rpms/selinux-policy/devel policy-20071130.patch,1.79,1.80
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Wed Feb 27 02:30:31 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21677
Modified Files:
policy-20071130.patch
Log Message:
* Tue Feb 26 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-4
- Add cyphesis policy
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.79
retrieving revision 1.80
diff -u -r1.79 -r1.80
--- policy-20071130.patch 27 Feb 2008 02:26:49 -0000 1.79
+++ policy-20071130.patch 27 Feb 2008 02:30:24 -0000 1.80
@@ -6716,7 +6716,7 @@
type lvm_control_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.3.1/policy/modules/kernel/domain.te
--- nsaserefpolicy/policy/modules/kernel/domain.te 2007-12-19 05:32:07.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/kernel/domain.te 2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/kernel/domain.te 2008-02-26 21:27:47.000000000 -0500
@@ -5,6 +5,13 @@
#
# Declarations
@@ -6739,7 +6739,15 @@
# create child processes in the domain
allow domain self:process { fork sigchld };
-@@ -140,7 +148,7 @@
+@@ -96,6 +104,7 @@
+
+ # list the root directory
+ files_list_root(domain)
++files_getattr_all_dirs(domain)
+
+ tunable_policy(`global_ssp',`
+ # enable reading of urandom for all domains:
+@@ -140,7 +149,7 @@
# For /proc/pid
allow unconfined_domain_type domain:dir list_dir_perms;
@@ -6748,7 +6756,7 @@
allow unconfined_domain_type domain:lnk_file { read_lnk_file_perms ioctl lock };
# act on all domains keys
-@@ -148,3 +156,27 @@
+@@ -148,3 +157,27 @@
# receive from all domains over labeled networking
domain_all_recvfrom_all_domains(unconfined_domain_type)
More information about the fedora-extras-commits
mailing list