rpms/selinux-policy/F-9 policy-20071130.patch, 1.184, 1.185 selinux-policy.spec, 1.690, 1.691
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Tue Jul 1 13:41:09 UTC 2008
- Previous message (by thread): rpms/asterisk/F-8 .cvsignore, 1.15, 1.16 asterisk-strip.sh, 1.2, 1.3 asterisk.spec, 1.19, 1.20 sources, 1.15, 1.16
- Next message (by thread): rpms/sblim-cmpi-base/F-9 sblim-cmpi-base.spec,1.7,1.8
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26771
Modified Files:
policy-20071130.patch selinux-policy.spec
Log Message:
* Tue Jul 1 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-74
- Make virtd an unconfined domain
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.184
retrieving revision 1.185
diff -u -r1.184 -r1.185
--- policy-20071130.patch 30 Jun 2008 21:12:48 -0000 1.184
+++ policy-20071130.patch 1 Jul 2008 13:40:13 -0000 1.185
@@ -34335,7 +34335,7 @@
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.3.1/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/userdomain.if 2008-06-27 07:06:25.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/userdomain.if 2008-07-01 08:32:06.000000000 -0400
@@ -29,9 +29,14 @@
')
@@ -36911,7 +36911,7 @@
########################################
## <summary>
-@@ -5509,6 +5904,42 @@
+@@ -5509,6 +5904,43 @@
########################################
## <summary>
@@ -36928,6 +36928,7 @@
+ type user_tmp_t;
+ ')
+
++ files_search_tmp($1)
+ manage_files_pattern($1, user_tmp_t, user_tmp_t)
+')
+
@@ -36954,7 +36955,7 @@
## Read and write unprivileged user ttys.
## </summary>
## <param name="domain">
-@@ -5559,7 +5990,7 @@
+@@ -5559,7 +5991,7 @@
attribute userdomain;
')
@@ -36963,7 +36964,7 @@
kernel_search_proc($1)
')
-@@ -5674,6 +6105,42 @@
+@@ -5674,6 +6106,42 @@
########################################
## <summary>
@@ -37006,7 +37007,7 @@
## Send a dbus message to all user domains.
## </summary>
## <param name="domain">
-@@ -5704,3 +6171,408 @@
+@@ -5704,3 +6172,408 @@
interface(`userdom_unconfined',`
refpolicywarn(`$0($*) has been deprecated.')
')
@@ -38084,8 +38085,8 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.te serefpolicy-3.3.1/policy/modules/system/virt.te
--- nsaserefpolicy/policy/modules/system/virt.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/system/virt.te 2008-06-22 06:50:55.000000000 -0400
-@@ -0,0 +1,199 @@
++++ serefpolicy-3.3.1/policy/modules/system/virt.te 2008-07-01 09:38:43.000000000 -0400
+@@ -0,0 +1,204 @@
+
+policy_module(virt,1.0.0)
+
@@ -38202,6 +38203,7 @@
+files_read_usr_files(virtd_t)
+files_read_etc_runtime_files(virtd_t)
+files_search_all(virtd_t)
++files_list_kernel_modules(virtd_t)
+
+fs_list_auto_mountpoints(virtd_t)
+
@@ -38285,6 +38287,10 @@
+ fs_manage_cifs_files(virtd_t)
+ fs_read_cifs_symlinks(virtd_t)
+')
++
++optional_policy(`
++ unconfined_domain(virtd_t)
++')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.3.1/policy/modules/system/xen.if
--- nsaserefpolicy/policy/modules/system/xen.if 2008-06-12 23:38:01.000000000 -0400
+++ serefpolicy-3.3.1/policy/modules/system/xen.if 2008-06-22 08:04:22.000000000 -0400
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/selinux-policy.spec,v
retrieving revision 1.690
retrieving revision 1.691
diff -u -r1.690 -r1.691
--- selinux-policy.spec 30 Jun 2008 21:12:48 -0000 1.690
+++ selinux-policy.spec 1 Jul 2008 13:40:13 -0000 1.691
@@ -385,6 +385,9 @@
%endif
%changelog
+* Tue Jul 1 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-74
+- Make virtd an unconfined domain
+
* Mon Jun 29 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-73
- Allow exim to use system_cron pipes
- Allow gdm to read rpm database
- Previous message (by thread): rpms/asterisk/F-8 .cvsignore, 1.15, 1.16 asterisk-strip.sh, 1.2, 1.3 asterisk.spec, 1.19, 1.20 sources, 1.15, 1.16
- Next message (by thread): rpms/sblim-cmpi-base/F-9 sblim-cmpi-base.spec,1.7,1.8
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list