rpms/selinux-policy/F-7 policy-20070501.patch, 1.91, 1.92 selinux-policy.spec, 1.517, 1.518
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Thu Jan 17 13:51:51 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12802
Modified Files:
policy-20070501.patch selinux-policy.spec
Log Message:
policy-20070501.patch:
Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.91
retrieving revision 1.92
diff -u -r1.91 -r1.92
--- policy-20070501.patch 8 Jan 2008 20:29:53 -0000 1.91
+++ policy-20070501.patch 17 Jan 2008 13:51:44 -0000 1.92
@@ -1828,7 +1828,7 @@
/opt/vmware/workstation/bin/vmnet-bridge -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.6.4/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/corecommands.fc 2008-01-02 11:27:47.000000000 -0500
++++ serefpolicy-2.6.4/policy/modules/kernel/corecommands.fc 2008-01-16 15:47:56.000000000 -0500
@@ -7,6 +7,7 @@
/bin/d?ash -- gen_context(system_u:object_r:shell_exec_t,s0)
/bin/bash -- gen_context(system_u:object_r:shell_exec_t,s0)
@@ -1849,7 +1849,15 @@
/etc/hotplug/.*agent -- gen_context(system_u:object_r:bin_t,s0)
/etc/hotplug/.*rc -- gen_context(system_u:object_r:bin_t,s0)
/etc/hotplug/hotplug\.functions -- gen_context(system_u:object_r:bin_t,s0)
-@@ -72,10 +78,6 @@
+@@ -44,6 +50,7 @@
+ /etc/init\.d/functions -- gen_context(system_u:object_r:bin_t,s0)
+
+ /etc/netplug\.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
++/etc/NetworkManager/dispatcher.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
+
+ /etc/ppp/ip-down\..* -- gen_context(system_u:object_r:bin_t,s0)
+ /etc/ppp/ip-up\..* -- gen_context(system_u:object_r:bin_t,s0)
+@@ -72,10 +79,6 @@
/etc/mysql/debian-start -- gen_context(system_u:object_r:bin_t,s0)
')
@@ -1860,7 +1868,7 @@
#
# /lib
#
-@@ -131,7 +133,10 @@
+@@ -131,7 +134,10 @@
/usr/lib(64)?/apt/methods.+ -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/courier(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/cups/cgi-bin/.* -- gen_context(system_u:object_r:bin_t,s0)
@@ -1872,7 +1880,7 @@
/usr/lib(64)?/cyrus-imapd/.* -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/dpkg/.+ -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/emacsen-common/.* gen_context(system_u:object_r:bin_t,s0)
-@@ -164,6 +169,10 @@
+@@ -164,6 +170,10 @@
/usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
/usr/local/lib(64)?/ipsec/.* -- gen_context(system_u:object_r:bin_t,s0)
@@ -1883,7 +1891,7 @@
/usr/sbin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
-@@ -189,6 +198,7 @@
+@@ -189,6 +199,7 @@
ifdef(`distro_redhat', `
/usr/lib/.*/program(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
@@ -1891,7 +1899,7 @@
/usr/lib64/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/authconfig/authconfig-gtk\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/authconfig/authconfig-tui\.py -- gen_context(system_u:object_r:bin_t,s0)
-@@ -220,6 +230,7 @@
+@@ -220,6 +231,7 @@
/usr/share/system-config-network/neat-control\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-nfs/nfs-export\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-nfs/system-config-nfs\.py -- gen_context(system_u:object_r:bin_t,s0)
@@ -1899,7 +1907,7 @@
/usr/share/system-config-rootpassword/system-config-rootpassword -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-samba/system-config-samba\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-securitylevel/system-config-securitylevel\.py -- gen_context(system_u:object_r:bin_t,s0)
-@@ -248,6 +259,7 @@
+@@ -248,6 +260,7 @@
/var/ftp/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/yp/.+ -- gen_context(system_u:object_r:bin_t,s0)
@@ -1907,7 +1915,7 @@
/var/qmail/bin -d gen_context(system_u:object_r:bin_t,s0)
/var/qmail/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
-@@ -256,3 +268,18 @@
+@@ -256,3 +269,18 @@
ifdef(`distro_suse',`
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
')
@@ -3235,7 +3243,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-2.6.4/policy/modules/kernel/kernel.te
--- nsaserefpolicy/policy/modules/kernel/kernel.te 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/kernel.te 2008-01-02 11:27:47.000000000 -0500
++++ serefpolicy-2.6.4/policy/modules/kernel/kernel.te 2008-01-11 15:14:54.000000000 -0500
@@ -146,6 +146,8 @@
type unlabeled_t;
sid unlabeled gen_context(system_u:object_r:unlabeled_t,mls_systemhigh)
@@ -3253,6 +3261,15 @@
')
optional_policy(`
+@@ -360,7 +363,7 @@
+
+ allow kern_unconfined proc_type:{ dir file lnk_file } *;
+
+-allow kern_unconfined sysctl_t:{ dir file } *;
++allow kern_unconfined sysctl_type:{ dir file } *;
+
+ allow kern_unconfined kernel_t:system *;
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.if serefpolicy-2.6.4/policy/modules/kernel/mls.if
--- nsaserefpolicy/policy/modules/kernel/mls.if 2007-05-07 14:51:04.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/kernel/mls.if 2008-01-02 11:27:47.000000000 -0500
@@ -9797,7 +9814,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.6.4/policy/modules/services/procmail.te
--- nsaserefpolicy/policy/modules/services/procmail.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/procmail.te 2008-01-02 11:27:47.000000000 -0500
++++ serefpolicy-2.6.4/policy/modules/services/procmail.te 2008-01-16 15:49:32.000000000 -0500
@@ -10,6 +10,7 @@
type procmail_exec_t;
domain_type(procmail_t)
@@ -9823,7 +9840,7 @@
auth_use_nsswitch(procmail_t)
-@@ -101,9 +105,16 @@
+@@ -101,13 +105,21 @@
')
optional_policy(`
@@ -9840,7 +9857,12 @@
')
optional_policy(`
-@@ -119,8 +130,13 @@
+ pyzor_domtrans(procmail_t)
++ pyzor_signal(procmail_t)
+ ')
+
+ optional_policy(`
+@@ -119,8 +131,13 @@
optional_policy(`
corenet_udp_bind_generic_port(procmail_t)
@@ -14355,7 +14377,7 @@
-/usr/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.6.4/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/mount.te 2008-01-02 11:27:47.000000000 -0500
++++ serefpolicy-2.6.4/policy/modules/system/mount.te 2008-01-16 10:54:42.000000000 -0500
@@ -9,6 +9,13 @@
ifdef(`targeted_policy',`
## <desc>
@@ -14429,7 +14451,15 @@
libs_use_ld_so(mount_t)
libs_use_shared_libs(mount_t)
-@@ -130,10 +149,15 @@
+@@ -120,6 +139,7 @@
+ seutil_read_config(mount_t)
+
+ userdom_use_all_users_fds(mount_t)
++userdom_read_sysadm_home_content_files(mount_t)
+
+ ifdef(`distro_redhat',`
+ optional_policy(`
+@@ -130,10 +150,15 @@
')
ifdef(`targeted_policy',`
@@ -14446,7 +14476,7 @@
')
')
-@@ -162,13 +186,9 @@
+@@ -162,13 +187,9 @@
fs_search_rpc(mount_t)
@@ -14461,7 +14491,7 @@
')
optional_policy(`
-@@ -183,6 +203,10 @@
+@@ -183,6 +204,10 @@
')
')
@@ -14472,7 +14502,7 @@
# for kernel package installation
optional_policy(`
rpm_rw_pipes(mount_t)
-@@ -192,9 +216,6 @@
+@@ -192,9 +217,6 @@
samba_domtrans_smbmount(mount_t)
')
@@ -14482,7 +14512,7 @@
########################################
#
-@@ -204,4 +225,30 @@
+@@ -204,4 +226,30 @@
ifdef(`targeted_policy',`
files_etc_filetrans_etc_runtime(unconfined_mount_t,file)
unconfined_domain(unconfined_mount_t)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/selinux-policy.spec,v
retrieving revision 1.517
retrieving revision 1.518
diff -u -r1.517 -r1.518
--- selinux-policy.spec 8 Jan 2008 19:57:58 -0000 1.517
+++ selinux-policy.spec 17 Jan 2008 13:51:44 -0000 1.518
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.6.4
-Release: 69%{?dist}
+Release: 70%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -366,6 +366,9 @@
%changelog
+* Tue Jan 8 2008 Dan Walsh <dwalsh at redhat.com> 2.6.4-70
+- Fix labeling on /etc/NetworkManager/dispatcher.d
+
* Tue Jan 8 2008 Dan Walsh <dwalsh at redhat.com> 2.6.4-69
- Allow samba to getattr on file systems labeled samba_share_t
More information about the fedora-extras-commits
mailing list