rpms/selinux-policy/devel policy-20071130.patch, 1.66, 1.67 selinux-policy.spec, 1.609, 1.610
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Tue Feb 19 22:20:24 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19015
Modified Files:
policy-20071130.patch selinux-policy.spec
Log Message:
* Tue Feb 19 2008 Dan Walsh <dwalsh at redhat.com> 3.2.8-2
- Fix userdom_list_user_files
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.66
retrieving revision 1.67
diff -u -r1.66 -r1.67
--- policy-20071130.patch 18 Feb 2008 21:27:08 -0000 1.66
+++ policy-20071130.patch 19 Feb 2008 22:20:15 -0000 1.67
@@ -1423,6 +1423,19 @@
rpm_use_fds(useradd_t)
rpm_rw_pipes(useradd_t)
')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-3.2.8/policy/modules/admin/vpn.te
+--- nsaserefpolicy/policy/modules/admin/vpn.te 2008-02-18 14:30:19.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/admin/vpn.te 2008-02-19 10:59:29.000000000 -0500
+@@ -24,7 +24,8 @@
+
+ allow vpnc_t self:capability { dac_override net_admin ipc_lock net_raw };
+ allow vpnc_t self:process getsched;
+-allow vpnc_t self:fifo_file { getattr ioctl read write };
++allow vpnc_t self:fifo_file rw_fifo_file_perms;
++allow vpnc_t self:netlink_route_socket rw_netlink_socket_perms;
+ allow vpnc_t self:tcp_socket create_stream_socket_perms;
+ allow vpnc_t self:udp_socket create_socket_perms;
+ allow vpnc_t self:rawip_socket create_socket_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal.fc serefpolicy-3.2.8/policy/modules/apps/ethereal.fc
--- nsaserefpolicy/policy/modules/apps/ethereal.fc 2007-10-12 08:56:02.000000000 -0400
+++ serefpolicy-3.2.8/policy/modules/apps/ethereal.fc 2008-02-18 14:57:04.000000000 -0500
@@ -2546,7 +2559,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-3.2.8/policy/modules/apps/java.fc
--- nsaserefpolicy/policy/modules/apps/java.fc 2007-03-01 10:01:48.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/apps/java.fc 2008-02-18 14:57:04.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/apps/java.fc 2008-02-19 10:48:39.000000000 -0500
@@ -11,6 +11,7 @@
#
/usr/(.*/)?bin/java.* -- gen_context(system_u:object_r:java_exec_t,s0)
@@ -2555,7 +2568,7 @@
/usr/bin/frysk -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/bin/gappletviewer -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/bin/gcj-dbtool -- gen_context(system_u:object_r:java_exec_t,s0)
-@@ -20,5 +21,13 @@
+@@ -20,5 +21,14 @@
/usr/bin/grmic -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/bin/grmiregistry -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/bin/jv-convert -- gen_context(system_u:object_r:java_exec_t,s0)
@@ -2566,6 +2579,7 @@
+/usr/matlab(/.*)?/bin/(.*/)?MATLAB.* -- gen_context(system_u:object_r:java_exec_t,s0)
+/opt/matlab(/.*)?/bin(/.*)?/MATLAB.* -- gen_context(system_u:object_r:java_exec_t,s0)
+/usr/lib/jvm/java(.*/)bin(/.*)? -- gen_context(system_u:object_r:java_exec_t,s0)
++/usr/lib64/jvm/java(.*/)bin(/.*)? -- gen_context(system_u:object_r:java_exec_t,s0)
+
+/usr/lib/openoffice\.org/program/soffice\.bin -- gen_context(system_u:object_r:java_exec_t,s0)
+/usr/lib64/openoffice\.org/program/soffice\.bin -- gen_context(system_u:object_r:java_exec_t,s0)
@@ -4643,7 +4657,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.2.8/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2007-12-12 11:35:27.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/kernel/corecommands.fc 2008-02-18 14:57:04.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/kernel/corecommands.fc 2008-02-19 09:58:42.000000000 -0500
@@ -7,11 +7,11 @@
/bin/d?ash -- gen_context(system_u:object_r:shell_exec_t,s0)
/bin/bash -- gen_context(system_u:object_r:shell_exec_t,s0)
@@ -4700,9 +4714,11 @@
/usr/lib(64)?/cyrus-imapd/.* -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/dpkg/.+ -- gen_context(system_u:object_r:bin_t,s0)
-@@ -186,7 +193,10 @@
+@@ -185,8 +192,12 @@
+ /usr/local/Brother(/.*)?/lpd(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/local/Printer/[^/]*/cupswrapper(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/local/Printer/[^/]*/lpd(/.*)? gen_context(system_u:object_r:bin_t,s0)
++/usr/local/linuxprinter/filters(/.*)? gen_context(system_u:object_r:bin_t,s0)
+/usr/bin/scponly -- gen_context(system_u:object_r:shell_exec_t,s0)
+/usr/sbin/scponlyc -- gen_context(system_u:object_r:shell_exec_t,s0)
@@ -4711,7 +4727,7 @@
/usr/share/apr-0/build/[^/]+\.sh -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/apr-0/build/libtool -- gen_context(system_u:object_r:bin_t,s0)
-@@ -284,3 +294,9 @@
+@@ -284,3 +295,10 @@
ifdef(`distro_suse',`
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
')
@@ -4721,6 +4737,7 @@
+/usr/lib(64)?/ConsoleKit/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
+/usr/lib(64)?/ConsoleKit/run-session.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
+/etc/ConsoleKit/run-session.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.2.8/policy/modules/kernel/corecommands.if
--- nsaserefpolicy/policy/modules/kernel/corecommands.if 2007-11-14 08:17:58.000000000 -0500
+++ serefpolicy-3.2.8/policy/modules/kernel/corecommands.if 2008-02-18 14:57:04.000000000 -0500
@@ -4826,7 +4843,7 @@
network_port(xen, tcp,8002,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.2.8/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2007-12-12 11:35:27.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/kernel/devices.fc 2008-02-18 14:57:04.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/kernel/devices.fc 2008-02-19 10:48:15.000000000 -0500
@@ -1,7 +1,7 @@
/dev -d gen_context(system_u:object_r:device_t,s0)
@@ -4836,7 +4853,12 @@
/dev/.*mouse.* -c gen_context(system_u:object_r:mouse_device_t,s0)
/dev/admmidi.* -c gen_context(system_u:object_r:sound_device_t,s0)
/dev/adsp.* -c gen_context(system_u:object_r:sound_device_t,s0)
-@@ -16,28 +16,40 @@
+@@ -12,32 +12,45 @@
+ /dev/apm_bios -c gen_context(system_u:object_r:apm_bios_t,s0)
+ /dev/atibm -c gen_context(system_u:object_r:mouse_device_t,s0)
+ /dev/audio.* -c gen_context(system_u:object_r:sound_device_t,s0)
++/dev/autofs.* -c gen_context(system_u:object_r:autofs_device_t,s0)
+ /dev/beep -c gen_context(system_u:object_r:sound_device_t,s0)
/dev/dmfm -c gen_context(system_u:object_r:sound_device_t,s0)
/dev/dmmidi.* -c gen_context(system_u:object_r:sound_device_t,s0)
/dev/dsp.* -c gen_context(system_u:object_r:sound_device_t,s0)
@@ -4877,7 +4899,7 @@
/dev/mice -c gen_context(system_u:object_r:mouse_device_t,s0)
/dev/microcode -c gen_context(system_u:object_r:cpu_device_t,s0)
/dev/midi.* -c gen_context(system_u:object_r:sound_device_t,s0)
-@@ -48,6 +60,7 @@
+@@ -48,6 +61,7 @@
/dev/nvidia.* -c gen_context(system_u:object_r:xserver_misc_device_t,s0)
/dev/nvram -c gen_context(system_u:object_r:nvram_device_t,mls_systemhigh)
/dev/oldmem -c gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
@@ -4885,7 +4907,7 @@
/dev/par.* -c gen_context(system_u:object_r:printer_device_t,s0)
/dev/patmgr[01] -c gen_context(system_u:object_r:sound_device_t,s0)
/dev/pmu -c gen_context(system_u:object_r:power_device_t,s0)
-@@ -69,9 +82,8 @@
+@@ -69,9 +83,8 @@
/dev/sonypi -c gen_context(system_u:object_r:v4l_device_t,s0)
/dev/tlk[0-3] -c gen_context(system_u:object_r:v4l_device_t,s0)
/dev/urandom -c gen_context(system_u:object_r:urandom_device_t,s0)
@@ -4897,7 +4919,7 @@
/dev/usblp.* -c gen_context(system_u:object_r:printer_device_t,s0)
ifdef(`distro_suse', `
/dev/usbscanner -c gen_context(system_u:object_r:scanner_device_t,s0)
-@@ -98,13 +110,23 @@
+@@ -98,13 +111,23 @@
/dev/dvb/.* -c gen_context(system_u:object_r:v4l_device_t,s0)
@@ -4923,7 +4945,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.2.8/policy/modules/kernel/devices.if
--- nsaserefpolicy/policy/modules/kernel/devices.if 2007-10-29 18:02:31.000000000 -0400
-+++ serefpolicy-3.2.8/policy/modules/kernel/devices.if 2008-02-18 14:57:04.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/kernel/devices.if 2008-02-19 10:51:36.000000000 -0500
@@ -65,7 +65,7 @@
relabelfrom_dirs_pattern($1,device_t,device_node)
@@ -5073,10 +5095,120 @@
## Mount a usbfs filesystem.
## </summary>
## <param name="domain">
+@@ -3322,3 +3434,96 @@
+
+ typeattribute $1 devices_unconfined_type;
+ ')
++
++########################################
++## <summary>
++## Get the attributes of the autofs device node.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`dev_getattr_autofs_dev',`
++ gen_require(`
++ type device_t, autofs_device_t;
++ ')
++
++ getattr_chr_files_pattern($1,device_t,autofs_device_t)
++')
++
++########################################
++## <summary>
++## Do not audit attempts to get the attributes of
++## the autofs device node.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain to not audit.
++## </summary>
++## </param>
++#
++interface(`dev_dontaudit_getattr_autofs_dev',`
++ gen_require(`
++ type autofs_device_t;
++ ')
++
++ dontaudit $1 autofs_device_t:chr_file getattr;
++')
++
++########################################
++## <summary>
++## Set the attributes of the autofs device node.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`dev_setattr_autofs_dev',`
++ gen_require(`
++ type device_t, autofs_device_t;
++ ')
++
++ setattr_chr_files_pattern($1,device_t,autofs_device_t)
++')
++
++########################################
++## <summary>
++## Do not audit attempts to set the attributes of
++## the autofs device node.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain to not audit.
++## </summary>
++## </param>
++#
++interface(`dev_dontaudit_setattr_autofs_dev',`
++ gen_require(`
++ type autofs_device_t;
++ ')
++
++ dontaudit $1 autofs_device_t:chr_file setattr;
++')
++
++########################################
++## <summary>
++## Read and write the autofs device.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`dev_rw_autofs',`
++ gen_require(`
++ type device_t, autofs_device_t;
++ ')
++
++ rw_chr_files_pattern($1,device_t,autofs_device_t)
++')
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.2.8/policy/modules/kernel/devices.te
--- nsaserefpolicy/policy/modules/kernel/devices.te 2007-12-19 05:32:07.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/kernel/devices.te 2008-02-18 14:57:04.000000000 -0500
-@@ -66,12 +66,25 @@
++++ serefpolicy-3.2.8/policy/modules/kernel/devices.te 2008-02-19 10:49:19.000000000 -0500
+@@ -32,6 +32,12 @@
+ type apm_bios_t;
+ dev_node(apm_bios_t)
+
++#
++# Type for /dev/autofs
++#
++type autofs_device_t;
++dev_node(autofs_device_t)
++
+ type cardmgr_dev_t;
+ dev_node(cardmgr_dev_t)
+ files_tmp_file(cardmgr_dev_t)
+@@ -66,12 +72,25 @@
dev_node(framebuf_device_t)
#
@@ -7160,7 +7292,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.2.8/policy/modules/services/automount.te
--- nsaserefpolicy/policy/modules/services/automount.te 2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/services/automount.te 2008-02-18 14:57:04.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/services/automount.te 2008-02-19 10:52:07.000000000 -0500
@@ -20,6 +20,9 @@
files_tmp_file(automount_tmp_t)
files_mountpoint(automount_tmp_t)
@@ -7198,7 +7330,15 @@
fs_mount_all_fs(automount_t)
fs_unmount_all_fs(automount_t)
-@@ -126,8 +129,12 @@
+@@ -101,6 +104,7 @@
+ # for SSP
+ dev_read_rand(automount_t)
+ dev_read_urand(automount_t)
++dev_rw_autofs(automount_t)
+
+ domain_use_interactive_fds(automount_t)
+ domain_dontaudit_read_all_domains_state(automount_t)
+@@ -126,8 +130,12 @@
fs_mount_autofs(automount_t)
fs_manage_autofs_symlinks(automount_t)
@@ -7211,7 +7351,7 @@
libs_use_ld_so(automount_t)
libs_use_shared_libs(automount_t)
-@@ -140,10 +147,6 @@
+@@ -140,10 +148,6 @@
# Run mount in the mount_t domain.
mount_domtrans(automount_t)
@@ -7222,7 +7362,7 @@
userdom_dontaudit_use_unpriv_user_fds(automount_t)
userdom_dontaudit_search_sysadm_home_dirs(automount_t)
-@@ -162,11 +165,12 @@
+@@ -162,11 +166,12 @@
')
optional_policy(`
@@ -8773,7 +8913,7 @@
-') dnl end TODO
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.2.8/policy/modules/services/cups.fc
--- nsaserefpolicy/policy/modules/services/cups.fc 2007-11-16 15:30:49.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/services/cups.fc 2008-02-18 14:57:04.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/services/cups.fc 2008-02-19 10:03:13.000000000 -0500
@@ -8,24 +8,28 @@
/etc/cups/ppd/.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
/etc/cups/ppds\.dat -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -8817,7 +8957,7 @@
/var/cache/alchemist/printconf.* gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
/var/cache/foomatic(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-@@ -50,3 +54,9 @@
+@@ -50,3 +54,10 @@
/var/run/hp.*\.port -- gen_context(system_u:object_r:hplip_var_run_t,s0)
/var/run/ptal-printd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
/var/run/ptal-mlcd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
@@ -8827,6 +8967,7 @@
+
+/etc/rc.d/init.d/cups -- gen_context(system_u:object_r:cups_script_exec_t,s0)
+
++/usr/local/linuxprinter/ppd(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-3.2.8/policy/modules/services/cups.if
--- nsaserefpolicy/policy/modules/services/cups.if 2007-01-02 12:57:43.000000000 -0500
+++ serefpolicy-3.2.8/policy/modules/services/cups.if 2008-02-18 14:57:04.000000000 -0500
@@ -9375,7 +9516,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyphesis.te serefpolicy-3.2.8/policy/modules/services/cyphesis.te
--- nsaserefpolicy/policy/modules/services/cyphesis.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/services/cyphesis.te 2008-02-18 14:57:04.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/services/cyphesis.te 2008-02-19 17:06:51.000000000 -0500
@@ -0,0 +1,92 @@
+policy_module(cyphesis,1.0.0)
+
@@ -9442,7 +9583,7 @@
+corenet_tcp_sendrecv_all_nodes(cyphesis_t)
+corenet_all_recvfrom_unlabeled(cyphesis_t)
+corenet_tcp_bind_all_nodes(cyphesis_t)
-+corenet_tcp_cyphesis_bind(cyphesis_t)
++corenet_tcp_bind_cyphesis_port(cyphesis_t)
+corenet_tcp_sendrecv_all_ports(cyphesis_t)
+
+# Init script handling
@@ -9571,7 +9712,7 @@
# Local policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.2.8/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2007-12-04 11:02:50.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/services/dbus.if 2008-02-18 14:57:04.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/services/dbus.if 2008-02-19 15:48:52.000000000 -0500
@@ -53,6 +53,7 @@
gen_require(`
type system_dbusd_exec_t, system_dbusd_t, dbusd_etc_t;
@@ -12627,6 +12768,23 @@
########################################
#
# Local policy
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.fc serefpolicy-3.2.8/policy/modules/services/lpd.fc
+--- nsaserefpolicy/policy/modules/services/lpd.fc 2007-11-16 13:45:14.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/services/lpd.fc 2008-02-19 10:01:14.000000000 -0500
+@@ -22,6 +22,8 @@
+ /usr/sbin/lpinfo -- gen_context(system_u:object_r:lpr_exec_t,s0)
+ /usr/sbin/lpmove -- gen_context(system_u:object_r:lpr_exec_t,s0)
+
++/usr/local/linuxprinter/bin/l?lpr -- gen_context(system_u:object_r:lpr_exec_t,s0)
++
+ /usr/share/printconf/.* -- gen_context(system_u:object_r:printconf_t,s0)
+
+ #
+@@ -30,3 +32,4 @@
+ /var/spool/cups(/.*)? gen_context(system_u:object_r:print_spool_t,mls_systemhigh)
+ /var/spool/lpd(/.*)? gen_context(system_u:object_r:print_spool_t,s0)
+ /var/run/lprng(/.*)? gen_context(system_u:object_r:lpd_var_run_t,s0)
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.if serefpolicy-3.2.8/policy/modules/services/lpd.if
--- nsaserefpolicy/policy/modules/services/lpd.if 2007-11-16 13:45:14.000000000 -0500
+++ serefpolicy-3.2.8/policy/modules/services/lpd.if 2008-02-18 14:57:04.000000000 -0500
@@ -13426,7 +13584,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.2.8/policy/modules/services/nagios.fc
--- nsaserefpolicy/policy/modules/services/nagios.fc 2006-11-16 17:15:20.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/services/nagios.fc 2008-02-18 14:57:04.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/services/nagios.fc 2008-02-19 15:22:13.000000000 -0500
@@ -4,13 +4,19 @@
/usr/bin/nagios -- gen_context(system_u:object_r:nagios_exec_t,s0)
/usr/bin/nrpe -- gen_context(system_u:object_r:nrpe_exec_t,s0)
@@ -13434,7 +13592,7 @@
-/usr/lib(64)?/cgi-bin/netsaint/.+ -- gen_context(system_u:object_r:nagios_cgi_exec_t,s0)
-/usr/lib(64)?/nagios/cgi/.+ -- gen_context(system_u:object_r:nagios_cgi_exec_t,s0)
+/usr/lib(64)?/cgi-bin/netsaint(/.*)? gen_context(system_u:object_r:httpd_nagios_script_exec_t,s0)
-+/usr/lib(64)?/nagios/cgi(/.*)? gen_context(system_u:object_r:httpd_nagios_script_exec_t,s0)
++/usr/lib(64)?/nagios/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_nagios_script_exec_t,s0)
/var/log/nagios(/.*)? gen_context(system_u:object_r:nagios_log_t,s0)
/var/log/netsaint(/.*)? gen_context(system_u:object_r:nagios_log_t,s0)
@@ -22757,7 +22915,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.2.8/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2007-12-12 11:35:28.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/system/libraries.fc 2008-02-18 14:57:04.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/system/libraries.fc 2008-02-19 10:39:35.000000000 -0500
@@ -133,6 +133,7 @@
/usr/lib(64)?/nvidia-graphics(-[^/]*/)?libnvidia.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/nvidia-graphics(-[^/]*/)?libXvMCNVIDIA\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -22800,13 +22958,16 @@
/var/ftp/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
/var/ftp/lib(64)?/ld[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0)
-@@ -304,3 +309,6 @@
+@@ -304,3 +309,9 @@
/var/spool/postfix/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
/var/spool/postfix/usr(/.*)? gen_context(system_u:object_r:lib_t,s0)
/var/spool/postfix/lib(64)?/ld.*\.so.* -- gen_context(system_u:object_r:ld_so_t,s0)
+
+/usr/lib(64)?/libavdevice\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib(64)?/libmythavcodec-[^/]+\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++
++/usr/lib/jvm/java(.*/)bin(/.*)?/.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib64/jvm/java(.*/)bin(/.*)?/.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.2.8/policy/modules/system/libraries.te
--- nsaserefpolicy/policy/modules/system/libraries.te 2008-02-06 10:33:22.000000000 -0500
+++ serefpolicy-3.2.8/policy/modules/system/libraries.te 2008-02-18 14:57:04.000000000 -0500
@@ -25608,7 +25769,7 @@
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.2.8/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-02-15 09:52:56.000000000 -0500
-+++ serefpolicy-3.2.8/policy/modules/system/userdomain.if 2008-02-18 14:57:04.000000000 -0500
++++ serefpolicy-3.2.8/policy/modules/system/userdomain.if 2008-02-19 10:26:53.000000000 -0500
@@ -29,9 +29,14 @@
')
@@ -27962,11 +28123,11 @@
+#
+interface(`userdom_list_user_files',`
+ gen_require(`
-+ attribute $1_file_type;
++ attribute $1_home_type;
+ ')
+
-+ allow $2 $1_file_type:dir search_dir_perms;
-+ allow $2 $1_file_type:file getattr;
++ allow $2 $1_home_type:dir search_dir_perms;
++ allow $2 $1_home_type:file getattr;
+')
+
+########################################
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.609
retrieving revision 1.610
diff -u -r1.609 -r1.610
--- selinux-policy.spec 18 Feb 2008 21:27:08 -0000 1.609
+++ selinux-policy.spec 19 Feb 2008 22:20:15 -0000 1.610
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.2.8
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -387,6 +387,10 @@
%endif
%changelog
+* Tue Feb 19 2008 Dan Walsh <dwalsh at redhat.com> 3.2.8-2
+- Fix userdom_list_user_files
+
+
* Fri Feb 15 2008 Dan Walsh <dwalsh at redhat.com> 3.2.8-1
- Merge with upstream
More information about the fedora-extras-commits
mailing list