rpms/selinux-policy/F-7 policy-20070501.patch,1.90,1.91
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Tue Jan 8 20:30:08 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7549
Modified Files:
policy-20070501.patch
Log Message:
policy-20070501.patch:
Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.90
retrieving revision 1.91
diff -u -r1.90 -r1.91
--- policy-20070501.patch 8 Jan 2008 19:57:58 -0000 1.90
+++ policy-20070501.patch 8 Jan 2008 20:29:53 -0000 1.91
@@ -4559,6 +4559,31 @@
dev_read_sound(entropyd_t)
fs_getattr_all_fs(entropyd_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.if serefpolicy-2.6.4/policy/modules/services/automount.if
+--- nsaserefpolicy/policy/modules/services/automount.if 2007-05-07 14:51:01.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/automount.if 2008-01-08 15:20:46.000000000 -0500
+@@ -74,3 +74,21 @@
+
+ dontaudit $1 automount_tmp_t:dir getattr;
+ ')
++
++########################################
++## <summary>
++## Do not audit attempts to file descriptors for automount.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain to not audit.
++## </summary>
++## </param>
++#
++interface(`automount_dontaudit_use_fds',`
++ gen_require(`
++ type automount_t;
++ ')
++
++ dontaudit $1 automount_t:fd use;
++')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.6.4/policy/modules/services/automount.te
--- nsaserefpolicy/policy/modules/services/automount.te 2007-05-07 14:51:01.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/services/automount.te 2008-01-02 11:27:47.000000000 -0500
@@ -10239,7 +10264,7 @@
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-2.6.4/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/rpc.te 2008-01-08 13:55:38.000000000 -0500
++++ serefpolicy-2.6.4/policy/modules/services/rpc.te 2008-01-08 15:27:04.000000000 -0500
@@ -1,5 +1,5 @@
-policy_module(rpc,1.5.0)
@@ -10308,7 +10333,7 @@
+dev_dontaudit_getattr_all_chr_files(nfsd_t)
+
+dev_read_lvm_control(nfsd_t)
-+storage_dontaudit_raw_read_fixed_disk(nfsd_t)
++storage_dontaudit_read_fixed_disk(nfsd_t)
+
# for /proc/fs/nfs/exports - should we have a new type?
kernel_read_system_state(nfsd_t)
@@ -10333,12 +10358,8 @@
kernel_read_network_state(gssd_t)
kernel_read_network_state_symlinks(gssd_t)
kernel_search_network_sysctl(gssd_t)
-@@ -156,14 +176,12 @@
- files_list_tmp(gssd_t)
- files_read_usr_symlinks(gssd_t)
+@@ -158,12 +178,7 @@
-+auth_read_cache(gssd_t)
-+
miscfiles_read_certs(gssd_t)
-ifdef(`targeted_policy',`
@@ -10347,7 +10368,6 @@
- # Manage the users kerberos tgt file
- files_manage_generic_tmp_files(gssd_t)
-')
-+userdom_dontaudit_search_users_home_dirs(rpcd_t)
+userdom_dontaudit_search_sysadm_home_dirs(rpcd_t)
tunable_policy(`allow_gssd_read_tmp',`
More information about the fedora-extras-commits
mailing list