rpms/selinux-policy/F-10 policy-20080710.patch,1.110,1.111

Daniel J Walsh dwalsh at fedoraproject.org
Thu Dec 4 21:33:46 UTC 2008 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19601

Modified Files:
	policy-20080710.patch 
Log Message:
* Thu Dec 4 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-32
- Turn off nsplugin transition, by default
- Allow httpd_sys_script_t to communicate with postgresql


policy-20080710.patch:

Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.110
retrieving revision 1.111
diff -u -r1.110 -r1.111
--- policy-20080710.patch	4 Dec 2008 21:24:45 -0000	1.110
+++ policy-20080710.patch	4 Dec 2008 21:33:45 -0000	1.111
@@ -32999,7 +32999,7 @@
 +/root(/.*)?	 	gen_context(system_u:object_r:admin_home_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.5.13/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2008-10-17 08:49:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/userdomain.if	2008-12-02 14:58:41.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/system/userdomain.if	2008-12-04 16:32:18.000000000 -0500
 @@ -28,10 +28,14 @@
  		class context contains;
  	')
@@ -35181,7 +35181,7 @@
  ##	Send a dbus message to all user domains.
  ## </summary>
  ## <param name="domain">
-@@ -5513,3 +5667,584 @@
+@@ -5513,3 +5667,601 @@
  interface(`userdom_unconfined',`
  	refpolicywarn(`$0($*) has been deprecated.')
  ')
@@ -35766,6 +35766,23 @@
 +
 +	allow $1 user_home_t:file execmod;
 +')
++########################################
++## <summary>
++##	dontaudit list /root
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`userdom_dontaudit_list_admin_dir',`
++	gen_require(`
++		type admin_home_t;
++	')
++
++	dontaudit $1 admin_home_t:dir list_dir_perms;
++')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.5.13/policy/modules/system/userdomain.te
 --- nsaserefpolicy/policy/modules/system/userdomain.te	2008-10-17 08:49:13.000000000 -0400
 +++ serefpolicy-3.5.13/policy/modules/system/userdomain.te	2008-12-02 16:09:55.000000000 -0500

More information about the fedora-extras-commits mailing list