rpms/selinux-policy/devel policy-20071130.patch, 1.36, 1.37 selinux-policy.spec, 1.586, 1.587
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Mon Jan 21 21:42:32 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17474
Modified Files:
policy-20071130.patch selinux-policy.spec
Log Message:
* Mon Jan 21 2008 Dan Walsh <dwalsh at redhat.com> 3.2.5-15
- Allow login programs to talk dbus to oddjob
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- policy-20071130.patch 21 Jan 2008 15:57:25 -0000 1.36
+++ policy-20071130.patch 21 Jan 2008 21:42:26 -0000 1.37
@@ -1463,7 +1463,7 @@
#######################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.2.5/policy/modules/admin/tmpreaper.te
--- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2007-10-02 09:54:52.000000000 -0400
-+++ serefpolicy-3.2.5/policy/modules/admin/tmpreaper.te 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/admin/tmpreaper.te 2008-01-21 13:29:12.000000000 -0500
@@ -28,6 +28,7 @@
files_purge_tmp(tmpreaper_t)
# why does it need setattr?
@@ -1472,10 +1472,14 @@
mls_file_read_all_levels(tmpreaper_t)
mls_file_write_all_levels(tmpreaper_t)
-@@ -43,5 +44,10 @@
+@@ -43,5 +44,14 @@
cron_system_entry(tmpreaper_t,tmpreaper_exec_t)
optional_policy(`
++ amavis_manage_spool_files(tmpreaper_t)
++')
++
++optional_policy(`
+ kismet_manage_log(tmpreaper_t)
+')
+
@@ -3161,7 +3165,7 @@
# /bin
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.2.5/policy/modules/apps/mozilla.if
--- nsaserefpolicy/policy/modules/apps/mozilla.if 2007-10-29 07:52:48.000000000 -0400
-+++ serefpolicy-3.2.5/policy/modules/apps/mozilla.if 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/apps/mozilla.if 2008-01-21 12:59:29.000000000 -0500
@@ -35,7 +35,10 @@
template(`mozilla_per_role_template',`
gen_require(`
@@ -3275,9 +3279,9 @@
+ tunable_policy(`browser_write_$1_data',`
+ userdom_manage_user_home_content_dirs($1,$1_mozilla_t)
+ userdom_manage_user_home_content_files($1,$1_mozilla_t)
-+ userdom_read_user_home_content_symlinks($1,$1_mozilla_t)
++ userdom_manage_user_home_content_symlinks($1,$1_mozilla_t)
+ userdom_manage_user_home_content_pipes($1,$1_mozilla_t)
-+ userdom_user_home_dir_filetrans_user_home_content($1,$1_mozilla_t, { file dir })
++ userdom_user_home_dir_filetrans_user_home_content($1,$1_mozilla_t, { file dir lnk_file })
+ ', `
+ # helper apps will try to create .files
+ userdom_dontaudit_create_user_home_content_files($1,$1_mozilla_t)
@@ -3487,14 +3491,14 @@
- dbus_user_bus_client_template($1,$1_mozilla,$1_mozilla_t)
+# dbus_user_bus_client_template($1,$1_mozilla,$1_mozilla_t)
+# dbus_connectto_user_bus($1,$1_mozilla_t)
-+ ')
-+
-+ optional_policy(`
-+ gnome_exec_gconf($1_mozilla_t)
-+ gnome_manage_user_gnome_config($1,$1_mozilla_t)
')
optional_policy(`
++ gnome_exec_gconf($1_mozilla_t)
++ gnome_manage_user_gnome_config($1,$1_mozilla_t)
++ ')
++
++ optional_policy(`
+ gnome_domtrans_user_gconf($1,$1_mozilla_t)
gnome_stream_connect_gconf_template($1,$1_mozilla_t)
')
@@ -7559,7 +7563,7 @@
# Local policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.fc serefpolicy-3.2.5/policy/modules/services/clamav.fc
--- nsaserefpolicy/policy/modules/services/clamav.fc 2007-09-05 15:24:44.000000000 -0400
-+++ serefpolicy-3.2.5/policy/modules/services/clamav.fc 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/services/clamav.fc 2008-01-21 14:43:52.000000000 -0500
@@ -5,16 +5,20 @@
/usr/bin/freshclam -- gen_context(system_u:object_r:freshclam_exec_t,s0)
@@ -7582,7 +7586,7 @@
/var/spool/amavisd/clamd\.sock -s gen_context(system_u:object_r:clamd_var_run_t,s0)
+
-+/etc/rc.d/init.d/clamd-wrapper -- gen_context(system_u:object_r:clamav_script_exec_t,s0)
++/etc/rc.d/init.d/clamd-wrapper -- gen_context(system_u:object_r:clamd_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.if serefpolicy-3.2.5/policy/modules/services/clamav.if
--- nsaserefpolicy/policy/modules/services/clamav.if 2007-01-02 12:57:43.000000000 -0500
+++ serefpolicy-3.2.5/policy/modules/services/clamav.if 2008-01-18 17:11:50.000000000 -0500
@@ -9072,7 +9076,7 @@
# Local policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.2.5/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2007-12-04 11:02:50.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/services/dbus.if 2008-01-18 14:09:48.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/services/dbus.if 2008-01-21 14:38:27.000000000 -0500
@@ -53,6 +53,7 @@
gen_require(`
type system_dbusd_exec_t, system_dbusd_t, dbusd_etc_t;
@@ -10453,7 +10457,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-3.2.5/policy/modules/services/fail2ban.te
--- nsaserefpolicy/policy/modules/services/fail2ban.te 2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/services/fail2ban.te 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/services/fail2ban.te 2008-01-21 13:50:35.000000000 -0500
@@ -18,6 +18,9 @@
type fail2ban_var_run_t;
files_pid_file(fail2ban_var_run_t)
@@ -10464,6 +10468,15 @@
########################################
#
# fail2ban local policy
+@@ -55,6 +58,8 @@
+
+ miscfiles_read_localization(fail2ban_t)
+
++mta_send_mail(fail2ban_t)
++
+ optional_policy(`
+ apache_read_log(fail2ban_t)
+ ')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.fc serefpolicy-3.2.5/policy/modules/services/fetchmail.fc
--- nsaserefpolicy/policy/modules/services/fetchmail.fc 2006-11-16 17:15:21.000000000 -0500
+++ serefpolicy-3.2.5/policy/modules/services/fetchmail.fc 2008-01-18 12:40:46.000000000 -0500
@@ -10788,7 +10801,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.2.5/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/services/hal.te 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/services/hal.te 2008-01-21 13:37:54.000000000 -0500
@@ -49,6 +49,9 @@
type hald_var_lib_t;
files_type(hald_var_lib_t)
@@ -10825,7 +10838,16 @@
storage_raw_read_removable_device(hald_t)
storage_raw_write_removable_device(hald_t)
storage_raw_read_fixed_disk(hald_t)
-@@ -265,6 +271,11 @@
+@@ -172,6 +178,8 @@
+ init_rw_utmp(hald_t)
+ init_telinit(hald_t)
+
++fstools_getattr_swap_files(hald_t)
++
+ libs_use_ld_so(hald_t)
+ libs_use_shared_libs(hald_t)
+ libs_exec_ld_so(hald_t)
+@@ -265,6 +273,11 @@
')
optional_policy(`
@@ -10837,7 +10859,7 @@
rpc_search_nfs_state_data(hald_t)
')
-@@ -291,7 +302,8 @@
+@@ -291,7 +304,8 @@
#
allow hald_acl_t self:capability { dac_override fowner };
@@ -10847,7 +10869,7 @@
domtrans_pattern(hald_t, hald_acl_exec_t, hald_acl_t)
allow hald_t hald_acl_t:process signal;
-@@ -325,6 +337,11 @@
+@@ -325,6 +339,11 @@
miscfiles_read_localization(hald_acl_t)
@@ -10859,7 +10881,7 @@
########################################
#
# Local hald mac policy
-@@ -338,10 +355,14 @@
+@@ -338,10 +357,14 @@
manage_files_pattern(hald_mac_t,hald_var_lib_t,hald_var_lib_t)
files_search_var_lib(hald_mac_t)
@@ -10874,7 +10896,7 @@
libs_use_ld_so(hald_mac_t)
libs_use_shared_libs(hald_mac_t)
-@@ -391,3 +412,7 @@
+@@ -391,3 +414,7 @@
libs_use_shared_libs(hald_keymap_t)
miscfiles_read_localization(hald_keymap_t)
@@ -20209,7 +20231,7 @@
+/var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.2.5/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2007-11-29 13:29:35.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/system/authlogin.if 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/system/authlogin.if 2008-01-21 14:40:46.000000000 -0500
@@ -99,7 +99,7 @@
template(`authlogin_per_role_template',`
@@ -20251,7 +20273,7 @@
# for SSP/ProPolice
dev_read_urand($1)
# for fingerprint readers
-@@ -221,11 +233,28 @@
+@@ -221,11 +233,35 @@
logging_send_audit_msgs($1)
logging_send_syslog_msg($1)
@@ -20266,6 +20288,13 @@
+ userdom_unpriv_users_stream_connect($1)
+
+ optional_policy(`
++ dbus_system_bus_client_template(notused, $1)
++ optional_policy(`
++ oddjob_dbus_chat($1)
++ ')
++ ')
++
++ optional_policy(`
+ mount_domtrans($1)
+ ')
+
@@ -20281,7 +20310,7 @@
tunable_policy(`allow_polyinstantiation',`
files_polyinstantiate_all($1)
')
-@@ -342,6 +371,8 @@
+@@ -342,6 +378,8 @@
optional_policy(`
kerberos_use($1)
@@ -20290,7 +20319,7 @@
')
optional_policy(`
-@@ -356,6 +387,7 @@
+@@ -356,6 +394,7 @@
optional_policy(`
samba_stream_connect_winbind($1)
')
@@ -20298,7 +20327,7 @@
')
########################################
-@@ -369,12 +401,12 @@
+@@ -369,12 +408,12 @@
## </param>
## <param name="role">
## <summary>
@@ -20313,7 +20342,7 @@
## </summary>
## </param>
#
-@@ -386,6 +418,7 @@
+@@ -386,6 +425,7 @@
auth_domtrans_chk_passwd($1)
role $2 types system_chkpwd_t;
allow system_chkpwd_t $3:chr_file rw_file_perms;
@@ -20321,7 +20350,7 @@
')
########################################
-@@ -1457,6 +1490,7 @@
+@@ -1457,6 +1497,7 @@
optional_policy(`
samba_stream_connect_winbind($1)
samba_read_var_files($1)
@@ -20329,7 +20358,7 @@
')
')
-@@ -1491,3 +1525,23 @@
+@@ -1491,3 +1532,23 @@
typeattribute $1 can_write_shadow_passwords;
typeattribute $1 can_relabelto_shadow_passwords;
')
@@ -22092,7 +22121,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.2.5/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/system/selinuxutil.te 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/system/selinuxutil.te 2008-01-21 15:06:00.000000000 -0500
@@ -75,7 +75,6 @@
type restorecond_exec_t;
init_daemon_domain(restorecond_t,restorecond_exec_t)
@@ -22336,7 +22365,7 @@
ifdef(`distro_redhat', `
fs_rw_tmpfs_chr_files(setfiles_t)
fs_rw_tmpfs_blk_files(setfiles_t)
-@@ -574,18 +550,6 @@
+@@ -574,16 +550,8 @@
fs_relabel_tmpfs_chr_file(setfiles_t)
')
@@ -22350,11 +22379,11 @@
- unconfined_dontaudit_read_pipes(setfiles_t)
- unconfined_dontaudit_rw_tcp_sockets(setfiles_t)
- ')
--')
--
- optional_policy(`
- hotplug_use_fds(setfiles_t)
++optional_policy(`
++ cron_rw_pipes(setfiles_t)
')
+
+ optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.2.5/policy/modules/system/sysnetwork.if
--- nsaserefpolicy/policy/modules/system/sysnetwork.if 2007-07-16 14:09:49.000000000 -0400
+++ serefpolicy-3.2.5/policy/modules/system/sysnetwork.if 2008-01-18 12:40:46.000000000 -0500
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.586
retrieving revision 1.587
diff -u -r1.586 -r1.587
--- selinux-policy.spec 21 Jan 2008 15:57:25 -0000 1.586
+++ selinux-policy.spec 21 Jan 2008 21:42:26 -0000 1.587
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.2.5
-Release: 14%{?dist}
+Release: 15%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -387,6 +387,9 @@
%endif
%changelog
+* Mon Jan 21 2008 Dan Walsh <dwalsh at redhat.com> 3.2.5-15
+- Allow login programs to talk dbus to oddjob
+
* Thu Jan 17 2008 Dan Walsh <dwalsh at redhat.com> 3.2.5-14
- Add procmail_log support
- Lots of fixes for munin
More information about the fedora-extras-commits
mailing list