rpms/selinux-policy/devel policy-20071130.patch, 1.37, 1.38 selinux-policy.spec, 1.587, 1.588
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Tue Jan 22 17:35:45 UTC 2008
- Previous message (by thread): rpms/libbtctl/devel .cvsignore, 1.6, 1.7 libbtctl.spec, 1.49, 1.50 sources, 1.7, 1.8 libbtctl-0.6.0-libdir.patch, 1.1, NONE libbtctl-0.6.0-print.patch, 1.1, NONE libbtctl-0.8.0-crash.patch, 1.1, NONE
- Next message (by thread): rpms/kernel/F-7 linux-2.6-dcdbas-autoload.patch, NONE, 1.1 kernel-2.6.spec, 1.3415, 1.3416
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23927
Modified Files:
policy-20071130.patch selinux-policy.spec
Log Message:
* Mon Jan 21 2008 Dan Walsh <dwalsh at redhat.com> 3.2.5-16
- Allow nsplugin sys_nice, getsched, setsched
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -r1.37 -r1.38
--- policy-20071130.patch 21 Jan 2008 21:42:26 -0000 1.37
+++ policy-20071130.patch 22 Jan 2008 17:35:34 -0000 1.38
@@ -3165,7 +3165,7 @@
# /bin
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.2.5/policy/modules/apps/mozilla.if
--- nsaserefpolicy/policy/modules/apps/mozilla.if 2007-10-29 07:52:48.000000000 -0400
-+++ serefpolicy-3.2.5/policy/modules/apps/mozilla.if 2008-01-21 12:59:29.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/apps/mozilla.if 2008-01-21 18:10:10.000000000 -0500
@@ -35,7 +35,10 @@
template(`mozilla_per_role_template',`
gen_require(`
@@ -3732,20 +3732,40 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.fc serefpolicy-3.2.5/policy/modules/apps/nsplugin.fc
--- nsaserefpolicy/policy/modules/apps/nsplugin.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/apps/nsplugin.fc 2008-01-21 09:27:08.000000000 -0500
-@@ -0,0 +1,3 @@
++++ serefpolicy-3.2.5/policy/modules/apps/nsplugin.fc 2008-01-21 17:31:09.000000000 -0500
+@@ -0,0 +1,4 @@
+
-+/usr/lib(64)?/nspluginwrapper/plugin-config -- gen_context(system_u:object_r:nsplugin_exec_t,s0)
++/usr/lib(64)?/nspluginwrapper/npviewer.bin -- gen_context(system_u:object_r:nsplugin_exec_t,s0)
++/usr/lib(64)?/nspluginwrapper/plugin-config -- gen_context(system_u:object_r:nsplugin_config_exec_t,s0)
+/usr/lib(64)?/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:nsplugin_rw_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.2.5/policy/modules/apps/nsplugin.if
--- nsaserefpolicy/policy/modules/apps/nsplugin.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/apps/nsplugin.if 2008-01-18 12:40:46.000000000 -0500
-@@ -0,0 +1,227 @@
++++ serefpolicy-3.2.5/policy/modules/apps/nsplugin.if 2008-01-21 18:22:21.000000000 -0500
+@@ -0,0 +1,290 @@
+
+## <summary>policy for nsplugin</summary>
+
+########################################
+## <summary>
++## Execute a domain transition to run nsplugin_config.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed to transition.
++## </summary>
++## </param>
++#
++interface(`nsplugin_config_domtrans',`
++ gen_require(`
++ type nsplugin_config_t;
++ type nsplugin_config_exec_t;
++ ')
++
++ domtrans_pattern($1,nsplugin_config_exec_t,nsplugin_config_t)
++')
++
++########################################
++## <summary>
+## Execute a domain transition to run nsplugin.
+## </summary>
+## <param name="domain">
@@ -3763,10 +3783,10 @@
+ domtrans_pattern($1,nsplugin_exec_t,nsplugin_t)
+')
+
-+
+########################################
+## <summary>
-+## Search nsplugin rw directories.
++## Create, read, write, and delete
++## nsplugin rw files.
+## </summary>
+## <param name="domain">
+## <summary>
@@ -3774,17 +3794,18 @@
+## </summary>
+## </param>
+#
-+interface(`nsplugin_search_rw_dir',`
++interface(`nsplugin_manage_rw_files',`
+ gen_require(`
+ type nsplugin_rw_t;
+ ')
+
-+ allow $1 nsplugin_rw_t:dir search_dir_perms;
++ allow $1 nsplugin_rw_t:file manage_file_perms;
++ allow $1 nsplugin_rw_t:dir rw_dir_perms;
+')
+
+########################################
+## <summary>
-+## Read nsplugin rw files.
++## Manage nsplugin rw files.
+## </summary>
+## <param name="domain">
+## <summary>
@@ -3792,36 +3813,106 @@
+## </summary>
+## </param>
+#
-+interface(`nsplugin_read_rw_files',`
++interface(`nsplugin_manage_rw',`
+ gen_require(`
+ type nsplugin_rw_t;
+ ')
+
-+ read_files_pattern($1, nsplugin_rw_t, nsplugin_rw_t)
++ manage_dirs_pattern($1,nsplugin_rw_t,nsplugin_rw_t)
++ manage_files_pattern($1,nsplugin_rw_t,nsplugin_rw_t)
++ manage_lnk_files_pattern($1,nsplugin_rw_t,nsplugin_rw_t)
+')
+
++
+########################################
+## <summary>
-+## Exec nsplugin rw files.
++## Execute plugin_config in the nsplugin_config domain, and
++## allow the specified role the nsplugin_config domain.
+## </summary>
+## <param name="domain">
+## <summary>
-+## Domain allowed access.
++## Domain allowed access
++## </summary>
++## </param>
++## <param name="role">
++## <summary>
++## The role to be allowed the nsplugin domain.
++## </summary>
++## </param>
++## <param name="terminal">
++## <summary>
++## The type of the role's terminal.
+## </summary>
+## </param>
+#
-+interface(`nsplugin_rw_exec',`
++interface(`nsplugin_run_config',`
+ gen_require(`
++ type nsplugin_config_t;
++ ')
++
++ nsplugin_config_domtrans($1)
++ role $2 types nsplugin_config_t;
++ dontaudit nsplugin_config_t $3:chr_file rw_term_perms;
++')
++
++#######################################
++## <summary>
++## The per role template for the nsplugin module.
++## </summary>
++## <desc>
++## <p>
++## This template creates a derived domains which are used
++## for nsplugin web browser.
++## </p>
++## <p>
++## This template is invoked automatically for each user, and
++## generally does not need to be invoked directly
++## by policy writers.
++## </p>
++## </desc>
++## <param name="userdomain_prefix">
++## <summary>
++## The prefix of the user domain (e.g., user
++## is the prefix for user_t).
++## </summary>
++## </param>
++## <param name="user_domain">
++## <summary>
++## The type of the user domain.
++## </summary>
++## </param>
++## <param name="user_role">
++## <summary>
++## The role associated with the user domain.
++## </summary>
++## </param>
++#
++template(`nsplugin_per_role_template',`
++ gen_require(`
++ type nsplugin_t;
++ type nsplugin_config_t;
+ type nsplugin_rw_t;
+ ')
++ nsplugin_domtrans($2)
++ role $3 types nsplugin_t;
+
-+ can_exec($1, nsplugin_rw_t)
++ nsplugin_config_domtrans($2)
++ role $3 types nsplugin_config_t;
++
++ read_files_pattern($2, nsplugin_rw_t, nsplugin_rw_t)
++ read_lnk_files_pattern($2, nsplugin_rw_t, nsplugin_rw_t)
++ can_exec($2, nsplugin_rw_t)
++
++
++ allow nsplugin_t $2:udp_socket { read write };
++
++ allow $2 nsplugin_t:process { signal sigkill };
++ allow $2 nsplugin_t:unix_stream_socket connectto;
+')
+
+########################################
+## <summary>
-+## Create, read, write, and delete
-+## nsplugin rw files.
++## Search nsplugin rw directories.
+## </summary>
+## <param name="domain">
+## <summary>
@@ -3829,18 +3920,17 @@
+## </summary>
+## </param>
+#
-+interface(`nsplugin_manage_rw_files',`
++interface(`nsplugin_search_rw_dir',`
+ gen_require(`
+ type nsplugin_rw_t;
+ ')
+
-+ allow $1 nsplugin_rw_t:file manage_file_perms;
-+ allow $1 nsplugin_rw_t:dir rw_dir_perms;
++ allow $1 nsplugin_rw_t:dir search_dir_perms;
+')
+
+########################################
+## <summary>
-+## Manage nsplugin rw files.
++## Read nsplugin rw files.
+## </summary>
+## <param name="domain">
+## <summary>
@@ -3848,16 +3938,31 @@
+## </summary>
+## </param>
+#
-+interface(`nsplugin_manage_rw',`
++interface(`nsplugin_read_rw_files',`
+ gen_require(`
+ type nsplugin_rw_t;
+ ')
+
-+ manage_dirs_pattern($1,nsplugin_rw_t,nsplugin_rw_t)
-+ manage_files_pattern($1,nsplugin_rw_t,nsplugin_rw_t)
-+ manage_lnk_files_pattern($1,nsplugin_rw_t,nsplugin_rw_t)
++ read_files_pattern($1, nsplugin_rw_t, nsplugin_rw_t)
+')
+
++########################################
++## <summary>
++## Exec nsplugin rw files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`nsplugin_rw_exec',`
++ gen_require(`
++ type nsplugin_rw_t;
++ ')
++
++ can_exec($1, nsplugin_rw_t)
++')
+
+########################################
+## <summary>
@@ -3890,7 +3995,6 @@
+ dontaudit nsplugin_t $3:chr_file rw_term_perms;
+')
+
-+
+########################################
+## <summary>
+## All of the rules required to administrate
@@ -3916,62 +4020,22 @@
+interface(`nsplugin_admin',`
+ gen_require(`
+ type nsplugin_t;
++ type nsplugin_config_t;
+ ')
+
+ allow $1 nsplugin_t:process { ptrace signal_perms getattr };
+ read_files_pattern($1, nsplugin_t, nsplugin_t)
-+ nsplugin_manage_rw($1)
+
-+')
++ allow $1 nsplugin_config_t:process { ptrace signal_perms getattr };
++ read_files_pattern($1, nsplugin_config_t, nsplugin_config_t)
+
-+#######################################
-+## <summary>
-+## The per role template for the nsplugin module.
-+## </summary>
-+## <desc>
-+## <p>
-+## This template creates a derived domains which are used
-+## for nsplugin web browser.
-+## </p>
-+## <p>
-+## This template is invoked automatically for each user, and
-+## generally does not need to be invoked directly
-+## by policy writers.
-+## </p>
-+## </desc>
-+## <param name="userdomain_prefix">
-+## <summary>
-+## The prefix of the user domain (e.g., user
-+## is the prefix for user_t).
-+## </summary>
-+## </param>
-+## <param name="user_domain">
-+## <summary>
-+## The type of the user domain.
-+## </summary>
-+## </param>
-+## <param name="user_role">
-+## <summary>
-+## The role associated with the user domain.
-+## </summary>
-+## </param>
-+#
-+template(`nsplugin_per_role_template',`
-+ gen_require(`
-+ type nsplugin_t;
-+ type nsplugin_rw_t;
-+ ')
-+ nsplugin_domtrans($2)
-+ role $3 types nsplugin_t;
++ nsplugin_manage_rw($1)
+
-+ read_files_pattern($2, nsplugin_rw_t, nsplugin_rw_t)
-+ read_lnk_files_pattern($2, nsplugin_rw_t, nsplugin_rw_t)
-+ can_exec($2, nsplugin_rw_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.2.5/policy/modules/apps/nsplugin.te
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/apps/nsplugin.te 2008-01-18 12:40:46.000000000 -0500
-@@ -0,0 +1,47 @@
++++ serefpolicy-3.2.5/policy/modules/apps/nsplugin.te 2008-01-21 18:20:27.000000000 -0500
+@@ -0,0 +1,100 @@
+policy_module(nsplugin,1.0.0)
+
+########################################
@@ -3984,6 +4048,11 @@
+application_domain(nsplugin_t, nsplugin_exec_t)
+role system_r types nsplugin_t;
+
++type nsplugin_config_t;
++type nsplugin_config_exec_t;
++application_domain(nsplugin_config_t, nsplugin_config_exec_t)
++role system_r types nsplugin_config_t;
++
+
+type nsplugin_rw_t;
+files_type(nsplugin_rw_t)
@@ -3992,33 +4061,81 @@
+#
+# nsplugin local policy
+#
-+
-+## internal communication is often done using fifo and unix sockets.
-+allow nsplugin_t self:capability { setuid setgid };
+allow nsplugin_t self:fifo_file rw_file_perms;
-+allow nsplugin_t self:unix_stream_socket create_stream_socket_perms;
++allow nsplugin_t self:process getsched;
++
++corecmd_exec_bin(nsplugin_config_t)
++corecmd_exec_shell(nsplugin_config_t)
+
-+can_exec(nsplugin_t, nsplugin_rw_t)
-+manage_dirs_pattern(nsplugin_t, nsplugin_rw_t, nsplugin_rw_t)
-+manage_files_pattern(nsplugin_t, nsplugin_rw_t, nsplugin_rw_t)
-+manage_lnk_files_pattern(nsplugin_t, nsplugin_rw_t, nsplugin_rw_t)
++domain_dontaudit_read_all_domains_state(nsplugin_t)
+
-+corecmd_exec_bin(nsplugin_t)
-+corecmd_exec_shell(nsplugin_t)
++dev_read_rand(nsplugin_t)
+
++kernel_read_kernel_sysctls(nsplugin_t)
+kernel_read_system_state(nsplugin_t)
+
++files_read_usr_files(nsplugin_t)
+files_read_etc_files(nsplugin_t)
-+files_dontaudit_search_home(nsplugin_t)
++
++fs_list_inotifyfs(nsplugin_t)
++
++auth_use_nsswitch(nsplugin_t)
+
+libs_use_ld_so(nsplugin_t)
+libs_use_shared_libs(nsplugin_t)
+
+miscfiles_read_localization(nsplugin_t)
+
-+userdom_dontaudit_search_all_users_home_content(nsplugin_t)
++optional_policy(`
++ userdom_read_user_home_content_files(user, nsplugin_t)
++')
++
++optional_policy(`
++ mozilla_read_user_home_files(user, nsplugin_t)
++ mozilla_write_user_home_files(user, nsplugin_t)
++')
++
++optional_policy(`
++ xserver_stream_connect_xdm_xserver(nsplugin_t)
++ xserver_xdm_rw_shm(nsplugin_t)
++ xserver_read_xdm_tmp_files(nsplugin_t)
++')
++
++########################################
++#
++# nsplugin_config local policy
++#
++
++## internal communication is often done using fifo and unix sockets.
++allow nsplugin_config_t self:capability { sys_nice setuid setgid };
++allow nsplugin_config_t self:process { setsched getsched };
++
++allow nsplugin_config_t self:fifo_file rw_file_perms;
++allow nsplugin_config_t self:unix_stream_socket create_stream_socket_perms;
+
++can_exec(nsplugin_config_t, nsplugin_rw_t)
++manage_dirs_pattern(nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
++manage_files_pattern(nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
++manage_lnk_files_pattern(nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
+
++corecmd_exec_bin(nsplugin_config_t)
++corecmd_exec_shell(nsplugin_config_t)
++
++kernel_read_system_state(nsplugin_config_t)
++
++files_read_etc_files(nsplugin_config_t)
++files_dontaudit_search_home(nsplugin_config_t)
++
++auth_use_nsswitch(nsplugin_config_t)
++
++libs_use_ld_so(nsplugin_config_t)
++libs_use_shared_libs(nsplugin_config_t)
++
++miscfiles_read_localization(nsplugin_config_t)
++
++userdom_dontaudit_search_all_users_home_content(nsplugin_config_t)
++
++nsplugin_domtrans(nsplugin_config_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.fc serefpolicy-3.2.5/policy/modules/apps/screen.fc
--- nsaserefpolicy/policy/modules/apps/screen.fc 2007-10-12 08:56:02.000000000 -0400
+++ serefpolicy-3.2.5/policy/modules/apps/screen.fc 2008-01-18 12:40:46.000000000 -0500
@@ -4502,7 +4619,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.2.5/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2007-12-12 11:35:27.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/kernel/corecommands.fc 2008-01-21 09:29:13.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/kernel/corecommands.fc 2008-01-21 17:36:36.000000000 -0500
@@ -7,11 +7,11 @@
/bin/d?ash -- gen_context(system_u:object_r:shell_exec_t,s0)
/bin/bash -- gen_context(system_u:object_r:shell_exec_t,s0)
@@ -4554,13 +4671,12 @@
/usr/share/apr-0/build/[^/]+\.sh -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/apr-0/build/libtool -- gen_context(system_u:object_r:bin_t,s0)
-@@ -284,3 +291,7 @@
+@@ -284,3 +291,6 @@
ifdef(`distro_suse',`
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
')
+/usr/lib(64)?/nspluginwrapper/npconfig gen_context(system_u:object_r:bin_t,s0)
+/usr/lib(64)?/nspluginwrapper/npviewer gen_context(system_u:object_r:bin_t,s0)
-+/usr/lib(64)?/nspluginwrapper/npviewer.bin gen_context(system_u:object_r:bin_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.2.5/policy/modules/kernel/corecommands.if
--- nsaserefpolicy/policy/modules/kernel/corecommands.if 2007-11-14 08:17:58.000000000 -0500
@@ -4575,7 +4691,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.2.5/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2007-11-29 13:29:34.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/kernel/corenetwork.te.in 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/kernel/corenetwork.te.in 2008-01-22 09:05:42.000000000 -0500
@@ -82,6 +82,7 @@
network_port(clockspeed, udp,4041,s0)
network_port(cluster, tcp,5149,s0, udp,5149,s0, tcp,40040,s0, tcp,50006,s0, udp,50006,s0, tcp,50007,s0, udp,50007,s0, tcp,50008,s0, udp,50008,s0)
@@ -4601,6 +4717,15 @@
network_port(pop, tcp,106,s0, tcp,109,s0, tcp,110,s0, tcp,143,s0, tcp,220,s0, tcp,993,s0, tcp,995,s0, tcp,1109,s0)
network_port(portmap, udp,111,s0, tcp,111,s0)
network_port(postgresql, tcp,5432,s0)
+@@ -148,7 +152,7 @@
+ network_port(ricci_modcluster, tcp,16851,s0, udp,16851,s0)
+ network_port(rlogind, tcp,513,s0)
+ network_port(rndc, tcp,953,s0)
+-network_port(router, udp,520,s0)
++network_port(router, udp,520,s0, udp,521,s0, tcp,521,s0)
+ network_port(rsh, tcp,514,s0)
+ network_port(rsync, tcp,873,s0, udp,873,s0)
+ network_port(rwho, udp,513,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in.cyphesis serefpolicy-3.2.5/policy/modules/kernel/corenetwork.te.in.cyphesis
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in.cyphesis 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.2.5/policy/modules/kernel/corenetwork.te.in.cyphesis 2008-01-18 12:40:46.000000000 -0500
@@ -5114,7 +5239,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.2.5/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2007-10-29 18:02:31.000000000 -0400
-+++ serefpolicy-3.2.5/policy/modules/kernel/files.if 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/kernel/files.if 2008-01-21 17:43:20.000000000 -0500
@@ -1266,6 +1266,24 @@
########################################
@@ -10755,7 +10880,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.2.5/policy/modules/services/hal.if
--- nsaserefpolicy/policy/modules/services/hal.if 2007-09-05 15:24:44.000000000 -0400
-+++ serefpolicy-3.2.5/policy/modules/services/hal.if 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/services/hal.if 2008-01-22 09:23:09.000000000 -0500
@@ -302,3 +302,42 @@
files_search_pids($1)
allow $1 hald_var_run_t:file rw_file_perms;
@@ -12631,7 +12756,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.2.5/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/services/networkmanager.te 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/services/networkmanager.te 2008-01-22 09:23:46.000000000 -0500
@@ -13,6 +13,9 @@
type NetworkManager_var_run_t;
files_pid_file(NetworkManager_var_run_t)
@@ -12678,7 +12803,7 @@
libs_use_ld_so(NetworkManager_t)
libs_use_shared_libs(NetworkManager_t)
-@@ -129,8 +138,11 @@
+@@ -129,21 +138,25 @@
')
optional_policy(`
@@ -12690,14 +12815,16 @@
')
optional_policy(`
-@@ -138,12 +150,9 @@
+- howl_signal(NetworkManager_t)
++ hal_write_log(NetworkManager_t)
')
optional_policy(`
- nis_use_ypbind(NetworkManager_t)
--')
--
--optional_policy(`
++ howl_signal(NetworkManager_t)
+ ')
+
+ optional_policy(`
- nscd_socket_use(NetworkManager_t)
nscd_signal(NetworkManager_t)
+ nscd_script_domtrans(NetworkManager_t)
@@ -12705,7 +12832,7 @@
')
optional_policy(`
-@@ -155,6 +164,7 @@
+@@ -155,6 +168,7 @@
ppp_domtrans(NetworkManager_t)
ppp_read_pid_files(NetworkManager_t)
ppp_signal(NetworkManager_t)
@@ -12713,7 +12840,7 @@
')
optional_policy(`
-@@ -166,11 +176,6 @@
+@@ -166,11 +180,6 @@
')
optional_policy(`
@@ -22639,9 +22766,13 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.2.5/policy/modules/system/unconfined.fc
--- nsaserefpolicy/policy/modules/system/unconfined.fc 2007-12-12 11:35:28.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/system/unconfined.fc 2008-01-18 12:40:46.000000000 -0500
-@@ -10,7 +10,11 @@
- /usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
++++ serefpolicy-3.2.5/policy/modules/system/unconfined.fc 2008-01-22 09:28:42.000000000 -0500
+@@ -7,10 +7,14 @@
+ /usr/bin/vncserver -- gen_context(system_u:object_r:unconfined_exec_t,s0)
+
+ /usr/lib/ia32el/ia32x_loader -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
+-/usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
++/usr/lib(64)?/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
/usr/local/RealPlayer/realplay\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
-
@@ -23191,7 +23322,7 @@
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.2.5/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-11-29 13:29:35.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/system/userdomain.if 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/system/userdomain.if 2008-01-21 17:18:31.000000000 -0500
@@ -29,8 +29,9 @@
')
@@ -23203,7 +23334,7 @@
domain_type($1_t)
corecmd_shell_entry_type($1_t)
corecmd_bin_entry_type($1_t)
-@@ -45,66 +46,70 @@
+@@ -45,66 +46,71 @@
type $1_tty_device_t;
term_user_tty($1_t,$1_tty_device_t)
@@ -23306,6 +23437,7 @@
-
- miscfiles_read_localization($1_t)
- miscfiles_read_certs($1_t)
++ files_dontaudit_getattr_all_dirs($1_usertype)
+ files_dontaudit_list_non_security($1_usertype)
+ files_dontaudit_getattr_non_security_files($1_usertype)
+ files_dontaudit_getattr_non_security_symlinks($1_usertype)
@@ -23327,7 +23459,7 @@
tunable_policy(`allow_execmem',`
# Allow loading DSOs that require executable stack.
-@@ -115,6 +120,10 @@
+@@ -115,6 +121,10 @@
# Allow making the stack executable via mprotect.
allow $1_t self:process execstack;
')
@@ -23338,7 +23470,7 @@
')
#######################################
-@@ -141,33 +150,13 @@
+@@ -141,33 +151,13 @@
#
template(`userdom_ro_home_template',`
gen_require(`
@@ -23377,7 +23509,7 @@
##############################
#
-@@ -175,13 +164,13 @@
+@@ -175,13 +165,13 @@
#
# read-only home directory
@@ -23398,7 +23530,7 @@
files_list_home($1_t)
tunable_policy(`use_nfs_home_dirs',`
-@@ -231,30 +220,14 @@
+@@ -231,30 +221,14 @@
#
template(`userdom_manage_home_template',`
gen_require(`
@@ -23435,7 +23567,7 @@
##############################
#
-@@ -262,43 +235,44 @@
+@@ -262,43 +236,44 @@
#
# full control of the home directory
@@ -23508,7 +23640,7 @@
')
')
-@@ -316,14 +290,20 @@
+@@ -316,14 +291,20 @@
## <rolebase/>
#
template(`userdom_exec_home_template',`
@@ -23534,7 +23666,7 @@
')
')
-@@ -341,11 +321,10 @@
+@@ -341,11 +322,10 @@
## <rolebase/>
#
template(`userdom_poly_home_template',`
@@ -23550,7 +23682,7 @@
')
#######################################
-@@ -369,18 +348,18 @@
+@@ -369,18 +349,18 @@
#
template(`userdom_manage_tmp_template',`
gen_require(`
@@ -23579,7 +23711,7 @@
')
#######################################
-@@ -396,7 +375,13 @@
+@@ -396,7 +376,13 @@
## <rolebase/>
#
template(`userdom_exec_tmp_template',`
@@ -23594,7 +23726,7 @@
')
#######################################
-@@ -510,10 +495,6 @@
+@@ -510,10 +496,6 @@
## <rolebase/>
#
template(`userdom_exec_generic_pgms_template',`
@@ -23605,7 +23737,7 @@
corecmd_exec_bin($1_t)
')
-@@ -531,9 +512,6 @@
+@@ -531,9 +513,6 @@
## <rolebase/>
#
template(`userdom_basic_networking_template',`
@@ -23615,7 +23747,7 @@
allow $1_t self:tcp_socket create_stream_socket_perms;
allow $1_t self:udp_socket create_socket_perms;
-@@ -548,10 +526,6 @@
+@@ -548,10 +527,6 @@
corenet_udp_sendrecv_all_ports($1_t)
corenet_tcp_connect_all_ports($1_t)
corenet_sendrecv_all_client_packets($1_t)
@@ -23626,7 +23758,7 @@
')
#######################################
-@@ -568,30 +542,29 @@
+@@ -568,30 +543,29 @@
#
template(`userdom_xwindows_client_template',`
gen_require(`
@@ -23673,7 +23805,7 @@
')
#######################################
-@@ -717,6 +690,12 @@
+@@ -717,6 +691,12 @@
# Stat lost+found.
files_getattr_lost_found_dirs($1_t)
@@ -23686,7 +23818,7 @@
# cjp: some of this probably can be removed
selinux_get_fs_mount($1_t)
selinux_validate_context($1_t)
-@@ -728,11 +707,11 @@
+@@ -728,11 +708,11 @@
# for eject
storage_getattr_fixed_disk_dev($1_t)
@@ -23699,7 +23831,7 @@
init_read_utmp($1_t)
-@@ -758,10 +737,6 @@
+@@ -758,10 +738,6 @@
dev_read_mouse($1_t)
')
@@ -23710,7 +23842,7 @@
optional_policy(`
alsa_read_rw_config($1_t)
')
-@@ -783,20 +758,20 @@
+@@ -783,20 +759,20 @@
')
optional_policy(`
@@ -23736,7 +23868,7 @@
')
')
-@@ -824,11 +799,18 @@
+@@ -824,11 +800,18 @@
mta_rw_spool($1_t)
')
@@ -23759,7 +23891,7 @@
')
optional_policy(`
-@@ -842,13 +824,6 @@
+@@ -842,13 +825,6 @@
')
optional_policy(`
@@ -23773,7 +23905,7 @@
resmgr_stream_connect($1_t)
')
-@@ -889,6 +864,8 @@
+@@ -889,6 +865,8 @@
## </param>
#
template(`userdom_login_user_template', `
@@ -23782,7 +23914,7 @@
userdom_base_user_template($1)
userdom_manage_home_template($1)
-@@ -917,26 +894,26 @@
+@@ -917,26 +895,26 @@
allow $1_t self:context contains;
@@ -23823,7 +23955,7 @@
auth_dontaudit_write_login_records($1_t)
-@@ -944,43 +921,43 @@
+@@ -944,43 +922,43 @@
# The library functions always try to open read-write first,
# then fall back to read-only if it fails.
@@ -23885,7 +24017,7 @@
')
')
-@@ -1014,9 +991,6 @@
+@@ -1014,9 +992,6 @@
domain_interactive_fd($1_t)
typeattribute $1_devpts_t user_ptynode;
@@ -23895,7 +24027,7 @@
typeattribute $1_tty_device_t user_ttynode;
##############################
-@@ -1025,16 +999,32 @@
+@@ -1025,16 +1000,32 @@
#
# privileged home directory writers
@@ -23934,7 +24066,7 @@
')
#######################################
-@@ -1062,6 +1052,13 @@
+@@ -1062,6 +1053,13 @@
userdom_restricted_user_template($1)
@@ -23948,7 +24080,7 @@
userdom_xwindows_client_template($1)
##############################
-@@ -1070,14 +1067,14 @@
+@@ -1070,14 +1068,14 @@
#
authlogin_per_role_template($1, $1_t, $1_r)
@@ -23968,7 +24100,7 @@
logging_dontaudit_send_audit_msgs($1_t)
# Need to to this just so screensaver will work. Should be moved to screensaver domain
-@@ -1085,33 +1082,14 @@
+@@ -1085,33 +1083,14 @@
selinux_get_enforce_mode($1_t)
optional_policy(`
@@ -24008,7 +24140,7 @@
')
#######################################
-@@ -1121,10 +1099,10 @@
+@@ -1121,10 +1100,10 @@
## </summary>
## <desc>
## <p>
@@ -24023,7 +24155,7 @@
## This template creates a user domain, types, and
## rules for the user's tty, pty, home directories,
## tmp, and tmpfs files.
-@@ -1187,22 +1165,17 @@
+@@ -1187,22 +1166,17 @@
# and may change other protocols
tunable_policy(`user_tcp_server',`
corenet_tcp_bind_all_nodes($1_t)
@@ -24048,7 +24180,7 @@
')
#######################################
-@@ -1278,8 +1251,6 @@
+@@ -1278,8 +1252,6 @@
# Manipulate other users crontab.
allow $1_t self:passwd crontab;
@@ -24057,7 +24189,7 @@
kernel_read_software_raid_state($1_t)
kernel_getattr_core_if($1_t)
kernel_getattr_message_if($1_t)
-@@ -1416,6 +1387,7 @@
+@@ -1416,6 +1388,7 @@
dev_relabel_all_dev_nodes($1)
files_create_boot_flag($1)
@@ -24065,7 +24197,7 @@
# Necessary for managing /boot/efi
fs_manage_dos_files($1)
-@@ -1781,10 +1753,14 @@
+@@ -1781,10 +1754,14 @@
template(`userdom_user_home_content',`
gen_require(`
attribute $1_file_type;
@@ -24081,7 +24213,7 @@
')
########################################
-@@ -1880,11 +1856,11 @@
+@@ -1880,11 +1857,11 @@
#
template(`userdom_search_user_home_dirs',`
gen_require(`
@@ -24095,7 +24227,7 @@
')
########################################
-@@ -1914,11 +1890,11 @@
+@@ -1914,11 +1891,11 @@
#
template(`userdom_list_user_home_dirs',`
gen_require(`
@@ -24109,7 +24241,7 @@
')
########################################
-@@ -1962,12 +1938,12 @@
+@@ -1962,12 +1939,12 @@
#
template(`userdom_user_home_domtrans',`
gen_require(`
@@ -24125,7 +24257,7 @@
')
########################################
-@@ -1997,10 +1973,10 @@
+@@ -1997,10 +1974,10 @@
#
template(`userdom_dontaudit_list_user_home_dirs',`
gen_require(`
@@ -24138,7 +24270,7 @@
')
########################################
-@@ -2032,11 +2008,47 @@
+@@ -2032,11 +2009,47 @@
#
template(`userdom_manage_user_home_content_dirs',`
gen_require(`
@@ -24188,7 +24320,7 @@
')
########################################
-@@ -2068,10 +2080,10 @@
+@@ -2068,10 +2081,10 @@
#
template(`userdom_dontaudit_setattr_user_home_content_files',`
gen_require(`
@@ -24201,7 +24333,7 @@
')
########################################
-@@ -2101,11 +2113,11 @@
+@@ -2101,11 +2114,11 @@
#
template(`userdom_read_user_home_content_files',`
gen_require(`
@@ -24215,7 +24347,7 @@
')
########################################
-@@ -2135,11 +2147,11 @@
+@@ -2135,11 +2148,11 @@
#
template(`userdom_dontaudit_read_user_home_content_files',`
gen_require(`
@@ -24230,7 +24362,7 @@
')
########################################
-@@ -2169,10 +2181,10 @@
+@@ -2169,10 +2182,10 @@
#
template(`userdom_dontaudit_write_user_home_content_files',`
gen_require(`
@@ -24243,7 +24375,7 @@
')
########################################
-@@ -2202,11 +2214,11 @@
+@@ -2202,11 +2215,11 @@
#
template(`userdom_read_user_home_content_symlinks',`
gen_require(`
@@ -24257,7 +24389,7 @@
')
########################################
-@@ -2236,11 +2248,11 @@
+@@ -2236,11 +2249,11 @@
#
template(`userdom_exec_user_home_content_files',`
gen_require(`
@@ -24271,7 +24403,7 @@
')
########################################
-@@ -2270,10 +2282,10 @@
+@@ -2270,10 +2283,10 @@
#
template(`userdom_dontaudit_exec_user_home_content_files',`
gen_require(`
@@ -24284,7 +24416,7 @@
')
########################################
-@@ -2305,12 +2317,12 @@
+@@ -2305,12 +2318,12 @@
#
template(`userdom_manage_user_home_content_files',`
gen_require(`
@@ -24300,7 +24432,7 @@
')
########################################
-@@ -2342,10 +2354,10 @@
+@@ -2342,10 +2355,10 @@
#
template(`userdom_dontaudit_manage_user_home_content_dirs',`
gen_require(`
@@ -24313,7 +24445,7 @@
')
########################################
-@@ -2377,12 +2389,12 @@
+@@ -2377,12 +2390,12 @@
#
template(`userdom_manage_user_home_content_symlinks',`
gen_require(`
@@ -24329,7 +24461,7 @@
')
########################################
-@@ -2414,12 +2426,12 @@
+@@ -2414,12 +2427,12 @@
#
template(`userdom_manage_user_home_content_pipes',`
gen_require(`
@@ -24345,7 +24477,7 @@
')
########################################
-@@ -2451,12 +2463,12 @@
+@@ -2451,12 +2464,12 @@
#
template(`userdom_manage_user_home_content_sockets',`
gen_require(`
@@ -24361,7 +24493,7 @@
')
########################################
-@@ -2501,11 +2513,11 @@
+@@ -2501,11 +2514,11 @@
#
template(`userdom_user_home_dir_filetrans',`
gen_require(`
@@ -24375,7 +24507,7 @@
')
########################################
-@@ -2550,11 +2562,11 @@
+@@ -2550,11 +2563,11 @@
#
template(`userdom_user_home_content_filetrans',`
gen_require(`
@@ -24389,7 +24521,7 @@
')
########################################
-@@ -2594,11 +2606,11 @@
+@@ -2594,11 +2607,11 @@
#
template(`userdom_user_home_dir_filetrans_user_home_content',`
gen_require(`
@@ -24403,7 +24535,7 @@
')
########################################
-@@ -2628,11 +2640,11 @@
+@@ -2628,11 +2641,11 @@
#
template(`userdom_write_user_tmp_sockets',`
gen_require(`
@@ -24417,7 +24549,7 @@
')
########################################
-@@ -2662,11 +2674,11 @@
+@@ -2662,11 +2675,11 @@
#
template(`userdom_list_user_tmp',`
gen_require(`
@@ -24431,7 +24563,7 @@
')
########################################
-@@ -2698,10 +2710,10 @@
+@@ -2698,10 +2711,10 @@
#
template(`userdom_dontaudit_list_user_tmp',`
gen_require(`
@@ -24444,7 +24576,7 @@
')
########################################
-@@ -2733,10 +2745,10 @@
+@@ -2733,10 +2746,10 @@
#
template(`userdom_dontaudit_manage_user_tmp_dirs',`
gen_require(`
@@ -24457,7 +24589,7 @@
')
########################################
-@@ -2766,12 +2778,12 @@
+@@ -2766,12 +2779,12 @@
#
template(`userdom_read_user_tmp_files',`
gen_require(`
@@ -24473,7 +24605,7 @@
')
########################################
-@@ -2803,10 +2815,10 @@
+@@ -2803,10 +2816,10 @@
#
template(`userdom_dontaudit_read_user_tmp_files',`
gen_require(`
@@ -24486,7 +24618,7 @@
')
########################################
-@@ -2838,10 +2850,48 @@
+@@ -2838,10 +2851,48 @@
#
template(`userdom_dontaudit_append_user_tmp_files',`
gen_require(`
@@ -24537,7 +24669,7 @@
')
########################################
-@@ -2871,12 +2921,12 @@
+@@ -2871,12 +2922,12 @@
#
template(`userdom_rw_user_tmp_files',`
gen_require(`
@@ -24553,7 +24685,7 @@
')
########################################
-@@ -2908,10 +2958,10 @@
+@@ -2908,10 +2959,10 @@
#
template(`userdom_dontaudit_manage_user_tmp_files',`
gen_require(`
@@ -24566,7 +24698,7 @@
')
########################################
-@@ -2943,12 +2993,12 @@
+@@ -2943,12 +2994,12 @@
#
template(`userdom_read_user_tmp_symlinks',`
gen_require(`
@@ -24582,7 +24714,7 @@
')
########################################
-@@ -2980,11 +3030,11 @@
+@@ -2980,11 +3031,11 @@
#
template(`userdom_manage_user_tmp_dirs',`
gen_require(`
@@ -24596,7 +24728,7 @@
')
########################################
-@@ -3016,11 +3066,11 @@
+@@ -3016,11 +3067,11 @@
#
template(`userdom_manage_user_tmp_files',`
gen_require(`
@@ -24610,7 +24742,7 @@
')
########################################
-@@ -3052,11 +3102,11 @@
+@@ -3052,11 +3103,11 @@
#
template(`userdom_manage_user_tmp_symlinks',`
gen_require(`
@@ -24624,7 +24756,7 @@
')
########################################
-@@ -3088,11 +3138,11 @@
+@@ -3088,11 +3139,11 @@
#
template(`userdom_manage_user_tmp_pipes',`
gen_require(`
@@ -24638,7 +24770,7 @@
')
########################################
-@@ -3124,11 +3174,11 @@
+@@ -3124,11 +3175,11 @@
#
template(`userdom_manage_user_tmp_sockets',`
gen_require(`
@@ -24652,7 +24784,7 @@
')
########################################
-@@ -3173,10 +3223,10 @@
+@@ -3173,10 +3224,10 @@
#
template(`userdom_user_tmp_filetrans',`
gen_require(`
@@ -24665,7 +24797,7 @@
files_search_tmp($2)
')
-@@ -3217,10 +3267,10 @@
+@@ -3217,10 +3268,10 @@
#
template(`userdom_tmp_filetrans_user_tmp',`
gen_require(`
@@ -24678,7 +24810,7 @@
')
########################################
-@@ -3248,6 +3298,42 @@
+@@ -3248,6 +3299,42 @@
## </summary>
## </param>
#
@@ -24721,7 +24853,7 @@
template(`userdom_rw_user_tmpfs_files',`
gen_require(`
type $1_tmpfs_t;
-@@ -4225,11 +4311,11 @@
+@@ -4225,11 +4312,11 @@
#
interface(`userdom_search_staff_home_dirs',`
gen_require(`
@@ -24735,7 +24867,7 @@
')
########################################
-@@ -4245,10 +4331,10 @@
+@@ -4245,10 +4332,10 @@
#
interface(`userdom_dontaudit_search_staff_home_dirs',`
gen_require(`
@@ -24748,7 +24880,7 @@
')
########################################
-@@ -4264,11 +4350,11 @@
+@@ -4264,11 +4351,11 @@
#
interface(`userdom_manage_staff_home_dirs',`
gen_require(`
@@ -24762,7 +24894,7 @@
')
########################################
-@@ -4283,16 +4369,16 @@
+@@ -4283,16 +4370,16 @@
#
interface(`userdom_relabelto_staff_home_dirs',`
gen_require(`
@@ -24782,7 +24914,7 @@
## users home directory.
## </summary>
## <param name="domain">
-@@ -4301,12 +4387,27 @@
+@@ -4301,12 +4388,27 @@
## </summary>
## </param>
#
@@ -24813,7 +24945,7 @@
')
########################################
-@@ -4321,13 +4422,13 @@
+@@ -4321,13 +4423,13 @@
#
interface(`userdom_read_staff_home_content_files',`
gen_require(`
@@ -24831,7 +24963,7 @@
')
########################################
-@@ -4525,10 +4626,10 @@
+@@ -4525,10 +4627,10 @@
#
interface(`userdom_getattr_sysadm_home_dirs',`
gen_require(`
@@ -24844,7 +24976,7 @@
')
########################################
-@@ -4545,10 +4646,10 @@
+@@ -4545,10 +4647,10 @@
#
interface(`userdom_dontaudit_getattr_sysadm_home_dirs',`
gen_require(`
@@ -24857,7 +24989,7 @@
')
########################################
-@@ -4563,10 +4664,10 @@
+@@ -4563,10 +4665,10 @@
#
interface(`userdom_search_sysadm_home_dirs',`
gen_require(`
@@ -24870,7 +25002,7 @@
')
########################################
-@@ -4582,10 +4683,10 @@
+@@ -4582,10 +4684,10 @@
#
interface(`userdom_dontaudit_search_sysadm_home_dirs',`
gen_require(`
@@ -24883,7 +25015,7 @@
')
########################################
-@@ -4600,10 +4701,10 @@
+@@ -4600,10 +4702,10 @@
#
interface(`userdom_list_sysadm_home_dirs',`
gen_require(`
@@ -24896,7 +25028,7 @@
')
########################################
-@@ -4619,10 +4720,10 @@
+@@ -4619,10 +4721,10 @@
#
interface(`userdom_dontaudit_list_sysadm_home_dirs',`
gen_require(`
@@ -24909,7 +25041,7 @@
')
########################################
-@@ -4638,12 +4739,11 @@
+@@ -4638,12 +4740,11 @@
#
interface(`userdom_dontaudit_read_sysadm_home_content_files',`
gen_require(`
@@ -24925,7 +25057,7 @@
')
########################################
-@@ -4670,10 +4770,10 @@
+@@ -4670,10 +4771,10 @@
#
interface(`userdom_sysadm_home_dir_filetrans',`
gen_require(`
@@ -24938,7 +25070,7 @@
')
########################################
-@@ -4688,10 +4788,10 @@
+@@ -4688,10 +4789,10 @@
#
interface(`userdom_search_sysadm_home_content_dirs',`
gen_require(`
@@ -24951,7 +25083,7 @@
')
########################################
-@@ -4706,13 +4806,13 @@
+@@ -4706,13 +4807,13 @@
#
interface(`userdom_read_sysadm_home_content_files',`
gen_require(`
@@ -24969,7 +25101,7 @@
')
########################################
-@@ -4748,11 +4848,49 @@
+@@ -4748,11 +4849,49 @@
#
interface(`userdom_search_all_users_home_dirs',`
gen_require(`
@@ -25020,7 +25152,7 @@
')
########################################
-@@ -4772,6 +4910,14 @@
+@@ -4772,6 +4911,14 @@
files_list_home($1)
allow $1 home_dir_type:dir list_dir_perms;
@@ -25035,7 +25167,7 @@
')
########################################
-@@ -5109,7 +5255,7 @@
+@@ -5109,7 +5256,7 @@
#
interface(`userdom_relabelto_generic_user_home_dirs',`
gen_require(`
@@ -25044,7 +25176,7 @@
')
files_search_home($1)
-@@ -5298,6 +5444,49 @@
+@@ -5298,6 +5445,49 @@
########################################
## <summary>
@@ -25094,7 +25226,7 @@
## Create, read, write, and delete directories in
## unprivileged users home directories.
## </summary>
-@@ -5503,6 +5692,42 @@
+@@ -5503,6 +5693,42 @@
########################################
## <summary>
@@ -25137,7 +25269,7 @@
## Read and write unprivileged user ttys.
## </summary>
## <param name="domain">
-@@ -5668,6 +5893,42 @@
+@@ -5668,6 +5894,42 @@
########################################
## <summary>
@@ -25180,7 +25312,7 @@
## Send a dbus message to all user domains.
## </summary>
## <param name="domain">
-@@ -5698,3 +5959,277 @@
+@@ -5698,3 +5960,277 @@
interface(`userdom_unconfined',`
refpolicywarn(`$0($*) has been deprecated.')
')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.587
retrieving revision 1.588
diff -u -r1.587 -r1.588
--- selinux-policy.spec 21 Jan 2008 21:42:26 -0000 1.587
+++ selinux-policy.spec 22 Jan 2008 17:35:34 -0000 1.588
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.2.5
-Release: 15%{?dist}
+Release: 16%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -387,6 +387,9 @@
%endif
%changelog
+* Mon Jan 21 2008 Dan Walsh <dwalsh at redhat.com> 3.2.5-16
+- Allow nsplugin sys_nice, getsched, setsched
+
* Mon Jan 21 2008 Dan Walsh <dwalsh at redhat.com> 3.2.5-15
- Allow login programs to talk dbus to oddjob
- Previous message (by thread): rpms/libbtctl/devel .cvsignore, 1.6, 1.7 libbtctl.spec, 1.49, 1.50 sources, 1.7, 1.8 libbtctl-0.6.0-libdir.patch, 1.1, NONE libbtctl-0.6.0-print.patch, 1.1, NONE libbtctl-0.8.0-crash.patch, 1.1, NONE
- Next message (by thread): rpms/kernel/F-7 linux-2.6-dcdbas-autoload.patch, NONE, 1.1 kernel-2.6.spec, 1.3415, 1.3416
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list