rpms/selinux-policy/F-8 policy-20070703.patch,1.167,1.168
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Sun Jan 13 13:51:33 UTC 2008
- Previous message (by thread): rpms/perl-Linux-Pid/devel perl-Linux-Pid.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/perl-Linux-Pid/F-8 perl-Linux-Pid.spec, NONE, 1.1 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20000
Modified Files:
policy-20070703.patch
Log Message:
* Thu Jan 3 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-75
- Alow postgrey to read postfix_etc_t
- Lots of fixes to get javaplugin to run under xguest
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.167
retrieving revision 1.168
diff -u -r1.167 -r1.168
--- policy-20070703.patch 13 Jan 2008 13:24:59 -0000 1.167
+++ policy-20070703.patch 13 Jan 2008 13:51:29 -0000 1.168
@@ -15580,7 +15580,7 @@
+/var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.0.8/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/authlogin.if 2007-12-02 21:15:34.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/authlogin.if 2008-01-13 08:42:50.000000000 -0500
@@ -26,7 +26,8 @@
type $1_chkpwd_t, can_read_shadow_passwords;
application_domain($1_chkpwd_t,chkpwd_exec_t)
@@ -15591,7 +15591,15 @@
allow $1_chkpwd_t self:process getattr;
files_list_etc($1_chkpwd_t)
-@@ -106,9 +107,6 @@
+@@ -99,6 +100,7 @@
+
+ gen_require(`
+ type system_chkpwd_t, shadow_t;
++ type pam_t;
+ ')
+
+ authlogin_common_auth_domain_template($1)
+@@ -106,9 +108,6 @@
role $3 types $1_chkpwd_t;
role $3 types system_chkpwd_t;
@@ -15601,7 +15609,16 @@
dontaudit $2 shadow_t:file { getattr read };
# Transition from the user domain to this domain.
-@@ -169,6 +167,10 @@
+@@ -120,6 +119,8 @@
+
+ # Write to the user domain tty.
+ userdom_use_user_terminals($1,$1_chkpwd_t)
++ userdom_dontaudit_write_user_home_content_files($1, pam_t)
++
+ ')
+
+ ########################################
+@@ -169,6 +170,10 @@
## </param>
#
interface(`auth_login_pgm_domain',`
@@ -15612,7 +15629,7 @@
domain_type($1)
domain_subj_id_change_exemption($1)
-@@ -176,11 +178,34 @@
+@@ -176,11 +181,34 @@
domain_obj_id_change_exemption($1)
role system_r types $1;
@@ -15647,7 +15664,7 @@
selinux_get_fs_mount($1)
selinux_validate_context($1)
selinux_compute_access_vector($1)
-@@ -196,20 +221,48 @@
+@@ -196,20 +224,48 @@
mls_fd_share_all_levels($1)
auth_domtrans_chk_passwd($1)
@@ -15697,7 +15714,7 @@
tunable_policy(`allow_polyinstantiation',`
files_polyinstantiate_all($1)
')
-@@ -309,9 +362,6 @@
+@@ -309,9 +365,6 @@
type system_chkpwd_t, chkpwd_exec_t, shadow_t;
')
@@ -15707,7 +15724,7 @@
corecmd_search_bin($1)
domtrans_pattern($1,chkpwd_exec_t,system_chkpwd_t)
-@@ -329,6 +379,8 @@
+@@ -329,6 +382,8 @@
optional_policy(`
kerberos_use($1)
@@ -15716,7 +15733,7 @@
')
optional_policy(`
-@@ -347,6 +399,37 @@
+@@ -347,6 +402,37 @@
########################################
## <summary>
@@ -15754,7 +15771,7 @@
## Get the attributes of the shadow passwords file.
## </summary>
## <param name="domain">
-@@ -695,6 +778,24 @@
+@@ -695,6 +781,24 @@
########################################
## <summary>
@@ -15779,7 +15796,7 @@
## Execute pam programs in the PAM domain.
## </summary>
## <param name="domain">
-@@ -1318,16 +1419,14 @@
+@@ -1318,16 +1422,14 @@
## </param>
#
interface(`auth_use_nsswitch',`
@@ -15799,7 +15816,7 @@
miscfiles_read_certs($1)
sysnet_dns_name_resolve($1)
-@@ -1347,6 +1446,8 @@
+@@ -1347,6 +1449,8 @@
optional_policy(`
samba_stream_connect_winbind($1)
@@ -15808,7 +15825,7 @@
')
')
-@@ -1381,3 +1482,181 @@
+@@ -1381,3 +1485,181 @@
typeattribute $1 can_write_shadow_passwords;
typeattribute $1 can_relabelto_shadow_passwords;
')
@@ -15992,7 +16009,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.0.8/policy/modules/system/authlogin.te
--- nsaserefpolicy/policy/modules/system/authlogin.te 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/authlogin.te 2008-01-08 15:36:56.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/authlogin.te 2008-01-13 08:42:16.000000000 -0500
@@ -9,6 +9,13 @@
attribute can_read_shadow_passwords;
attribute can_write_shadow_passwords;
@@ -16043,13 +16060,12 @@
term_use_all_user_ttys(pam_t)
term_use_all_user_ptys(pam_t)
-@@ -111,19 +129,15 @@
+@@ -111,19 +129,14 @@
logging_send_syslog_msg(pam_t)
userdom_use_unpriv_users_fds(pam_t)
+userdom_write_unpriv_users_tmp_files(pam_t)
+userdom_dontaudit_read_unpriv_users_home_content_files(pam_t)
-+userdom_dontaudit_write_user_home_content_files(pam_t)
+userdom_unlink_unpriv_users_tmp_files(pam_t)
optional_policy(`
@@ -16067,7 +16083,7 @@
########################################
#
# PAM console local policy
-@@ -149,6 +163,8 @@
+@@ -149,6 +162,8 @@
dev_setattr_apm_bios_dev(pam_console_t)
dev_getattr_dri_dev(pam_console_t)
dev_setattr_dri_dev(pam_console_t)
@@ -16076,7 +16092,7 @@
dev_getattr_framebuffer_dev(pam_console_t)
dev_setattr_framebuffer_dev(pam_console_t)
dev_getattr_generic_usb_dev(pam_console_t)
-@@ -159,6 +175,8 @@
+@@ -159,6 +174,8 @@
dev_setattr_mouse_dev(pam_console_t)
dev_getattr_power_mgmt_dev(pam_console_t)
dev_setattr_power_mgmt_dev(pam_console_t)
@@ -16085,7 +16101,7 @@
dev_getattr_scanner_dev(pam_console_t)
dev_setattr_scanner_dev(pam_console_t)
dev_getattr_sound_dev(pam_console_t)
-@@ -200,6 +218,7 @@
+@@ -200,6 +217,7 @@
fs_list_auto_mountpoints(pam_console_t)
fs_list_noxattr_fs(pam_console_t)
@@ -16093,7 +16109,7 @@
init_use_fds(pam_console_t)
init_use_script_ptys(pam_console_t)
-@@ -236,7 +255,7 @@
+@@ -236,7 +254,7 @@
optional_policy(`
xserver_read_xdm_pid(pam_console_t)
@@ -16102,7 +16118,7 @@
')
########################################
-@@ -256,6 +275,7 @@
+@@ -256,6 +274,7 @@
userdom_dontaudit_use_unpriv_users_ttys(system_chkpwd_t)
userdom_dontaudit_use_unpriv_users_ptys(system_chkpwd_t)
userdom_dontaudit_use_sysadm_terms(system_chkpwd_t)
@@ -16110,7 +16126,7 @@
########################################
#
-@@ -302,3 +322,28 @@
+@@ -302,3 +321,28 @@
xserver_use_xdm_fds(utempter_t)
xserver_rw_xdm_pipes(utempter_t)
')
@@ -22154,8 +22170,8 @@
+## <summary>Policy for xguest user</summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.te serefpolicy-3.0.8/policy/modules/users/xguest.te
--- nsaserefpolicy/policy/modules/users/xguest.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.8/policy/modules/users/xguest.te 2008-01-13 08:07:37.000000000 -0500
-@@ -0,0 +1,62 @@
++++ serefpolicy-3.0.8/policy/modules/users/xguest.te 2008-01-13 08:40:30.000000000 -0500
+@@ -0,0 +1,57 @@
+policy_module(xguest,1.0.1)
+
+## <desc>
@@ -22182,12 +22198,7 @@
+userdom_restricted_xwindows_user_template(xguest)
+
+optional_policy(`
-+ gen_require(`
-+ type xguest_mozilla_t;
-+ ')
+ mozilla_per_role_template(xguest, xguest_t, xguest_r)
-+ dbus_user_bus_client_template(xguest,xguest_mozilla,xguest_mozilla_t)
-+ dbus_connectto_user_bus(xguest,xguest_mozilla_t)
+')
+
+# Allow mounting of file systems
- Previous message (by thread): rpms/perl-Linux-Pid/devel perl-Linux-Pid.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/perl-Linux-Pid/F-8 perl-Linux-Pid.spec, NONE, 1.1 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list