rpms/selinux-policy/devel .cvsignore, 1.132, 1.133 modules-targeted.conf, 1.80, 1.81 policy-20071130.patch, 1.47, 1.48 selinux-policy.spec, 1.597, 1.598 sources, 1.144, 1.145
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Sat Feb 2 06:30:41 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25819
Modified Files:
.cvsignore modules-targeted.conf policy-20071130.patch
selinux-policy.spec sources
Log Message:
* Fri Feb 1 2008 Dan Walsh <dwalsh at redhat.com> 3.2.6-1
- Update to upstream
- Add libvirt policy
- add qemu policy
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/.cvsignore,v
retrieving revision 1.132
retrieving revision 1.133
diff -u -r1.132 -r1.133
--- .cvsignore 19 Dec 2007 18:00:58 -0000 1.132
+++ .cvsignore 2 Feb 2008 06:30:04 -0000 1.133
@@ -134,3 +134,4 @@
serefpolicy-3.2.3.tgz
serefpolicy-3.2.4.tgz
serefpolicy-3.2.5.tgz
+serefpolicy-3.2.6.tgz
Index: modules-targeted.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/modules-targeted.conf,v
retrieving revision 1.80
retrieving revision 1.81
diff -u -r1.80 -r1.81
--- modules-targeted.conf 1 Feb 2008 13:49:05 -0000 1.80
+++ modules-targeted.conf 2 Feb 2008 06:30:04 -0000 1.81
@@ -1349,7 +1349,14 @@
#
# Virtualization libraries
#
-virt = base
+virt = module
+
+# Layer: system
+# Module: qemu
+#
+# Virtualization emulator
+#
+qemu = module
# Layer: system
# Module: brctl
policy-20071130.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.47 -r 1.48 policy-20071130.patch
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.47
retrieving revision 1.48
diff -u -r1.47 -r1.48
--- policy-20071130.patch 1 Feb 2008 13:49:05 -0000 1.47
+++ policy-20071130.patch 2 Feb 2008 06:30:04 -0000 1.48
@@ -1,20 +1,20 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.2.5/config/appconfig-mcs/failsafe_context
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.2.6/config/appconfig-mcs/failsafe_context
--- nsaserefpolicy/config/appconfig-mcs/failsafe_context 2007-10-12 08:56:09.000000000 -0400
-+++ serefpolicy-3.2.5/config/appconfig-mcs/failsafe_context 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/config/appconfig-mcs/failsafe_context 2008-02-01 16:01:42.000000000 -0500
@@ -1 +1 @@
-sysadm_r:sysadm_t:s0
+system_r:unconfined_t:s0
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts serefpolicy-3.2.5/config/appconfig-mcs/guest_u_default_contexts
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts serefpolicy-3.2.6/config/appconfig-mcs/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/config/appconfig-mcs/guest_u_default_contexts 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/config/appconfig-mcs/guest_u_default_contexts 2008-02-01 16:01:42.000000000 -0500
@@ -0,0 +1,4 @@
+system_r:local_login_t:s0 guest_r:guest_t:s0
+system_r:remote_login_t:s0 guest_r:guest_t:s0
+system_r:sshd_t:s0 guest_r:guest_t:s0
+system_r:crond_t:s0 guest_r:guest_crond_t:s0
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.2.5/config/appconfig-mcs/root_default_contexts
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.2.6/config/appconfig-mcs/root_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/root_default_contexts 2007-10-12 08:56:09.000000000 -0400
-+++ serefpolicy-3.2.5/config/appconfig-mcs/root_default_contexts 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/config/appconfig-mcs/root_default_contexts 2008-02-01 16:01:42.000000000 -0500
@@ -1,11 +1,7 @@
system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
system_r:local_login_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -28,17 +28,17 @@
#
-#system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/seusers serefpolicy-3.2.5/config/appconfig-mcs/seusers
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/seusers serefpolicy-3.2.6/config/appconfig-mcs/seusers
--- nsaserefpolicy/config/appconfig-mcs/seusers 2007-10-12 08:56:09.000000000 -0400
-+++ serefpolicy-3.2.5/config/appconfig-mcs/seusers 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/config/appconfig-mcs/seusers 2008-02-01 16:01:42.000000000 -0500
@@ -1,3 +1,3 @@
system_u:system_u:s0-mcs_systemhigh
root:root:s0-mcs_systemhigh
-__default__:user_u:s0
+__default__:unconfined_u:s0
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts serefpolicy-3.2.5/config/appconfig-mcs/unconfined_u_default_contexts
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts serefpolicy-3.2.6/config/appconfig-mcs/unconfined_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/config/appconfig-mcs/unconfined_u_default_contexts 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/config/appconfig-mcs/unconfined_u_default_contexts 2008-02-01 16:01:42.000000000 -0500
@@ -0,0 +1,9 @@
+system_r:crond_t:s0 unconfined_r:unconfined_t:s0
+system_r:initrc_t:s0 unconfined_r:unconfined_t:s0
@@ -49,40 +49,40 @@
+system_r:sysadm_su_t:s0 unconfined_r:unconfined_t:s0
+system_r:unconfined_t:s0 unconfined_r:unconfined_t:s0
+system_r:xdm_t:s0 unconfined_r:unconfined_t:s0
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.2.5/config/appconfig-mcs/userhelper_context
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.2.6/config/appconfig-mcs/userhelper_context
--- nsaserefpolicy/config/appconfig-mcs/userhelper_context 2007-10-12 08:56:09.000000000 -0400
-+++ serefpolicy-3.2.5/config/appconfig-mcs/userhelper_context 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/config/appconfig-mcs/userhelper_context 2008-02-01 16:01:42.000000000 -0500
@@ -1 +1 @@
-system_u:sysadm_r:sysadm_t:s0
+system_u:system_r:unconfined_t:s0
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.2.5/config/appconfig-mcs/xguest_u_default_contexts
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.2.6/config/appconfig-mcs/xguest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/config/appconfig-mcs/xguest_u_default_contexts 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/config/appconfig-mcs/xguest_u_default_contexts 2008-02-01 16:01:42.000000000 -0500
@@ -0,0 +1,5 @@
+system_r:local_login_t xguest_r:xguest_t:s0
+system_r:remote_login_t xguest_r:xguest_t:s0
+system_r:sshd_t xguest_r:xguest_t:s0
+system_r:crond_t xguest_r:xguest_crond_t:s0
+system_r:xdm_t xguest_r:xguest_t:s0
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts serefpolicy-3.2.5/config/appconfig-mls/guest_u_default_contexts
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts serefpolicy-3.2.6/config/appconfig-mls/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/config/appconfig-mls/guest_u_default_contexts 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/config/appconfig-mls/guest_u_default_contexts 2008-02-01 16:01:42.000000000 -0500
@@ -0,0 +1,4 @@
+system_r:local_login_t:s0 guest_r:guest_t:s0
+system_r:remote_login_t:s0 guest_r:guest_t:s0
+system_r:sshd_t:s0 guest_r:guest_t:s0
+system_r:crond_t:s0 guest_r:guest_crond_t:s0
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/guest_u_default_contexts serefpolicy-3.2.5/config/appconfig-standard/guest_u_default_contexts
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/guest_u_default_contexts serefpolicy-3.2.6/config/appconfig-standard/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-standard/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/config/appconfig-standard/guest_u_default_contexts 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/config/appconfig-standard/guest_u_default_contexts 2008-02-01 16:01:42.000000000 -0500
@@ -0,0 +1,4 @@
+system_r:local_login_t guest_r:guest_t
+system_r:remote_login_t guest_r:guest_t
+system_r:sshd_t guest_r:guest_t
+system_r:crond_t guest_r:guest_crond_t
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/root_default_contexts serefpolicy-3.2.5/config/appconfig-standard/root_default_contexts
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/root_default_contexts serefpolicy-3.2.6/config/appconfig-standard/root_default_contexts
--- nsaserefpolicy/config/appconfig-standard/root_default_contexts 2007-10-12 08:56:09.000000000 -0400
-+++ serefpolicy-3.2.5/config/appconfig-standard/root_default_contexts 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/config/appconfig-standard/root_default_contexts 2008-02-01 16:01:42.000000000 -0500
@@ -1,11 +1,7 @@
system_r:crond_t unconfined_r:unconfined_t sysadm_r:sysadm_crond_t staff_r:staff_crond_t user_r:user_crond_t
system_r:local_login_t unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
@@ -96,18 +96,18 @@
#
-#system_r:sshd_t unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
+system_r:sshd_t unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/xguest_u_default_contexts serefpolicy-3.2.5/config/appconfig-standard/xguest_u_default_contexts
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/xguest_u_default_contexts serefpolicy-3.2.6/config/appconfig-standard/xguest_u_default_contexts
--- nsaserefpolicy/config/appconfig-standard/xguest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/config/appconfig-standard/xguest_u_default_contexts 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/config/appconfig-standard/xguest_u_default_contexts 2008-02-01 16:01:42.000000000 -0500
@@ -0,0 +1,5 @@
+system_r:local_login_t xguest_r:xguest_t
+system_r:remote_login_t xguest_r:xguest_t
+system_r:sshd_t xguest_r:xguest_t
+system_r:crond_t xguest_r:xguest_crond_t
+system_r:xdm_t xguest_r:xguest_t
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.2.5/Makefile
---- nsaserefpolicy/Makefile 2007-10-12 08:56:10.000000000 -0400
-+++ serefpolicy-3.2.5/Makefile 2008-01-18 12:40:46.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.2.6/Makefile
+--- nsaserefpolicy/Makefile 2008-02-01 09:12:53.000000000 -0500
++++ serefpolicy-3.2.6/Makefile 2008-02-01 16:01:42.000000000 -0500
@@ -305,20 +305,22 @@
# parse-rolemap modulename,outputfile
@@ -141,9 +141,9 @@
endef
# create-base-per-role-tmpl modulenames,outputfile
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/httpd_selinux.8 serefpolicy-3.2.5/man/man8/httpd_selinux.8
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/httpd_selinux.8 serefpolicy-3.2.6/man/man8/httpd_selinux.8
--- nsaserefpolicy/man/man8/httpd_selinux.8 2007-10-12 08:56:10.000000000 -0400
-+++ serefpolicy-3.2.5/man/man8/httpd_selinux.8 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/man/man8/httpd_selinux.8 2008-02-01 16:01:42.000000000 -0500
@@ -93,6 +93,11 @@
.EE
@@ -156,10 +156,10 @@
httpd can be configured to turn off internal scripting (PHP). PHP and other
loadable modules run under the same context as httpd. Therefore several policy rules allow httpd greater access to the system then is needed if you only use external cgi scripts.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-3.2.5/policy/flask/access_vectors
---- nsaserefpolicy/policy/flask/access_vectors 2007-08-11 06:22:29.000000000 -0400
-+++ serefpolicy-3.2.5/policy/flask/access_vectors 2008-01-18 12:40:46.000000000 -0500
-@@ -639,6 +639,8 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-3.2.6/policy/flask/access_vectors
+--- nsaserefpolicy/policy/flask/access_vectors 2008-02-01 09:12:52.000000000 -0500
++++ serefpolicy-3.2.6/policy/flask/access_vectors 2008-02-01 16:01:42.000000000 -0500
+@@ -644,6 +644,8 @@
send
recv
relabelto
@@ -168,9 +168,9 @@
}
class key
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.2.5/policy/global_tunables
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.2.6/policy/global_tunables
--- nsaserefpolicy/policy/global_tunables 2007-12-12 11:35:28.000000000 -0500
-+++ serefpolicy-3.2.5/policy/global_tunables 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/policy/global_tunables 2008-02-01 16:01:42.000000000 -0500
@@ -34,7 +34,7 @@
## <desc>
@@ -209,9 +209,9 @@
+gen_tunable(allow_console_login,false)
+
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc serefpolicy-3.2.5/policy/modules/admin/alsa.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc serefpolicy-3.2.6/policy/modules/admin/alsa.fc
--- nsaserefpolicy/policy/modules/admin/alsa.fc 2007-10-29 18:02:32.000000000 -0400
-+++ serefpolicy-3.2.5/policy/modules/admin/alsa.fc 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/policy/modules/admin/alsa.fc 2008-02-01 16:01:42.000000000 -0500
@@ -1,8 +1,11 @@
+/etc/alsa/asound\.state -- gen_context(system_u:object_r:alsa_etc_rw_t,s0)
@@ -226,9 +226,9 @@
+/sbin/salsa -- gen_context(system_u:object_r:alsa_exec_t,s0)
+/var/lib/alsa(/.*)? gen_context(system_u:object_r:alsa_var_lib_t,s0)
+/bin/alsaunmute -- gen_context(system_u:object_r:alsa_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.if serefpolicy-3.2.5/policy/modules/admin/alsa.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.if serefpolicy-3.2.6/policy/modules/admin/alsa.if
--- nsaserefpolicy/policy/modules/admin/alsa.if 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/admin/alsa.if 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/policy/modules/admin/alsa.if 2008-02-01 16:01:42.000000000 -0500
@@ -74,3 +74,21 @@
read_files_pattern($1,alsa_etc_rw_t,alsa_etc_rw_t)
read_lnk_files_pattern($1,alsa_etc_rw_t,alsa_etc_rw_t)
@@ -251,9 +251,9 @@
+
+ read_files_pattern($1,alsa_var_lib_t,alsa_var_lib_t)
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-3.2.5/policy/modules/admin/alsa.te
[...5966 lines suppressed...]
@@ -0,0 +1,11 @@
+policy_module(logadm,1.0.0)
+
@@ -27920,24 +28553,24 @@
+allow logadm_t self:capability { dac_override dac_read_search kill sys_ptrace sys_nice };
+
+logging_admin(logadm_t, logadm_r, { logadm_devpts_t logadm_tty_device_t })
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/metadata.xml serefpolicy-3.2.5/policy/modules/users/metadata.xml
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/metadata.xml serefpolicy-3.2.6/policy/modules/users/metadata.xml
--- nsaserefpolicy/policy/modules/users/metadata.xml 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/users/metadata.xml 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/policy/modules/users/metadata.xml 2008-02-01 16:01:42.000000000 -0500
@@ -0,0 +1 @@
+<summary>Policy modules for users</summary>
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/secadm.fc serefpolicy-3.2.5/policy/modules/users/secadm.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/secadm.fc serefpolicy-3.2.6/policy/modules/users/secadm.fc
--- nsaserefpolicy/policy/modules/users/secadm.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/users/secadm.fc 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/policy/modules/users/secadm.fc 2008-02-01 16:01:42.000000000 -0500
@@ -0,0 +1 @@
+# No secadm file contexts.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/secadm.if serefpolicy-3.2.5/policy/modules/users/secadm.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/secadm.if serefpolicy-3.2.6/policy/modules/users/secadm.if
--- nsaserefpolicy/policy/modules/users/secadm.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/users/secadm.if 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/policy/modules/users/secadm.if 2008-02-01 16:01:42.000000000 -0500
@@ -0,0 +1 @@
+## <summary>Policy for secadm user</summary>
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/secadm.te serefpolicy-3.2.5/policy/modules/users/secadm.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/secadm.te serefpolicy-3.2.6/policy/modules/users/secadm.te
--- nsaserefpolicy/policy/modules/users/secadm.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/users/secadm.te 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/policy/modules/users/secadm.te 2008-02-01 16:01:42.000000000 -0500
@@ -0,0 +1,39 @@
+policy_module(secadm,1.0.1)
+gen_require(`
@@ -27978,19 +28611,19 @@
+optional_policy(`
+ dmesg_exec(secadm_t)
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.fc serefpolicy-3.2.5/policy/modules/users/staff.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.fc serefpolicy-3.2.6/policy/modules/users/staff.fc
--- nsaserefpolicy/policy/modules/users/staff.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/users/staff.fc 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/policy/modules/users/staff.fc 2008-02-01 16:01:42.000000000 -0500
@@ -0,0 +1 @@
+# No staff file contexts.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.if serefpolicy-3.2.5/policy/modules/users/staff.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.if serefpolicy-3.2.6/policy/modules/users/staff.if
--- nsaserefpolicy/policy/modules/users/staff.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/users/staff.if 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/policy/modules/users/staff.if 2008-02-01 16:01:42.000000000 -0500
@@ -0,0 +1 @@
+## <summary>Policy for staff user</summary>
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.te serefpolicy-3.2.5/policy/modules/users/staff.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.te serefpolicy-3.2.6/policy/modules/users/staff.te
--- nsaserefpolicy/policy/modules/users/staff.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/users/staff.te 2008-01-29 15:10:46.000000000 -0500
++++ serefpolicy-3.2.6/policy/modules/users/staff.te 2008-02-01 16:01:42.000000000 -0500
@@ -0,0 +1,47 @@
+policy_module(staff,1.0.1)
+userdom_unpriv_user_template(staff)
@@ -28039,19 +28672,19 @@
+ xserver_per_role_template(staff, staff_t, staff_r)
+')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/user.fc serefpolicy-3.2.5/policy/modules/users/user.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/user.fc serefpolicy-3.2.6/policy/modules/users/user.fc
--- nsaserefpolicy/policy/modules/users/user.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/users/user.fc 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/policy/modules/users/user.fc 2008-02-01 16:01:42.000000000 -0500
@@ -0,0 +1 @@
+# No user file contexts.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/user.if serefpolicy-3.2.5/policy/modules/users/user.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/user.if serefpolicy-3.2.6/policy/modules/users/user.if
--- nsaserefpolicy/policy/modules/users/user.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/users/user.if 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/policy/modules/users/user.if 2008-02-01 16:01:42.000000000 -0500
@@ -0,0 +1 @@
+## <summary>Policy for user user</summary>
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/user.te serefpolicy-3.2.5/policy/modules/users/user.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/user.te serefpolicy-3.2.6/policy/modules/users/user.te
--- nsaserefpolicy/policy/modules/users/user.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/users/user.te 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/policy/modules/users/user.te 2008-02-01 16:01:42.000000000 -0500
@@ -0,0 +1,25 @@
+policy_module(user,1.0.1)
+userdom_unpriv_user_template(user)
@@ -28078,19 +28711,19 @@
+')
+
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.fc serefpolicy-3.2.5/policy/modules/users/webadm.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.fc serefpolicy-3.2.6/policy/modules/users/webadm.fc
--- nsaserefpolicy/policy/modules/users/webadm.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/users/webadm.fc 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/policy/modules/users/webadm.fc 2008-02-01 16:01:42.000000000 -0500
@@ -0,0 +1 @@
+# No webadm file contexts.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.if serefpolicy-3.2.5/policy/modules/users/webadm.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.if serefpolicy-3.2.6/policy/modules/users/webadm.if
--- nsaserefpolicy/policy/modules/users/webadm.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/users/webadm.if 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/policy/modules/users/webadm.if 2008-02-01 16:01:42.000000000 -0500
@@ -0,0 +1 @@
+## <summary>Policy for webadm user</summary>
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.te serefpolicy-3.2.5/policy/modules/users/webadm.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.te serefpolicy-3.2.6/policy/modules/users/webadm.te
--- nsaserefpolicy/policy/modules/users/webadm.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/users/webadm.te 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/policy/modules/users/webadm.te 2008-02-01 16:01:42.000000000 -0500
@@ -0,0 +1,42 @@
+policy_module(webadm,1.0.0)
+
@@ -28134,19 +28767,19 @@
+')
+allow staff_t webadm_t:process transition;
+allow webadm_t staff_t:dir getattr;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.fc serefpolicy-3.2.5/policy/modules/users/xguest.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.fc serefpolicy-3.2.6/policy/modules/users/xguest.fc
--- nsaserefpolicy/policy/modules/users/xguest.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/users/xguest.fc 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/policy/modules/users/xguest.fc 2008-02-01 16:01:42.000000000 -0500
@@ -0,0 +1 @@
+# No xguest file contexts.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.if serefpolicy-3.2.5/policy/modules/users/xguest.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.if serefpolicy-3.2.6/policy/modules/users/xguest.if
--- nsaserefpolicy/policy/modules/users/xguest.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/users/xguest.if 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/policy/modules/users/xguest.if 2008-02-01 16:01:42.000000000 -0500
@@ -0,0 +1 @@
+## <summary>Policy for xguest user</summary>
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.te serefpolicy-3.2.5/policy/modules/users/xguest.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.te serefpolicy-3.2.6/policy/modules/users/xguest.te
--- nsaserefpolicy/policy/modules/users/xguest.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/users/xguest.te 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/policy/modules/users/xguest.te 2008-02-01 16:01:42.000000000 -0500
@@ -0,0 +1,66 @@
+policy_module(xguest,1.0.1)
+
@@ -28214,9 +28847,9 @@
+ ')
+')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/file_patterns.spt serefpolicy-3.2.5/policy/support/file_patterns.spt
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/file_patterns.spt serefpolicy-3.2.6/policy/support/file_patterns.spt
--- nsaserefpolicy/policy/support/file_patterns.spt 2007-10-12 08:56:09.000000000 -0400
-+++ serefpolicy-3.2.5/policy/support/file_patterns.spt 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/policy/support/file_patterns.spt 2008-02-01 16:01:42.000000000 -0500
@@ -537,3 +537,23 @@
allow $1 $2:dir rw_dir_perms;
type_transition $1 $2:$4 $3;
@@ -28241,9 +28874,9 @@
+ relabelfrom_fifo_files_pattern($1,$2,$2)
+ relabelfrom_sock_files_pattern($1,$2,$2)
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.2.5/policy/support/obj_perm_sets.spt
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.2.6/policy/support/obj_perm_sets.spt
--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2007-10-12 08:56:09.000000000 -0400
-+++ serefpolicy-3.2.5/policy/support/obj_perm_sets.spt 2008-01-24 11:37:33.000000000 -0500
++++ serefpolicy-3.2.6/policy/support/obj_perm_sets.spt 2008-02-01 16:01:42.000000000 -0500
@@ -204,7 +204,7 @@
define(`getattr_file_perms',`{ getattr }')
define(`setattr_file_perms',`{ setattr }')
@@ -28267,9 +28900,9 @@
+define(`all_association_perms', `{ sendto recvfrom setcontext polmatch } ')
+
+define(`manage_key_perms', `{ create link read search setattr view write } ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.2.5/policy/users
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.2.6/policy/users
--- nsaserefpolicy/policy/users 2007-10-12 08:56:09.000000000 -0400
-+++ serefpolicy-3.2.5/policy/users 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/policy/users 2008-02-01 16:01:42.000000000 -0500
@@ -16,7 +16,7 @@
# and a user process should never be assigned the system user
# identity.
@@ -28304,9 +28937,9 @@
- gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
-')
+gen_user(root, unconfined, unconfined_r sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.2.5/Rules.modular
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.2.6/Rules.modular
--- nsaserefpolicy/Rules.modular 2007-12-19 05:32:18.000000000 -0500
-+++ serefpolicy-3.2.5/Rules.modular 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/Rules.modular 2008-02-01 16:01:42.000000000 -0500
@@ -73,8 +73,8 @@
$(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
@echo "Compliling $(NAME) $(@F) module"
@@ -28336,9 +28969,9 @@
$(tmpdir)/all_te_files.conf: M4PARAM += -D self_contained_policy
$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(tmpdir)/rolemap.conf
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.monolithic serefpolicy-3.2.5/Rules.monolithic
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.monolithic serefpolicy-3.2.6/Rules.monolithic
--- nsaserefpolicy/Rules.monolithic 2007-11-20 06:55:20.000000000 -0500
-+++ serefpolicy-3.2.5/Rules.monolithic 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.6/Rules.monolithic 2008-02-01 16:01:42.000000000 -0500
@@ -96,7 +96,7 @@
#
# Load the binary policy
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.597
retrieving revision 1.598
diff -u -r1.597 -r1.598
--- selinux-policy.spec 1 Feb 2008 13:49:05 -0000 1.597
+++ selinux-policy.spec 2 Feb 2008 06:30:04 -0000 1.598
@@ -16,8 +16,8 @@
%define CHECKPOLICYVER 2.0.3-1
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 3.2.5
-Release: 25%{?dist}
+Version: 3.2.6
+Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -387,6 +387,11 @@
%endif
%changelog
+* Fri Feb 1 2008 Dan Walsh <dwalsh at redhat.com> 3.2.6-1
+- Update to upstream
+- Add libvirt policy
+- add qemu policy
+
* Fri Feb 1 2008 Dan Walsh <dwalsh at redhat.com> 3.2.5-25
- Allow fail2ban to create a socket in /var/run
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/sources,v
retrieving revision 1.144
retrieving revision 1.145
diff -u -r1.144 -r1.145
--- sources 19 Dec 2007 18:00:58 -0000 1.144
+++ sources 2 Feb 2008 06:30:04 -0000 1.145
@@ -1 +1 @@
-803b5e85a6088c9a0048e84ba665a70b serefpolicy-3.2.5.tgz
+89c83e55336dc11852e1d0e89111fcd9 serefpolicy-3.2.6.tgz
More information about the fedora-extras-commits
mailing list