rpms/selinux-policy/devel policy-20071130.patch, 1.82, 1.83 selinux-policy.spec, 1.620, 1.621

[Daniel J Walsh (dwalsh)]

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14272

Modified Files:
	policy-20071130.patch selinux-policy.spec 
Log Message:
* Wed Feb 27 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-6
- Prepare policy for beta release
- Change some of the system domains back to unconfined
- Turn on some of the booleans


policy-20071130.patch:

Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.82
retrieving revision 1.83
diff -u -r1.82 -r1.83
--- policy-20071130.patch	28 Feb 2008 04:35:56 -0000	1.82
+++ policy-20071130.patch	28 Feb 2008 05:01:51 -0000	1.83
@@ -4127,7 +4127,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.3.1/policy/modules/apps/java.te
 --- nsaserefpolicy/policy/modules/apps/java.te	2007-12-19 05:32:09.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/apps/java.te	2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/apps/java.te	2008-02-27 23:56:52.000000000 -0500
 @@ -6,16 +6,10 @@
  # Declarations
  #
@@ -4146,7 +4146,7 @@
  
  ########################################
  #
-@@ -23,11 +17,23 @@
+@@ -23,11 +17,28 @@
  #
  
  # execheap is needed for itanium/BEA jrocket
@@ -4164,15 +4164,20 @@
 +		unconfined_dbus_chat(java_t)
 +	')
 +')
++
++optional_policy(`
++	rpm_domtrans(java_t)
++')
  
  optional_policy(`
  	unconfined_domain_noaudit(java_t)
 -	unconfined_dbus_chat(java_t)
-+')
+ ')
 +
 +optional_policy(`
-+		xserver_xdm_rw_shm(java_t)
- ')
++	xserver_xdm_rw_shm(java_t)
++')
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.te serefpolicy-3.3.1/policy/modules/apps/loadkeys.te
 --- nsaserefpolicy/policy/modules/apps/loadkeys.te	2007-12-19 05:32:09.000000000 -0500
 +++ serefpolicy-3.3.1/policy/modules/apps/loadkeys.te	2008-02-26 08:29:22.000000000 -0500
@@ -26657,8 +26662,8 @@
 +/usr/bin/qemu-kvm --	gen_context(system_u:object_r:qemu_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.if serefpolicy-3.3.1/policy/modules/system/qemu.if
 --- nsaserefpolicy/policy/modules/system/qemu.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/system/qemu.if	2008-02-26 08:29:22.000000000 -0500
-@@ -0,0 +1,290 @@
++++ serefpolicy-3.3.1/policy/modules/system/qemu.if	2008-02-27 23:40:38.000000000 -0500
+@@ -0,0 +1,291 @@
 +
 +## <summary>policy for qemu</summary>
 +
@@ -26896,6 +26901,7 @@
 +
 +	domain_use_interactive_fds($1_t)
 +
++	allow $1_t self:capability { dac_read_search dac_override };
 +	allow $1_t self:process { execstack execmem signal getsched };
 +	allow $1_t self:tcp_socket create_stream_socket_perms;
 +


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.620
retrieving revision 1.621
diff -u -r1.620 -r1.621
--- selinux-policy.spec	28 Feb 2008 04:35:56 -0000	1.620
+++ selinux-policy.spec	28 Feb 2008 05:01:51 -0000	1.621
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.3.1
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz