rpms/selinux-policy/devel policy-20071130.patch, 1.48, 1.49 selinux-policy.spec, 1.598, 1.599
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Sat Feb 2 15:42:47 UTC 2008
- Previous message (by thread): rpms/gnome-build/F-7 gnome-build-0.2.1-configure.patch, NONE, 1.1 gnome-build-0.2.1-pkgconfig.patch, NONE, 1.1 .cvsignore, 1.3, 1.4 gnome-build.spec, 1.6, 1.7 sources, 1.3, 1.4
- Next message (by thread): rpms/gscan2pdf/F-7 .cvsignore, 1.12, 1.13 gscan2pdf.spec, 1.21, 1.22 sources, 1.12, 1.13
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9970
Modified Files:
policy-20071130.patch selinux-policy.spec
Log Message:
* Sat Feb 2 2008 Dan Walsh <dwalsh at redhat.com> 3.2.6-2
- Additional ports for vnc and allow qemu and libvirt to search all directories
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -r1.48 -r1.49
--- policy-20071130.patch 2 Feb 2008 06:30:04 -0000 1.48
+++ policy-20071130.patch 2 Feb 2008 15:42:44 -0000 1.49
@@ -3058,7 +3058,7 @@
+userdom_dontaudit_write_unpriv_user_home_content_files(loadkeys_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.2.6/policy/modules/apps/mono.if
--- nsaserefpolicy/policy/modules/apps/mono.if 2007-01-02 12:57:22.000000000 -0500
-+++ serefpolicy-3.2.6/policy/modules/apps/mono.if 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.6/policy/modules/apps/mono.if 2008-02-02 10:25:13.000000000 -0500
@@ -18,3 +18,105 @@
corecmd_search_bin($1)
domtrans_pattern($1, mono_exec_t, mono_t)
@@ -3154,7 +3154,7 @@
+
+ userdom_unpriv_usertype($1, $1_mono_t)
+
-+ allow $1_mono_t self:process { execheap execmem };
++ allow $1_mono_t self:process { ptrace signal getsched execheap execmem };
+ allow $2 $1_mono_t:process { getattr ptrace noatsecure signal_perms };
+
+ domtrans_pattern($2, mono_exec_t, $1_mono_t)
@@ -3167,13 +3167,13 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-3.2.6/policy/modules/apps/mono.te
--- nsaserefpolicy/policy/modules/apps/mono.te 2007-12-19 05:32:09.000000000 -0500
-+++ serefpolicy-3.2.6/policy/modules/apps/mono.te 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.6/policy/modules/apps/mono.te 2008-02-02 10:38:18.000000000 -0500
@@ -15,7 +15,7 @@
# Local policy
#
-allow mono_t self:process { execheap execmem };
-+allow mono_t self:process { signal getsched execheap execmem };
++allow mono_t self:process { ptrace signal getsched execheap execmem };
userdom_generic_user_home_dir_filetrans_generic_user_home_content(mono_t,{ dir file lnk_file fifo_file sock_file })
@@ -4818,7 +4818,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.2.6/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2008-02-01 09:12:53.000000000 -0500
-+++ serefpolicy-3.2.6/policy/modules/kernel/corenetwork.te.in 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.6/policy/modules/kernel/corenetwork.te.in 2008-02-02 10:38:16.000000000 -0500
@@ -82,6 +82,7 @@
network_port(clockspeed, udp,4041,s0)
network_port(cluster, tcp,5149,s0, udp,5149,s0, tcp,40040,s0, tcp,50006,s0, udp,50006,s0, tcp,50007,s0, udp,50007,s0, tcp,50008,s0, udp,50008,s0)
@@ -4861,6 +4861,15 @@
network_port(rsh, tcp,514,s0)
network_port(rsync, tcp,873,s0, udp,873,s0)
network_port(rwho, udp,513,s0)
+@@ -171,6 +176,8 @@
+ type utcpserver_port_t, port_type; dnl network_port(utcpserver) # no defined portcon
+ network_port(uucpd, tcp,540,s0)
+ network_port(vnc, tcp,5900,s0)
++# Reserve 50 ports for vnc/virt machines
++portcon tcp 5901-5950 gen_context(system_u:object_r:vnc_port_t, s0)
+ network_port(wccp, udp,2048,s0)
+ network_port(xdmcp, udp,177,s0, tcp,177,s0)
+ network_port(xen, tcp,8002,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in.cyphesis serefpolicy-3.2.6/policy/modules/kernel/corenetwork.te.in.cyphesis
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in.cyphesis 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.2.6/policy/modules/kernel/corenetwork.te.in.cyphesis 2008-02-01 16:01:42.000000000 -0500
@@ -23485,7 +23494,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.te serefpolicy-3.2.6/policy/modules/system/qemu.te
--- nsaserefpolicy/policy/modules/system/qemu.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.6/policy/modules/system/qemu.te 2008-02-02 01:25:31.000000000 -0500
++++ serefpolicy-3.2.6/policy/modules/system/qemu.te 2008-02-02 10:40:41.000000000 -0500
@@ -0,0 +1,56 @@
+policy_module(qemu,1.0.0)
+
@@ -23530,7 +23539,7 @@
+files_read_etc_files(qemu_t)
+files_read_usr_files(qemu_t)
+files_read_var_files(qemu_t)
-+files_search_var_lib(qemu_t)
++files_search_all(qemu_t)
+
+fs_rw_anon_inodefs_files(qemu_t)
+
@@ -28115,7 +28124,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.te serefpolicy-3.2.6/policy/modules/system/virt.te
--- nsaserefpolicy/policy/modules/system/virt.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.6/policy/modules/system/virt.te 2008-02-01 17:30:47.000000000 -0500
++++ serefpolicy-3.2.6/policy/modules/system/virt.te 2008-02-02 10:41:16.000000000 -0500
@@ -0,0 +1,123 @@
+
+policy_module(virt,1.0.0)
@@ -28192,7 +28201,6 @@
+corenet_tcp_sendrecv_all_ports(virtd_t)
+corenet_tcp_bind_all_nodes(virtd_t)
+corenet_tcp_bind_vnc_port(virtd_t)
-+
+corenet_rw_tun_tap_dev(virtd_t)
+
+kernel_read_system_state(virtd_t)
@@ -28204,6 +28212,7 @@
+
+files_read_etc_files(virtd_t)
+files_read_etc_runtime_files(virtd_t)
++files_search_all(virtd_t)
+
+libs_use_ld_so(virtd_t)
+libs_use_shared_libs(virtd_t)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.598
retrieving revision 1.599
diff -u -r1.598 -r1.599
--- selinux-policy.spec 2 Feb 2008 06:30:04 -0000 1.598
+++ selinux-policy.spec 2 Feb 2008 15:42:44 -0000 1.599
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.2.6
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -387,6 +387,9 @@
%endif
%changelog
+* Sat Feb 2 2008 Dan Walsh <dwalsh at redhat.com> 3.2.6-2
+- Additional ports for vnc and allow qemu and libvirt to search all directories
+
* Fri Feb 1 2008 Dan Walsh <dwalsh at redhat.com> 3.2.6-1
- Update to upstream
- Add libvirt policy
- Previous message (by thread): rpms/gnome-build/F-7 gnome-build-0.2.1-configure.patch, NONE, 1.1 gnome-build-0.2.1-pkgconfig.patch, NONE, 1.1 .cvsignore, 1.3, 1.4 gnome-build.spec, 1.6, 1.7 sources, 1.3, 1.4
- Next message (by thread): rpms/gscan2pdf/F-7 .cvsignore, 1.12, 1.13 gscan2pdf.spec, 1.21, 1.22 sources, 1.12, 1.13
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list