rpms/selinux-policy/F-9 policy-20071130.patch,1.169,1.170
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Mon Jun 2 18:28:30 UTC 2008
- Previous message (by thread): rpms/smb4k/devel .cvsignore, 1.23, 1.24 smb4k.spec, 1.34, 1.35 sources, 1.23, 1.24
- Next message (by thread): rpms/gengetopt/F-8 .cvsignore, 1.5, 1.6 gengetopt.spec, 1.6, 1.7 sources, 1.5, 1.6 gengetopt-2.22-gcc43.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18416
Modified Files:
policy-20071130.patch
Log Message:
* Fri May 30 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-63
- Allow policykit_resolve to ptrace user processes
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.169
retrieving revision 1.170
diff -u -r1.169 -r1.170
--- policy-20071130.patch 2 Jun 2008 17:31:15 -0000 1.169
+++ policy-20071130.patch 2 Jun 2008 18:27:44 -0000 1.170
@@ -2057,7 +2057,7 @@
files_search_var(mrtg_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.3.1/policy/modules/admin/netutils.te
--- nsaserefpolicy/policy/modules/admin/netutils.te 2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/admin/netutils.te 2008-06-02 13:05:27.551865000 -0400
++++ serefpolicy-3.3.1/policy/modules/admin/netutils.te 2008-06-02 14:14:11.007492000 -0400
@@ -50,6 +50,7 @@
files_tmp_filetrans(netutils_t, netutils_tmp_t, { file dir })
@@ -2129,7 +2129,7 @@
ifdef(`hide_broken_symptoms',`
init_dontaudit_use_fds(ping_t)
')
-@@ -143,14 +149,6 @@
+@@ -143,11 +149,7 @@
')
optional_policy(`
@@ -2138,13 +2138,11 @@
-
-optional_policy(`
- nscd_socket_use(ping_t)
--')
--
--optional_policy(`
- pcmcia_use_cardmgr_fds(ping_t)
++ munin_append_log(ping_t)
')
-@@ -166,7 +164,6 @@
+ optional_policy(`
+@@ -166,7 +168,6 @@
allow traceroute_t self:capability { net_admin net_raw setuid setgid };
allow traceroute_t self:rawip_socket create_socket_perms;
allow traceroute_t self:packet_socket create_socket_perms;
@@ -2152,7 +2150,7 @@
allow traceroute_t self:udp_socket create_socket_perms;
kernel_read_system_state(traceroute_t)
-@@ -200,6 +197,8 @@
+@@ -200,6 +201,8 @@
init_use_fds(traceroute_t)
@@ -2161,7 +2159,7 @@
libs_use_ld_so(traceroute_t)
libs_use_shared_libs(traceroute_t)
-@@ -212,17 +211,7 @@
+@@ -212,17 +215,7 @@
dev_read_urand(traceroute_t)
files_read_usr_files(traceroute_t)
@@ -7879,7 +7877,7 @@
## all protocols (TCP, UDP, etc)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.3.1/policy/modules/kernel/domain.te
--- nsaserefpolicy/policy/modules/kernel/domain.te 2008-02-26 08:23:11.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/kernel/domain.te 2008-06-02 13:05:27.897681000 -0400
++++ serefpolicy-3.3.1/policy/modules/kernel/domain.te 2008-06-02 13:39:41.079500000 -0400
@@ -5,6 +5,13 @@
#
# Declarations
@@ -7911,7 +7909,7 @@
allow unconfined_domain_type domain:lnk_file { read_lnk_file_perms ioctl lock };
# act on all domains keys
-@@ -148,3 +156,31 @@
+@@ -148,3 +156,32 @@
# receive from all domains over labeled networking
domain_all_recvfrom_all_domains(unconfined_domain_type)
@@ -7943,6 +7941,7 @@
+
+# broken kernel
+dontaudit can_change_object_identity can_change_object_identity:key link;
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.3.1/policy/modules/kernel/files.fc
--- nsaserefpolicy/policy/modules/kernel/files.fc 2008-02-26 08:23:11.000000000 -0500
+++ serefpolicy-3.3.1/policy/modules/kernel/files.fc 2008-06-02 13:05:27.900679000 -0400
@@ -9261,7 +9260,7 @@
+/etc/rc\.d/init\.d/httpd -- gen_context(system_u:object_r:httpd_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.3.1/policy/modules/services/apache.if
--- nsaserefpolicy/policy/modules/services/apache.if 2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/apache.if 2008-06-02 13:05:27.997581000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/apache.if 2008-06-02 13:42:13.578110000 -0400
@@ -13,21 +13,16 @@
#
template(`apache_content_template',`
@@ -12080,7 +12079,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.fc serefpolicy-3.3.1/policy/modules/services/courier.fc
--- nsaserefpolicy/policy/modules/services/courier.fc 2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/courier.fc 2008-06-02 13:18:42.071469000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/courier.fc 2008-06-02 13:48:21.471420000 -0400
@@ -19,3 +19,5 @@
/var/lib/courier(/.*)? -- gen_context(system_u:object_r:courier_var_lib_t,s0)
@@ -12089,8 +12088,8 @@
+/var/spool/courier(/.*)? gen_context(system_u:object_r:courier_spool_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.if serefpolicy-3.3.1/policy/modules/services/courier.if
--- nsaserefpolicy/policy/modules/services/courier.if 2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/courier.if 2008-06-02 13:23:16.805431000 -0400
-@@ -123,3 +123,95 @@
++++ serefpolicy-3.3.1/policy/modules/services/courier.if 2008-06-02 13:47:01.693545000 -0400
+@@ -123,3 +123,77 @@
domtrans_pattern($1, courier_pop_exec_t, courier_pop_t)
')
@@ -12151,24 +12150,6 @@
+
+########################################
+## <summary>
-+## Allow domain to manage courier spool files
-+## </summary>
-+## <param name="prefix">
-+## <summary>
-+## Domain allowed access.
-+## </summary>
-+## </param>
-+#
-+interface(`courier_manage_spool_files',`
-+ gen_require(`
-+ type courier_spool_t;
-+ ')
-+
-+ manage_files_pattern($1, courier_spool_t, courier_spool_t)
-+')
-+
-+########################################
-+## <summary>
+## Allow attempts to read and write to
+## courier unnamed pipes.
+## </summary>
@@ -12188,13 +12169,16 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.3.1/policy/modules/services/courier.te
--- nsaserefpolicy/policy/modules/services/courier.te 2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/courier.te 2008-06-02 13:05:28.159420000 -0400
-@@ -9,7 +9,7 @@
++++ serefpolicy-3.3.1/policy/modules/services/courier.te 2008-06-02 14:16:40.361713000 -0400
+@@ -9,7 +9,10 @@
courier_domain_template(authdaemon)
type courier_etc_t;
-files_type(courier_etc_t)
+files_config_file(courier_etc_t)
++
++type courier_spool_t;
++files_type(courier_spool_t)
courier_domain_template(pcp)
@@ -17788,8 +17772,8 @@
+/etc/rc.d/init.d/munin-node -- gen_context(system_u:object_r:munin_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.if serefpolicy-3.3.1/policy/modules/services/munin.if
--- nsaserefpolicy/policy/modules/services/munin.if 2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/munin.if 2008-06-02 13:05:28.607972000 -0400
-@@ -80,3 +80,85 @@
++++ serefpolicy-3.3.1/policy/modules/services/munin.if 2008-06-02 14:10:59.161966000 -0400
+@@ -80,3 +80,104 @@
dontaudit $1 munin_var_lib_t:dir search_dir_perms;
')
@@ -17874,7 +17858,26 @@
+ manage_all_pattern($1, httpd_munin_content_t)
+')
+
++########################################
++## <summary>
++## Allow the specified domain to append
++## to munin log files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`munin_append_log',`
++ gen_require(`
++ type munin_log_t;
++ ')
+
++ logging_search_logs($1)
++ allow $1 munin_log_t:dir list_dir_perms;
++ append_files_pattern($1,munin_log_t,munin_log_t)
++')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.3.1/policy/modules/services/munin.te
--- nsaserefpolicy/policy/modules/services/munin.te 2008-02-26 08:23:10.000000000 -0500
+++ serefpolicy-3.3.1/policy/modules/services/munin.te 2008-06-02 13:05:28.611965000 -0400
@@ -29985,7 +29988,7 @@
+/var/cfengine/outputs(/.*)? gen_context(system_u:object_r:var_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.3.1/policy/modules/system/logging.if
--- nsaserefpolicy/policy/modules/system/logging.if 2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/system/logging.if 2008-06-02 13:05:29.438301000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/logging.if 2008-06-02 13:38:43.771704000 -0400
@@ -213,12 +213,7 @@
## </param>
#
- Previous message (by thread): rpms/smb4k/devel .cvsignore, 1.23, 1.24 smb4k.spec, 1.34, 1.35 sources, 1.23, 1.24
- Next message (by thread): rpms/gengetopt/F-8 .cvsignore, 1.5, 1.6 gengetopt.spec, 1.6, 1.7 sources, 1.5, 1.6 gengetopt-2.22-gcc43.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list