rpms/selinux-policy/devel policy-20071130.patch, 1.62, 1.63 selinux-policy.spec, 1.607, 1.608
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Thu Feb 14 20:25:58 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4219
Modified Files:
policy-20071130.patch selinux-policy.spec
Log Message:
* Thu Feb 5 2008 Dan Walsh <dwalsh at redhat.com> 3.2.7-6
- Allow udev to send audit messages
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.62
retrieving revision 1.63
diff -u -r1.62 -r1.63
--- policy-20071130.patch 13 Feb 2008 22:13:58 -0000 1.62
+++ policy-20071130.patch 14 Feb 2008 20:25:46 -0000 1.63
@@ -5590,7 +5590,7 @@
type lvm_control_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.2.7/policy/modules/kernel/domain.te
--- nsaserefpolicy/policy/modules/kernel/domain.te 2007-12-19 05:32:07.000000000 -0500
-+++ serefpolicy-3.2.7/policy/modules/kernel/domain.te 2008-02-13 16:57:15.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/kernel/domain.te 2008-02-14 15:03:13.000000000 -0500
@@ -5,6 +5,13 @@
#
# Declarations
@@ -5622,7 +5622,7 @@
allow unconfined_domain_type domain:lnk_file { read_lnk_file_perms ioctl lock };
# act on all domains keys
-@@ -148,3 +156,25 @@
+@@ -148,3 +156,26 @@
# receive from all domains over labeled networking
domain_all_recvfrom_all_domains(unconfined_domain_type)
@@ -5647,6 +5647,7 @@
+
+optional_policy(`
+ unconfined_dontaudit_rw_pipes(domain)
++ unconfined_sigchld(domain)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.2.7/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2007-10-29 18:02:31.000000000 -0400
@@ -15371,8 +15372,8 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.te serefpolicy-3.2.7/policy/modules/services/polkit.te
--- nsaserefpolicy/policy/modules/services/polkit.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.7/policy/modules/services/polkit.te 2008-02-13 16:57:15.000000000 -0500
-@@ -0,0 +1,156 @@
++++ serefpolicy-3.2.7/policy/modules/services/polkit.te 2008-02-14 09:29:19.000000000 -0500
+@@ -0,0 +1,157 @@
+policy_module(polkit_auth,1.0.0)
+
+########################################
@@ -15476,6 +15477,7 @@
+files_pid_filetrans(polkit_auth_t,polkit_var_run_t, { file dir })
+
+userdom_append_unpriv_users_home_content_files(polkit_auth_t)
++userdom_dontaudit_read_unpriv_users_home_content_files(polkit_auth_t)
+
+optional_policy(`
+ dbus_system_bus_client_template(polkit_auth, polkit_auth_t)
@@ -25667,7 +25669,7 @@
xen_append_log(ifconfig_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.2.7/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.2.7/policy/modules/system/udev.te 2008-02-13 16:57:16.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/system/udev.te 2008-02-14 14:30:05.000000000 -0500
@@ -83,6 +83,7 @@
kernel_rw_unix_dgram_sockets(udev_t)
kernel_dgram_send(udev_t)
@@ -25686,7 +25688,15 @@
domain_read_all_domains_state(udev_t)
domain_dontaudit_ptrace_all_domains(udev_t) #pidof triggers these
-@@ -189,6 +187,7 @@
+@@ -142,6 +140,7 @@
+
+ logging_search_logs(udev_t)
+ logging_send_syslog_msg(udev_t)
++logging_send_audit_msgs(udev_t)
+
+ miscfiles_read_localization(udev_t)
+
+@@ -189,6 +188,7 @@
optional_policy(`
alsa_domtrans(udev_t)
@@ -25694,7 +25704,7 @@
alsa_read_rw_config(udev_t)
')
-@@ -197,6 +196,10 @@
+@@ -197,6 +197,10 @@
')
optional_policy(`
@@ -25732,7 +25742,7 @@
+/usr/sbin/sysreport -- gen_context(system_u:object_r:unconfined_notrans_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.2.7/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2007-11-16 15:30:49.000000000 -0500
-+++ serefpolicy-3.2.7/policy/modules/system/unconfined.if 2008-02-13 16:57:16.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/system/unconfined.if 2008-02-14 15:02:03.000000000 -0500
@@ -12,14 +12,13 @@
#
interface(`unconfined_domain_noaudit',`
@@ -26319,7 +26329,7 @@
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.2.7/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-11-29 13:29:35.000000000 -0500
-+++ serefpolicy-3.2.7/policy/modules/system/userdomain.if 2008-02-13 16:57:16.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/system/userdomain.if 2008-02-14 09:29:10.000000000 -0500
@@ -29,9 +29,14 @@
')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.607
retrieving revision 1.608
diff -u -r1.607 -r1.608
--- selinux-policy.spec 13 Feb 2008 21:43:16 -0000 1.607
+++ selinux-policy.spec 14 Feb 2008 20:25:46 -0000 1.608
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.2.7
-Release: 5%{?dist}
+Release: 6%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -387,6 +387,9 @@
%endif
%changelog
+* Thu Feb 5 2008 Dan Walsh <dwalsh at redhat.com> 3.2.7-6
+- Allow udev to send audit messages
+
* Thu Feb 5 2008 Dan Walsh <dwalsh at redhat.com> 3.2.7-5
- Add additional login users interfaces
- userdom_admin_login_user_template(staff)
More information about the fedora-extras-commits
mailing list