rpms/selinux-policy/F-8 policy-20070703.patch,1.216,1.217
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Thu Jul 24 10:47:53 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7951
Modified Files:
policy-20070703.patch
Log Message:
* Wed Jul 2 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-111
- Handle updated NetworkManager
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.216
retrieving revision 1.217
diff -u -r1.216 -r1.217
--- policy-20070703.patch 2 Jul 2008 20:53:30 -0000 1.216
+++ policy-20070703.patch 24 Jul 2008 10:47:06 -0000 1.217
@@ -1812,7 +1812,7 @@
files_search_var(mrtg_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.0.8/policy/modules/admin/netutils.te
--- nsaserefpolicy/policy/modules/admin/netutils.te 2008-06-12 23:37:55.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/admin/netutils.te 2008-06-12 23:37:59.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/admin/netutils.te 2008-07-02 17:05:40.000000000 -0400
@@ -40,7 +40,7 @@
allow netutils_t self:capability { net_admin net_raw setuid setgid };
dontaudit netutils_t self:capability sys_tty_config;
@@ -1871,18 +1871,7 @@
nis_use_ypbind(ping_t)
')
-@@ -151,6 +170,10 @@
- ')
-
- optional_policy(`
-+ munin_append_logs(ping_t)
-+')
-+
-+optional_policy(`
- pcmcia_use_cardmgr_fds(ping_t)
- ')
-
-@@ -166,7 +189,7 @@
+@@ -166,7 +185,7 @@
allow traceroute_t self:capability { net_admin net_raw setuid setgid };
allow traceroute_t self:rawip_socket create_socket_perms;
allow traceroute_t self:packet_socket create_socket_perms;
@@ -9656,7 +9645,7 @@
ifdef(`distro_redhat',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.0.8/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2008-06-12 23:37:57.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/dbus.if 2008-06-12 23:37:58.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/dbus.if 2008-07-02 17:15:03.000000000 -0400
@@ -50,6 +50,12 @@
## </param>
#
@@ -9754,7 +9743,7 @@
# For connecting to the bus
allow $3 $1_dbusd_t:unix_stream_socket connectto;
-+ userdom_dontaudit_write_user_home_content_files($1_dbusd_t)
++ userdom_dontaudit_write_user_home_content_files($1, $1_dbusd_t)
')
########################################
@@ -22847,7 +22836,7 @@
+/usr/sbin/sysreport -- gen_context(system_u:object_r:unconfined_notrans_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.0.8/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2008-06-12 23:37:57.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/unconfined.if 2008-06-12 23:37:59.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/unconfined.if 2008-07-02 17:10:48.000000000 -0400
@@ -12,14 +12,13 @@
#
interface(`unconfined_domain_noaudit',`
@@ -23444,7 +23433,7 @@
/tmp/gconfd-USER -d gen_context(system_u:object_r:ROLE_tmp_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.8/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-06-12 23:37:57.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2008-06-27 07:07:05.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2008-07-02 17:13:24.000000000 -0400
@@ -29,8 +29,9 @@
')
@@ -24450,9 +24439,14 @@
read_files_pattern($2,{ $1_home_dir_t $1_home_t },$1_home_t)
')
-@@ -2034,6 +2161,10 @@
- ')
-
+@@ -2029,11 +2156,11 @@
+ ## </param>
+ #
+ template(`userdom_dontaudit_write_user_home_content_files',`
+- gen_require(`
+- type $1_home_t;
+- ')
+-
dontaudit $2 $1_home_t:file write;
+ fs_dontaudit_list_nfs($2)
+ fs_dontaudit_rw_nfs_files($2)
@@ -24461,7 +24455,7 @@
')
########################################
-@@ -2066,7 +2197,7 @@
+@@ -2066,7 +2193,7 @@
type $1_home_dir_t, $1_home_t;
')
@@ -24470,7 +24464,7 @@
read_lnk_files_pattern($2,{ $1_home_dir_t $1_home_t },$1_home_t)
')
-@@ -2100,7 +2231,7 @@
+@@ -2100,7 +2227,7 @@
type $1_home_dir_t, $1_home_t;
')
@@ -24479,7 +24473,7 @@
exec_files_pattern($2,{ $1_home_dir_t $1_home_t },$1_home_t)
')
-@@ -2169,7 +2300,7 @@
+@@ -2169,7 +2296,7 @@
type $1_home_dir_t, $1_home_t;
')
@@ -24488,7 +24482,7 @@
allow $2 $1_home_dir_t:dir search_dir_perms;
manage_files_pattern($2,$1_home_t,$1_home_t)
')
-@@ -2241,7 +2372,7 @@
+@@ -2241,7 +2368,7 @@
type $1_home_dir_t, $1_home_t;
')
@@ -24497,7 +24491,7 @@
allow $2 $1_home_dir_t:dir search_dir_perms;
manage_lnk_files_pattern($2,$1_home_t,$1_home_t)
')
-@@ -2278,7 +2409,7 @@
+@@ -2278,7 +2405,7 @@
type $1_home_dir_t, $1_home_t;
')
@@ -24506,7 +24500,7 @@
allow $2 $1_home_dir_t:dir search_dir_perms;
manage_fifo_files_pattern($2,$1_home_t,$1_home_t)
')
-@@ -2315,7 +2446,7 @@
+@@ -2315,7 +2442,7 @@
type $1_home_dir_t, $1_home_t;
')
@@ -24515,7 +24509,7 @@
allow $2 $1_home_dir_t:dir search_dir_perms;
manage_sock_files_pattern($2,$1_home_t,$1_home_t)
')
-@@ -2365,7 +2496,7 @@
+@@ -2365,7 +2492,7 @@
type $1_home_dir_t;
')
@@ -24524,7 +24518,7 @@
filetrans_pattern($2,$1_home_dir_t,$3,$4)
')
-@@ -2414,7 +2545,7 @@
+@@ -2414,7 +2541,7 @@
type $1_home_t;
')
@@ -24533,7 +24527,7 @@
filetrans_pattern($2,$1_home_t,$3,$4)
')
-@@ -2458,7 +2589,7 @@
+@@ -2458,7 +2585,7 @@
type $1_home_dir_t, $1_home_t;
')
@@ -24542,7 +24536,7 @@
filetrans_pattern($2,$1_home_dir_t,$1_home_t,$3)
')
-@@ -2994,6 +3125,25 @@
+@@ -2994,6 +3121,25 @@
########################################
## <summary>
@@ -24568,7 +24562,7 @@
## Create objects in a user temporary directory
## with an automatic type transition to
## a specified private type.
-@@ -3078,7 +3228,7 @@
+@@ -3078,7 +3224,7 @@
#
template(`userdom_tmp_filetrans_user_tmp',`
gen_require(`
@@ -24577,7 +24571,7 @@
')
files_tmp_filetrans($2,$1_tmp_t,$3)
-@@ -3086,11 +3236,11 @@
+@@ -3086,11 +3232,11 @@
########################################
## <summary>
@@ -24591,7 +24585,7 @@
## </p>
## <p>
## This is a templated interface, and should only
-@@ -3122,6 +3272,42 @@
+@@ -3122,6 +3268,42 @@
########################################
## <summary>
@@ -24634,7 +24628,7 @@
## List users untrusted directories.
## </summary>
## <desc>
-@@ -4089,7 +4275,7 @@
+@@ -4089,7 +4271,7 @@
type staff_home_dir_t;
')
@@ -24643,7 +24637,7 @@
allow $1 staff_home_dir_t:dir search_dir_perms;
')
-@@ -4128,7 +4314,7 @@
+@@ -4128,7 +4310,7 @@
type staff_home_dir_t;
')
@@ -24652,7 +24646,7 @@
allow $1 staff_home_dir_t:dir manage_dir_perms;
')
-@@ -4147,7 +4333,7 @@
+@@ -4147,7 +4329,7 @@
type staff_home_dir_t;
')
@@ -24661,7 +24655,7 @@
allow $1 staff_home_dir_t:dir relabelto;
')
-@@ -4185,7 +4371,7 @@
+@@ -4185,7 +4367,7 @@
type staff_home_dir_t, staff_home_t;
')
@@ -24670,7 +24664,7 @@
allow $1 { staff_home_dir_t staff_home_t }:dir list_dir_perms;
read_files_pattern($1,{ staff_home_dir_t staff_home_t },staff_home_t)
read_lnk_files_pattern($1,{ staff_home_dir_t staff_home_t },staff_home_t)
-@@ -4410,6 +4596,7 @@
+@@ -4410,6 +4592,7 @@
')
dontaudit $1 sysadm_home_dir_t:dir getattr;
@@ -24678,7 +24672,7 @@
')
########################################
-@@ -4444,9 +4631,11 @@
+@@ -4444,9 +4627,11 @@
interface(`userdom_dontaudit_search_sysadm_home_dirs',`
gen_require(`
type sysadm_home_dir_t;
@@ -24690,7 +24684,7 @@
')
########################################
-@@ -4570,10 +4759,11 @@
+@@ -4570,10 +4755,11 @@
type sysadm_home_dir_t, sysadm_home_t;
')
@@ -24703,7 +24697,7 @@
')
########################################
-@@ -4609,11 +4799,29 @@
+@@ -4609,11 +4795,29 @@
#
interface(`userdom_search_all_users_home_dirs',`
gen_require(`
@@ -24734,7 +24728,7 @@
')
########################################
-@@ -4633,6 +4841,14 @@
+@@ -4633,6 +4837,14 @@
files_list_home($1)
allow $1 home_dir_type:dir list_dir_perms;
@@ -24749,7 +24743,7 @@
')
########################################
-@@ -4670,6 +4886,8 @@
+@@ -4670,6 +4882,8 @@
')
dontaudit $1 { home_dir_type home_type }:dir search_dir_perms;
@@ -24758,7 +24752,7 @@
')
########################################
-@@ -4895,7 +5113,7 @@
+@@ -4895,7 +5109,7 @@
type user_home_dir_t, user_home_t;
')
@@ -24767,7 +24761,7 @@
filetrans_pattern($1,user_home_dir_t,user_home_t,$2)
')
-@@ -4933,7 +5151,7 @@
+@@ -4933,7 +5147,7 @@
type user_home_dir_t;
')
@@ -24776,7 +24770,7 @@
allow $1 user_home_dir_t:dir manage_dir_perms;
')
-@@ -4954,7 +5172,7 @@
+@@ -4954,7 +5168,7 @@
type user_home_t;
')
@@ -24785,7 +24779,7 @@
manage_dirs_pattern($1,{ user_home_dir_t user_home_t },user_home_t)
')
-@@ -4973,7 +5191,7 @@
+@@ -4973,7 +5187,7 @@
type staff_home_dir_t;
')
@@ -24794,7 +24788,7 @@
allow $1 user_home_dir_t:dir relabelto;
')
-@@ -4992,7 +5210,7 @@
+@@ -4992,7 +5206,7 @@
type user_home_t, user_home_dir_t;
')
@@ -24803,7 +24797,7 @@
allow $1 user_home_t:dir list_dir_perms;
read_files_pattern($1,{ user_home_dir_t user_home_t },user_home_t)
')
-@@ -5013,7 +5231,7 @@
+@@ -5013,7 +5227,7 @@
type user_home_t;
')
@@ -24812,7 +24806,7 @@
allow $1 user_home_t:file execute;
')
-@@ -5033,7 +5251,7 @@
+@@ -5033,7 +5247,7 @@
type user_home_dir_t, user_home_t;
')
@@ -24821,7 +24815,7 @@
manage_files_pattern($1,{ user_home_dir_t user_home_t },user_home_t)
')
-@@ -5072,7 +5290,7 @@
+@@ -5072,7 +5286,7 @@
type user_home_t;
')
@@ -24830,7 +24824,7 @@
manage_lnk_files_pattern($1,{ user_home_dir_t user_home_t },user_home_t)
')
-@@ -5092,7 +5310,7 @@
+@@ -5092,7 +5306,7 @@
type user_home_t;
')
@@ -24839,7 +24833,7 @@
manage_fifo_files_pattern($1,{ user_home_dir_t user_home_t },user_home_t)
')
-@@ -5112,7 +5330,7 @@
+@@ -5112,7 +5326,7 @@
type user_home_t;
')
@@ -24848,7 +24842,7 @@
manage_sock_files_pattern($1,{ user_home_dir_t user_home_t },user_home_t)
')
-@@ -5131,7 +5349,7 @@
+@@ -5131,7 +5345,7 @@
attribute user_home_dir_type;
')
@@ -24857,7 +24851,7 @@
allow $1 user_home_dir_type:dir search_dir_perms;
')
-@@ -5151,7 +5369,7 @@
+@@ -5151,7 +5365,7 @@
attribute user_home_dir_type, user_home_type;
')
@@ -24866,7 +24860,7 @@
allow $1 user_home_type:dir list_dir_perms;
read_files_pattern($1,{ user_home_dir_type user_home_type },user_home_type)
read_lnk_files_pattern($1,{ user_home_dir_type user_home_type },user_home_type)
-@@ -5173,7 +5391,7 @@
+@@ -5173,7 +5387,7 @@
attribute user_home_dir_type, user_home_type;
')
@@ -24875,7 +24869,7 @@
manage_dirs_pattern($1,{ user_home_dir_type user_home_type },user_home_type)
')
-@@ -5193,7 +5411,7 @@
+@@ -5193,7 +5407,7 @@
attribute user_home_dir_type, user_home_type;
')
@@ -24884,7 +24878,7 @@
manage_files_pattern($1,{ user_home_dir_type user_home_type },user_home_type)
')
-@@ -5323,7 +5541,7 @@
+@@ -5323,7 +5537,7 @@
attribute user_tmpfile;
')
@@ -24893,7 +24887,7 @@
')
########################################
-@@ -5346,6 +5564,25 @@
+@@ -5346,6 +5560,25 @@
########################################
## <summary>
@@ -24919,7 +24913,7 @@
## Write all unprivileged users files in /tmp
## </summary>
## <param name="domain">
-@@ -5529,6 +5766,24 @@
+@@ -5529,6 +5762,24 @@
########################################
## <summary>
@@ -24944,7 +24938,7 @@
## Send a dbus message to all user domains.
## </summary>
## <param name="domain">
-@@ -5559,3 +5814,420 @@
+@@ -5559,3 +5810,420 @@
interface(`userdom_unconfined',`
refpolicywarn(`$0($*) has been deprecated.')
')
More information about the fedora-extras-commits
mailing list