rpms/selinux-policy/devel policy-20071130.patch, 1.49, 1.50 selinux-policy.spec, 1.599, 1.600
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Sun Feb 3 13:39:53 UTC 2008
- Previous message (by thread): rpms/sonata/devel .cvsignore, 1.9, 1.10 sonata.spec, 1.13, 1.14 sources, 1.9, 1.10
- Next message (by thread): rpms/linux_logo/devel .cvsignore, 1.10, 1.11 linux_logo.spec, 1.18, 1.19 sources, 1.10, 1.11
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3362
Modified Files:
policy-20071130.patch selinux-policy.spec
Log Message:
* Sun Feb 3 2008 Dan Walsh <dwalsh at redhat.com> 3.2.6-4
- Fixes for nsplugin
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.49
retrieving revision 1.50
diff -u -r1.49 -r1.50
--- policy-20071130.patch 2 Feb 2008 15:42:44 -0000 1.49
+++ policy-20071130.patch 3 Feb 2008 13:39:47 -0000 1.50
@@ -4122,8 +4122,8 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.2.6/policy/modules/apps/nsplugin.te
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.6/policy/modules/apps/nsplugin.te 2008-02-01 22:19:57.000000000 -0500
-@@ -0,0 +1,135 @@
++++ serefpolicy-3.2.6/policy/modules/apps/nsplugin.te 2008-02-03 08:32:51.000000000 -0500
+@@ -0,0 +1,136 @@
+policy_module(nsplugin,1.0.0)
+
+########################################
@@ -4156,7 +4156,7 @@
+# nsplugin local policy
+#
+allow nsplugin_t self:fifo_file rw_file_perms;
-+allow nsplugin_t self:process getsched;
++allow nsplugin_t self:process { ptrace getsched };
+
+manage_dirs_pattern(nsplugin_t, user_nsplugin_home_t, user_nsplugin_home_t)
+manage_files_pattern(nsplugin_t, user_nsplugin_home_t, user_nsplugin_home_t)
@@ -4169,6 +4169,7 @@
+corenet_all_recvfrom_unlabeled(nsplugin_t)
+corenet_all_recvfrom_netlabel(nsplugin_t)
+corenet_tcp_connect_flash_port(nsplugin_t)
++corenet_tcp_connect_http_port(nsplugin_t)
+corenet_tcp_sendrecv_generic_if(nsplugin_t)
+corenet_tcp_sendrecv_all_nodes(nsplugin_t)
+
@@ -5559,7 +5560,7 @@
# etc_runtime_t is the type of various
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.2.6/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2007-10-24 15:00:24.000000000 -0400
-+++ serefpolicy-3.2.6/policy/modules/kernel/filesystem.if 2008-02-01 16:01:42.000000000 -0500
++++ serefpolicy-3.2.6/policy/modules/kernel/filesystem.if 2008-02-02 17:18:44.000000000 -0500
@@ -310,6 +310,25 @@
########################################
@@ -5621,6 +5622,32 @@
')
########################################
+@@ -3039,6 +3077,25 @@
+
+ ########################################
+ ## <summary>
++## Read and write block nodes on removable filesystems.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`fs_rw_removable_blk_files',`
++ gen_require(`
++ type removable_t;
++ ')
++
++ allow $1 removable_t:dir list_dir_perms;
++ rw_blk_files_pattern($1,removable_t,removable_t)
++')
++
++########################################
++## <summary>
+ ## Relabel block nodes on tmpfs filesystems.
+ ## </summary>
+ ## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.2.6/policy/modules/kernel/filesystem.te
--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2007-12-19 05:32:07.000000000 -0500
+++ serefpolicy-3.2.6/policy/modules/kernel/filesystem.te 2008-02-01 16:01:42.000000000 -0500
@@ -23494,8 +23521,8 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.te serefpolicy-3.2.6/policy/modules/system/qemu.te
--- nsaserefpolicy/policy/modules/system/qemu.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.6/policy/modules/system/qemu.te 2008-02-02 10:40:41.000000000 -0500
-@@ -0,0 +1,56 @@
++++ serefpolicy-3.2.6/policy/modules/system/qemu.te 2008-02-02 17:19:03.000000000 -0500
+@@ -0,0 +1,58 @@
+policy_module(qemu,1.0.0)
+
+########################################
@@ -23533,6 +23560,7 @@
+corenet_rw_tun_tap_dev(qemu_t)
+
+virt_manage_image(qemu_t)
++virt_read_config(qemu_t)
+
+dev_rw_kvm(qemu_t)
+
@@ -23542,6 +23570,7 @@
+files_search_all(qemu_t)
+
+fs_rw_anon_inodefs_files(qemu_t)
++fs_rw_removable_blk_files(qemu_t)
+
+term_use_ptmx(qemu_t)
+term_getattr_pty_fs(qemu_t)
@@ -27805,8 +27834,8 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.fc serefpolicy-3.2.6/policy/modules/system/virt.fc
--- nsaserefpolicy/policy/modules/system/virt.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.6/policy/modules/system/virt.fc 2008-02-02 01:21:35.000000000 -0500
-@@ -0,0 +1,8 @@
++++ serefpolicy-3.2.6/policy/modules/system/virt.fc 2008-02-02 17:13:58.000000000 -0500
+@@ -0,0 +1,13 @@
+
+/usr/sbin/libvirtd -- gen_context(system_u:object_r:virtd_exec_t,s0)
+
@@ -27815,10 +27844,15 @@
+/var/run/libvirt(/.*)? gen_context(system_u:object_r:virt_var_run_t,s0)
+/var/lib/libvirt(/.*)? gen_context(system_u:object_r:virt_var_lib_t,s0)
+/var/lib/libvirt/images(/.*)? gen_context(system_u:object_r:virt_image_t,s0)
++
++/etc/libvirt -d gen_context(system_u:object_r:virt_etc_t,s0)
++/etc/libvirt/[^/]* -- gen_context(system_u:object_r:virt_etc_t,s0)
++/etc/libvirt/[^/]* -d gen_context(system_u:object_r:virt_etc_rw_t,s0)
++/etc/libvirt/.*/.* gen_context(system_u:object_r:virt_etc_rw_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.if serefpolicy-3.2.6/policy/modules/system/virt.if
--- nsaserefpolicy/policy/modules/system/virt.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.6/policy/modules/system/virt.if 2008-02-01 23:48:44.000000000 -0500
-@@ -0,0 +1,303 @@
++++ serefpolicy-3.2.6/policy/modules/system/virt.if 2008-02-02 17:16:14.000000000 -0500
+@@ -0,0 +1,324 @@
+
+## <summary>policy for virt</summary>
+
@@ -27881,6 +27915,27 @@
+
+########################################
+## <summary>
++## Read virt config files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`virt_read_config',`
++ gen_require(`
++ type virt_etc_t;
++ type virt_etc_rw_t;
++ ')
++
++ files_search_etc($1)
++ read_files_pattern($1, virt_etc_t, virt_etc_t)
++ read_files_pattern($1, virt_etc_rw_t, virt_etc_rw_t)
++')
++
++########################################
++## <summary>
+## Manage virt var_run files.
+## </summary>
+## <param name="domain">
@@ -28124,8 +28179,8 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.te serefpolicy-3.2.6/policy/modules/system/virt.te
--- nsaserefpolicy/policy/modules/system/virt.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.6/policy/modules/system/virt.te 2008-02-02 10:41:16.000000000 -0500
-@@ -0,0 +1,123 @@
++++ serefpolicy-3.2.6/policy/modules/system/virt.te 2008-02-02 17:10:42.000000000 -0500
+@@ -0,0 +1,135 @@
+
+policy_module(virt,1.0.0)
+
@@ -28162,6 +28217,12 @@
+type virt_var_lib_t;
+files_type(virt_var_lib_t)
+
++type virt_etc_t;
++files_type(virt_etc_t)
++
++type virt_etc_rw_t;
++files_type(virt_etc_rw_t)
++
+type virt_log_t;
+logging_log_file(virt_log_t)
+
@@ -28194,6 +28255,12 @@
+manage_files_pattern(virtd_t, virt_log_t, virt_log_t)
+logging_log_filetrans(virtd_t, virt_log_t, { file dir } )
+
++read_files_pattern(virtd_t, virt_etc_t, virt_etc_t)
++
++manage_dirs_pattern(virtd_t, virt_etc_rw_t, virt_etc_rw_t)
++manage_files_pattern(virtd_t, virt_etc_rw_t, virt_etc_rw_t)
++files_trans_pattern(virtd_t, virt_etc_t, virt_etc_rw_t, dir)
++
+corenet_all_recvfrom_unlabeled(virtd_t)
+corenet_all_recvfrom_netlabel(virtd_t)
+corenet_tcp_sendrecv_all_if(virtd_t)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.599
retrieving revision 1.600
diff -u -r1.599 -r1.600
--- selinux-policy.spec 2 Feb 2008 15:42:44 -0000 1.599
+++ selinux-policy.spec 3 Feb 2008 13:39:47 -0000 1.600
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.2.6
-Release: 2%{?dist}
+Release: 4%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -387,6 +387,12 @@
%endif
%changelog
+* Sun Feb 3 2008 Dan Walsh <dwalsh at redhat.com> 3.2.6-4
+- Fixes for nsplugin
+
+* Sat Feb 2 2008 Dan Walsh <dwalsh at redhat.com> 3.2.6-3
+- More fixes for qemu
+
* Sat Feb 2 2008 Dan Walsh <dwalsh at redhat.com> 3.2.6-2
- Additional ports for vnc and allow qemu and libvirt to search all directories
- Previous message (by thread): rpms/sonata/devel .cvsignore, 1.9, 1.10 sonata.spec, 1.13, 1.14 sources, 1.9, 1.10
- Next message (by thread): rpms/linux_logo/devel .cvsignore, 1.10, 1.11 linux_logo.spec, 1.18, 1.19 sources, 1.10, 1.11
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list