rpms/selinux-policy/F-9 policy-20071130.patch, 1.189, 1.190 selinux-policy.spec, 1.694, 1.695

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Mon Jul 7 17:56:13 UTC 2008 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11972

Modified Files:
	policy-20071130.patch selinux-policy.spec 
Log Message:
* Mon Jul 7 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-77
- Allow amanda to read tape
- Allow prewikka cgi to use syslog, allow audisp_t to signal cgi
- Add support for netware file systems


policy-20071130.patch:

Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.189
retrieving revision 1.190
diff -u -r1.189 -r1.190
--- policy-20071130.patch	4 Jul 2008 12:30:50 -0000	1.189
+++ policy-20071130.patch	7 Jul 2008 17:55:17 -0000	1.190
@@ -1456,7 +1456,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-3.3.1/policy/modules/admin/amanda.te
 --- nsaserefpolicy/policy/modules/admin/amanda.te	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/admin/amanda.te	2008-07-02 08:47:10.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/admin/amanda.te	2008-07-07 11:14:55.000000000 -0400
 @@ -82,8 +82,9 @@
  allow amanda_t amanda_config_t:file { getattr read };
  
@@ -1478,7 +1478,16 @@
  
  manage_dirs_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t)
  manage_files_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t)
-@@ -220,6 +221,7 @@
+@@ -146,6 +147,8 @@
+ fs_list_all(amanda_t)
+ 
+ storage_raw_read_fixed_disk(amanda_t)
++storage_read_tape(amanda_t)
++storage_write_tape(amanda_t)
+ 
+ # Added for targeted policy
+ term_use_unallocated_ttys(amanda_t)
+@@ -220,6 +223,7 @@
  auth_use_nsswitch(amanda_recover_t)
  
  fstools_domtrans(amanda_t)
@@ -8863,7 +8872,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.3.1/policy/modules/kernel/filesystem.te
 --- nsaserefpolicy/policy/modules/kernel/filesystem.te	2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/kernel/filesystem.te	2008-07-02 08:47:10.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/kernel/filesystem.te	2008-07-07 12:19:17.000000000 -0400
 @@ -21,10 +21,11 @@
  
  # Use xattrs for the following filesystem types.
@@ -8909,12 +8918,13 @@
  
  #
  # iso9660_t is the type for CD filesystems
-@@ -231,6 +243,9 @@
+@@ -231,6 +243,10 @@
  genfscon hfs / gen_context(system_u:object_r:nfs_t,s0)
  genfscon hfsplus / gen_context(system_u:object_r:nfs_t,s0)
  genfscon reiserfs / gen_context(system_u:object_r:nfs_t,s0)
 +genfscon lustre / gen_context(system_u:object_r:nfs_t,s0)
 +genfscon panfs / gen_context(system_u:object_r:nfs_t,s0)
++genfscon ncpfs / gen_context(system_u:object_r:nfs_t,s0)
 +
  
  ########################################
@@ -21511,8 +21521,8 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.3.1/policy/modules/services/prelude.te
 --- nsaserefpolicy/policy/modules/services/prelude.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/prelude.te	2008-07-02 08:47:10.000000000 -0400
-@@ -0,0 +1,249 @@
++++ serefpolicy-3.3.1/policy/modules/services/prelude.te	2008-07-07 11:27:35.000000000 -0400
+@@ -0,0 +1,251 @@
 +
 +policy_module(prelude, 1.0.0)
 +
@@ -21753,6 +21763,8 @@
 +
 +	can_exec(httpd_prewikka_script_t, httpd_prewikka_script_exec_t)
 +
++	logging_send_syslog_msg(httpd_prewikka_script_t)
++
 +	optional_policy(`
 +		mysql_search_db(httpd_prewikka_script_t)
 +		mysql_stream_connect(httpd_prewikka_script_t)
@@ -30860,7 +30872,7 @@
 +/var/cfengine/outputs(/.*)?	gen_context(system_u:object_r:var_log_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.3.1/policy/modules/system/logging.if
 --- nsaserefpolicy/policy/modules/system/logging.if	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/logging.if	2008-07-02 08:47:10.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/logging.if	2008-07-07 11:26:21.000000000 -0400
 @@ -213,12 +213,7 @@
  ## </param>
  #
@@ -30956,7 +30968,7 @@
  ')
  
  ########################################
-@@ -804,3 +838,128 @@
+@@ -804,3 +838,129 @@
  	logging_admin_audit($1, $2, $3)
  	logging_admin_syslog($1, $2, $3)
  ')
@@ -31062,6 +31074,7 @@
 +	role system_r types $1;
 +
 +	domtrans_pattern(audisp_t,$2,$1)
++	allow $1 audisp_t:process signal;
 +
 +	allow audisp_t $2:file getattr;
 +	allow $1 audisp_t:unix_stream_socket rw_socket_perms;


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/selinux-policy.spec,v
retrieving revision 1.694
retrieving revision 1.695
diff -u -r1.694 -r1.695
--- selinux-policy.spec	3 Jul 2008 20:15:27 -0000	1.694
+++ selinux-policy.spec	7 Jul 2008 17:55:17 -0000	1.695
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.3.1
-Release: 76%{?dist}
+Release: 77%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -385,6 +385,11 @@
 %endif
 
 %changelog
+* Mon Jul 7 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-77
+- Allow amanda to read tape
+- Allow prewikka cgi to use syslog, allow audisp_t to signal cgi
+- Add support for netware file systems
+
 * Thu Jul 3 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-76
 - Allow ypbind apps to net_bind_service

More information about the fedora-extras-commits mailing list