rpms/selinux-policy/F-8 policy-20070703.patch,1.175,1.176

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Mon Jan 21 22:15:10 UTC 2008 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26017

Modified Files:
	policy-20070703.patch 
Log Message:
* Thu Jan 17 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-79
- Add procmail_log support
- Lots of fixes for munin
- fixes for dnsmasq
- Allow tmpreaper to delete aqmavis spool files


policy-20070703.patch:

Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.175
retrieving revision 1.176
diff -u -r1.175 -r1.176
--- policy-20070703.patch	21 Jan 2008 21:42:36 -0000	1.175
+++ policy-20070703.patch	21 Jan 2008 22:15:05 -0000	1.176
@@ -7352,7 +7352,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.0.8/policy/modules/services/consolekit.te
 --- nsaserefpolicy/policy/modules/services/consolekit.te	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/consolekit.te	2008-01-17 09:03:07.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/consolekit.te	2008-01-21 17:06:07.000000000 -0500
 @@ -10,7 +10,6 @@
  type consolekit_exec_t;
  init_daemon_domain(consolekit_t, consolekit_exec_t)
@@ -7416,7 +7416,7 @@
 +')
 +
 +optional_policy(`
-+	userdom_read_user_tmp_files(consolekit_t)
++	userdom_read_user_tmp_files(user,consolekit_t)
  ')
 +
 +
@@ -7464,7 +7464,7 @@
 +/var/lib/misc(/.*)?			gen_context(system_u:object_r:system_crond_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.0.8/policy/modules/services/cron.if
 --- nsaserefpolicy/policy/modules/services/cron.if	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/cron.if	2008-01-17 09:03:07.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/cron.if	2008-01-21 15:45:30.000000000 -0500
 @@ -35,6 +35,7 @@
  #
  template(`cron_per_role_template',`
@@ -10553,7 +10553,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.0.8/policy/modules/services/munin.te
 --- nsaserefpolicy/policy/modules/services/munin.te	2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/munin.te	2008-01-17 13:34:16.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/munin.te	2008-01-21 17:08:25.000000000 -0500
 @@ -1,5 +1,5 @@
  
 -policy_module(munin,1.3.0)
@@ -10566,9 +10566,8 @@
  #
  
 -allow munin_t self:capability { setgid setuid };
--dontaudit munin_t self:capability sys_tty_config;
 +allow munin_t self:capability { chown dac_override setgid setuid sys_rawio };
-+dontaudit munin_t self:ocapability sys_tty_config;
+ dontaudit munin_t self:capability sys_tty_config;
  allow munin_t self:process { getsched setsched signal_perms };
  allow munin_t self:unix_stream_socket { create_stream_socket_perms connectto };
  allow munin_t self:unix_dgram_socket { create_socket_perms sendto };

More information about the fedora-extras-commits mailing list