rpms/selinux-policy/F-9 policy-20071130.patch, 1.189, 1.190 selinux-policy.spec, 1.694, 1.695
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Mon Jul 7 17:56:13 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11972
Modified Files:
policy-20071130.patch selinux-policy.spec
Log Message:
* Mon Jul 7 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-77
- Allow amanda to read tape
- Allow prewikka cgi to use syslog, allow audisp_t to signal cgi
- Add support for netware file systems
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.189
retrieving revision 1.190
diff -u -r1.189 -r1.190
--- policy-20071130.patch 4 Jul 2008 12:30:50 -0000 1.189
+++ policy-20071130.patch 7 Jul 2008 17:55:17 -0000 1.190
@@ -1456,7 +1456,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-3.3.1/policy/modules/admin/amanda.te
--- nsaserefpolicy/policy/modules/admin/amanda.te 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/admin/amanda.te 2008-07-02 08:47:10.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/admin/amanda.te 2008-07-07 11:14:55.000000000 -0400
@@ -82,8 +82,9 @@
allow amanda_t amanda_config_t:file { getattr read };
@@ -1478,7 +1478,16 @@
manage_dirs_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t)
manage_files_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t)
-@@ -220,6 +221,7 @@
+@@ -146,6 +147,8 @@
+ fs_list_all(amanda_t)
+
+ storage_raw_read_fixed_disk(amanda_t)
++storage_read_tape(amanda_t)
++storage_write_tape(amanda_t)
+
+ # Added for targeted policy
+ term_use_unallocated_ttys(amanda_t)
+@@ -220,6 +223,7 @@
auth_use_nsswitch(amanda_recover_t)
fstools_domtrans(amanda_t)
@@ -8863,7 +8872,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.3.1/policy/modules/kernel/filesystem.te
--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/kernel/filesystem.te 2008-07-02 08:47:10.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/kernel/filesystem.te 2008-07-07 12:19:17.000000000 -0400
@@ -21,10 +21,11 @@
# Use xattrs for the following filesystem types.
@@ -8909,12 +8918,13 @@
#
# iso9660_t is the type for CD filesystems
-@@ -231,6 +243,9 @@
+@@ -231,6 +243,10 @@
genfscon hfs / gen_context(system_u:object_r:nfs_t,s0)
genfscon hfsplus / gen_context(system_u:object_r:nfs_t,s0)
genfscon reiserfs / gen_context(system_u:object_r:nfs_t,s0)
+genfscon lustre / gen_context(system_u:object_r:nfs_t,s0)
+genfscon panfs / gen_context(system_u:object_r:nfs_t,s0)
++genfscon ncpfs / gen_context(system_u:object_r:nfs_t,s0)
+
########################################
@@ -21511,8 +21521,8 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.3.1/policy/modules/services/prelude.te
--- nsaserefpolicy/policy/modules/services/prelude.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/prelude.te 2008-07-02 08:47:10.000000000 -0400
-@@ -0,0 +1,249 @@
++++ serefpolicy-3.3.1/policy/modules/services/prelude.te 2008-07-07 11:27:35.000000000 -0400
+@@ -0,0 +1,251 @@
+
+policy_module(prelude, 1.0.0)
+
@@ -21753,6 +21763,8 @@
+
+ can_exec(httpd_prewikka_script_t, httpd_prewikka_script_exec_t)
+
++ logging_send_syslog_msg(httpd_prewikka_script_t)
++
+ optional_policy(`
+ mysql_search_db(httpd_prewikka_script_t)
+ mysql_stream_connect(httpd_prewikka_script_t)
@@ -30860,7 +30872,7 @@
+/var/cfengine/outputs(/.*)? gen_context(system_u:object_r:var_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.3.1/policy/modules/system/logging.if
--- nsaserefpolicy/policy/modules/system/logging.if 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/logging.if 2008-07-02 08:47:10.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/logging.if 2008-07-07 11:26:21.000000000 -0400
@@ -213,12 +213,7 @@
## </param>
#
@@ -30956,7 +30968,7 @@
')
########################################
-@@ -804,3 +838,128 @@
+@@ -804,3 +838,129 @@
logging_admin_audit($1, $2, $3)
logging_admin_syslog($1, $2, $3)
')
@@ -31062,6 +31074,7 @@
+ role system_r types $1;
+
+ domtrans_pattern(audisp_t,$2,$1)
++ allow $1 audisp_t:process signal;
+
+ allow audisp_t $2:file getattr;
+ allow $1 audisp_t:unix_stream_socket rw_socket_perms;
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/selinux-policy.spec,v
retrieving revision 1.694
retrieving revision 1.695
diff -u -r1.694 -r1.695
--- selinux-policy.spec 3 Jul 2008 20:15:27 -0000 1.694
+++ selinux-policy.spec 7 Jul 2008 17:55:17 -0000 1.695
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.3.1
-Release: 76%{?dist}
+Release: 77%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -385,6 +385,11 @@
%endif
%changelog
+* Mon Jul 7 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-77
+- Allow amanda to read tape
+- Allow prewikka cgi to use syslog, allow audisp_t to signal cgi
+- Add support for netware file systems
+
* Thu Jul 3 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-76
- Allow ypbind apps to net_bind_service
More information about the fedora-extras-commits
mailing list