rpms/selinux-policy/devel policy-20080509.patch, 1.29, 1.30 selinux-policy.spec, 1.679, 1.680
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Thu Jul 3 20:15:06 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30185
Modified Files:
policy-20080509.patch selinux-policy.spec
Log Message:
* Thu Jul 3 2008 Dan Walsh <dwalsh at redhat.com> 3.4.2-11
- Allow ypbind apps to net_bind_service
policy-20080509.patch:
Index: policy-20080509.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080509.patch,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- policy-20080509.patch 2 Jul 2008 20:45:43 -0000 1.29
+++ policy-20080509.patch 3 Jul 2008 20:14:23 -0000 1.30
@@ -17880,7 +17880,7 @@
## </summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.4.2/policy/modules/services/mta.te
--- nsaserefpolicy/policy/modules/services/mta.te 2008-06-12 23:25:05.000000000 -0400
-+++ serefpolicy-3.4.2/policy/modules/services/mta.te 2008-07-02 09:54:22.000000000 -0400
++++ serefpolicy-3.4.2/policy/modules/services/mta.te 2008-07-03 14:44:29.000000000 -0400
@@ -6,6 +6,8 @@
# Declarations
#
@@ -17982,7 +17982,7 @@
logrotate_read_tmp_files(system_mail_t)
')
-@@ -136,11 +176,38 @@
+@@ -136,11 +176,40 @@
')
optional_policy(`
@@ -18003,9 +18003,11 @@
')
-# should break this up among sections:
++read_files_pattern(mailserver_delivery, system_mail_tmp_t, , system_mail_tmp_t)
+
+init_stream_connect_script(mailserver_delivery)
+init_rw_script_stream_sockets(mailserver_delivery)
-
++
+tunable_policy(`use_samba_home_dirs',`
+ fs_manage_cifs_dirs(mailserver_delivery)
+ fs_manage_cifs_files(mailserver_delivery)
@@ -18022,7 +18024,7 @@
optional_policy(`
# why is mail delivered to a directory of type arpwatch_data_t?
arpwatch_search_data(mailserver_delivery)
-@@ -154,3 +221,5 @@
+@@ -154,3 +223,5 @@
cron_read_system_job_tmp_files(mta_user_agent)
')
')
@@ -18888,7 +18890,16 @@
+/etc/rc.d/init.d/ypxfrd -- gen_context(system_u:object_r:nis_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.4.2/policy/modules/services/nis.if
--- nsaserefpolicy/policy/modules/services/nis.if 2008-06-12 23:25:05.000000000 -0400
-+++ serefpolicy-3.4.2/policy/modules/services/nis.if 2008-07-02 08:47:04.000000000 -0400
++++ serefpolicy-3.4.2/policy/modules/services/nis.if 2008-07-03 12:19:00.000000000 -0400
+@@ -28,7 +28,7 @@
+ type var_yp_t;
+ ')
+
+- dontaudit $1 self:capability net_bind_service;
++ allow $1 self:capability net_bind_service;
+
+ allow $1 self:tcp_socket create_stream_socket_perms;
+ allow $1 self:udp_socket create_socket_perms;
@@ -49,8 +49,8 @@
corenet_udp_bind_all_nodes($1)
corenet_tcp_bind_generic_port($1)
@@ -22794,12 +22805,14 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.fc serefpolicy-3.4.2/policy/modules/services/rsync.fc
--- nsaserefpolicy/policy/modules/services/rsync.fc 2008-06-12 23:25:05.000000000 -0400
-+++ serefpolicy-3.4.2/policy/modules/services/rsync.fc 2008-07-02 08:47:04.000000000 -0400
-@@ -1,2 +1,4 @@
++++ serefpolicy-3.4.2/policy/modules/services/rsync.fc 2008-07-03 14:07:31.000000000 -0400
+@@ -1,2 +1,6 @@
/usr/bin/rsync -- gen_context(system_u:object_r:rsync_exec_t,s0)
+
-+/var/log/rsync.log -- gen_context(system_u:object_r:rsync_log_t,s0)
++/var/log/rsync\.log -- gen_context(system_u:object_r:rsync_log_t,s0)
++
++/var/run/rsyncd\.lock -- gen_context(system_u:object_r:rsync_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.4.2/policy/modules/services/rsync.te
--- nsaserefpolicy/policy/modules/services/rsync.te 2008-06-12 23:25:05.000000000 -0400
+++ serefpolicy-3.4.2/policy/modules/services/rsync.te 2008-07-02 08:47:04.000000000 -0400
@@ -30007,7 +30020,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.4.2/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2008-06-12 23:25:07.000000000 -0400
-+++ serefpolicy-3.4.2/policy/modules/system/logging.te 2008-07-02 08:47:05.000000000 -0400
++++ serefpolicy-3.4.2/policy/modules/system/logging.te 2008-07-03 12:27:05.000000000 -0400
@@ -61,10 +61,29 @@
logging_log_file(var_log_t)
files_mountpoint(var_log_t)
@@ -30644,7 +30657,7 @@
samba_run_smbmount($1, $2, $3)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.4.2/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2008-06-12 23:25:07.000000000 -0400
-+++ serefpolicy-3.4.2/policy/modules/system/mount.te 2008-07-02 08:47:05.000000000 -0400
++++ serefpolicy-3.4.2/policy/modules/system/mount.te 2008-07-03 15:34:48.000000000 -0400
@@ -18,17 +18,18 @@
init_system_domain(mount_t,mount_exec_t)
role system_r types mount_t;
@@ -30699,26 +30712,29 @@
dev_rw_lvm_control(mount_t)
dev_dontaudit_getattr_all_chr_files(mount_t)
dev_dontaudit_getattr_memory_dev(mount_t)
-@@ -62,6 +68,7 @@
+@@ -62,16 +68,18 @@
storage_raw_write_fixed_disk(mount_t)
storage_raw_read_removable_device(mount_t)
storage_raw_write_removable_device(mount_t)
+storage_rw_fuse(mount_t)
- fs_getattr_xattr_fs(mount_t)
- fs_getattr_cifs(mount_t)
-@@ -71,7 +78,10 @@
+-fs_getattr_xattr_fs(mount_t)
+-fs_getattr_cifs(mount_t)
++fs_list_all(mount_t)
++fs_getattr_all_fs(mount_t)
+ fs_mount_all_fs(mount_t)
+ fs_unmount_all_fs(mount_t)
+ fs_remount_all_fs(mount_t)
fs_relabelfrom_all_fs(mount_t)
- fs_list_auto_mountpoints(mount_t)
+-fs_list_auto_mountpoints(mount_t)
fs_rw_tmpfs_chr_files(mount_t)
+fs_manage_tmpfs_dirs(mount_t)
fs_read_tmpfs_symlinks(mount_t)
-+fs_search_fusefs_dirs(mount_t)
+fs_manage_nfs_dirs(mount_t)
term_use_all_terms(mount_t)
-@@ -79,6 +89,7 @@
+@@ -79,6 +87,7 @@
corecmd_exec_bin(mount_t)
domain_use_interactive_fds(mount_t)
@@ -30726,7 +30742,7 @@
files_search_all(mount_t)
files_read_etc_files(mount_t)
-@@ -100,6 +111,8 @@
+@@ -100,6 +109,8 @@
init_use_fds(mount_t)
init_use_script_ptys(mount_t)
init_dontaudit_getattr_initctl(mount_t)
@@ -30735,7 +30751,7 @@
auth_use_nsswitch(mount_t)
-@@ -119,6 +132,8 @@
+@@ -119,6 +130,8 @@
seutil_read_config(mount_t)
userdom_use_all_users_fds(mount_t)
@@ -30744,7 +30760,7 @@
ifdef(`distro_redhat',`
optional_policy(`
-@@ -167,6 +182,8 @@
+@@ -167,6 +180,8 @@
fs_search_rpc(mount_t)
rpc_stub(mount_t)
@@ -30753,7 +30769,7 @@
')
optional_policy(`
-@@ -181,6 +198,11 @@
+@@ -181,6 +196,11 @@
')
')
@@ -30765,7 +30781,7 @@
# for kernel package installation
optional_policy(`
rpm_rw_pipes(mount_t)
-@@ -188,6 +210,7 @@
+@@ -188,6 +208,7 @@
optional_policy(`
samba_domtrans_smbmount(mount_t)
@@ -30773,7 +30789,7 @@
')
########################################
-@@ -198,4 +221,26 @@
+@@ -198,4 +219,26 @@
optional_policy(`
files_etc_filetrans_etc_runtime(unconfined_mount_t,file)
unconfined_domain(unconfined_mount_t)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.679
retrieving revision 1.680
diff -u -r1.679 -r1.680
--- selinux-policy.spec 2 Jul 2008 20:45:43 -0000 1.679
+++ selinux-policy.spec 3 Jul 2008 20:14:23 -0000 1.680
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.4.2
-Release: 10%{?dist}
+Release: 11%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -375,6 +375,9 @@
%endif
%changelog
+* Thu Jul 3 2008 Dan Walsh <dwalsh at redhat.com> 3.4.2-11
+- Allow ypbind apps to net_bind_service
+
* Wed Jul 2 2008 Dan Walsh <dwalsh at redhat.com> 3.4.2-10
- Allow all system domains and application domains to append to any log file
More information about the fedora-extras-commits
mailing list