rpms/selinux-policy/F-9 policy-20071130.patch, 1.183, 1.184 selinux-policy.spec, 1.689, 1.690
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Mon Jun 30 21:13:40 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2298
Modified Files:
policy-20071130.patch selinux-policy.spec
Log Message:
* Mon Jun 29 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-73
- Allow exim to use system_cron pipes
- Allow gdm to read rpm database
- Allow nsplugin to read mplayer config files
- Allow login programs to write to /var/run/pam directory (Encrypted directories)
- Fixes for courier domain
- Add courier domain to mls policy
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.183
retrieving revision 1.184
diff -u -r1.183 -r1.184
--- policy-20071130.patch 30 Jun 2008 21:02:21 -0000 1.183
+++ policy-20071130.patch 30 Jun 2008 21:12:48 -0000 1.184
@@ -12329,7 +12329,7 @@
+/var/spool/courier(/.*)? gen_context(system_u:object_r:courier_spool_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.if serefpolicy-3.3.1/policy/modules/services/courier.if
--- nsaserefpolicy/policy/modules/services/courier.if 2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/courier.if 2008-06-12 23:38:04.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/courier.if 2008-06-30 17:07:34.000000000 -0400
@@ -123,3 +123,77 @@
domtrans_pattern($1, courier_pop_exec_t, courier_pop_t)
@@ -12402,10 +12402,10 @@
+#
+interface(`courier_rw_pipes',`
+ gen_require(`
-+ type courier_t;
++ type courier_authdaemon_t;
+ ')
+
-+ allow $1 courier_t:fifo_file rw_fifo_file_perms;
++ allow $1 courier_authdaemon_t:fifo_file rw_fifo_file_perms;
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.3.1/policy/modules/services/courier.te
@@ -17904,7 +17904,7 @@
## </summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.3.1/policy/modules/services/mta.te
--- nsaserefpolicy/policy/modules/services/mta.te 2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/mta.te 2008-06-30 13:57:46.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/mta.te 2008-06-30 17:10:14.000000000 -0400
@@ -6,6 +6,8 @@
# Declarations
#
@@ -17975,7 +17975,7 @@
')
optional_policy(`
-@@ -73,7 +97,18 @@
+@@ -73,7 +97,17 @@
optional_policy(`
cron_read_system_job_tmp_files(system_mail_t)
@@ -17989,12 +17989,11 @@
+ courier_read_config(system_mail_t)
+ courier_manage_spool_dirs(system_mail_t)
+ courier_manage_spool_files(system_mail_t)
-+ courier_rw_pipes(system_mail_t)
-+
++# courier_rw_pipes(system_mail_t)
')
optional_policy(`
-@@ -81,6 +116,11 @@
+@@ -81,6 +115,11 @@
')
optional_policy(`
@@ -18006,7 +18005,7 @@
logrotate_read_tmp_files(system_mail_t)
')
-@@ -136,11 +176,38 @@
+@@ -136,11 +175,38 @@
')
optional_policy(`
@@ -18046,7 +18045,7 @@
optional_policy(`
# why is mail delivered to a directory of type arpwatch_data_t?
arpwatch_search_data(mailserver_delivery)
-@@ -154,3 +221,4 @@
+@@ -154,3 +220,4 @@
cron_read_system_job_tmp_files(mta_user_agent)
')
')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/selinux-policy.spec,v
retrieving revision 1.689
retrieving revision 1.690
diff -u -r1.689 -r1.690
--- selinux-policy.spec 30 Jun 2008 20:52:17 -0000 1.689
+++ selinux-policy.spec 30 Jun 2008 21:12:48 -0000 1.690
@@ -390,6 +390,8 @@
- Allow gdm to read rpm database
- Allow nsplugin to read mplayer config files
- Allow login programs to write to /var/run/pam directory (Encrypted directories)
+- Fixes for courier domain
+- Add courier domain to mls policy
* Wed Jun 23 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-72
- Fix file context of real player
More information about the fedora-extras-commits
mailing list