rpms/selinux-policy/devel policy-20071130.patch, 1.42, 1.43 selinux-policy.spec, 1.592, 1.593
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Wed Jan 30 13:56:27 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6434
Modified Files:
policy-20071130.patch selinux-policy.spec
Log Message:
* Mon Jan 28 2008 Dan Walsh <dwalsh at redhat.com> 3.2.5-21
- Allow all user roles to executae samba net command
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -r1.42 -r1.43
--- policy-20071130.patch 28 Jan 2008 16:48:49 -0000 1.42
+++ policy-20071130.patch 30 Jan 2008 13:56:22 -0000 1.43
@@ -972,7 +972,7 @@
/var/lib/alternatives(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.2.5/policy/modules/admin/rpm.if
--- nsaserefpolicy/policy/modules/admin/rpm.if 2007-05-18 11:12:44.000000000 -0400
-+++ serefpolicy-3.2.5/policy/modules/admin/rpm.if 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/admin/rpm.if 2008-01-29 10:17:11.000000000 -0500
@@ -152,6 +152,24 @@
########################################
@@ -1276,7 +1276,7 @@
java_domtrans(rpm_script_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.2.5/policy/modules/admin/sudo.if
--- nsaserefpolicy/policy/modules/admin/sudo.if 2007-12-04 11:02:51.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/admin/sudo.if 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/admin/sudo.if 2008-01-29 16:49:45.000000000 -0500
@@ -55,7 +55,7 @@
#
@@ -1286,7 +1286,7 @@
allow $1_sudo_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow $1_sudo_t self:process { setexec setrlimit };
allow $1_sudo_t self:fd use;
-@@ -68,27 +68,26 @@
+@@ -68,33 +68,32 @@
allow $1_sudo_t self:unix_stream_socket create_stream_socket_perms;
allow $1_sudo_t self:unix_dgram_socket sendto;
allow $1_sudo_t self:unix_stream_socket connectto;
@@ -1316,7 +1316,14 @@
# sudo stores a token in the pam_pid directory
auth_manage_pam_pid($1_sudo_t)
auth_use_nsswitch($1_sudo_t)
-@@ -106,12 +105,14 @@
+
+ corecmd_read_bin_symlinks($1_sudo_t)
+- corecmd_getattr_all_executables($1_sudo_t)
++ corecmd_exec_all_executables($1_sudo_t)
+
+ domain_use_interactive_fds($1_sudo_t)
+ domain_sigchld_interactive_fds($1_sudo_t)
+@@ -106,16 +105,20 @@
files_getattr_usr_files($1_sudo_t)
# for some PAM modules and for cwd
files_dontaudit_search_home($1_sudo_t)
@@ -1331,7 +1338,13 @@
logging_send_syslog_msg($1_sudo_t)
miscfiles_read_localization($1_sudo_t)
-@@ -125,13 +126,4 @@
+
++ mta_per_role_template($1, $1_sudo_t, $3)
++
+ userdom_manage_user_home_content_files($1,$1_sudo_t)
+ userdom_manage_user_home_content_symlinks($1,$1_sudo_t)
+ userdom_manage_user_tmp_files($1,$1_sudo_t)
+@@ -125,13 +128,12 @@
# for some PAM modules and for cwd
userdom_dontaudit_search_all_users_home_content($1_sudo_t)
@@ -1344,6 +1357,14 @@
- ')
-
- ') dnl end TODO
++ domain_role_change_exemption($1_sudo_t)
++ userdom_spec_domtrans_all_users($1_sudo_t)
++ selinux_validate_context($1_sudo_t)
++ selinux_compute_relabel_context($1_sudo_t)
++ term_use_all_user_ttys($1_sudo_t)
++ term_use_all_user_ptys($1_sudo_t)
++ term_relabel_all_user_ttys($1_sudo_t)
++ term_relabel_all_user_ptys($1_sudo_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-3.2.5/policy/modules/admin/su.if
--- nsaserefpolicy/policy/modules/admin/su.if 2007-10-12 08:56:09.000000000 -0400
@@ -4777,7 +4798,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.2.5/policy/modules/kernel/corecommands.if
--- nsaserefpolicy/policy/modules/kernel/corecommands.if 2007-11-14 08:17:58.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/kernel/corecommands.if 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/kernel/corecommands.if 2008-01-29 16:49:06.000000000 -0500
@@ -875,6 +875,7 @@
read_lnk_files_pattern($1,bin_t,bin_t)
@@ -8076,7 +8097,7 @@
+/var/log/ConsoleKit(/.*)? gen_context(system_u:object_r:consolekit_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.2.5/policy/modules/services/consolekit.te
--- nsaserefpolicy/policy/modules/services/consolekit.te 2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/services/consolekit.te 2008-01-28 11:46:35.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/services/consolekit.te 2008-01-29 13:05:07.000000000 -0500
@@ -13,6 +13,9 @@
type consolekit_var_run_t;
files_pid_file(consolekit_var_run_t)
@@ -8131,7 +8152,14 @@
hal_dbus_chat(consolekit_t)
optional_policy(`
-@@ -67,3 +86,14 @@
+@@ -64,6 +83,21 @@
+ ')
+
+ optional_policy(`
++ polkit_domtrans_auth(consolekit_t)
++')
++
++optional_policy(`
xserver_read_all_users_xauth(consolekit_t)
xserver_stream_connect_xdm_xserver(consolekit_t)
')
@@ -9443,7 +9471,7 @@
# Local policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.2.5/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2007-12-04 11:02:50.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/services/dbus.if 2008-01-25 14:07:09.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/services/dbus.if 2008-01-29 10:21:26.000000000 -0500
@@ -53,6 +53,7 @@
gen_require(`
type system_dbusd_exec_t, system_dbusd_t, dbusd_etc_t;
@@ -9666,7 +9694,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.2.5/policy/modules/services/dbus.te
--- nsaserefpolicy/policy/modules/services/dbus.te 2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/services/dbus.te 2008-01-18 14:09:36.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/services/dbus.te 2008-01-29 10:21:10.000000000 -0500
@@ -9,6 +9,7 @@
#
# Delcarations
@@ -9675,6 +9703,15 @@
type dbusd_etc_t alias etc_dbusd_t;
files_type(dbusd_etc_t)
+@@ -21,7 +22,7 @@
+ files_tmp_file(system_dbusd_tmp_t)
+
+ type system_dbusd_var_lib_t;
+-files_pid_file(system_dbusd_var_lib_t)
++files_type(system_dbusd_var_lib_t)
+
+ type system_dbusd_var_run_t;
+ files_pid_file(system_dbusd_var_run_t)
@@ -65,6 +66,7 @@
fs_getattr_all_fs(system_dbusd_t)
@@ -9952,8 +9989,8 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.te serefpolicy-3.2.5/policy/modules/services/dhcp.te
--- nsaserefpolicy/policy/modules/services/dhcp.te 2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/services/dhcp.te 2008-01-18 12:40:46.000000000 -0500
-@@ -19,6 +19,9 @@
++++ serefpolicy-3.2.5/policy/modules/services/dhcp.te 2008-01-29 08:02:57.000000000 -0500
+@@ -19,18 +19,20 @@
type dhcpd_var_run_t;
files_pid_file(dhcpd_var_run_t)
@@ -9963,7 +10000,12 @@
########################################
#
# Local policy
-@@ -30,7 +33,6 @@
+ #
+
+-allow dhcpd_t self:capability net_raw;
++allow dhcpd_t self:capability { net_raw sys_resource };
+ dontaudit dhcpd_t self:capability { net_admin sys_tty_config };
+ allow dhcpd_t self:process signal_perms;
allow dhcpd_t self:fifo_file { read write getattr };
allow dhcpd_t self:unix_dgram_socket create_socket_perms;
allow dhcpd_t self:unix_stream_socket create_socket_perms;
@@ -11986,7 +12028,7 @@
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.2.5/policy/modules/services/mailman.te
--- nsaserefpolicy/policy/modules/services/mailman.te 2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/services/mailman.te 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/services/mailman.te 2008-01-29 09:37:11.000000000 -0500
@@ -53,10 +53,9 @@
apache_use_fds(mailman_cgi_t)
apache_dontaudit_append_log(mailman_cgi_t)
@@ -12000,11 +12042,12 @@
')
########################################
-@@ -65,6 +64,10 @@
+@@ -65,6 +64,11 @@
#
allow mailman_mail_t self:unix_dgram_socket create_socket_perms;
+allow mailman_mail_t initrc_t:process signal;
++allow mailman_mail_t self:process signal;
+allow mailman_mail_t self:capability { setuid setgid };
+
+files_search_spool(mailman_mail_t)
@@ -13950,7 +13993,7 @@
+/var/lib/PolicyKit-public(/.*)? gen_context(system_u:object_r:polkit_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.if serefpolicy-3.2.5/policy/modules/services/polkit.if
--- nsaserefpolicy/policy/modules/services/polkit.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/services/polkit.if 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/services/polkit.if 2008-01-29 13:04:40.000000000 -0500
@@ -0,0 +1,59 @@
+
+## <summary>policy for polkit_auth</summary>
@@ -14946,7 +14989,7 @@
+/var/log/procmail(/.*)? gen_context(system_u:object_r:procmail_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.if serefpolicy-3.2.5/policy/modules/services/procmail.if
--- nsaserefpolicy/policy/modules/services/procmail.if 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/services/procmail.if 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/services/procmail.if 2008-01-28 15:44:39.000000000 -0500
@@ -39,3 +39,22 @@
corecmd_search_bin($1)
can_exec($1,procmail_exec_t)
@@ -16471,7 +16514,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.2.5/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/services/samba.te 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/services/samba.te 2008-01-28 14:28:32.000000000 -0500
@@ -26,28 +26,28 @@
## <desc>
@@ -16505,7 +16548,21 @@
## </p>
## </desc>
gen_tunable(samba_run_unconfined,false)
-@@ -139,6 +139,14 @@
+@@ -73,11 +73,9 @@
+ logging_log_file(samba_log_t)
+
+ type samba_net_t;
+-domain_type(samba_net_t)
+-role system_r types samba_net_t;
+-
+ type samba_net_exec_t;
+-domain_entry_file(samba_net_t,samba_net_exec_t)
++role system_r types samba_net_t;
++application_domain(samba_net_t, samba_net_exec_t)
+
+ type samba_net_tmp_t;
+ files_tmp_file(samba_net_tmp_t)
+@@ -139,6 +137,14 @@
type winbind_var_run_t;
files_pid_file(winbind_var_run_t)
@@ -16520,7 +16577,7 @@
########################################
#
# Samba net local policy
-@@ -193,6 +201,8 @@
+@@ -193,6 +199,8 @@
miscfiles_read_localization(samba_net_t)
@@ -16529,7 +16586,7 @@
userdom_dontaudit_search_sysadm_home_dirs(samba_net_t)
optional_policy(`
-@@ -213,7 +223,7 @@
+@@ -213,7 +221,7 @@
allow smbd_t self:msgq create_msgq_perms;
allow smbd_t self:sem create_sem_perms;
allow smbd_t self:shm create_shm_perms;
@@ -16538,7 +16595,7 @@
allow smbd_t self:tcp_socket create_stream_socket_perms;
allow smbd_t self:udp_socket create_socket_perms;
allow smbd_t self:unix_dgram_socket { create_socket_perms sendto };
-@@ -221,10 +231,8 @@
+@@ -221,10 +229,8 @@
allow smbd_t samba_etc_t:file { rw_file_perms setattr };
@@ -16551,7 +16608,7 @@
allow smbd_t samba_net_tmp_t:file getattr;
-@@ -234,6 +242,7 @@
+@@ -234,6 +240,7 @@
manage_dirs_pattern(smbd_t,samba_share_t,samba_share_t)
manage_files_pattern(smbd_t,samba_share_t,samba_share_t)
manage_lnk_files_pattern(smbd_t,samba_share_t,samba_share_t)
@@ -16559,7 +16616,7 @@
manage_dirs_pattern(smbd_t,samba_var_t,samba_var_t)
manage_files_pattern(smbd_t,samba_var_t,samba_var_t)
-@@ -251,7 +260,7 @@
+@@ -251,7 +258,7 @@
manage_sock_files_pattern(smbd_t,smbd_var_run_t,smbd_var_run_t)
files_pid_filetrans(smbd_t,smbd_var_run_t,file)
@@ -16568,7 +16625,7 @@
kernel_getattr_core_if(smbd_t)
kernel_getattr_message_if(smbd_t)
-@@ -340,6 +349,17 @@
+@@ -340,6 +347,17 @@
tunable_policy(`samba_share_nfs',`
fs_manage_nfs_dirs(smbd_t)
fs_manage_nfs_files(smbd_t)
@@ -16586,7 +16643,7 @@
')
optional_policy(`
-@@ -391,7 +411,7 @@
+@@ -391,7 +409,7 @@
allow nmbd_t self:msgq create_msgq_perms;
allow nmbd_t self:sem create_sem_perms;
allow nmbd_t self:shm create_shm_perms;
@@ -16595,7 +16652,7 @@
allow nmbd_t self:tcp_socket create_stream_socket_perms;
allow nmbd_t self:udp_socket create_socket_perms;
allow nmbd_t self:unix_dgram_socket { create_socket_perms sendto };
-@@ -403,8 +423,7 @@
+@@ -403,8 +421,7 @@
read_files_pattern(nmbd_t,samba_etc_t,samba_etc_t)
manage_dirs_pattern(nmbd_t,samba_log_t,samba_log_t)
@@ -16605,7 +16662,7 @@
read_files_pattern(nmbd_t,samba_log_t,samba_log_t)
create_files_pattern(nmbd_t,samba_log_t,samba_log_t)
-@@ -439,6 +458,7 @@
+@@ -439,6 +456,7 @@
dev_getattr_mtrr_dev(nmbd_t)
fs_getattr_all_fs(nmbd_t)
@@ -16613,7 +16670,7 @@
fs_search_auto_mountpoints(nmbd_t)
domain_use_interactive_fds(nmbd_t)
-@@ -522,6 +542,7 @@
+@@ -522,6 +540,7 @@
storage_raw_write_fixed_disk(smbmount_t)
term_list_ptys(smbmount_t)
@@ -16621,7 +16678,7 @@
corecmd_list_bin(smbmount_t)
-@@ -546,28 +567,37 @@
+@@ -546,28 +565,37 @@
userdom_use_all_users_fds(smbmount_t)
@@ -16666,7 +16723,7 @@
allow swat_t smbd_var_run_t:file read;
manage_dirs_pattern(swat_t,swat_tmp_t,swat_tmp_t)
-@@ -577,7 +607,9 @@
+@@ -577,7 +605,9 @@
manage_files_pattern(swat_t,swat_var_run_t,swat_var_run_t)
files_pid_filetrans(swat_t,swat_var_run_t,file)
@@ -16677,7 +16734,7 @@
kernel_read_kernel_sysctls(swat_t)
kernel_read_system_state(swat_t)
-@@ -602,6 +634,7 @@
+@@ -602,6 +632,7 @@
dev_read_urand(swat_t)
@@ -16685,7 +16742,7 @@
files_read_etc_files(swat_t)
files_search_home(swat_t)
files_read_usr_files(swat_t)
-@@ -614,6 +647,7 @@
+@@ -614,6 +645,7 @@
libs_use_shared_libs(swat_t)
logging_send_syslog_msg(swat_t)
@@ -16693,7 +16750,7 @@
logging_search_logs(swat_t)
miscfiles_read_localization(swat_t)
-@@ -631,6 +665,17 @@
+@@ -631,6 +663,17 @@
kerberos_use(swat_t)
')
@@ -16711,7 +16768,7 @@
########################################
#
# Winbind local policy
-@@ -679,6 +724,8 @@
+@@ -679,6 +722,8 @@
manage_sock_files_pattern(winbind_t,winbind_var_run_t,winbind_var_run_t)
files_pid_filetrans(winbind_t,winbind_var_run_t,file)
@@ -16720,7 +16777,7 @@
kernel_read_kernel_sysctls(winbind_t)
kernel_list_proc(winbind_t)
kernel_read_proc_symlinks(winbind_t)
-@@ -766,6 +813,7 @@
+@@ -766,6 +811,7 @@
optional_policy(`
squid_read_log(winbind_helper_t)
squid_append_log(winbind_helper_t)
@@ -16728,7 +16785,7 @@
')
########################################
-@@ -790,3 +838,37 @@
+@@ -790,3 +836,37 @@
domtrans_pattern(smbd_t, samba_unconfined_script_exec_t, samba_unconfined_script_t)
')
')
@@ -20678,7 +20735,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.2.5/policy/modules/system/authlogin.fc
--- nsaserefpolicy/policy/modules/system/authlogin.fc 2007-12-12 11:35:28.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/system/authlogin.fc 2008-01-18 12:40:46.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/system/authlogin.fc 2008-01-29 16:36:06.000000000 -0500
@@ -29,7 +29,6 @@
/var/db/shadow.* -- gen_context(system_u:object_r:shadow_t,s0)
@@ -20687,8 +20744,12 @@
/var/log/btmp.* -- gen_context(system_u:object_r:faillog_t,s0)
/var/log/dmesg -- gen_context(system_u:object_r:var_log_t,s0)
-@@ -42,3 +41,6 @@
+@@ -40,5 +39,10 @@
+ /var/log/wtmp.* -- gen_context(system_u:object_r:wtmp_t,s0)
+
/var/run/console(/.*)? gen_context(system_u:object_r:pam_var_console_t,s0)
++/var/run/pam_mount(/.*)? gen_context(system_u:object_r:pam_var_run_t,s0)
++/var/run/sepermit(/.*)? gen_context(system_u:object_r:pam_var_run_t,s0)
/var/run/sudo(/.*)? gen_context(system_u:object_r:pam_var_run_t,s0)
+/var/run/pam_ssh(/.*)? gen_context(system_u:object_r:var_auth_t,s0)
@@ -21512,6 +21573,18 @@
dev_read_urand(racoon_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.2.5/policy/modules/system/iscsi.te
+--- nsaserefpolicy/policy/modules/system/iscsi.te 2007-12-19 05:32:17.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/system/iscsi.te 2008-01-29 09:44:07.000000000 -0500
+@@ -29,7 +29,7 @@
+ #
+
+ allow iscsid_t self:capability { dac_override ipc_lock net_admin sys_nice sys_resource };
+-allow iscsid_t self:process setsched;
++allow iscsid_t self:process { setrlimit setsched };
+ allow iscsid_t self:fifo_file { read write };
+ allow iscsid_t self:unix_stream_socket { create_stream_socket_perms connectto };
+ allow iscsid_t self:unix_dgram_socket create_socket_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.2.5/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2007-12-12 11:35:28.000000000 -0500
+++ serefpolicy-3.2.5/policy/modules/system/libraries.fc 2008-01-18 12:40:46.000000000 -0500
@@ -22119,12 +22192,14 @@
#################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-3.2.5/policy/modules/system/mount.fc
--- nsaserefpolicy/policy/modules/system/mount.fc 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/system/mount.fc 2008-01-18 12:40:46.000000000 -0500
-@@ -1,4 +1,3 @@
++++ serefpolicy-3.2.5/policy/modules/system/mount.fc 2008-01-29 09:05:12.000000000 -0500
+@@ -1,4 +1,5 @@
/bin/mount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
/bin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
-
-/usr/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0)
++/sbin/mount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
++/sbin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
+/usr/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.2.5/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2007-12-19 05:32:17.000000000 -0500
@@ -22597,7 +22672,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.2.5/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/system/selinuxutil.te 2008-01-21 15:06:00.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/system/selinuxutil.te 2008-01-29 15:11:06.000000000 -0500
@@ -75,7 +75,6 @@
type restorecond_exec_t;
init_daemon_domain(restorecond_t,restorecond_exec_t)
@@ -26908,7 +26983,7 @@
+## <summary>Policy for staff user</summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.te serefpolicy-3.2.5/policy/modules/users/staff.te
--- nsaserefpolicy/policy/modules/users/staff.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.2.5/policy/modules/users/staff.te 2008-01-24 16:05:12.000000000 -0500
++++ serefpolicy-3.2.5/policy/modules/users/staff.te 2008-01-29 15:10:46.000000000 -0500
@@ -0,0 +1,47 @@
+policy_module(staff,1.0.1)
+userdom_unpriv_user_template(staff)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.592
retrieving revision 1.593
diff -u -r1.592 -r1.593
--- selinux-policy.spec 28 Jan 2008 16:48:49 -0000 1.592
+++ selinux-policy.spec 30 Jan 2008 13:56:22 -0000 1.593
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.2.5
-Release: 20%{?dist}
+Release: 21%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -387,6 +387,9 @@
%endif
%changelog
+* Mon Jan 28 2008 Dan Walsh <dwalsh at redhat.com> 3.2.5-21
+- Allow all user roles to executae samba net command
+
* Fri Jan 25 2008 Dan Walsh <dwalsh at redhat.com> 3.2.5-20
- Allow usertypes to read/write noxattr file systems
More information about the fedora-extras-commits
mailing list