rpms/selinux-policy/F-8 policy-20070703.patch, 1.171, 1.172 selinux-policy.spec, 1.604, 1.605
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Thu Jan 17 13:48:17 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12539
Modified Files:
policy-20070703.patch selinux-policy.spec
Log Message:
* Wed Jan 16 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-78
- Allow procmal to signal pyzor
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.171
retrieving revision 1.172
diff -u -r1.171 -r1.172
--- policy-20070703.patch 15 Jan 2008 18:55:37 -0000 1.171
+++ policy-20070703.patch 17 Jan 2008 13:48:11 -0000 1.172
@@ -4147,7 +4147,7 @@
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.0.8/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2007-10-22 13:21:41.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/corenetwork.te.in 2007-12-31 07:13:11.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/kernel/corenetwork.te.in 2008-01-16 16:09:09.000000000 -0500
@@ -55,6 +55,11 @@
type reserved_port_t, port_type, reserved_port_type;
@@ -4182,7 +4182,7 @@
network_port(innd, tcp,119,s0)
network_port(ipp, tcp,631,s0, udp,631,s0)
network_port(ircd, tcp,6667,s0)
-@@ -108,12 +115,16 @@
+@@ -108,12 +115,17 @@
network_port(kerberos_master, tcp,4444,s0, udp,4444,s0)
network_port(kerberos, tcp,88,s0, udp,88,s0, tcp,750,s0, udp,750,s0)
network_port(ktalkd, udp,517,s0, udp,518,s0)
@@ -4195,13 +4195,14 @@
network_port(monopd, tcp,1234,s0)
-network_port(mysqld, tcp,3306,s0)
+network_port(msnp, tcp,1863,s0, udp,1863,s0)
++network_port(munin, tcp,4949,s0, udp,4949,s0)
+network_port(mythtv, tcp,6543,s0, udp,6543,s0)
+network_port(mysqld, tcp,3306,s0, tcp,1186,s0)
+portcon tcp 63132-63163 gen_context(system_u:object_r:mysqld_port_t, s0)
network_port(nessus, tcp,1241,s0)
network_port(netsupport, tcp,5405,s0, udp,5405,s0)
network_port(nmbd, udp,137,s0, udp,138,s0)
-@@ -122,6 +133,7 @@
+@@ -122,6 +134,7 @@
network_port(openvpn, tcp,1194,s0, udp,1194,s0)
network_port(pegasus_http, tcp,5988,s0)
network_port(pegasus_https, tcp,5989,s0)
@@ -4209,7 +4210,7 @@
network_port(pop, tcp,106,s0, tcp,109,s0, tcp,110,s0, tcp,143,s0, tcp,220,s0, tcp,993,s0, tcp,995,s0, tcp,1109,s0)
network_port(portmap, udp,111,s0, tcp,111,s0)
network_port(postgresql, tcp,5432,s0)
-@@ -141,12 +153,12 @@
+@@ -141,12 +154,12 @@
network_port(rsh, tcp,514,s0)
network_port(rsync, tcp,873,s0, udp,873,s0)
network_port(rwho, udp,513,s0)
@@ -4224,7 +4225,7 @@
type socks_port_t, port_type; dnl network_port(socks) # no defined portcon
type stunnel_port_t, port_type; dnl network_port(stunnel) # no defined portcon in current strict
network_port(squid, udp,3401,s0, tcp,3401,s0, udp,4827,s0, tcp,4827,s0) # snmp and htcp
-@@ -160,13 +172,19 @@
+@@ -160,13 +173,19 @@
type utcpserver_port_t, port_type; dnl network_port(utcpserver) # no defined portcon
network_port(uucpd, tcp,540,s0)
network_port(vnc, tcp,5900,s0)
@@ -4684,7 +4685,7 @@
/usr/src/kernels/.+/lib(/.*)? gen_context(system_u:object_r:usr_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.0.8/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2007-10-22 13:21:41.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/files.if 2008-01-08 06:14:55.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/kernel/files.if 2008-01-16 08:57:05.000000000 -0500
@@ -343,8 +343,7 @@
########################################
@@ -5064,7 +5065,33 @@
')
########################################
-@@ -4560,6 +4712,8 @@
+@@ -4285,6 +4437,25 @@
+
+ ########################################
+ ## <summary>
++## Delete generic process ID files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`files_unlink_generic_pids',`
++ gen_require(`
++ type var_t, var_run_t;
++ ')
++
++ list_dirs_pattern($1,var_t,var_run_t)
++ delete_files_pattern($1,var_run_t,var_run_t)
++')
++
++########################################
++## <summary>
+ ## Do not audit attempts to write to daemon runtime data files.
+ ## </summary>
+ ## <param name="domain">
+@@ -4560,6 +4731,8 @@
# Need to give access to /selinux/member
selinux_compute_member($1)
@@ -5073,7 +5100,7 @@
# Need sys_admin capability for mounting
allow $1 self:capability { chown fsetid sys_admin };
-@@ -4582,6 +4736,11 @@
+@@ -4582,6 +4755,11 @@
# Default type for mountpoints
allow $1 poly_t:dir { create mounton };
fs_unmount_xattr_fs($1)
@@ -5085,7 +5112,7 @@
')
########################################
-@@ -4619,3 +4778,28 @@
+@@ -4619,3 +4797,28 @@
allow $1 { file_type -security_file_type }:dir manage_dir_perms;
')
@@ -10298,7 +10325,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.0.8/policy/modules/services/mta.te
--- nsaserefpolicy/policy/modules/services/mta.te 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/mta.te 2008-01-11 14:43:25.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/mta.te 2008-01-16 06:23:56.000000000 -0500
@@ -1,11 +1,13 @@
-policy_module(mta,1.7.1)
@@ -10383,7 +10410,7 @@
logrotate_read_tmp_files(system_mail_t)
')
-@@ -136,11 +158,30 @@
+@@ -136,11 +158,33 @@
')
optional_policy(`
@@ -10399,6 +10426,9 @@
')
-# should break this up among sections:
++init_stream_connect_script(mailserver_delivery)
++init_rw_script_stream_sockets(mailserver_delivery)
++
+tunable_policy(`use_samba_home_dirs',`
+ fs_manage_cifs_dirs(mailserver_delivery)
+ fs_manage_cifs_files(mailserver_delivery)
@@ -10415,33 +10445,36 @@
optional_policy(`
# why is mail delivered to a directory of type arpwatch_data_t?
arpwatch_search_data(mailserver_delivery)
-@@ -154,3 +195,4 @@
+@@ -154,3 +198,4 @@
cron_read_system_job_tmp_files(mta_user_agent)
')
')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.fc serefpolicy-3.0.8/policy/modules/services/munin.fc
--- nsaserefpolicy/policy/modules/services/munin.fc 2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/munin.fc 2007-12-26 20:33:19.000000000 -0500
-@@ -6,6 +6,6 @@
++++ serefpolicy-3.0.8/policy/modules/services/munin.fc 2008-01-16 16:07:35.000000000 -0500
+@@ -6,6 +6,7 @@
/usr/share/munin/plugins/.* -- gen_context(system_u:object_r:munin_exec_t,s0)
/var/lib/munin(/.*)? gen_context(system_u:object_r:munin_var_lib_t,s0)
-/var/log/munin.* -- gen_context(system_u:object_r:munin_log_t,s0)
+/var/log/munin.* gen_context(system_u:object_r:munin_log_t,s0)
/var/run/munin(/.*)? gen_context(system_u:object_r:munin_var_run_t,s0)
- /var/www/munin(/.*)? gen_context(system_u:object_r:munin_var_lib_t,s0)
+-/var/www/munin(/.*)? gen_context(system_u:object_r:munin_var_lib_t,s0)
++/var/www/html/munin(/.*)? gen_context(system_u:object_r:httpd_munin_content_t,s0)
++/var/www/html/munin/cgi(/.*)? gen_context(system_u:object_r:httpd_munin_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.if serefpolicy-3.0.8/policy/modules/services/munin.if
--- nsaserefpolicy/policy/modules/services/munin.if 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/munin.if 2007-12-02 21:15:34.000000000 -0500
-@@ -61,3 +61,21 @@
++++ serefpolicy-3.0.8/policy/modules/services/munin.if 2008-01-16 16:07:44.000000000 -0500
+@@ -61,3 +61,22 @@
allow $1 munin_var_lib_t:dir search_dir_perms;
files_search_var_lib($1)
')
+
+#######################################
+## <summary>
-+## dontaudit Search munin library directories.
++## Do not audit attempts to search
++## munin library directories.
+## </summary>
+## <param name="domain">
+## <summary>
@@ -10456,6 +10489,71 @@
+
+ dontaudit $1 munin_var_lib_t:dir search_dir_perms;
+')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.0.8/policy/modules/services/munin.te
+--- nsaserefpolicy/policy/modules/services/munin.te 2007-10-22 13:21:36.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/munin.te 2008-01-16 16:07:27.000000000 -0500
+@@ -1,5 +1,5 @@
+
+-policy_module(munin,1.3.0)
++policy_module(munin,1.4.0)
+
+ ########################################
+ #
+@@ -30,21 +30,25 @@
+ # Local policy
+ #
+
+-allow munin_t self:capability { setgid setuid };
++allow munin_t self:capability { dac_override setgid setuid };
+ dontaudit munin_t self:capability sys_tty_config;
+ allow munin_t self:process { getsched setsched signal_perms };
+ allow munin_t self:unix_stream_socket { create_stream_socket_perms connectto };
+ allow munin_t self:unix_dgram_socket { create_socket_perms sendto };
+ allow munin_t self:tcp_socket create_stream_socket_perms;
+ allow munin_t self:udp_socket create_socket_perms;
++allow munin_t self:fifo_file manage_fifo_file_perms;
++
++can_exec(munin_t, munin_exec_t)
+
+ allow munin_t munin_etc_t:dir list_dir_perms;
+ read_files_pattern(munin_t,munin_etc_t,munin_etc_t)
+ read_lnk_files_pattern(munin_t,munin_etc_t,munin_etc_t)
+ files_search_etc(munin_t)
+
+-allow munin_t munin_log_t:file manage_file_perms;
+-logging_log_filetrans(munin_t,munin_log_t,file)
++manage_dirs_pattern(munin_t, munin_log_t, munin_log_t)
++manage_files_pattern(munin_t, munin_log_t, munin_log_t)
++logging_log_filetrans(munin_t,munin_log_t,{ file dir })
+
+ manage_dirs_pattern(munin_t,munin_tmp_t,munin_tmp_t)
+ manage_files_pattern(munin_t,munin_tmp_t,munin_tmp_t)
+@@ -73,6 +77,7 @@
+ corenet_udp_sendrecv_all_nodes(munin_t)
+ corenet_tcp_sendrecv_all_ports(munin_t)
+ corenet_udp_sendrecv_all_ports(munin_t)
++corenet_tcp_connect_munin_port(munin_t)
+
+ dev_read_sysfs(munin_t)
+ dev_read_urand(munin_t)
+@@ -91,6 +96,7 @@
+
+ logging_send_syslog_msg(munin_t)
+
++miscfiles_read_fonts(munin_t)
+ miscfiles_read_localization(munin_t)
+
+ sysnet_read_config(munin_t)
+@@ -118,3 +124,9 @@
+ optional_policy(`
+ udev_read_db(munin_t)
+ ')
++
++#============= http munin policy ==============
++apache_content_template(munin)
++
++manage_dirs_pattern(munin_t, httpd_munin_content_t, httpd_munin_content_t)
++manage_files_pattern(munin_t, httpd_munin_content_t, httpd_munin_content_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.fc serefpolicy-3.0.8/policy/modules/services/mysql.fc
--- nsaserefpolicy/policy/modules/services/mysql.fc 2007-10-22 13:21:36.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/services/mysql.fc 2007-12-02 21:15:34.000000000 -0500
@@ -10789,7 +10887,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.0.8/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/networkmanager.te 2007-12-26 20:31:56.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/networkmanager.te 2008-01-16 08:25:11.000000000 -0500
@@ -13,6 +13,9 @@
type NetworkManager_var_run_t;
files_pid_file(NetworkManager_var_run_t)
@@ -10819,7 +10917,16 @@
kernel_read_system_state(NetworkManager_t)
kernel_read_network_state(NetworkManager_t)
kernel_read_kernel_sysctls(NetworkManager_t)
-@@ -129,15 +135,13 @@
+@@ -82,6 +88,8 @@
+ files_read_etc_files(NetworkManager_t)
+ files_read_etc_runtime_files(NetworkManager_t)
+ files_read_usr_files(NetworkManager_t)
++files_read_all_pids(NetworkManager_t)
++files_unlink_generic_pids(NetworkManager_t)
+
+ init_read_utmp(NetworkManager_t)
+ init_domtrans_script(NetworkManager_t)
+@@ -129,15 +137,13 @@
')
optional_policy(`
@@ -10837,7 +10944,7 @@
')
optional_policy(`
-@@ -151,6 +155,8 @@
+@@ -151,6 +157,8 @@
optional_policy(`
nscd_socket_use(NetworkManager_t)
nscd_signal(NetworkManager_t)
@@ -10846,7 +10953,7 @@
')
optional_policy(`
-@@ -162,6 +168,7 @@
+@@ -162,6 +170,7 @@
ppp_domtrans(NetworkManager_t)
ppp_read_pid_files(NetworkManager_t)
ppp_signal(NetworkManager_t)
@@ -10854,7 +10961,7 @@
')
optional_policy(`
-@@ -173,8 +180,10 @@
+@@ -173,8 +182,10 @@
')
optional_policy(`
@@ -12107,7 +12214,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.0.8/policy/modules/services/procmail.te
--- nsaserefpolicy/policy/modules/services/procmail.te 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/procmail.te 2008-01-08 11:06:01.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/procmail.te 2008-01-16 15:44:12.000000000 -0500
@@ -30,6 +30,8 @@
allow procmail_t procmail_tmp_t:file manage_file_perms;
files_tmp_filetrans(procmail_t, procmail_tmp_t, file)
@@ -12125,16 +12232,17 @@
auth_use_nsswitch(procmail_t)
-@@ -65,6 +68,8 @@
+@@ -65,6 +68,9 @@
libs_use_ld_so(procmail_t)
libs_use_shared_libs(procmail_t)
+logging_send_syslog_msg(procmail_t)
++loggin_search_logs(procmail_t)
+
miscfiles_read_localization(procmail_t)
# only works until we define a different type for maildir
-@@ -97,17 +102,20 @@
+@@ -97,21 +103,25 @@
')
optional_policy(`
@@ -12157,7 +12265,12 @@
')
optional_policy(`
-@@ -125,7 +133,13 @@
+ pyzor_domtrans(procmail_t)
++ pyzor_signal(procmail_t)
+ ')
+
+ optional_policy(`
+@@ -125,7 +135,13 @@
corenet_udp_bind_generic_port(procmail_t)
corenet_dontaudit_udp_bind_all_ports(procmail_t)
@@ -17033,7 +17146,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.0.8/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/libraries.fc 2008-01-15 08:23:50.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/libraries.fc 2008-01-16 15:53:47.000000000 -0500
@@ -65,11 +65,15 @@
/opt/(.*/)?java/.+\.jar -- gen_context(system_u:object_r:lib_t,s0)
/opt/(.*/)?jre.*/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -17091,15 +17204,18 @@
/usr/lib(64)?/xorg/modules/drivers/nvidia_drv\.o -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/xorg/modules/extensions/nvidia(-[^/]*)?/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -223,6 +234,7 @@
+@@ -223,8 +234,10 @@
/usr/lib(64)?/libmp3lame\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
# Flash plugin, Macromedia
+HOME_DIR/\.gstreamer-.*/[^/]*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
HOME_DIR/\.mozilla(/.*)?/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
HOME_DIR/.*/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++HOME_DIR/.*/plugins/nppdf\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/.*/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -236,6 +248,8 @@
+ /usr/local/(.*/)?libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ HOME_DIR/.*/plugins/nprhapengine\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+@@ -236,6 +249,8 @@
/usr/lib(64)?/libdivxdecore\.so\.0 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libdivxencore\.so\.0 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -17108,7 +17224,7 @@
/usr/lib(64)?/python2.4/site-packages/M2Crypto/__m2crypto.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
# vmware
-@@ -284,3 +298,14 @@
+@@ -284,3 +299,15 @@
/var/spool/postfix/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
/var/spool/postfix/usr(/.*)? gen_context(system_u:object_r:lib_t,s0)
/var/spool/postfix/lib(64)?/ld.*\.so.* -- gen_context(system_u:object_r:ld_so_t,s0)
@@ -17123,6 +17239,7 @@
+
+/usr/lib/libswscale\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib64/libswscale\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib(64)?/libavdevice\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.0.8/policy/modules/system/libraries.te
--- nsaserefpolicy/policy/modules/system/libraries.te 2007-10-22 13:21:39.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/system/libraries.te 2007-12-10 16:27:26.000000000 -0500
@@ -18099,7 +18216,7 @@
-/usr/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.0.8/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/mount.te 2008-01-14 10:34:46.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/mount.te 2008-01-16 10:54:29.000000000 -0500
@@ -8,6 +8,13 @@
## <desc>
@@ -18182,7 +18299,15 @@
libs_use_ld_so(mount_t)
libs_use_shared_libs(mount_t)
-@@ -127,10 +141,15 @@
+@@ -118,6 +132,7 @@
+ seutil_read_config(mount_t)
+
+ userdom_use_all_users_fds(mount_t)
++userdom_read_sysadm_home_content_files(mount_t)
+
+ ifdef(`distro_redhat',`
+ optional_policy(`
+@@ -127,10 +142,15 @@
')
')
@@ -18199,7 +18324,7 @@
')
optional_policy(`
-@@ -159,13 +178,9 @@
+@@ -159,13 +179,9 @@
fs_search_rpc(mount_t)
@@ -18214,7 +18339,7 @@
')
optional_policy(`
-@@ -180,17 +195,18 @@
+@@ -180,17 +196,18 @@
')
')
@@ -18237,7 +18362,7 @@
')
########################################
-@@ -201,4 +217,29 @@
+@@ -201,4 +218,29 @@
optional_policy(`
files_etc_filetrans_etc_runtime(unconfined_mount_t,file)
unconfined_domain(unconfined_mount_t)
@@ -18894,7 +19019,7 @@
/var/lib/dhcpc(/.*)? gen_context(system_u:object_r:dhcpc_state_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.0.8/policy/modules/system/sysnetwork.if
--- nsaserefpolicy/policy/modules/system/sysnetwork.if 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/sysnetwork.if 2007-12-02 21:15:34.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/sysnetwork.if 2008-01-16 08:56:54.000000000 -0500
@@ -145,6 +145,25 @@
########################################
@@ -19747,7 +19872,7 @@
/tmp/gconfd-USER -d gen_context(system_u:object_r:ROLE_tmp_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.8/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2008-01-15 13:51:31.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2008-01-16 10:54:03.000000000 -0500
@@ -29,8 +29,9 @@
')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/selinux-policy.spec,v
retrieving revision 1.604
retrieving revision 1.605
diff -u -r1.604 -r1.605
--- selinux-policy.spec 15 Jan 2008 18:55:37 -0000 1.604
+++ selinux-policy.spec 17 Jan 2008 13:48:12 -0000 1.605
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.8
-Release: 77%{?dist}
+Release: 78%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -381,6 +381,9 @@
%endif
%changelog
+* Wed Jan 16 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-78
+- Allow procmal to signal pyzor
+
* Tue Jan 15 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-77
- Allow daemons to write to cron fifo_files
More information about the fedora-extras-commits
mailing list