rpms/selinux-policy/F-7 policy-20070501.patch, 1.91, 1.92 selinux-policy.spec, 1.517, 1.518

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Thu Jan 17 13:51:51 UTC 2008 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12802

Modified Files:
	policy-20070501.patch selinux-policy.spec 
Log Message:


policy-20070501.patch:

Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.91
retrieving revision 1.92
diff -u -r1.91 -r1.92
--- policy-20070501.patch	8 Jan 2008 20:29:53 -0000	1.91
+++ policy-20070501.patch	17 Jan 2008 13:51:44 -0000	1.92
@@ -1828,7 +1828,7 @@
  /opt/vmware/workstation/bin/vmnet-bridge --	gen_context(system_u:object_r:vmware_host_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.6.4/policy/modules/kernel/corecommands.fc
 --- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/corecommands.fc	2008-01-02 11:27:47.000000000 -0500
++++ serefpolicy-2.6.4/policy/modules/kernel/corecommands.fc	2008-01-16 15:47:56.000000000 -0500
 @@ -7,6 +7,7 @@
  /bin/d?ash			--	gen_context(system_u:object_r:shell_exec_t,s0)
  /bin/bash			--	gen_context(system_u:object_r:shell_exec_t,s0)
@@ -1849,7 +1849,15 @@
  /etc/hotplug/.*agent		--	gen_context(system_u:object_r:bin_t,s0)
  /etc/hotplug/.*rc		-- 	gen_context(system_u:object_r:bin_t,s0)
  /etc/hotplug/hotplug\.functions --	gen_context(system_u:object_r:bin_t,s0)
-@@ -72,10 +78,6 @@
+@@ -44,6 +50,7 @@
+ /etc/init\.d/functions		--	gen_context(system_u:object_r:bin_t,s0)
+ 
+ /etc/netplug\.d(/.*)? 	 		gen_context(system_u:object_r:bin_t,s0)
++/etc/NetworkManager/dispatcher.d(/.*)?	gen_context(system_u:object_r:bin_t,s0)
+ 
+ /etc/ppp/ip-down\..*		--	gen_context(system_u:object_r:bin_t,s0)
+ /etc/ppp/ip-up\..*		--	gen_context(system_u:object_r:bin_t,s0)
+@@ -72,10 +79,6 @@
  /etc/mysql/debian-start		--	gen_context(system_u:object_r:bin_t,s0)
  ')
  
@@ -1860,7 +1868,7 @@
  #
  # /lib
  #
-@@ -131,7 +133,10 @@
+@@ -131,7 +134,10 @@
  /usr/lib(64)?/apt/methods.+	--	gen_context(system_u:object_r:bin_t,s0)
  /usr/lib(64)?/courier(/.*)?		gen_context(system_u:object_r:bin_t,s0)
  /usr/lib(64)?/cups/cgi-bin/.*	--	gen_context(system_u:object_r:bin_t,s0)
@@ -1872,7 +1880,7 @@
  /usr/lib(64)?/cyrus-imapd/.*	--	gen_context(system_u:object_r:bin_t,s0)
  /usr/lib(64)?/dpkg/.+		--	gen_context(system_u:object_r:bin_t,s0)
  /usr/lib(64)?/emacsen-common/.*		gen_context(system_u:object_r:bin_t,s0)
-@@ -164,6 +169,10 @@
+@@ -164,6 +170,10 @@
  /usr/libexec/openssh/sftp-server --	gen_context(system_u:object_r:bin_t,s0)
  
  /usr/local/lib(64)?/ipsec/.*	-- 	gen_context(system_u:object_r:bin_t,s0)
@@ -1883,7 +1891,7 @@
  
  /usr/sbin/sesh			--	gen_context(system_u:object_r:shell_exec_t,s0)
  
-@@ -189,6 +198,7 @@
+@@ -189,6 +199,7 @@
  ifdef(`distro_redhat', `
  /usr/lib/.*/program(/.*)?		gen_context(system_u:object_r:bin_t,s0)
  /usr/lib/bluetooth(/.*)?	--      gen_context(system_u:object_r:bin_t,s0)
@@ -1891,7 +1899,7 @@
  /usr/lib64/bluetooth(/.*)?	--      gen_context(system_u:object_r:bin_t,s0)
  /usr/share/authconfig/authconfig-gtk\.py -- gen_context(system_u:object_r:bin_t,s0)
  /usr/share/authconfig/authconfig-tui\.py -- gen_context(system_u:object_r:bin_t,s0)
-@@ -220,6 +230,7 @@
+@@ -220,6 +231,7 @@
  /usr/share/system-config-network/neat-control\.py -- gen_context(system_u:object_r:bin_t,s0)
  /usr/share/system-config-nfs/nfs-export\.py -- gen_context(system_u:object_r:bin_t,s0)
  /usr/share/system-config-nfs/system-config-nfs\.py -- gen_context(system_u:object_r:bin_t,s0)
@@ -1899,7 +1907,7 @@
  /usr/share/system-config-rootpassword/system-config-rootpassword -- gen_context(system_u:object_r:bin_t,s0)
  /usr/share/system-config-samba/system-config-samba\.py -- gen_context(system_u:object_r:bin_t,s0)
  /usr/share/system-config-securitylevel/system-config-securitylevel\.py -- gen_context(system_u:object_r:bin_t,s0)
-@@ -248,6 +259,7 @@
+@@ -248,6 +260,7 @@
  /var/ftp/bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
  
  /usr/lib/yp/.+			--	gen_context(system_u:object_r:bin_t,s0)
@@ -1907,7 +1915,7 @@
  
  /var/qmail/bin                  -d      gen_context(system_u:object_r:bin_t,s0)
  /var/qmail/bin(/.*)?                    gen_context(system_u:object_r:bin_t,s0)
-@@ -256,3 +268,18 @@
+@@ -256,3 +269,18 @@
  ifdef(`distro_suse',`
  /var/lib/samba/bin/.+			gen_context(system_u:object_r:bin_t,s0)
  ')
@@ -3235,7 +3243,7 @@
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-2.6.4/policy/modules/kernel/kernel.te
 --- nsaserefpolicy/policy/modules/kernel/kernel.te	2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/kernel.te	2008-01-02 11:27:47.000000000 -0500
++++ serefpolicy-2.6.4/policy/modules/kernel/kernel.te	2008-01-11 15:14:54.000000000 -0500
 @@ -146,6 +146,8 @@
  type unlabeled_t;
  sid unlabeled gen_context(system_u:object_r:unlabeled_t,mls_systemhigh)
@@ -3253,6 +3261,15 @@
  ')
  
  optional_policy(`
+@@ -360,7 +363,7 @@
+ 
+ allow kern_unconfined proc_type:{ dir file lnk_file } *;
+ 
+-allow kern_unconfined sysctl_t:{ dir file } *;
++allow kern_unconfined sysctl_type:{ dir file } *;
+ 
+ allow kern_unconfined kernel_t:system *;
+ 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.if serefpolicy-2.6.4/policy/modules/kernel/mls.if
 --- nsaserefpolicy/policy/modules/kernel/mls.if	2007-05-07 14:51:04.000000000 -0400
 +++ serefpolicy-2.6.4/policy/modules/kernel/mls.if	2008-01-02 11:27:47.000000000 -0500
@@ -9797,7 +9814,7 @@
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.6.4/policy/modules/services/procmail.te
 --- nsaserefpolicy/policy/modules/services/procmail.te	2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/procmail.te	2008-01-02 11:27:47.000000000 -0500
++++ serefpolicy-2.6.4/policy/modules/services/procmail.te	2008-01-16 15:49:32.000000000 -0500
 @@ -10,6 +10,7 @@
  type procmail_exec_t;
  domain_type(procmail_t)
@@ -9823,7 +9840,7 @@
  
  auth_use_nsswitch(procmail_t)
  
-@@ -101,9 +105,16 @@
+@@ -101,13 +105,21 @@
  ')
  
  optional_policy(`
@@ -9840,7 +9857,12 @@
  ')
  
  optional_policy(`
-@@ -119,8 +130,13 @@
+ 	pyzor_domtrans(procmail_t)
++	pyzor_signal(procmail_t)
+ ')
+ 
+ optional_policy(`
+@@ -119,8 +131,13 @@
  
  optional_policy(`
  	corenet_udp_bind_generic_port(procmail_t)
@@ -14355,7 +14377,7 @@
 -/usr/bin/fusermount		--	gen_context(system_u:object_r:mount_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.6.4/policy/modules/system/mount.te
 --- nsaserefpolicy/policy/modules/system/mount.te	2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/mount.te	2008-01-02 11:27:47.000000000 -0500
++++ serefpolicy-2.6.4/policy/modules/system/mount.te	2008-01-16 10:54:42.000000000 -0500
 @@ -9,6 +9,13 @@
  ifdef(`targeted_policy',`
  ## <desc>
@@ -14429,7 +14451,15 @@
  
  libs_use_ld_so(mount_t)
  libs_use_shared_libs(mount_t)
-@@ -130,10 +149,15 @@
+@@ -120,6 +139,7 @@
+ seutil_read_config(mount_t)
+ 
+ userdom_use_all_users_fds(mount_t)
++userdom_read_sysadm_home_content_files(mount_t)
+ 
+ ifdef(`distro_redhat',`
+ 	optional_policy(`
+@@ -130,10 +150,15 @@
  ')
  
  ifdef(`targeted_policy',`
@@ -14446,7 +14476,7 @@
  	')
  ')
  
-@@ -162,13 +186,9 @@
+@@ -162,13 +187,9 @@
  
  	fs_search_rpc(mount_t)
  
@@ -14461,7 +14491,7 @@
  ')
  
  optional_policy(`
-@@ -183,6 +203,10 @@
+@@ -183,6 +204,10 @@
  	')
  ')
  
@@ -14472,7 +14502,7 @@
  # for kernel package installation
  optional_policy(`
  	rpm_rw_pipes(mount_t)
-@@ -192,9 +216,6 @@
+@@ -192,9 +217,6 @@
  	samba_domtrans_smbmount(mount_t)
  ')
  
@@ -14482,7 +14512,7 @@
  
  ########################################
  #
-@@ -204,4 +225,30 @@
+@@ -204,4 +226,30 @@
  ifdef(`targeted_policy',`
  	files_etc_filetrans_etc_runtime(unconfined_mount_t,file)
  	unconfined_domain(unconfined_mount_t)


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/selinux-policy.spec,v
retrieving revision 1.517
retrieving revision 1.518
diff -u -r1.517 -r1.518
--- selinux-policy.spec	8 Jan 2008 19:57:58 -0000	1.517
+++ selinux-policy.spec	17 Jan 2008 13:51:44 -0000	1.518
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.6.4
-Release: 69%{?dist}
+Release: 70%{?dist}
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -366,6 +366,9 @@
 
 %changelog
 
+* Tue Jan 8 2008 Dan Walsh <dwalsh at redhat.com> 2.6.4-70
+- Fix labeling on /etc/NetworkManager/dispatcher.d
+
 * Tue Jan 8 2008 Dan Walsh <dwalsh at redhat.com> 2.6.4-69
 - Allow samba to getattr on file systems labeled samba_share_t

More information about the fedora-extras-commits mailing list