rpms/selinux-policy/devel policy-20080710.patch,1.7,1.8
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Fri Jul 25 11:54:04 UTC 2008
- Previous message (by thread): rpms/filezilla/devel sources, 1.15, 1.16 .cvsignore, 1.12, 1.13 filezilla.spec, 1.16, 1.17 FileZilla_3.1.0-socket.patch, 1.1, NONE FileZilla_3.0.11-rc1-system.patch, 1.1, NONE
- Next message (by thread): rpms/gdb/F-9 gdb-6.8-upstream.patch,1.4,1.5 gdb.spec,1.288,1.289
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25841
Modified Files:
policy-20080710.patch
Log Message:
* Fri Jul 25 2008 Dan Walsh <dwalsh at redhat.com> 3.5.1-3
- Fixes for logrotate, alsa
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080710.patch,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- policy-20080710.patch 25 Jul 2008 11:42:14 -0000 1.7
+++ policy-20080710.patch 25 Jul 2008 11:53:34 -0000 1.8
@@ -10389,7 +10389,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.5.1/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2008-07-10 11:38:46.000000000 -0400
-+++ serefpolicy-3.5.1/policy/modules/services/apache.te 2008-07-25 07:41:00.000000000 -0400
++++ serefpolicy-3.5.1/policy/modules/services/apache.te 2008-07-25 07:51:49.000000000 -0400
@@ -20,6 +20,8 @@
# Declarations
#
@@ -10399,20 +10399,27 @@
## <desc>
## <p>
## Allow Apache to modify public files
-@@ -31,10 +33,10 @@
+@@ -31,10 +33,17 @@
## <desc>
## <p>
-## Allow Apache to use mod_auth_pam
-+## Allow Apache to communicate with avahi service via dbus
++## Allow httpd scripts and modules execmem/execstack
## </p>
## </desc>
-gen_tunable(allow_httpd_mod_auth_pam,false)
++gen_tunable(httpd_execmem,false)
++
++## <desc>
++## <p>
++## Allow Apache to communicate with avahi service via dbus
++## </p>
++## </desc>
+gen_tunable(allow_httpd_dbus_avahi,false)
## <desc>
## <p>
-@@ -45,7 +47,14 @@
+@@ -45,7 +54,14 @@
## <desc>
## <p>
@@ -10428,7 +10435,7 @@
## </p>
## </desc>
gen_tunable(httpd_can_network_connect,false)
-@@ -109,14 +118,33 @@
+@@ -109,14 +125,33 @@
## </desc>
gen_tunable(httpd_unified,false)
@@ -10464,7 +10471,7 @@
# user script domains
attribute httpd_script_domains;
-@@ -147,6 +175,9 @@
+@@ -147,6 +182,9 @@
type httpd_log_t;
logging_log_file(httpd_log_t)
@@ -10474,7 +10481,7 @@
# httpd_modules_t is the type given to module files (libraries)
# that come with Apache /etc/httpd/modules and /usr/lib/apache
type httpd_modules_t;
-@@ -180,6 +211,9 @@
+@@ -180,6 +218,9 @@
# setup the system domain for system CGI scripts
apache_content_template(sys)
@@ -10484,7 +10491,7 @@
type httpd_tmp_t;
files_tmp_file(httpd_tmp_t)
-@@ -202,12 +236,16 @@
+@@ -202,12 +243,16 @@
prelink_object_file(httpd_modules_t)
')
@@ -10502,7 +10509,7 @@
dontaudit httpd_t self:capability { net_admin sys_tty_config };
allow httpd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow httpd_t self:fd use;
-@@ -249,6 +287,7 @@
+@@ -249,6 +294,7 @@
allow httpd_t httpd_modules_t:dir list_dir_perms;
mmap_files_pattern(httpd_t,httpd_modules_t,httpd_modules_t)
read_files_pattern(httpd_t,httpd_modules_t,httpd_modules_t)
@@ -10510,7 +10517,7 @@
apache_domtrans_rotatelogs(httpd_t)
# Apache-httpd needs to be able to send signals to the log rotate procs.
-@@ -289,6 +328,7 @@
+@@ -289,6 +335,7 @@
kernel_read_kernel_sysctls(httpd_t)
# for modules that want to access /proc/meminfo
kernel_read_system_state(httpd_t)
@@ -10518,7 +10525,7 @@
corenet_all_recvfrom_unlabeled(httpd_t)
corenet_all_recvfrom_netlabel(httpd_t)
-@@ -312,12 +352,11 @@
+@@ -312,12 +359,11 @@
fs_getattr_all_fs(httpd_t)
fs_search_auto_mountpoints(httpd_t)
@@ -10533,7 +10540,7 @@
domain_use_interactive_fds(httpd_t)
-@@ -335,6 +374,10 @@
+@@ -335,6 +381,10 @@
files_read_var_lib_symlinks(httpd_t)
fs_search_auto_mountpoints(httpd_sys_script_t)
@@ -10544,7 +10551,7 @@
libs_use_ld_so(httpd_t)
libs_use_shared_libs(httpd_t)
-@@ -351,25 +394,50 @@
+@@ -351,25 +401,50 @@
userdom_use_unpriv_users_fds(httpd_t)
@@ -10599,7 +10606,7 @@
tunable_policy(`httpd_can_network_relay',`
# allow httpd to work as a relay
corenet_tcp_connect_gopher_port(httpd_t)
-@@ -382,23 +450,34 @@
+@@ -382,23 +457,34 @@
corenet_sendrecv_http_cache_client_packets(httpd_t)
')
@@ -10642,7 +10649,7 @@
fs_read_nfs_files(httpd_t)
fs_read_nfs_symlinks(httpd_t)
')
-@@ -408,6 +487,11 @@
+@@ -408,6 +494,11 @@
fs_read_cifs_symlinks(httpd_t)
')
@@ -10654,7 +10661,7 @@
tunable_policy(`httpd_ssi_exec',`
corecmd_shell_domtrans(httpd_t,httpd_sys_script_t)
allow httpd_sys_script_t httpd_t:fd use;
-@@ -441,8 +525,13 @@
+@@ -441,8 +532,13 @@
')
optional_policy(`
@@ -10670,7 +10677,7 @@
')
optional_policy(`
-@@ -454,19 +543,13 @@
+@@ -454,19 +550,13 @@
')
optional_policy(`
@@ -10691,7 +10698,7 @@
')
optional_policy(`
-@@ -476,6 +559,12 @@
+@@ -476,6 +566,12 @@
openca_kill(httpd_t)
')
@@ -10704,7 +10711,7 @@
optional_policy(`
# Allow httpd to work with postgresql
postgresql_stream_connect(httpd_t)
-@@ -483,6 +572,7 @@
+@@ -483,6 +579,7 @@
tunable_policy(`httpd_can_network_connect_db',`
postgresql_tcp_connect(httpd_t)
@@ -10712,7 +10719,7 @@
')
')
-@@ -491,6 +581,7 @@
+@@ -491,6 +588,7 @@
')
optional_policy(`
@@ -10720,7 +10727,7 @@
snmp_dontaudit_read_snmp_var_lib_files(httpd_t)
snmp_dontaudit_write_snmp_var_lib_files(httpd_t)
')
-@@ -520,9 +611,28 @@
+@@ -520,9 +618,28 @@
logging_send_syslog_msg(httpd_helper_t)
tunable_policy(`httpd_tty_comm',`
@@ -10749,7 +10756,7 @@
########################################
#
# Apache PHP script local policy
-@@ -552,22 +662,27 @@
+@@ -552,22 +669,27 @@
fs_search_auto_mountpoints(httpd_php_t)
@@ -10783,7 +10790,7 @@
')
########################################
-@@ -591,6 +706,8 @@
+@@ -591,6 +713,8 @@
manage_files_pattern(httpd_suexec_t,httpd_suexec_tmp_t,httpd_suexec_tmp_t)
files_tmp_filetrans(httpd_suexec_t, httpd_suexec_tmp_t, { file dir })
@@ -10792,7 +10799,7 @@
kernel_read_kernel_sysctls(httpd_suexec_t)
kernel_list_proc(httpd_suexec_t)
kernel_read_proc_symlinks(httpd_suexec_t)
-@@ -599,9 +716,7 @@
+@@ -599,9 +723,7 @@
fs_search_auto_mountpoints(httpd_suexec_t)
@@ -10803,7 +10810,7 @@
files_read_etc_files(httpd_suexec_t)
files_read_usr_files(httpd_suexec_t)
-@@ -634,12 +749,21 @@
+@@ -634,12 +756,21 @@
corenet_sendrecv_all_client_packets(httpd_suexec_t)
')
@@ -10828,7 +10835,7 @@
')
tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
-@@ -648,6 +772,12 @@
+@@ -648,6 +779,12 @@
fs_exec_nfs_files(httpd_suexec_t)
')
@@ -10841,7 +10848,7 @@
tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
fs_read_cifs_files(httpd_suexec_t)
fs_read_cifs_symlinks(httpd_suexec_t)
-@@ -665,10 +795,6 @@
+@@ -665,10 +802,6 @@
dontaudit httpd_suexec_t httpd_t:unix_stream_socket { read write };
')
@@ -10852,7 +10859,7 @@
########################################
#
# Apache system script local policy
-@@ -678,7 +804,8 @@
+@@ -678,7 +811,8 @@
dontaudit httpd_sys_script_t httpd_config_t:dir search;
@@ -10862,7 +10869,7 @@
allow httpd_sys_script_t squirrelmail_spool_t:dir list_dir_perms;
read_files_pattern(httpd_sys_script_t,squirrelmail_spool_t,squirrelmail_spool_t)
-@@ -692,19 +819,44 @@
+@@ -692,19 +826,44 @@
# Should we add a boolean?
apache_domtrans_rotatelogs(httpd_sys_script_t)
@@ -10910,7 +10917,7 @@
tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
fs_read_cifs_files(httpd_sys_script_t)
fs_read_cifs_symlinks(httpd_sys_script_t)
-@@ -717,10 +869,10 @@
+@@ -717,10 +876,10 @@
optional_policy(`
mysql_stream_connect(httpd_sys_script_t)
mysql_rw_db_sockets(httpd_sys_script_t)
@@ -10925,7 +10932,7 @@
')
########################################
-@@ -728,6 +880,8 @@
+@@ -728,6 +887,8 @@
# httpd_rotatelogs local policy
#
@@ -10934,7 +10941,7 @@
manage_files_pattern(httpd_rotatelogs_t,httpd_log_t,httpd_log_t)
kernel_read_kernel_sysctls(httpd_rotatelogs_t)
-@@ -742,3 +896,48 @@
+@@ -742,3 +903,48 @@
logging_search_logs(httpd_rotatelogs_t)
miscfiles_read_localization(httpd_rotatelogs_t)
- Previous message (by thread): rpms/filezilla/devel sources, 1.15, 1.16 .cvsignore, 1.12, 1.13 filezilla.spec, 1.16, 1.17 FileZilla_3.1.0-socket.patch, 1.1, NONE FileZilla_3.0.11-rc1-system.patch, 1.1, NONE
- Next message (by thread): rpms/gdb/F-9 gdb-6.8-upstream.patch,1.4,1.5 gdb.spec,1.288,1.289
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list