rpms/selinux-policy/devel policy-20081111.patch,1.12,1.13

Daniel J Walsh dwalsh at fedoraproject.org
Wed Dec 10 14:48:32 UTC 2008 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30968

Modified Files:
	policy-20081111.patch 
Log Message:
* Tue Dec 9 2008 Dan Walsh <dwalsh at redhat.com> 3.6.1-9
- Add cron_role back to user domains


policy-20081111.patch:

Index: policy-20081111.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20081111.patch,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- policy-20081111.patch	9 Dec 2008 21:04:28 -0000	1.12
+++ policy-20081111.patch	10 Dec 2008 14:48:31 -0000	1.13
@@ -2962,7 +2962,7 @@
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.6.1/policy/modules/apps/podsleuth.te
 --- nsaserefpolicy/policy/modules/apps/podsleuth.te	2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.1/policy/modules/apps/podsleuth.te	2008-12-09 14:43:32.000000000 -0500
++++ serefpolicy-3.6.1/policy/modules/apps/podsleuth.te	2008-12-10 08:55:47.000000000 -0500
 @@ -11,21 +11,58 @@
  application_domain(podsleuth_t, podsleuth_exec_t)
  role system_r types podsleuth_t;
@@ -3002,9 +3002,9 @@
 +fs_read_dos_files(podsleuth_t)
 +fs_search_dos(podsleuth_t)
 +
-+fs_mount_nfs_fs(podsleuth_t)
-+fs_unmount_nfs_fs(podsleuth_t)
-+fs_getattr_nfs_fs(podsleuth_t)
++fs_mount_nfs(podsleuth_t)
++fs_unmount_nfs(podsleuth_t)
++fs_getattr_nfs(podsleuth_t)
 +fs_read_nfs_files(podsleuth_t)
 +fs_search_nfs(podsleuth_t)
 +
@@ -11931,7 +11931,7 @@
  ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.1/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.1/policy/modules/services/hal.te	2008-11-25 09:45:43.000000000 -0500
++++ serefpolicy-3.6.1/policy/modules/services/hal.te	2008-12-10 09:03:53.000000000 -0500
 @@ -49,6 +49,9 @@
  type hald_var_lib_t;
  files_type(hald_var_lib_t)
@@ -11981,7 +11981,7 @@
  allow hald_acl_t self:process { getattr signal };
  allow hald_acl_t self:fifo_file rw_fifo_file_perms;
  
-@@ -346,6 +360,11 @@
+@@ -346,12 +360,17 @@
  
  miscfiles_read_localization(hald_acl_t)
  
@@ -11993,6 +11993,13 @@
  ########################################
  #
  # Local hald mac policy
+ #
+ 
+-allow hald_mac_t self:capability { setgid setuid };
++allow hald_mac_t self:capability { setgid setuid sys_admin };
+ 
+ domtrans_pattern(hald_t, hald_mac_exec_t, hald_mac_t)
+ allow hald_t hald_mac_t:process signal;
 @@ -418,3 +437,7 @@
  files_read_usr_files(hald_keymap_t)

More information about the fedora-extras-commits mailing list