rpms/selinux-policy/devel policy-20080710.patch, 1.3, 1.4 selinux-policy.spec, 1.687, 1.688
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Thu Jul 24 18:19:50 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25985
Modified Files:
policy-20080710.patch selinux-policy.spec
Log Message:
* Wed Jul 16 2008 Dan Walsh <dwalsh at redhat.com> 3.5.1-1
- Fix xguest -> xguest_mozilla_t -> xguest_openiffice_t
- Change dhclient to be able to red networkmanager_var_run
policy-20080710.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.3 -r 1.4 policy-20080710.patch
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080710.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- policy-20080710.patch 17 Jul 2008 19:53:32 -0000 1.3
+++ policy-20080710.patch 24 Jul 2008 18:19:05 -0000 1.4
@@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.5.1/Makefile
--- nsaserefpolicy/Makefile 2008-06-12 23:25:10.000000000 -0400
-+++ serefpolicy-3.5.1/Makefile 2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/Makefile 2008-07-24 06:54:04.000000000 -0400
@@ -311,20 +311,22 @@
# parse-rolemap modulename,outputfile
@@ -47,7 +47,7 @@
$(verbose) $(INSTALL) -m 644 $< $@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.5.1/Rules.modular
--- nsaserefpolicy/Rules.modular 2008-06-12 23:25:10.000000000 -0400
-+++ serefpolicy-3.5.1/Rules.modular 2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/Rules.modular 2008-07-24 06:54:04.000000000 -0400
@@ -73,8 +73,8 @@
$(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
@echo "Compliling $(NAME) $(@F) module"
@@ -79,7 +79,7 @@
$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(tmpdir)/rolemap.conf
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.5.1/config/appconfig-mcs/default_contexts
--- nsaserefpolicy/config/appconfig-mcs/default_contexts 2008-06-12 23:25:09.000000000 -0400
-+++ serefpolicy-3.5.1/config/appconfig-mcs/default_contexts 2008-07-17 11:49:28.000000000 -0400
++++ serefpolicy-3.5.1/config/appconfig-mcs/default_contexts 2008-07-24 06:54:04.000000000 -0400
@@ -2,7 +2,7 @@
system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
system_r:remote_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 unconfined_r:unconfined_t:s0
@@ -91,13 +91,13 @@
staff_r:staff_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.5.1/config/appconfig-mcs/failsafe_context
--- nsaserefpolicy/config/appconfig-mcs/failsafe_context 2008-06-12 23:25:09.000000000 -0400
-+++ serefpolicy-3.5.1/config/appconfig-mcs/failsafe_context 2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/config/appconfig-mcs/failsafe_context 2008-07-24 06:54:04.000000000 -0400
@@ -1 +1 @@
-sysadm_r:sysadm_t:s0
+system_r:unconfined_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts serefpolicy-3.5.1/config/appconfig-mcs/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.1/config/appconfig-mcs/guest_u_default_contexts 2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/config/appconfig-mcs/guest_u_default_contexts 2008-07-24 06:54:04.000000000 -0400
@@ -0,0 +1,4 @@
+system_r:local_login_t:s0 guest_r:guest_t:s0
+system_r:remote_login_t:s0 guest_r:guest_t:s0
@@ -105,7 +105,7 @@
+system_r:crond_t:s0 guest_r:guest_crond_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.5.1/config/appconfig-mcs/root_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/root_default_contexts 2008-06-12 23:25:09.000000000 -0400
-+++ serefpolicy-3.5.1/config/appconfig-mcs/root_default_contexts 2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/config/appconfig-mcs/root_default_contexts 2008-07-24 06:54:04.000000000 -0400
@@ -1,11 +1,7 @@
system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
system_r:local_login_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -121,7 +121,7 @@
+system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts serefpolicy-3.5.1/config/appconfig-mcs/unconfined_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.1/config/appconfig-mcs/unconfined_u_default_contexts 2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/config/appconfig-mcs/unconfined_u_default_contexts 2008-07-24 06:54:04.000000000 -0400
@@ -0,0 +1,9 @@
+system_r:crond_t:s0 unconfined_r:unconfined_t:s0
+system_r:initrc_t:s0 unconfined_r:unconfined_t:s0
@@ -134,13 +134,13 @@
+system_r:xdm_t:s0 unconfined_r:unconfined_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.5.1/config/appconfig-mcs/userhelper_context
--- nsaserefpolicy/config/appconfig-mcs/userhelper_context 2008-06-12 23:25:09.000000000 -0400
-+++ serefpolicy-3.5.1/config/appconfig-mcs/userhelper_context 2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/config/appconfig-mcs/userhelper_context 2008-07-24 06:54:04.000000000 -0400
@@ -1 +1 @@
-system_u:sysadm_r:sysadm_t:s0
+system_u:system_r:unconfined_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.5.1/config/appconfig-mcs/xguest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.1/config/appconfig-mcs/xguest_u_default_contexts 2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/config/appconfig-mcs/xguest_u_default_contexts 2008-07-24 06:54:04.000000000 -0400
@@ -0,0 +1,5 @@
+system_r:local_login_t xguest_r:xguest_t:s0
+system_r:remote_login_t xguest_r:xguest_t:s0
@@ -149,7 +149,7 @@
+system_r:xdm_t xguest_r:xguest_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts serefpolicy-3.5.1/config/appconfig-mls/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.1/config/appconfig-mls/guest_u_default_contexts 2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/config/appconfig-mls/guest_u_default_contexts 2008-07-24 06:54:04.000000000 -0400
@@ -0,0 +1,4 @@
+system_r:local_login_t:s0 guest_r:guest_t:s0
+system_r:remote_login_t:s0 guest_r:guest_t:s0
@@ -157,7 +157,7 @@
+system_r:crond_t:s0 guest_r:guest_crond_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/guest_u_default_contexts serefpolicy-3.5.1/config/appconfig-standard/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-standard/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.1/config/appconfig-standard/guest_u_default_contexts 2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/config/appconfig-standard/guest_u_default_contexts 2008-07-24 06:54:04.000000000 -0400
@@ -0,0 +1,4 @@
+system_r:local_login_t guest_r:guest_t
+system_r:remote_login_t guest_r:guest_t
@@ -165,7 +165,7 @@
+system_r:crond_t guest_r:guest_crond_t
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/root_default_contexts serefpolicy-3.5.1/config/appconfig-standard/root_default_contexts
--- nsaserefpolicy/config/appconfig-standard/root_default_contexts 2008-06-12 23:25:09.000000000 -0400
-+++ serefpolicy-3.5.1/config/appconfig-standard/root_default_contexts 2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/config/appconfig-standard/root_default_contexts 2008-07-24 06:54:04.000000000 -0400
@@ -1,11 +1,7 @@
system_r:crond_t unconfined_r:unconfined_t sysadm_r:sysadm_crond_t staff_r:staff_crond_t user_r:user_crond_t
system_r:local_login_t unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
@@ -181,7 +181,7 @@
+system_r:sshd_t unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/xguest_u_default_contexts serefpolicy-3.5.1/config/appconfig-standard/xguest_u_default_contexts
--- nsaserefpolicy/config/appconfig-standard/xguest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.1/config/appconfig-standard/xguest_u_default_contexts 2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/config/appconfig-standard/xguest_u_default_contexts 2008-07-24 06:54:04.000000000 -0400
@@ -0,0 +1,5 @@
+system_r:local_login_t xguest_r:xguest_t
+system_r:remote_login_t xguest_r:xguest_t
@@ -190,21 +190,115 @@
+system_r:xdm_t xguest_r:xguest_t
diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 serefpolicy-3.5.1/man/man8/ftpd_selinux.8
--- nsaserefpolicy/man/man8/ftpd_selinux.8 2008-06-12 23:25:09.000000000 -0400
-+++ serefpolicy-3.5.1/man/man8/ftpd_selinux.8 2008-07-16 10:33:11.000000000 -0400
-@@ -35,10 +35,6 @@
- directorories, you need to set the ftp_home_dir boolean.
++++ serefpolicy-3.5.1/man/man8/ftpd_selinux.8 2008-07-24 06:54:04.000000000 -0400
+@@ -1,52 +1,65 @@
+-.TH "ftpd_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "ftpd Selinux Policy documentation"
++.TH "ftpd_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "ftpd SELinux policy documentation"
+ .SH "NAME"
+-ftpd_selinux \- Security Enhanced Linux Policy for the ftp daemon
++.PP
++ftpd_selinux \- Security-Enhanced Linux policy for ftp daemons.
+ .SH "DESCRIPTION"
+-
+-Security-Enhanced Linux secures the ftpd server via flexible mandatory access
+-control.
++.PP
++Security-Enhanced Linux provides security for ftp daemons via flexible mandatory access control.
+ .SH FILE_CONTEXTS
+-SELinux requires files to have an extended attribute to define the file type.
+-Policy governs the access daemons have to these files.
+-If you want to share files anonymously, you must label the files and directories public_content_t. So if you created a special directory /var/ftp, you would need to label the directory with the chcon tool.
+-.TP
+-chcon -R -t public_content_t /var/ftp
+-.TP
+-If you want to setup a directory where you can upload files to you must label the files and directories public_content_rw_t. So if you created a special directory /var/ftp/incoming, you would need to label the directory with the chcon tool.
+-.TP
+-chcon -t public_content_rw_t /var/ftp/incoming
++.PP
++SELinux requires files to have a file type. File types may be specified with semanage and are restored with restorecon. Policy governs the access that daemons have to files.
+ .TP
+-You must also turn on the boolean allow_ftpd_anon_write.
++Allow ftp servers to read the /var/ftp directory by adding the public_content_t file type to the directory and by restoring the file type.
++.PP
++.B
++semanage fcontext -a -t public_content_t "/var/ftp(/.*)?"
++.TP
++.B
++restorecon -R -v /var/ftp
++.TP
++Allow ftp servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_ftpd_anon_write boolean to be set.
++.PP
++.B
++semanage fcontext -a -t public_content_rw_t "/var/ftp/incoming(/.*)?"
.TP
- setsebool -P ftp_home_dir 1
+-setsebool -P allow_ftpd_anon_write=1
+-.TP
+-If you want to make this permanant, i.e. survive a relabel, you must add an entry to the file_contexts.local file.
+-.TP
+-/etc/selinux/POLICYTYPE/contexts/files/file_contexts.local
+-.br
+-/var/ftp(/.*)? system_u:object_r:public_content_t
+-/var/ftp/incoming(/.*)? system_u:object_r:public_content_rw_t
++.B
++restorecon -R -v /var/ftp/incoming
+
+ .SH BOOLEANS
+-SELinux ftp daemon policy is customizable based on least access required. So by
+-default SElinux does not allow users to login and read their home directories.
+-.br
+-If you are setting up this machine as a ftpd server and wish to allow users to access their home
+-directorories, you need to set the ftp_home_dir boolean.
+-.TP
+-setsebool -P ftp_home_dir 1
-.TP
-ftpd can run either as a standalone daemon or as part of the xinetd domain. If you want to run ftpd as a daemon you must set the ftpd_is_daemon boolean.
-.TP
-setsebool -P ftpd_is_daemon 1
- .br
- service vsftpd restart
+-.br
+-service vsftpd restart
++.PP
++SELinux policy is based on least privilege required and may also be customizable by setting a boolean with setsebool.
++.TP
++Allow ftp servers to read and write files with the public_content_rw_t file type.
[...4620 lines suppressed...]
optional_policy(`
-@@ -226,6 +235,10 @@
+@@ -226,6 +229,10 @@
')
optional_policy(`
@@ -32631,7 +32661,7 @@
kernel_read_xen_state(dhcpc_t)
kernel_write_xen_state(dhcpc_t)
xen_append_log(dhcpc_t)
-@@ -239,7 +252,6 @@
+@@ -239,7 +246,6 @@
allow ifconfig_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execheap execstack };
allow ifconfig_t self:capability { net_raw net_admin sys_tty_config };
@@ -32639,7 +32669,7 @@
allow ifconfig_t self:fd use;
allow ifconfig_t self:fifo_file rw_fifo_file_perms;
-@@ -253,6 +265,7 @@
+@@ -253,6 +259,7 @@
allow ifconfig_t self:sem create_sem_perms;
allow ifconfig_t self:msgq create_msgq_perms;
allow ifconfig_t self:msg { send receive };
@@ -32647,7 +32677,7 @@
# Create UDP sockets, necessary when called from dhcpc
allow ifconfig_t self:udp_socket create_socket_perms;
-@@ -268,7 +281,10 @@
+@@ -268,7 +275,10 @@
kernel_read_system_state(ifconfig_t)
kernel_read_network_state(ifconfig_t)
kernel_search_network_sysctl(ifconfig_t)
@@ -32658,7 +32688,7 @@
corenet_rw_tun_tap_dev(ifconfig_t)
-@@ -279,8 +295,11 @@
+@@ -279,8 +289,11 @@
fs_getattr_xattr_fs(ifconfig_t)
fs_search_auto_mountpoints(ifconfig_t)
@@ -32670,7 +32700,7 @@
domain_use_interactive_fds(ifconfig_t)
-@@ -308,7 +327,7 @@
+@@ -308,7 +321,7 @@
unconfined_domain(ifconfig_t)
')
')
@@ -32679,7 +32709,7 @@
ifdef(`hide_broken_symptoms',`
optional_policy(`
dev_dontaudit_rw_cardmgr(ifconfig_t)
-@@ -324,6 +343,10 @@
+@@ -324,6 +337,10 @@
')
optional_policy(`
@@ -32690,7 +32720,7 @@
nis_use_ypbind(ifconfig_t)
')
-@@ -332,6 +355,14 @@
+@@ -332,6 +349,14 @@
')
optional_policy(`
@@ -32707,7 +32737,7 @@
xen_append_log(ifconfig_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.if serefpolicy-3.5.1/policy/modules/system/udev.if
--- nsaserefpolicy/policy/modules/system/udev.if 2008-06-12 23:25:07.000000000 -0400
-+++ serefpolicy-3.5.1/policy/modules/system/udev.if 2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/policy/modules/system/udev.if 2008-07-24 06:54:05.000000000 -0400
@@ -96,6 +96,24 @@
########################################
@@ -32763,7 +32793,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.5.1/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2008-06-12 23:25:07.000000000 -0400
-+++ serefpolicy-3.5.1/policy/modules/system/udev.te 2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/policy/modules/system/udev.te 2008-07-24 06:54:05.000000000 -0400
@@ -83,6 +83,7 @@
kernel_rw_unix_dgram_sockets(udev_t)
kernel_dgram_send(udev_t)
@@ -32821,8 +32851,8 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.5.1/policy/modules/system/unconfined.fc
--- nsaserefpolicy/policy/modules/system/unconfined.fc 2008-07-16 10:26:23.000000000 -0400
-+++ serefpolicy-3.5.1/policy/modules/system/unconfined.fc 2008-07-16 10:33:11.000000000 -0400
-@@ -2,15 +2,28 @@
++++ serefpolicy-3.5.1/policy/modules/system/unconfined.fc 2008-07-24 06:54:05.000000000 -0400
+@@ -2,15 +2,29 @@
# e.g.:
# /usr/local/bin/appsrv -- gen_context(system_u:object_r:unconfined_exec_t,s0)
# For the time being until someone writes a sane policy, we need initrc to transition to unconfined_t
@@ -32856,9 +32886,10 @@
+/usr/libexec/ghc-[^/]+/ghc-.* -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
+
+/opt/real/(.*/)?realplay\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
++/usr/sbin/vbetool -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.5.1/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2008-07-16 10:26:23.000000000 -0400
-+++ serefpolicy-3.5.1/policy/modules/system/unconfined.if 2008-07-16 14:12:57.000000000 -0400
++++ serefpolicy-3.5.1/policy/modules/system/unconfined.if 2008-07-24 06:54:05.000000000 -0400
@@ -12,14 +12,13 @@
#
interface(`unconfined_domain_noaudit',`
@@ -33228,7 +33259,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.5.1/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2008-07-16 10:26:23.000000000 -0400
-+++ serefpolicy-3.5.1/policy/modules/system/unconfined.te 2008-07-16 14:13:22.000000000 -0400
++++ serefpolicy-3.5.1/policy/modules/system/unconfined.te 2008-07-24 06:54:05.000000000 -0400
@@ -6,35 +6,74 @@
# Declarations
#
@@ -33564,7 +33595,7 @@
+domain_ptrace_all_domains(unconfined_notrans_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.5.1/policy/modules/system/userdomain.fc
--- nsaserefpolicy/policy/modules/system/userdomain.fc 2008-06-12 23:25:07.000000000 -0400
-+++ serefpolicy-3.5.1/policy/modules/system/userdomain.fc 2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/policy/modules/system/userdomain.fc 2008-07-24 06:54:05.000000000 -0400
@@ -1,4 +1,5 @@
-HOME_DIR -d gen_context(system_u:object_r:ROLE_home_dir_t,s0-mls_systemhigh)
-HOME_DIR/.+ gen_context(system_u:object_r:ROLE_home_t,s0)
@@ -33577,7 +33608,7 @@
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.5.1/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-07-10 11:38:46.000000000 -0400
-+++ serefpolicy-3.5.1/policy/modules/system/userdomain.if 2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/policy/modules/system/userdomain.if 2008-07-24 06:54:05.000000000 -0400
@@ -28,10 +28,14 @@
class context contains;
')
@@ -36333,7 +36364,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.5.1/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2008-07-10 11:38:46.000000000 -0400
-+++ serefpolicy-3.5.1/policy/modules/system/userdomain.te 2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/policy/modules/system/userdomain.te 2008-07-24 06:54:05.000000000 -0400
@@ -8,13 +8,6 @@
## <desc>
@@ -36450,7 +36481,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-3.5.1/policy/modules/system/xen.fc
--- nsaserefpolicy/policy/modules/system/xen.fc 2008-06-12 23:25:07.000000000 -0400
-+++ serefpolicy-3.5.1/policy/modules/system/xen.fc 2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/policy/modules/system/xen.fc 2008-07-24 06:54:05.000000000 -0400
@@ -20,6 +20,7 @@
/var/run/xenconsoled\.pid -- gen_context(system_u:object_r:xenconsoled_var_run_t,s0)
/var/run/xend(/.*)? gen_context(system_u:object_r:xend_var_run_t,s0)
@@ -36461,7 +36492,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.5.1/policy/modules/system/xen.if
--- nsaserefpolicy/policy/modules/system/xen.if 2008-06-12 23:25:07.000000000 -0400
-+++ serefpolicy-3.5.1/policy/modules/system/xen.if 2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/policy/modules/system/xen.if 2008-07-24 06:54:05.000000000 -0400
@@ -167,11 +167,14 @@
#
interface(`xen_stream_connect',`
@@ -36505,7 +36536,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.5.1/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2008-07-10 11:38:46.000000000 -0400
-+++ serefpolicy-3.5.1/policy/modules/system/xen.te 2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/policy/modules/system/xen.te 2008-07-24 06:54:05.000000000 -0400
@@ -6,6 +6,13 @@
# Declarations
#
@@ -36744,7 +36775,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/file_patterns.spt serefpolicy-3.5.1/policy/support/file_patterns.spt
--- nsaserefpolicy/policy/support/file_patterns.spt 2008-06-12 23:25:08.000000000 -0400
-+++ serefpolicy-3.5.1/policy/support/file_patterns.spt 2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/policy/support/file_patterns.spt 2008-07-24 06:54:05.000000000 -0400
@@ -537,3 +537,23 @@
allow $1 $2:dir rw_dir_perms;
type_transition $1 $2:$4 $3;
@@ -36771,7 +36802,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.5.1/policy/support/obj_perm_sets.spt
--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2008-06-12 23:25:08.000000000 -0400
-+++ serefpolicy-3.5.1/policy/support/obj_perm_sets.spt 2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/policy/support/obj_perm_sets.spt 2008-07-24 06:54:05.000000000 -0400
@@ -316,3 +316,13 @@
#
define(`client_stream_socket_perms', `{ create ioctl read getattr write setattr append bind getopt setopt shutdown }')
@@ -36788,7 +36819,7 @@
+define(`manage_key_perms', `{ create link read search setattr view write } ')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.5.1/policy/users
--- nsaserefpolicy/policy/users 2008-07-10 11:38:46.000000000 -0400
-+++ serefpolicy-3.5.1/policy/users 2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/policy/users 2008-07-24 06:54:05.000000000 -0400
@@ -1,3 +1,9 @@
+role auditadm_r;
+role secadm_r;
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.687
retrieving revision 1.688
diff -u -r1.687 -r1.688
--- selinux-policy.spec 17 Jul 2008 19:53:32 -0000 1.687
+++ selinux-policy.spec 24 Jul 2008 18:19:05 -0000 1.688
@@ -377,6 +377,7 @@
%changelog
* Wed Jul 16 2008 Dan Walsh <dwalsh at redhat.com> 3.5.1-1
- Fix xguest -> xguest_mozilla_t -> xguest_openiffice_t
+- Change dhclient to be able to red networkmanager_var_run
* Tue Jul 15 2008 Dan Walsh <dwalsh at redhat.com> 3.5.0-1
- Update to latest refpolicy
More information about the fedora-extras-commits
mailing list