rpms/selinux-policy/devel policy-20071130.patch,1.58,1.59
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Tue Feb 12 18:34:10 UTC 2008
- Previous message (by thread): devel/livecd-tools .cvsignore, 1.12, 1.13 livecd-tools.spec, 1.12, 1.13 sources, 1.12, 1.13
- Next message (by thread): rpms/wvdial/devel wvdial-1.54-9nums.patch, NONE, 1.1 wvdial.spec, 1.28, 1.29
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20774
Modified Files:
policy-20071130.patch
Log Message:
* Thu Feb 5 2008 Dan Walsh <dwalsh at redhat.com> 3.2.7-3
- More fixes for polkit
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -r1.58 -r1.59
--- policy-20071130.patch 12 Feb 2008 17:47:56 -0000 1.58
+++ policy-20071130.patch 12 Feb 2008 18:34:03 -0000 1.59
@@ -4775,7 +4775,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.2.7/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2007-12-12 11:35:27.000000000 -0500
-+++ serefpolicy-3.2.7/policy/modules/kernel/corecommands.fc 2008-02-11 14:27:33.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/kernel/corecommands.fc 2008-02-12 12:56:07.000000000 -0500
@@ -7,11 +7,11 @@
/bin/d?ash -- gen_context(system_u:object_r:shell_exec_t,s0)
/bin/bash -- gen_context(system_u:object_r:shell_exec_t,s0)
@@ -4820,17 +4820,19 @@
#
# /usr
#
-@@ -147,7 +157,8 @@
- /usr/lib(64)?/cups/backend(/.*)? gen_context(system_u:object_r:bin_t,s0)
- /usr/lib(64)?/cups/cgi-bin/.* -- gen_context(system_u:object_r:bin_t,s0)
- /usr/lib(64)?/cups/daemon(/.*)? gen_context(system_u:object_r:bin_t,s0)
+@@ -144,10 +154,7 @@
+ /usr/lib(64)?/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/lib(64)?/apt/methods.+ -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/lib(64)?/courier(/.*)? gen_context(system_u:object_r:bin_t,s0)
+-/usr/lib(64)?/cups/backend(/.*)? gen_context(system_u:object_r:bin_t,s0)
+-/usr/lib(64)?/cups/cgi-bin/.* -- gen_context(system_u:object_r:bin_t,s0)
+-/usr/lib(64)?/cups/daemon(/.*)? gen_context(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/cups/filter(/.*)? gen_context(system_u:object_r:bin_t,s0)
-+/usr/lib(64)?/cups/filter(/.*)? gen_context(system_u:object_r:bin_t,s0)
-+/usr/lib(64)?/cups/drivers(/.*)? gen_context(system_u:object_r:bin_t,s0)
++/usr/lib(64)?/cups(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/cyrus-imapd/.* -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/dpkg/.+ -- gen_context(system_u:object_r:bin_t,s0)
-@@ -186,7 +197,10 @@
+@@ -186,7 +193,10 @@
/usr/local/Printer/[^/]*/cupswrapper(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/local/Printer/[^/]*/lpd(/.*)? gen_context(system_u:object_r:bin_t,s0)
@@ -4841,7 +4843,7 @@
/usr/share/apr-0/build/[^/]+\.sh -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/apr-0/build/libtool -- gen_context(system_u:object_r:bin_t,s0)
-@@ -284,3 +298,9 @@
+@@ -284,3 +294,9 @@
ifdef(`distro_suse',`
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
')
@@ -5484,7 +5486,7 @@
type lvm_control_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.2.7/policy/modules/kernel/domain.te
--- nsaserefpolicy/policy/modules/kernel/domain.te 2007-12-19 05:32:07.000000000 -0500
-+++ serefpolicy-3.2.7/policy/modules/kernel/domain.te 2008-02-11 16:43:14.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/kernel/domain.te 2008-02-12 13:19:51.000000000 -0500
@@ -5,6 +5,13 @@
#
# Declarations
@@ -5647,7 +5649,7 @@
# etc_runtime_t is the type of various
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.2.7/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2007-10-24 15:00:24.000000000 -0400
-+++ serefpolicy-3.2.7/policy/modules/kernel/filesystem.if 2008-02-12 09:41:43.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/kernel/filesystem.if 2008-02-12 13:01:12.000000000 -0500
@@ -310,6 +310,25 @@
########################################
@@ -6058,7 +6060,7 @@
## SELinux protections for filesystem objects, and
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.2.7/policy/modules/kernel/terminal.if
--- nsaserefpolicy/policy/modules/kernel/terminal.if 2007-09-12 10:34:17.000000000 -0400
-+++ serefpolicy-3.2.7/policy/modules/kernel/terminal.if 2008-02-06 11:02:29.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/kernel/terminal.if 2008-02-12 13:00:27.000000000 -0500
@@ -525,11 +525,13 @@
interface(`term_use_generic_ptys',`
gen_require(`
@@ -21847,7 +21849,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.2.7/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.2.7/policy/modules/services/xserver.te 2008-02-12 12:43:50.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/services/xserver.te 2008-02-12 13:25:46.000000000 -0500
@@ -16,6 +16,13 @@
## <desc>
@@ -22052,7 +22054,7 @@
xserver_rw_session_template(xdm,xdm_t,xdm_tmpfs_t)
-@@ -304,7 +363,27 @@
+@@ -304,7 +363,11 @@
')
optional_policy(`
@@ -22062,8 +22064,13 @@
+
+optional_policy(`
+ consolekit_read_log(xdm_t)
-+
-+optional_policy(`
+ ')
+
+ optional_policy(`
+@@ -312,6 +375,23 @@
+ ')
+
+ optional_policy(`
+ dbus_per_role_template(xdm, xdm_t, system_r)
+ dbus_system_bus_client_template(xdm, xdm_t)
+
@@ -22078,10 +22085,13 @@
+ optional_policy(`
+ networkmanager_dbus_chat(xdm_t)
+ ')
- ')
-
- optional_policy(`
-@@ -322,6 +401,10 @@
++')
++
++optional_policy(`
+ # Talk to the console mouse server.
+ gpm_stream_connect(xdm_t)
+ gpm_setattr_gpmctl(xdm_t)
+@@ -322,6 +402,10 @@
')
optional_policy(`
@@ -22092,7 +22102,7 @@
loadkeys_exec(xdm_t)
')
-@@ -335,6 +418,11 @@
+@@ -335,6 +419,11 @@
')
optional_policy(`
@@ -22104,7 +22114,7 @@
seutil_sigchld_newrole(xdm_t)
')
-@@ -343,8 +431,8 @@
+@@ -343,8 +432,8 @@
')
optional_policy(`
@@ -22114,7 +22124,7 @@
ifndef(`distro_redhat',`
allow xdm_t self:process { execheap execmem };
-@@ -380,7 +468,7 @@
+@@ -380,7 +469,7 @@
allow xdm_xserver_t xdm_var_lib_t:file { getattr read };
dontaudit xdm_xserver_t xdm_var_lib_t:dir search;
@@ -22123,7 +22133,7 @@
# Label pid and temporary files with derived types.
manage_files_pattern(xdm_xserver_t,xdm_tmp_t,xdm_tmp_t)
-@@ -392,6 +480,15 @@
+@@ -392,6 +481,15 @@
can_exec(xdm_xserver_t, xkb_var_lib_t)
files_search_var_lib(xdm_xserver_t)
@@ -22139,7 +22149,7 @@
# VNC v4 module in X server
corenet_tcp_bind_vnc_port(xdm_xserver_t)
-@@ -404,6 +501,7 @@
+@@ -404,6 +502,7 @@
# to read ROLE_home_t - examine this in more detail
# (xauth?)
userdom_read_unpriv_users_home_content_files(xdm_xserver_t)
@@ -22147,7 +22157,7 @@
xserver_use_all_users_fonts(xdm_xserver_t)
-@@ -420,6 +518,14 @@
+@@ -420,6 +519,14 @@
')
optional_policy(`
@@ -22162,7 +22172,7 @@
resmgr_stream_connect(xdm_t)
')
-@@ -429,47 +535,103 @@
+@@ -429,47 +536,103 @@
')
optional_policy(`
@@ -24144,7 +24154,7 @@
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.2.7/policy/modules/system/modutils.te
--- nsaserefpolicy/policy/modules/system/modutils.te 2008-02-06 10:33:22.000000000 -0500
-+++ serefpolicy-3.2.7/policy/modules/system/modutils.te 2008-02-06 11:08:30.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/system/modutils.te 2008-02-12 13:01:36.000000000 -0500
@@ -42,7 +42,7 @@
# insmod local policy
#
@@ -24181,13 +24191,14 @@
libs_use_ld_so(insmod_t)
libs_use_shared_libs(insmod_t)
-@@ -118,11 +118,27 @@
+@@ -118,11 +118,28 @@
')
')
+term_dontaudit_use_unallocated_ttys(insmod_t)
+userdom_dontaudit_search_users_home_dirs(insmod_t)
+userdom_dontaudit_search_sysadm_home_dirs(insmod_t)
++fs_dontaudit_use_tmpfs_chr_dev(insmod_t)
+
if( ! secure_mode_insmod ) {
kernel_domtrans_to(insmod_t,insmod_exec_t)
@@ -24209,7 +24220,7 @@
hotplug_search_config(insmod_t)
')
-@@ -155,10 +171,12 @@
+@@ -155,10 +172,12 @@
optional_policy(`
rpm_rw_pipes(insmod_t)
@@ -24222,7 +24233,7 @@
')
optional_policy(`
-@@ -185,6 +203,7 @@
+@@ -185,6 +204,7 @@
files_read_kernel_symbol_table(depmod_t)
files_read_kernel_modules(depmod_t)
@@ -24230,7 +24241,7 @@
fs_getattr_xattr_fs(depmod_t)
-@@ -208,9 +227,11 @@
+@@ -208,9 +228,11 @@
# Read System.map from home directories.
files_list_home(depmod_t)
@@ -24243,7 +24254,7 @@
ifdef(`distro_ubuntu',`
optional_policy(`
unconfined_domain(depmod_t)
-@@ -219,11 +240,12 @@
+@@ -219,11 +241,12 @@
optional_policy(`
# Read System.map from home directories.
- Previous message (by thread): devel/livecd-tools .cvsignore, 1.12, 1.13 livecd-tools.spec, 1.12, 1.13 sources, 1.12, 1.13
- Next message (by thread): rpms/wvdial/devel wvdial-1.54-9nums.patch, NONE, 1.1 wvdial.spec, 1.28, 1.29
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list