rpms/selinux-policy/devel policy-20071130.patch,1.90,1.91
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Thu Mar 6 21:55:38 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16135
Modified Files:
policy-20071130.patch
Log Message:
* Thu Mar 6 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-12
- Fix initrc_context generation for MLS
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.90
retrieving revision 1.91
diff -u -r1.90 -r1.91
--- policy-20071130.patch 6 Mar 2008 21:50:52 -0000 1.90
+++ policy-20071130.patch 6 Mar 2008 21:55:29 -0000 1.91
@@ -7424,8 +7424,25 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.3.1/policy/modules/kernel/kernel.te
--- nsaserefpolicy/policy/modules/kernel/kernel.te 2007-12-19 05:32:07.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/kernel/kernel.te 2008-02-26 08:29:22.000000000 -0500
-@@ -259,6 +259,8 @@
++++ serefpolicy-3.3.1/policy/modules/kernel/kernel.te 2008-03-06 15:50:41.000000000 -0500
+@@ -231,6 +231,8 @@
+ # Mount root file system. Used when loading a policy
+ # from initrd, then mounting the root filesystem
+ fs_mount_all_fs(kernel_t)
++fs_unmount_all_fs(kernel_t)
++
+
+ selinux_load_policy(kernel_t)
+
+@@ -253,12 +255,16 @@
+
+ mls_process_read_up(kernel_t)
+ mls_process_write_down(kernel_t)
++mls_file_write_all_levels(kernel_t)
++mls_file_read_all_levels(kernel_t)
+
+ ifdef(`distro_redhat',`
+ # Bugzilla 222337
fs_rw_tmpfs_chr_files(kernel_t)
')
@@ -7434,7 +7451,7 @@
tunable_policy(`read_default_t',`
files_list_default(kernel_t)
files_read_default_files(kernel_t)
-@@ -363,7 +365,7 @@
+@@ -363,7 +369,7 @@
allow kern_unconfined proc_type:{ dir file lnk_file } *;
@@ -7443,7 +7460,7 @@
allow kern_unconfined kernel_t:system *;
-@@ -374,3 +376,4 @@
+@@ -374,3 +380,4 @@
allow kern_unconfined unlabeled_t:process ~{ transition dyntransition execmem execstack execheap };
kernel_rw_all_sysctls(kern_unconfined)
@@ -13651,7 +13668,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-3.3.1/policy/modules/services/fail2ban.te
--- nsaserefpolicy/policy/modules/services/fail2ban.te 2007-12-19 05:32:17.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/fail2ban.te 2008-03-06 13:11:59.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/fail2ban.te 2008-03-06 16:54:16.000000000 -0500
@@ -18,6 +18,9 @@
type fail2ban_var_run_t;
files_pid_file(fail2ban_var_run_t)
@@ -13683,7 +13700,7 @@
+fs_list_inotifyfs(fail2ban_t)
+
+auth_use_nsswitch(fail2ban_t)
-+corenet_tcp_connect_dns_port(fail2ban_t)
++corenet_tcp_connect_whois_port(fail2ban_t)
libs_use_ld_so(fail2ban_t)
libs_use_shared_libs(fail2ban_t)
More information about the fedora-extras-commits
mailing list