rpms/selinux-policy/F-9 policy-20071130.patch, 1.184, 1.185 selinux-policy.spec, 1.690, 1.691

[Daniel J Walsh (dwalsh)]

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26771

Modified Files:
	policy-20071130.patch selinux-policy.spec 
Log Message:
* Tue Jul 1 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-74
- Make virtd an unconfined domain


policy-20071130.patch:

Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.184
retrieving revision 1.185
diff -u -r1.184 -r1.185
--- policy-20071130.patch	30 Jun 2008 21:12:48 -0000	1.184
+++ policy-20071130.patch	1 Jul 2008 13:40:13 -0000	1.185
@@ -34335,7 +34335,7 @@
 +/root(/.*)?	 	gen_context(system_u:object_r:admin_home_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.3.1/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/userdomain.if	2008-06-27 07:06:25.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/userdomain.if	2008-07-01 08:32:06.000000000 -0400
 @@ -29,9 +29,14 @@
  	')
  
@@ -36911,7 +36911,7 @@
  
  ########################################
  ## <summary>
-@@ -5509,6 +5904,42 @@
+@@ -5509,6 +5904,43 @@
  
  ########################################
  ## <summary>
@@ -36928,6 +36928,7 @@
 +		type user_tmp_t;
 +	')
 +
++	files_search_tmp($1)
 +	manage_files_pattern($1, user_tmp_t,  user_tmp_t)
 +')
 +
@@ -36954,7 +36955,7 @@
  ##	Read and write unprivileged user ttys.
  ## </summary>
  ## <param name="domain">
-@@ -5559,7 +5990,7 @@
+@@ -5559,7 +5991,7 @@
  		attribute userdomain;
  	')
  
@@ -36963,7 +36964,7 @@
  	kernel_search_proc($1)
  ')
  
-@@ -5674,6 +6105,42 @@
+@@ -5674,6 +6106,42 @@
  
  ########################################
  ## <summary>
@@ -37006,7 +37007,7 @@
  ##	Send a dbus message to all user domains.
  ## </summary>
  ## <param name="domain">
-@@ -5704,3 +6171,408 @@
+@@ -5704,3 +6172,408 @@
  interface(`userdom_unconfined',`
  	refpolicywarn(`$0($*) has been deprecated.')
  ')
@@ -38084,8 +38085,8 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.te serefpolicy-3.3.1/policy/modules/system/virt.te
 --- nsaserefpolicy/policy/modules/system/virt.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/system/virt.te	2008-06-22 06:50:55.000000000 -0400
-@@ -0,0 +1,199 @@
++++ serefpolicy-3.3.1/policy/modules/system/virt.te	2008-07-01 09:38:43.000000000 -0400
+@@ -0,0 +1,204 @@
 +
 +policy_module(virt,1.0.0)
 +
@@ -38202,6 +38203,7 @@
 +files_read_usr_files(virtd_t)
 +files_read_etc_runtime_files(virtd_t)
 +files_search_all(virtd_t)
++files_list_kernel_modules(virtd_t)
 +
 +fs_list_auto_mountpoints(virtd_t)
 +
@@ -38285,6 +38287,10 @@
 +	fs_manage_cifs_files(virtd_t)
 +	fs_read_cifs_symlinks(virtd_t)
 +')
++
++optional_policy(`
++	unconfined_domain(virtd_t)
++')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.3.1/policy/modules/system/xen.if
 --- nsaserefpolicy/policy/modules/system/xen.if	2008-06-12 23:38:01.000000000 -0400
 +++ serefpolicy-3.3.1/policy/modules/system/xen.if	2008-06-22 08:04:22.000000000 -0400


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/selinux-policy.spec,v
retrieving revision 1.690
retrieving revision 1.691
diff -u -r1.690 -r1.691
--- selinux-policy.spec	30 Jun 2008 21:12:48 -0000	1.690
+++ selinux-policy.spec	1 Jul 2008 13:40:13 -0000	1.691
@@ -385,6 +385,9 @@
 %endif
 
 %changelog
+* Tue Jul 1 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-74
+- Make virtd an unconfined domain
+
 * Mon Jun 29 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-73
 - Allow exim to use system_cron pipes
 - Allow gdm to read rpm database