rpms/selinux-policy/devel modules-targeted.conf, 1.82, 1.83 policy-20071130.patch, 1.77, 1.78 selinux-policy.spec, 1.617, 1.618
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Tue Feb 26 23:03:30 UTC 2008
- Previous message (by thread): rpms/event-compat-sysv/devel event-compat-sysv-mods.patch, 1.3, 1.4 event-compat-sysv.spec, 1.4, 1.5
- Next message (by thread): rpms/thunderbird/F-8 .cvsignore, 1.17, 1.18 firefox-2.0-pango-ligatures.patch, 1.1, 1.2 firefox-2.0-pango-printing.patch, 1.1, 1.2 sources, 1.24, 1.25 thunderbird.spec, 1.110, 1.111
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27885
Modified Files:
modules-targeted.conf policy-20071130.patch
selinux-policy.spec
Log Message:
* Tue Feb 26 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-4
- Add cyphesis policy
Index: modules-targeted.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/modules-targeted.conf,v
retrieving revision 1.82
retrieving revision 1.83
diff -u -r1.82 -r1.83
--- modules-targeted.conf 5 Feb 2008 18:25:42 -0000 1.82
+++ modules-targeted.conf 26 Feb 2008 23:02:51 -0000 1.83
@@ -271,6 +271,13 @@
cvs = base
# Layer: services
+# Module: cyphesis
+#
+# cyphesis game server
+#
+cyphesis
+
+# Layer: services
# Module: cyrus
#
# Cyrus is an IMAP service intended to be run on sealed servers
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.77
retrieving revision 1.78
diff -u -r1.77 -r1.78
--- policy-20071130.patch 26 Feb 2008 19:24:53 -0000 1.77
+++ policy-20071130.patch 26 Feb 2008 23:02:51 -0000 1.78
@@ -3878,7 +3878,7 @@
+/usr/bin/octave-[^/]* -- gen_context(system_u:object_r:java_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.3.1/policy/modules/apps/java.if
--- nsaserefpolicy/policy/modules/apps/java.if 2007-10-12 08:56:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/apps/java.if 2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/apps/java.if 2008-02-26 16:14:55.000000000 -0500
@@ -32,7 +32,7 @@
## </summary>
## </param>
@@ -3903,8 +3903,9 @@
+ allow $1_javaplugin_t $1_t:unix_stream_socket connectto;
+ allow $1_t $1_javaplugin_t:unix_stream_socket connectto;
allow $1_javaplugin_t $2:unix_stream_socket connectto;
- allow $1_javaplugin_t $2:unix_stream_socket { read write };
+- allow $1_javaplugin_t $2:unix_stream_socket { read write };
- userdom_write_user_tmp_sockets($1,$1_javaplugin_t)
++ allow $1_javaplugin_t $2:tcp_socket { read write };
manage_dirs_pattern($1_javaplugin_t,$1_javaplugin_tmp_t,$1_javaplugin_tmp_t)
manage_files_pattern($1_javaplugin_t,$1_javaplugin_tmp_t,$1_javaplugin_tmp_t)
@@ -3972,7 +3973,7 @@
userdom_manage_user_home_content_dirs($1,$1_javaplugin_t)
userdom_manage_user_home_content_files($1,$1_javaplugin_t)
userdom_manage_user_home_content_symlinks($1,$1_javaplugin_t)
-@@ -156,15 +162,66 @@
+@@ -156,15 +162,67 @@
')
optional_policy(`
@@ -4028,6 +4029,7 @@
+ allow $1_java_t self:process { getsched sigkill execheap execmem execstack };
+
+ allow $2 $1_java_t:process { getattr ptrace signal_perms noatsecure siginh rlimitinh };
++ allow $1_javaplugin_t $2:tcp_socket { read write };
+
+ domtrans_pattern($2, java_exec_t, $1_java_t)
+
@@ -4043,7 +4045,7 @@
')
')
-@@ -219,3 +276,67 @@
+@@ -219,3 +277,67 @@
corecmd_search_bin($1)
domtrans_pattern($1, java_exec_t, java_t)
')
@@ -4920,7 +4922,7 @@
+HOME_DIR/\.macromedia(/.*)? gen_context(system_u:object_r:user_nsplugin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.3.1/policy/modules/apps/nsplugin.if
--- nsaserefpolicy/policy/modules/apps/nsplugin.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.if 2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.if 2008-02-26 16:13:57.000000000 -0500
@@ -0,0 +1,339 @@
+
+## <summary>policy for nsplugin</summary>
@@ -6776,7 +6778,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.3.1/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2007-10-29 18:02:31.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/kernel/files.if 2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/kernel/files.if 2008-02-26 16:54:46.000000000 -0500
@@ -1266,6 +1266,24 @@
########################################
@@ -6904,7 +6906,7 @@
# etc_runtime_t is the type of various
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.3.1/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2007-10-24 15:00:24.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/kernel/filesystem.if 2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/kernel/filesystem.if 2008-02-26 16:54:33.000000000 -0500
@@ -310,6 +310,25 @@
########################################
@@ -6992,7 +6994,15 @@
## Relabel block nodes on tmpfs filesystems.
## </summary>
## <param name="domain">
-@@ -3551,3 +3608,103 @@
+@@ -3224,6 +3281,7 @@
+ ')
+
+ allow $1 filesystem_type:filesystem getattr;
++ files_getattr_all_file_type_fs($1)
+ ')
+
+ ########################################
+@@ -3551,3 +3609,103 @@
relabelfrom_blk_files_pattern($1,noxattrfs,noxattrfs)
relabelfrom_chr_files_pattern($1,noxattrfs,noxattrfs)
')
@@ -7543,7 +7553,7 @@
# amavis local policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.3.1/policy/modules/services/apache.fc
--- nsaserefpolicy/policy/modules/services/apache.fc 2007-10-12 08:56:07.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/apache.fc 2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/apache.fc 2008-02-26 16:33:46.000000000 -0500
@@ -16,7 +16,6 @@
/usr/lib/apache-ssl/.+ -- gen_context(system_u:object_r:httpd_exec_t,s0)
@@ -7552,7 +7562,27 @@
/usr/lib(64)?/apache(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0)
/usr/lib(64)?/apache2/modules(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0)
/usr/lib(64)?/apache(2)?/suexec(2)? -- gen_context(system_u:object_r:httpd_suexec_exec_t,s0)
-@@ -71,5 +70,16 @@
+@@ -33,6 +32,7 @@
+ /usr/sbin/httpd2-.* -- gen_context(system_u:object_r:httpd_exec_t,s0)
+ ')
+
++/usr/share/drupal(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
+ /usr/share/htdig(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
+ /usr/share/openca/htdocs(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
+ /usr/share/selinux-policy[^/]*/html(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
+@@ -48,9 +48,11 @@
+
+ /var/lib/cacti/rra(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
+ /var/lib/dav(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0)
++/var/lib/drupal(/.*)? gen_context(system_u:object_r:httpd_sys_script_rw_t,s0)
+ /var/lib/htdig(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
+ /var/lib/httpd(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0)
+ /var/lib/php/session(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0)
++
+ /var/lib/squirrelmail/prefs(/.*)? gen_context(system_u:object_r:httpd_squirrelmail_t,s0)
+
+ /var/log/apache(2)?(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
+@@ -71,5 +73,16 @@
/var/www(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
/var/www/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
@@ -9278,7 +9308,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.te serefpolicy-3.3.1/policy/modules/services/bitlbee.te
--- nsaserefpolicy/policy/modules/services/bitlbee.te 2007-09-17 15:56:47.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/bitlbee.te 2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/bitlbee.te 2008-02-26 16:46:31.000000000 -0500
@@ -17,6 +17,9 @@
type bitlbee_var_t;
files_type(bitlbee_var_t)
@@ -9289,10 +9319,13 @@
########################################
#
# Local policy
-@@ -54,6 +57,9 @@
+@@ -54,6 +57,12 @@
corenet_tcp_connect_msnp_port(bitlbee_t)
corenet_tcp_sendrecv_msnp_port(bitlbee_t)
++corenet_tcp_connect_http_port(bitlbee_t)
++corenet_tcp_sendrecv_http_port(bitlbee_t)
++
+dev_read_rand(bitlbee_t)
+dev_read_urand(bitlbee_t)
+
@@ -11113,7 +11146,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyphesis.te serefpolicy-3.3.1/policy/modules/services/cyphesis.te
--- nsaserefpolicy/policy/modules/services/cyphesis.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/cyphesis.te 2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/cyphesis.te 2008-02-26 16:19:56.000000000 -0500
@@ -0,0 +1,92 @@
+policy_module(cyphesis,1.0.0)
+
@@ -19249,8 +19282,73 @@
+/etc/rc.d/init.d/smb -- gen_context(system_u:object_r:samba_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.3.1/policy/modules/services/samba.if
--- nsaserefpolicy/policy/modules/services/samba.if 2007-10-12 08:56:07.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/samba.if 2008-02-26 08:29:22.000000000 -0500
-@@ -331,6 +331,25 @@
++++ serefpolicy-3.3.1/policy/modules/services/samba.if 2008-02-26 17:31:18.000000000 -0500
+@@ -63,6 +63,25 @@
+
+ ########################################
+ ## <summary>
++## Execute samba net in the samba_unconfined_net domain.
++## </summary>
++## <param name="domain">
++## <summary>
++## The type of the process performing this action.
++## </summary>
++## </param>
++#
++interface(`samba_domtrans_unconfined_net',`
++ gen_require(`
++ type samba_unconfined_net_t, samba_net_exec_t;
++ ')
++
++ corecmd_search_bin($1)
++ domtrans_pattern($1,samba_net_exec_t,samba_unconfined_net_t)
++')
++
++########################################
++## <summary>
+ ## Execute samba net in the samba_net domain, and
+ ## allow the specified role the samba_net domain.
+ ## </summary>
+@@ -95,6 +114,38 @@
+
+ ########################################
+ ## <summary>
++## Execute samba net in the samba_unconfined_net domain, and
++## allow the specified role the samba_unconfined_net domain.
++## </summary>
++## <param name="domain">
++## <summary>
++## The type of the process performing this action.
++## </summary>
++## </param>
++## <param name="role">
++## <summary>
++## The role to be allowed the samba_unconfined_net domain.
++## </summary>
++## </param>
++## <param name="terminal">
++## <summary>
++## The type of the terminal allow the samba_unconfined_net domain to use.
++## </summary>
++## </param>
++## <rolecap/>
++#
++interface(`samba_run_net',`
++ gen_require(`
++ type samba_unconfined_net_t;
++ ')
++
++ samba_domtrans_unconfined_net($1)
++ role $2 types samba_unconfined_net_t;
++ allow samba_unconfined_net_t $3:chr_file rw_term_perms;
++')
++
++########################################
++## <summary>
+ ## Execute smbmount in the smbmount domain.
+ ## </summary>
+ ## <param name="domain">
+@@ -331,6 +382,25 @@
########################################
## <summary>
@@ -19276,7 +19374,7 @@
## Allow the specified domain to
## read and write samba /var files.
## </summary>
-@@ -348,6 +367,7 @@
+@@ -348,6 +418,7 @@
files_search_var($1)
files_search_var_lib($1)
manage_files_pattern($1,samba_var_t,samba_var_t)
@@ -19284,7 +19382,7 @@
')
########################################
-@@ -492,3 +512,221 @@
+@@ -492,3 +563,221 @@
allow $1 samba_var_t:dir search_dir_perms;
stream_connect_pattern($1,winbind_var_run_t,winbind_var_run_t,winbind_t)
')
@@ -19508,7 +19606,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.3.1/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2008-02-19 17:24:26.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/samba.te 2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/samba.te 2008-02-26 17:23:36.000000000 -0500
@@ -59,6 +59,13 @@
## </desc>
gen_tunable(samba_share_nfs,false)
@@ -19776,7 +19874,20 @@
')
########################################
-@@ -790,3 +852,37 @@
+@@ -774,6 +836,12 @@
+ #
+
+ optional_policy(`
++ type samba_unconfined_net_t;
++ domain_type(samba_unconfined_net_t)
++ unconfined_domain(samba_unconfined_net_t)
++ manage_files_pattern(samba_unconfined_net_t,samba_etc_t,samba_secrets_t)
++ filetrans_pattern(samba_unconfined_net_t,samba_etc_t,samba_secrets_t,file)
++
+ type samba_unconfined_script_t;
+ type samba_unconfined_script_exec_t;
+ domain_type(samba_unconfined_script_t)
+@@ -790,3 +858,37 @@
domtrans_pattern(smbd_t, samba_unconfined_script_exec_t, samba_unconfined_script_t)
')
')
@@ -27865,7 +27976,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.3.1/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2008-02-13 16:26:06.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/system/unconfined.te 2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/system/unconfined.te 2008-02-26 17:21:16.000000000 -0500
@@ -6,35 +6,67 @@
# Declarations
#
@@ -28082,7 +28193,8 @@
optional_policy(`
samba_per_role_template(unconfined)
- samba_run_net(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
+- samba_run_net(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
++ samba_run_unconfined_net(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
samba_run_winbind_helper(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
+ samba_run_smbcontrol(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.617
retrieving revision 1.618
diff -u -r1.617 -r1.618
--- selinux-policy.spec 26 Feb 2008 19:24:53 -0000 1.617
+++ selinux-policy.spec 26 Feb 2008 23:02:51 -0000 1.618
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.3.1
-Release: 3%{?dist}
+Release: 4%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -388,7 +388,9 @@
%endif
%changelog
-* Tue Feb 26 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-3
+* Tue Feb 26 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-4
+- Add cyphesis policy
+
* Tue Feb 26 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-2
- Fix Makefile.devel to build mls modules
- Previous message (by thread): rpms/event-compat-sysv/devel event-compat-sysv-mods.patch, 1.3, 1.4 event-compat-sysv.spec, 1.4, 1.5
- Next message (by thread): rpms/thunderbird/F-8 .cvsignore, 1.17, 1.18 firefox-2.0-pango-ligatures.patch, 1.1, 1.2 firefox-2.0-pango-printing.patch, 1.1, 1.2 sources, 1.24, 1.25 thunderbird.spec, 1.110, 1.111
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list