rpms/selinux-policy/devel policy-20071130.patch, 1.62, 1.63 selinux-policy.spec, 1.607, 1.608

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Thu Feb 14 20:25:58 UTC 2008 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4219

Modified Files:
	policy-20071130.patch selinux-policy.spec 
Log Message:
* Thu Feb 5 2008 Dan Walsh <dwalsh at redhat.com> 3.2.7-6
- Allow udev to send audit messages


policy-20071130.patch:

Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.62
retrieving revision 1.63
diff -u -r1.62 -r1.63
--- policy-20071130.patch	13 Feb 2008 22:13:58 -0000	1.62
+++ policy-20071130.patch	14 Feb 2008 20:25:46 -0000	1.63
@@ -5590,7 +5590,7 @@
  type lvm_control_t;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.2.7/policy/modules/kernel/domain.te
 --- nsaserefpolicy/policy/modules/kernel/domain.te	2007-12-19 05:32:07.000000000 -0500
-+++ serefpolicy-3.2.7/policy/modules/kernel/domain.te	2008-02-13 16:57:15.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/kernel/domain.te	2008-02-14 15:03:13.000000000 -0500
 @@ -5,6 +5,13 @@
  #
  # Declarations
@@ -5622,7 +5622,7 @@
  allow unconfined_domain_type domain:lnk_file { read_lnk_file_perms ioctl lock };
  
  # act on all domains keys
-@@ -148,3 +156,25 @@
+@@ -148,3 +156,26 @@
  
  # receive from all domains over labeled networking
  domain_all_recvfrom_all_domains(unconfined_domain_type)
@@ -5647,6 +5647,7 @@
 +
 +optional_policy(`
 +	unconfined_dontaudit_rw_pipes(domain)
++	unconfined_sigchld(domain)
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.2.7/policy/modules/kernel/files.if
 --- nsaserefpolicy/policy/modules/kernel/files.if	2007-10-29 18:02:31.000000000 -0400
@@ -15371,8 +15372,8 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.te serefpolicy-3.2.7/policy/modules/services/polkit.te
 --- nsaserefpolicy/policy/modules/services/polkit.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.7/policy/modules/services/polkit.te	2008-02-13 16:57:15.000000000 -0500
-@@ -0,0 +1,156 @@
++++ serefpolicy-3.2.7/policy/modules/services/polkit.te	2008-02-14 09:29:19.000000000 -0500
+@@ -0,0 +1,157 @@
 +policy_module(polkit_auth,1.0.0)
 +
 +########################################
@@ -15476,6 +15477,7 @@
 +files_pid_filetrans(polkit_auth_t,polkit_var_run_t, { file dir })
 +
 +userdom_append_unpriv_users_home_content_files(polkit_auth_t)
++userdom_dontaudit_read_unpriv_users_home_content_files(polkit_auth_t)
 +
 +optional_policy(`
 +	dbus_system_bus_client_template(polkit_auth, polkit_auth_t)
@@ -25667,7 +25669,7 @@
  	xen_append_log(ifconfig_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.2.7/policy/modules/system/udev.te
 --- nsaserefpolicy/policy/modules/system/udev.te	2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.2.7/policy/modules/system/udev.te	2008-02-13 16:57:16.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/system/udev.te	2008-02-14 14:30:05.000000000 -0500
 @@ -83,6 +83,7 @@
  kernel_rw_unix_dgram_sockets(udev_t)
  kernel_dgram_send(udev_t)
@@ -25686,7 +25688,15 @@
  
  domain_read_all_domains_state(udev_t)
  domain_dontaudit_ptrace_all_domains(udev_t) #pidof triggers these 
-@@ -189,6 +187,7 @@
+@@ -142,6 +140,7 @@
+ 
+ logging_search_logs(udev_t)
+ logging_send_syslog_msg(udev_t)
++logging_send_audit_msgs(udev_t)
+ 
+ miscfiles_read_localization(udev_t)
+ 
+@@ -189,6 +188,7 @@
  
  optional_policy(`
  	alsa_domtrans(udev_t)
@@ -25694,7 +25704,7 @@
  	alsa_read_rw_config(udev_t)
  ')
  
-@@ -197,6 +196,10 @@
+@@ -197,6 +197,10 @@
  ')
  
  optional_policy(`
@@ -25732,7 +25742,7 @@
 +/usr/sbin/sysreport	 	    --	gen_context(system_u:object_r:unconfined_notrans_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.2.7/policy/modules/system/unconfined.if
 --- nsaserefpolicy/policy/modules/system/unconfined.if	2007-11-16 15:30:49.000000000 -0500
-+++ serefpolicy-3.2.7/policy/modules/system/unconfined.if	2008-02-13 16:57:16.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/system/unconfined.if	2008-02-14 15:02:03.000000000 -0500
 @@ -12,14 +12,13 @@
  #
  interface(`unconfined_domain_noaudit',`
@@ -26319,7 +26329,7 @@
 +/root(/.*)?	 	gen_context(system_u:object_r:admin_home_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.2.7/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2007-11-29 13:29:35.000000000 -0500
-+++ serefpolicy-3.2.7/policy/modules/system/userdomain.if	2008-02-13 16:57:16.000000000 -0500
++++ serefpolicy-3.2.7/policy/modules/system/userdomain.if	2008-02-14 09:29:10.000000000 -0500
 @@ -29,9 +29,14 @@
  	')
  


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.607
retrieving revision 1.608
diff -u -r1.607 -r1.608
--- selinux-policy.spec	13 Feb 2008 21:43:16 -0000	1.607
+++ selinux-policy.spec	14 Feb 2008 20:25:46 -0000	1.608
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.2.7
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -387,6 +387,9 @@
 %endif
 
 %changelog
+* Thu Feb 5 2008 Dan Walsh <dwalsh at redhat.com> 3.2.7-6
+- Allow udev to send audit messages
+
 * Thu Feb 5 2008 Dan Walsh <dwalsh at redhat.com> 3.2.7-5
 - Add additional login users interfaces
   -     userdom_admin_login_user_template(staff)

More information about the fedora-extras-commits mailing list