rpms/selinux-policy/F-8 modules-targeted.conf, 1.72, 1.73 policy-20070703.patch, 1.170, 1.171 selinux-policy.spec, 1.603, 1.604
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Tue Jan 15 18:56:15 UTC 2008
- Previous message (by thread): rpms/eric/F-7 eric-3.9.5-shebang.patch, NONE, 1.1 .cvsignore, 1.4, 1.5 eric.spec, 1.11, 1.12 sources, 1.4, 1.5 gen_python_api-env.patch, 1.1, NONE gen_sip_api-PyQt4.patch, 1.1, NONE
- Next message (by thread): rpms/cairo/F-7 .cvsignore, 1.34, 1.35 cairo.spec, 1.76, 1.77 sources, 1.34, 1.35
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16465
Modified Files:
modules-targeted.conf policy-20070703.patch
selinux-policy.spec
Log Message:
* Tue Jan 15 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-77
- Allow daemons to write to cron fifo_files
Index: modules-targeted.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/modules-targeted.conf,v
retrieving revision 1.72
retrieving revision 1.73
diff -u -r1.72 -r1.73
--- modules-targeted.conf 10 Nov 2007 13:18:35 -0000 1.72
+++ modules-targeted.conf 15 Jan 2008 18:55:37 -0000 1.73
@@ -1556,3 +1556,10 @@
# An IRC to other chat networks gateway
#
bitlbee = module
+
+# Layer: services
+# Module: nx
+#
+# NX Remote Desktop
+#
+nx = module
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.170
retrieving revision 1.171
diff -u -r1.170 -r1.171
--- policy-20070703.patch 15 Jan 2008 13:22:18 -0000 1.170
+++ policy-20070703.patch 15 Jan 2008 18:55:37 -0000 1.171
@@ -15607,7 +15607,7 @@
+/var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.0.8/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/authlogin.if 2008-01-13 08:42:50.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/authlogin.if 2008-01-15 13:51:25.000000000 -0500
@@ -26,7 +26,8 @@
type $1_chkpwd_t, can_read_shadow_passwords;
application_domain($1_chkpwd_t,chkpwd_exec_t)
@@ -15636,16 +15636,15 @@
dontaudit $2 shadow_t:file { getattr read };
# Transition from the user domain to this domain.
-@@ -120,6 +119,8 @@
+@@ -120,6 +119,7 @@
# Write to the user domain tty.
userdom_use_user_terminals($1,$1_chkpwd_t)
+ userdom_dontaudit_write_user_home_content_files($1, pam_t)
-+
')
########################################
-@@ -169,6 +170,10 @@
+@@ -169,6 +169,10 @@
## </param>
#
interface(`auth_login_pgm_domain',`
@@ -15656,7 +15655,7 @@
domain_type($1)
domain_subj_id_change_exemption($1)
-@@ -176,11 +181,34 @@
+@@ -176,11 +180,34 @@
domain_obj_id_change_exemption($1)
role system_r types $1;
@@ -15691,7 +15690,7 @@
selinux_get_fs_mount($1)
selinux_validate_context($1)
selinux_compute_access_vector($1)
-@@ -196,20 +224,48 @@
+@@ -196,20 +223,48 @@
mls_fd_share_all_levels($1)
auth_domtrans_chk_passwd($1)
@@ -15741,7 +15740,7 @@
tunable_policy(`allow_polyinstantiation',`
files_polyinstantiate_all($1)
')
-@@ -309,9 +365,6 @@
+@@ -309,9 +364,6 @@
type system_chkpwd_t, chkpwd_exec_t, shadow_t;
')
@@ -15751,7 +15750,7 @@
corecmd_search_bin($1)
domtrans_pattern($1,chkpwd_exec_t,system_chkpwd_t)
-@@ -329,6 +382,8 @@
+@@ -329,6 +381,8 @@
optional_policy(`
kerberos_use($1)
@@ -15760,7 +15759,7 @@
')
optional_policy(`
-@@ -347,6 +402,37 @@
+@@ -347,6 +401,37 @@
########################################
## <summary>
@@ -15798,7 +15797,7 @@
## Get the attributes of the shadow passwords file.
## </summary>
## <param name="domain">
-@@ -695,6 +781,24 @@
+@@ -695,6 +780,24 @@
########################################
## <summary>
@@ -15823,7 +15822,7 @@
## Execute pam programs in the PAM domain.
## </summary>
## <param name="domain">
-@@ -1318,16 +1422,14 @@
+@@ -1318,16 +1421,14 @@
## </param>
#
interface(`auth_use_nsswitch',`
@@ -15843,7 +15842,7 @@
miscfiles_read_certs($1)
sysnet_dns_name_resolve($1)
-@@ -1347,6 +1449,8 @@
+@@ -1347,6 +1448,8 @@
optional_policy(`
samba_stream_connect_winbind($1)
@@ -15852,7 +15851,7 @@
')
')
-@@ -1381,3 +1485,181 @@
+@@ -1381,3 +1484,181 @@
typeattribute $1 can_write_shadow_passwords;
typeattribute $1 can_relabelto_shadow_passwords;
')
@@ -16036,7 +16035,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.0.8/policy/modules/system/authlogin.te
--- nsaserefpolicy/policy/modules/system/authlogin.te 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/authlogin.te 2008-01-13 08:42:16.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/authlogin.te 2008-01-15 13:51:53.000000000 -0500
@@ -9,6 +9,13 @@
attribute can_read_shadow_passwords;
attribute can_write_shadow_passwords;
@@ -16087,13 +16086,14 @@
term_use_all_user_ttys(pam_t)
term_use_all_user_ptys(pam_t)
-@@ -111,19 +129,14 @@
+@@ -111,19 +129,15 @@
logging_send_syslog_msg(pam_t)
userdom_use_unpriv_users_fds(pam_t)
+userdom_write_unpriv_users_tmp_files(pam_t)
+userdom_dontaudit_read_unpriv_users_home_content_files(pam_t)
+userdom_unlink_unpriv_users_tmp_files(pam_t)
++userdom_append_unpriv_users_home_content_files(pam_t)
optional_policy(`
locallogin_use_fds(pam_t)
@@ -16110,7 +16110,7 @@
########################################
#
# PAM console local policy
-@@ -149,6 +162,8 @@
+@@ -149,6 +163,8 @@
dev_setattr_apm_bios_dev(pam_console_t)
dev_getattr_dri_dev(pam_console_t)
dev_setattr_dri_dev(pam_console_t)
@@ -16119,7 +16119,7 @@
dev_getattr_framebuffer_dev(pam_console_t)
dev_setattr_framebuffer_dev(pam_console_t)
dev_getattr_generic_usb_dev(pam_console_t)
-@@ -159,6 +174,8 @@
+@@ -159,6 +175,8 @@
dev_setattr_mouse_dev(pam_console_t)
dev_getattr_power_mgmt_dev(pam_console_t)
dev_setattr_power_mgmt_dev(pam_console_t)
@@ -16128,7 +16128,7 @@
dev_getattr_scanner_dev(pam_console_t)
dev_setattr_scanner_dev(pam_console_t)
dev_getattr_sound_dev(pam_console_t)
-@@ -200,6 +217,7 @@
+@@ -200,6 +218,7 @@
fs_list_auto_mountpoints(pam_console_t)
fs_list_noxattr_fs(pam_console_t)
@@ -16136,7 +16136,7 @@
init_use_fds(pam_console_t)
init_use_script_ptys(pam_console_t)
-@@ -236,7 +254,7 @@
+@@ -236,7 +255,7 @@
optional_policy(`
xserver_read_xdm_pid(pam_console_t)
@@ -16145,7 +16145,7 @@
')
########################################
-@@ -256,6 +274,7 @@
+@@ -256,6 +275,7 @@
userdom_dontaudit_use_unpriv_users_ttys(system_chkpwd_t)
userdom_dontaudit_use_unpriv_users_ptys(system_chkpwd_t)
userdom_dontaudit_use_sysadm_terms(system_chkpwd_t)
@@ -16153,7 +16153,7 @@
########################################
#
-@@ -302,3 +321,28 @@
+@@ -302,3 +322,28 @@
xserver_use_xdm_fds(utempter_t)
xserver_rw_xdm_pipes(utempter_t)
')
@@ -16635,7 +16635,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.0.8/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/init.te 2008-01-08 13:53:49.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/init.te 2008-01-15 09:56:24.000000000 -0500
@@ -10,6 +10,20 @@
# Declarations
#
@@ -16764,7 +16764,7 @@
+# Cron jobs used to start and stop services
+optional_policy(`
-+ cron_read_pipes(daemon)
++ cron_rw_pipes(daemon)
+')
+
+optional_policy(`
@@ -17033,7 +17033,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.0.8/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/libraries.fc 2008-01-14 12:58:26.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/libraries.fc 2008-01-15 08:23:50.000000000 -0500
@@ -65,11 +65,15 @@
/opt/(.*/)?java/.+\.jar -- gen_context(system_u:object_r:lib_t,s0)
/opt/(.*/)?jre.*/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -19747,7 +19747,7 @@
/tmp/gconfd-USER -d gen_context(system_u:object_r:ROLE_tmp_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.8/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2008-01-15 08:07:59.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2008-01-15 13:51:31.000000000 -0500
@@ -29,8 +29,9 @@
')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/selinux-policy.spec,v
retrieving revision 1.603
retrieving revision 1.604
diff -u -r1.603 -r1.604
--- selinux-policy.spec 14 Jan 2008 19:45:09 -0000 1.603
+++ selinux-policy.spec 15 Jan 2008 18:55:37 -0000 1.604
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.8
-Release: 76%{?dist}
+Release: 77%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -381,6 +381,9 @@
%endif
%changelog
+* Tue Jan 15 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-77
+- Allow daemons to write to cron fifo_files
+
* Mon Jan 14 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-76
- Fix filecontext for networkmanagerlog files
- Allow mount to read samba config
- Previous message (by thread): rpms/eric/F-7 eric-3.9.5-shebang.patch, NONE, 1.1 .cvsignore, 1.4, 1.5 eric.spec, 1.11, 1.12 sources, 1.4, 1.5 gen_python_api-env.patch, 1.1, NONE gen_sip_api-PyQt4.patch, 1.1, NONE
- Next message (by thread): rpms/cairo/F-7 .cvsignore, 1.34, 1.35 cairo.spec, 1.76, 1.77 sources, 1.34, 1.35
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list