rpms/selinux-policy/devel modules-targeted.conf, 1.90, 1.91 policy-20080509.patch, 1.8, 1.9 selinux-policy.spec, 1.666, 1.667

Wed Jun 4 17:27:34 UTC 2008

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16426

Modified Files:
	modules-targeted.conf policy-20080509.patch 
	selinux-policy.spec 
Log Message:
* Wed Jun 4 2008 Dan Walsh <dwalsh at redhat.com> 3.4.1-4
- Add livecd policy



Index: modules-targeted.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/modules-targeted.conf,v
retrieving revision 1.90
retrieving revision 1.91
diff -u -r1.90 -r1.91

--- modules-targeted.conf	30 May 2008 19:24:44 -0000	1.90
+++ modules-targeted.conf	4 Jun 2008 17:26:52 -0000	1.91
@@ -1668,3 +1668,10 @@
 # IMAP and POP3 email servers
 # 
 courier = module
+
+# Layer: apps
+# Module: livecd
+#
+# livecd creator
+# 
+livecd = module

policy-20080509.patch:

Index: policy-20080509.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080509.patch,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- policy-20080509.patch	4 Jun 2008 12:57:43 -0000	1.8
+++ policy-20080509.patch	4 Jun 2008 17:26:52 -0000	1.9
@@ -1898,7 +1898,7 @@
 +#/usr/libexec/gconfd-2 	--	gen_context(system_u:object_r:gconfd_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.4.1/policy/modules/apps/gnome.if
 --- nsaserefpolicy/policy/modules/apps/gnome.if	2008-05-23 09:15:06.000000000 -0400
-+++ serefpolicy-3.4.1/policy/modules/apps/gnome.if	2008-06-03 16:01:51.000000000 -0400
++++ serefpolicy-3.4.1/policy/modules/apps/gnome.if	2008-06-04 11:11:07.509407000 -0400
 @@ -36,6 +36,7 @@
  	gen_require(`
  		type gconfd_exec_t, gconf_etc_t;
@@ -1907,7 +1907,7 @@
  	')
  
  	##############################
-@@ -44,41 +45,31 @@
+@@ -44,41 +45,32 @@
  	#
  	type $1_gconfd_t, gnomedomain;
  
@@ -1923,6 +1923,7 @@
 -
 -	type $1_gconf_tmp_t;
 -	files_tmp_file($1_gconf_tmp_t)
++	typealias gnome_home_t alias $1_gnome_home_t;
 +	typealias gconf_home_t alias $1_gconf_home_t;
 +	typealias gconf_tmp_t alias $1_gconf_tmp_t;
  
@@ -1964,7 +1965,7 @@
  
  	ps_process_pattern($2,$1_gconfd_t)
  
-@@ -86,6 +77,10 @@
+@@ -86,6 +78,10 @@
  
  	files_read_etc_files($1_gconfd_t)
  
@@ -1975,7 +1976,7 @@
  	libs_use_ld_so($1_gconfd_t)
  	libs_use_shared_libs($1_gconfd_t)
  
-@@ -93,11 +88,8 @@
+@@ -93,11 +89,8 @@
  
  	logging_send_syslog_msg($1_gconfd_t)
  
@@ -1989,7 +1990,7 @@
  
  	optional_policy(`
  		nscd_dontaudit_search_pid($1_gconfd_t)
-@@ -107,6 +99,10 @@
+@@ -107,6 +100,10 @@
  		xserver_use_xdm_fds($1_gconfd_t)
  		xserver_rw_xdm_pipes($1_gconfd_t)
  	')
@@ -2000,7 +2001,7 @@
  ')
  	
  ########################################
-@@ -128,11 +124,28 @@
+@@ -128,11 +125,28 @@
  template(`gnome_stream_connect_gconf_template',`
  	gen_require(`
  		type $1_gconfd_t;
@@ -2032,7 +2033,7 @@
  ')
  
  ########################################
-@@ -141,7 +154,7 @@
+@@ -141,7 +155,7 @@
  ## </summary>
  ## <desc>
  ##	<p>
@@ -2041,7 +2042,7 @@
  ##	</p>
  ##	<p>
  ##	This is a templated interface, and should only
-@@ -170,6 +183,30 @@
+@@ -170,6 +184,30 @@
  
  ########################################
  ## <summary>
@@ -2072,7 +2073,7 @@
  ##	manage gnome homedir content (.config)
  ## </summary>
  ## <param name="userdomain_prefix">
-@@ -186,9 +223,29 @@
+@@ -186,9 +224,29 @@
  #
  template(`gnome_manage_user_gnome_config',`
  	gen_require(`
@@ -3200,7 +3201,7 @@
 +/usr/bin/livecd-creator	--	gen_context(system_u:object_r:livecd_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.if serefpolicy-3.4.1/policy/modules/apps/livecd.if
 --- nsaserefpolicy/policy/modules/apps/livecd.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.4.1/policy/modules/apps/livecd.if	2008-06-03 09:53:54.000000000 -0400
++++ serefpolicy-3.4.1/policy/modules/apps/livecd.if	2008-06-04 13:26:20.582917000 -0400
 @@ -0,0 +1,56 @@
 +
 +## <summary>policy for livecd</summary>
@@ -29897,8 +29898,8 @@
 +/usr/bin/qemu-kvm --	gen_context(system_u:object_r:qemu_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.if serefpolicy-3.4.1/policy/modules/system/qemu.if
 --- nsaserefpolicy/policy/modules/system/qemu.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.4.1/policy/modules/system/qemu.if	2008-06-03 09:53:56.000000000 -0400
-@@ -0,0 +1,313 @@
++++ serefpolicy-3.4.1/policy/modules/system/qemu.if	2008-06-04 13:13:44.213306000 -0400
+@@ -0,0 +1,318 @@
 +
 +## <summary>policy for qemu</summary>
 +
@@ -30142,7 +30143,7 @@
 +	domain_use_interactive_fds($1_t)
 +
 +	allow $1_t self:capability { dac_read_search dac_override };
-+	allow $1_t self:process { execstack execmem signal getsched };
++	allow $1_t self:process { execstack execmem signal getsched signull };
 +	allow $1_t self:tcp_socket create_stream_socket_perms;
 +
 +	## internal communication is often done using fifo and unix sockets.
@@ -30159,6 +30160,9 @@
 +	manage_files_pattern($1_t,$1_tmp_t,$1_tmp_t)
 +	files_tmp_filetrans($1_t, $1_tmp_t, { file dir })
 +
++	dev_read_sound($1_t)
++	dev_write_sound($1_t)
++
 +	corenet_all_recvfrom_unlabeled($1_t)
 +	corenet_all_recvfrom_netlabel($1_t)
 +	corenet_tcp_sendrecv_all_if($1_t)
@@ -30189,6 +30193,8 @@
 +	term_getattr_pty_fs($1_t)
 +	term_use_generic_ptys($1_t)
 +
++	auth_use_nsswitch($1_t)
++
 +	libs_use_ld_so($1_t)
 +	libs_use_shared_libs($1_t)
 +
@@ -32074,7 +32080,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.4.1/policy/modules/system/unconfined.te
 --- nsaserefpolicy/policy/modules/system/unconfined.te	2008-05-29 15:55:43.000000000 -0400
-+++ serefpolicy-3.4.1/policy/modules/system/unconfined.te	2008-06-03 11:34:41.000000000 -0400
++++ serefpolicy-3.4.1/policy/modules/system/unconfined.te	2008-06-04 13:26:18.902281000 -0400
 @@ -1,40 +1,79 @@
  
 -policy_module(unconfined, 2.2.1)
@@ -32242,20 +32248,21 @@
  ')
  
  optional_policy(`
-@@ -123,11 +176,7 @@
+@@ -123,11 +176,11 @@
  ')
  
  optional_policy(`
 -	inn_domtrans(unconfined_t)
--')
--
--optional_policy(`
--	java_domtrans(unconfined_t)
 +	iptables_run(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
  ')
  
  optional_policy(`
-@@ -139,18 +188,6 @@
+-	java_domtrans(unconfined_t)
++	livecd_run(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
+ ')
+ 
+ optional_policy(`
+@@ -139,18 +192,6 @@
  ')
  
  optional_policy(`
@@ -32274,7 +32281,7 @@
  	prelink_run(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
  ')
  
-@@ -159,38 +196,46 @@
+@@ -159,38 +200,46 @@
  ')
  
  optional_policy(`
@@ -32334,7 +32341,7 @@
  ')
  
  optional_policy(`
-@@ -198,23 +243,33 @@
+@@ -198,23 +247,33 @@
  ')
  
  optional_policy(`
@@ -32373,7 +32380,7 @@
  ')
  
  ########################################
-@@ -224,14 +279,35 @@
+@@ -224,14 +283,35 @@
  
  allow unconfined_execmem_t self:process { execstack execmem };
  unconfined_domain_noaudit(unconfined_execmem_t)


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.666
retrieving revision 1.667
diff -u -r1.666 -r1.667
--- selinux-policy.spec	4 Jun 2008 12:57:43 -0000	1.666
+++ selinux-policy.spec	4 Jun 2008 17:26:52 -0000	1.667
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.4.1
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -375,7 +375,10 @@
 %endif
 
 %changelog
-* Fri May 9 2008 Dan Walsh <dwalsh at redhat.com> 3.4.1-3
+* Wed Jun 4 2008 Dan Walsh <dwalsh at redhat.com> 3.4.1-4
+- Add livecd policy
+
+* Wed Jun 4 2008 Dan Walsh <dwalsh at redhat.com> 3.4.1-3
 - Dontaudit search of admin_home for init_system_domain
 - Rewrite of xace interfaces
 - Lots of new fs_list_inotify


