +28377,7 @@
  tunable_policy(`use_nfs_home_dirs',`
  	fs_manage_nfs_dirs(xdm_xserver_t)
  	fs_manage_nfs_files(xdm_xserver_t)
-@@ -468,8 +623,19 @@
+@@ -468,8 +629,19 @@
  
  optional_policy(`
  	dbus_system_bus_client_template(xdm_xserver, xdm_xserver_t)
@@ -28371,7 +28397,7 @@
  
  optional_policy(`
  	resmgr_stream_connect(xdm_t)
-@@ -481,8 +647,25 @@
+@@ -481,8 +653,25 @@
  ')
  
  optional_policy(`
@@ -28399,7 +28425,7 @@
  
  	ifndef(`distro_redhat',`
  		allow xdm_xserver_t self:process { execheap execmem };
-@@ -491,7 +674,6 @@
+@@ -491,7 +680,6 @@
  	ifdef(`distro_rhel4',`
  		allow xdm_xserver_t self:process { execheap execmem };
  	')
@@ -28407,7 +28433,7 @@
  
  ########################################
  #
-@@ -512,6 +694,27 @@
+@@ -512,6 +700,27 @@
  allow xserver_unconfined_type { x_domain x_server_domain }:x_resource *;
  allow xserver_unconfined_type xevent_type:{ x_event x_synthetic_event } *;
  
@@ -28435,7 +28461,7 @@
  ifdef(`TODO',`
  # Need to further investigate these permissions and
  # perhaps define derived types.
-@@ -544,3 +747,73 @@
+@@ -544,3 +753,73 @@
  #
  allow pam_t xdm_t:fifo_file { getattr ioctl write };
  ') dnl end TODO
@@ -32519,8 +32545,8 @@
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.5.13/policy/modules/system/unconfined.te
 --- nsaserefpolicy/policy/modules/system/unconfined.te	2008-10-17 08:49:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/unconfined.te	2008-11-24 10:49:49.000000000 -0500
-@@ -6,35 +6,76 @@
++++ serefpolicy-3.5.13/policy/modules/system/unconfined.te	2008-12-02 14:32:28.000000000 -0500
+@@ -6,35 +6,77 @@
  # Declarations
  #
  
@@ -32555,6 +32581,7 @@
 +userdom_restricted_user_template(unconfined)
 +#userdom_common_user_template(unconfined)
 +#userdom_xwindows_client_template(unconfined)
++userdom_execmod_user_home_files(unconfined_t)
  
  type unconfined_exec_t;
  init_system_domain(unconfined_t, unconfined_exec_t)
@@ -32604,7 +32631,7 @@
  
  libs_run_ldconfig(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
  
-@@ -42,28 +83,39 @@
+@@ -42,28 +84,39 @@
  logging_run_auditctl(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
  
  mount_run_unconfined(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
@@ -32648,7 +32675,7 @@
  ')
  
  optional_policy(`
-@@ -75,12 +127,6 @@
+@@ -75,12 +128,6 @@
  ')
  
  optional_policy(`
@@ -32661,7 +32688,7 @@
  	init_dbus_chat_script(unconfined_t)
  
  	dbus_stub(unconfined_t)
-@@ -106,12 +152,24 @@
+@@ -106,12 +153,24 @@
  	')
  
  	optional_policy(`
@@ -32686,7 +32713,7 @@
  ')
  
  optional_policy(`
-@@ -123,31 +181,33 @@
+@@ -123,31 +182,33 @@
  ')
  
  optional_policy(`
@@ -32727,7 +32754,7 @@
  ')
  
  optional_policy(`
-@@ -159,43 +219,49 @@
+@@ -159,43 +220,49 @@
  ')
  
  optional_policy(`
@@ -32793,7 +32820,7 @@
  ')
  
  optional_policy(`
-@@ -203,7 +269,7 @@
+@@ -203,7 +270,7 @@
  ')
  
  optional_policy(`
@@ -32802,7 +32829,7 @@
  ')
  
  optional_policy(`
-@@ -215,11 +281,12 @@
+@@ -215,11 +282,12 @@
  ')
  
  optional_policy(`
@@ -32817,7 +32844,7 @@
  ')
  
  ########################################
-@@ -229,14 +296,61 @@
+@@ -229,14 +297,61 @@
  
  allow unconfined_execmem_t self:process { execstack execmem };
  unconfined_domain_noaudit(unconfined_execmem_t)
@@ -32896,7 +32923,7 @@
 +/root(/.*)?	 	gen_context(system_u:object_r:admin_home_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.5.13/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2008-10-17 08:49:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/userdomain.if	2008-11-25 10:39:06.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/system/userdomain.if	2008-12-02 14:58:41.000000000 -0500
 @@ -28,10 +28,14 @@
  		class context contains;
  	')
@@ -35078,7 +35105,7 @@
  ##	Send a dbus message to all user domains.
  ## </summary>
  ## <param name="domain">
-@@ -5513,3 +5667,546 @@
+@@ -5513,3 +5667,584 @@
  interface(`userdom_unconfined',`
  	refpolicywarn(`$0($*) has been deprecated.')
  ')
@@ -35625,6 +35652,44 @@
 +	manage_fifo_files_pattern($1, user_tmpfs_t, user_tmpfs_t)
 +	fs_tmpfs_filetrans($1, user_tmpfs_t, { dir file lnk_file sock_file fifo_file })
 +')
++
++########################################
++## <summary>
++##	Send a message to unpriv users over a unix domain
++##	datagram socket.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`userdom_dgram_send',`
++	gen_require(`
++		attribute unpriv_userdomain;
++	')
++
++	allow $1 unpriv_userdomain:unix_dgram_socket sendto;
++')
++
++#######################################
++## <summary>
++##	Allow execmod on files in homedirectory 
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <rolebase/>
++#
++interface(`userdom_execmod_user_home_files',`
++	gen_require(`
++		type user_home_t;
++	')
++
++	allow $1 user_home_t:file execmod;
++')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.5.13/policy/modules/system/userdomain.te
 --- nsaserefpolicy/policy/modules/system/userdomain.te	2008-10-17 08:49:13.000000000 -0400
 +++ serefpolicy-3.5.13/policy/modules/system/userdomain.te	2008-11-24 10:49:49.000000000 -0500


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/selinux-policy.spec,v
retrieving revision 1.755
retrieving revision 1.756
diff -u -r1.755 -r1.756
--- selinux-policy.spec	1 Dec 2008 22:28:28 -0000	1.755
+++ selinux-policy.spec	2 Dec 2008 20:47:51 -0000	1.756
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.5.13
-Release: 27%{?dist}
+Release: 28%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -457,6 +457,9 @@
 %endif
 
 %changelog
+* Tue Dec 2 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-28
+- Allow kismet to kill itself
+
 * Thu Nov 27 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-27
 - Allow iptables dac permissions
 - Allow awstates to use inotify

More information about the fedora-extras-commits mailing list