rpms/selinux-policy/F-10 policy-20080710.patch,1.110,1.111
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Dec 4 21:33:46 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19601
Modified Files:
policy-20080710.patch
Log Message:
* Thu Dec 4 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-32
- Turn off nsplugin transition, by default
- Allow httpd_sys_script_t to communicate with postgresql
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.110
retrieving revision 1.111
diff -u -r1.110 -r1.111
--- policy-20080710.patch 4 Dec 2008 21:24:45 -0000 1.110
+++ policy-20080710.patch 4 Dec 2008 21:33:45 -0000 1.111
@@ -32999,7 +32999,7 @@
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.5.13/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-10-17 08:49:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/userdomain.if 2008-12-02 14:58:41.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/system/userdomain.if 2008-12-04 16:32:18.000000000 -0500
@@ -28,10 +28,14 @@
class context contains;
')
@@ -35181,7 +35181,7 @@
## Send a dbus message to all user domains.
## </summary>
## <param name="domain">
-@@ -5513,3 +5667,584 @@
+@@ -5513,3 +5667,601 @@
interface(`userdom_unconfined',`
refpolicywarn(`$0($*) has been deprecated.')
')
@@ -35766,6 +35766,23 @@
+
+ allow $1 user_home_t:file execmod;
+')
++########################################
++## <summary>
++## dontaudit list /root
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`userdom_dontaudit_list_admin_dir',`
++ gen_require(`
++ type admin_home_t;
++ ')
++
++ dontaudit $1 admin_home_t:dir list_dir_perms;
++')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.5.13/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2008-10-17 08:49:13.000000000 -0400
+++ serefpolicy-3.5.13/policy/modules/system/userdomain.te 2008-12-02 16:09:55.000000000 -0500
More information about the fedora-extras-commits
mailing list