rpms/selinux-policy/F-8 policy-20070703.patch, 1.192, 1.193 selinux-policy.spec, 1.618, 1.619
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Wed Mar 12 00:04:31 UTC 2008
- Previous message (by thread): rpms/logjam/F-7 logjam-4.5.3-tags.patch, 1.3, 1.4 logjam.spec, 1.38, 1.39
- Next message (by thread): rpms/kernel/devel patch-2.6.25-rc5-git2.bz2.sign, NONE, 1.1 .cvsignore, 1.779, 1.780 kernel.spec, 1.495, 1.496 sources, 1.739, 1.740 upstream, 1.661, 1.662 linux-2.6-ia32-syscall-restart.patch, 1.1, NONE patch-2.6.25-rc5-git1.bz2.sign, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30410
Modified Files:
policy-20070703.patch selinux-policy.spec
Log Message:
* Tue Mar 11 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-93
- Allow syslog to connect to mysql
- Allow lvm to manage its own fifo_files
- Allow bugzilla to use ldap
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.192
retrieving revision 1.193
diff -u -r1.192 -r1.193
--- policy-20070703.patch 6 Mar 2008 21:55:53 -0000 1.192
+++ policy-20070703.patch 12 Mar 2008 00:04:26 -0000 1.193
@@ -3070,7 +3070,7 @@
+/usr/bin/octave-[^/]* -- gen_context(system_u:object_r:java_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.0.8/policy/modules/apps/java.if
--- nsaserefpolicy/policy/modules/apps/java.if 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/apps/java.if 2008-03-06 11:16:06.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/apps/java.if 2008-03-11 20:02:09.000000000 -0400
@@ -32,7 +32,7 @@
## </summary>
## </param>
@@ -3148,7 +3148,7 @@
libs_use_ld_so($1_javaplugin_t)
libs_use_shared_libs($1_javaplugin_t)
-@@ -134,6 +141,10 @@
+@@ -134,9 +141,13 @@
sysnet_read_config($1_javaplugin_t)
@@ -3158,7 +3158,11 @@
+ userdom_read_user_tmpfs_files($1,$1_javaplugin_t)
userdom_dontaudit_use_user_terminals($1,$1_javaplugin_t)
userdom_dontaudit_setattr_user_home_content_files($1,$1_javaplugin_t)
- userdom_dontaudit_exec_user_home_content_files($1,$1_javaplugin_t)
+- userdom_dontaudit_exec_user_home_content_files($1,$1_javaplugin_t)
++ userdom_exec_user_home_content_files($1,$1_javaplugin_t)
+ userdom_manage_user_home_content_dirs($1,$1_javaplugin_t)
+ userdom_manage_user_home_content_files($1,$1_javaplugin_t)
+ userdom_manage_user_home_content_symlinks($1,$1_javaplugin_t)
@@ -147,8 +158,6 @@
tunable_policy(`allow_java_execstack',`
allow $1_javaplugin_t self:process execstack;
@@ -3168,7 +3172,7 @@
libs_legacy_use_shared_libs($1_javaplugin_t)
libs_legacy_use_ld_so($1_javaplugin_t)
-@@ -166,6 +175,62 @@
+@@ -166,6 +175,63 @@
optional_policy(`
xserver_user_client_template($1,$1_javaplugin_t,$1_javaplugin_tmpfs_t)
')
@@ -3215,6 +3219,7 @@
+ domain_interactive_fd($1_java_t)
+
+ userdom_unpriv_usertype($1, $1_java_t)
++ userdom_exec_user_home_content_files($1,$1_java_t)
+
+ allow $1_java_t self:process { getsched sigkill execheap execmem execstack };
+
@@ -3231,7 +3236,7 @@
')
########################################
-@@ -219,3 +284,66 @@
+@@ -219,3 +285,66 @@
corecmd_search_bin($1)
domtrans_pattern($1, java_exec_t, java_t)
')
@@ -6844,7 +6849,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.0.8/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/apache.te 2008-01-31 14:31:52.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/apache.te 2008-03-11 19:28:41.000000000 -0400
@@ -1,5 +1,5 @@
-policy_module(apache,1.7.1)
@@ -7250,11 +7255,12 @@
allow httpd_sys_script_t squirrelmail_spool_t:dir list_dir_perms;
read_files_pattern(httpd_sys_script_t,squirrelmail_spool_t,squirrelmail_spool_t)
-@@ -686,15 +766,62 @@
+@@ -686,15 +766,63 @@
# Should we add a boolean?
apache_domtrans_rotatelogs(httpd_sys_script_t)
+sysnet_read_config(httpd_sys_script_t)
++sysnet_use_ldap(httpd_bugzilla_script_t)
+
ifdef(`distro_redhat',`
allow httpd_sys_script_t httpd_log_t:file { getattr append };
@@ -7314,7 +7320,7 @@
tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
fs_read_cifs_files(httpd_sys_script_t)
fs_read_cifs_symlinks(httpd_sys_script_t)
-@@ -707,6 +834,7 @@
+@@ -707,6 +835,7 @@
optional_policy(`
mysql_stream_connect(httpd_sys_script_t)
mysql_rw_db_sockets(httpd_sys_script_t)
@@ -7322,7 +7328,7 @@
')
########################################
-@@ -728,3 +856,46 @@
+@@ -728,3 +857,46 @@
logging_search_logs(httpd_rotatelogs_t)
miscfiles_read_localization(httpd_rotatelogs_t)
@@ -19899,7 +19905,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.0.8/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/logging.te 2008-02-15 15:38:47.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/logging.te 2008-03-11 19:41:54.000000000 -0400
@@ -1,5 +1,5 @@
-policy_module(logging,1.7.3)
@@ -20068,15 +20074,24 @@
allow syslogd_t syslogd_var_run_t:file manage_file_perms;
files_pid_filetrans(syslogd_t,syslogd_var_run_t,file)
-@@ -312,6 +357,7 @@
+@@ -300,6 +345,7 @@
+ # Allow users to define additional syslog ports to connect to
+ corenet_tcp_bind_syslogd_port(syslogd_t)
+ corenet_tcp_connect_syslogd_port(syslogd_t)
++corenet_tcp_connect_mysql_port(syslogd_t)
+
+ # syslog-ng can send or receive logs
+ corenet_sendrecv_syslogd_client_packets(syslogd_t)
+@@ -312,6 +358,8 @@
domain_use_interactive_fds(syslogd_t)
files_read_etc_files(syslogd_t)
++files_read_usr_files(syslogd_t)
+files_read_var_files(syslogd_t)
files_read_etc_runtime_files(syslogd_t)
# /initrd is not umounted before minilog starts
files_dontaudit_search_isid_type_dirs(syslogd_t)
-@@ -341,6 +387,12 @@
+@@ -341,6 +389,12 @@
files_var_lib_filetrans(syslogd_t,devlog_t,sock_file)
')
@@ -20089,7 +20104,7 @@
optional_policy(`
inn_manage_log(syslogd_t)
')
-@@ -365,3 +417,40 @@
+@@ -365,3 +419,40 @@
# log to the xconsole
xserver_rw_console(syslogd_t)
')
@@ -20143,7 +20158,7 @@
/etc/lvm/lock(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.0.8/policy/modules/system/lvm.te
--- nsaserefpolicy/policy/modules/system/lvm.te 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/lvm.te 2008-02-27 23:24:15.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/system/lvm.te 2008-03-11 19:07:04.000000000 -0400
@@ -44,9 +44,9 @@
# Cluster LVM daemon local policy
#
@@ -20229,7 +20244,7 @@
')
optional_policy(`
-@@ -150,7 +163,8 @@
+@@ -150,17 +163,19 @@
# DAC overrides and mknod for modifying /dev entries (vgmknodes)
# rawio needed for dmraid
@@ -20239,7 +20254,10 @@
dontaudit lvm_t self:capability sys_tty_config;
allow lvm_t self:process { sigchld sigkill sigstop signull signal };
# LVM will complain a lot if it cannot set its priority.
-@@ -160,7 +174,8 @@
+ allow lvm_t self:process setsched;
+ allow lvm_t self:file rw_file_perms;
+-allow lvm_t self:fifo_file rw_file_perms;
++allow lvm_t self:fifo_file manage_fifo_file_perms;
allow lvm_t self:unix_dgram_socket create_socket_perms;
allow lvm_t self:netlink_kobject_uevent_socket create_socket_perms;
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/selinux-policy.spec,v
retrieving revision 1.618
retrieving revision 1.619
diff -u -r1.618 -r1.619
--- selinux-policy.spec 6 Mar 2008 21:55:53 -0000 1.618
+++ selinux-policy.spec 12 Mar 2008 00:04:26 -0000 1.619
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.8
-Release: 92%{?dist}
+Release: 93%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -381,6 +381,14 @@
%endif
%changelog
+* Tue Mar 11 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-93
+- Allow syslog to connect to mysql
+- Allow lvm to manage its own fifo_files
+- Allow bugzilla to use ldap
+
+* Thu Mar 4 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-92
+- Fix openoffice policy to allow it to run from firefox on xguest
+
* Thu Mar 4 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-92
- Fix openoffice policy to allow it to run from firefox on xguest
- Previous message (by thread): rpms/logjam/F-7 logjam-4.5.3-tags.patch, 1.3, 1.4 logjam.spec, 1.38, 1.39
- Next message (by thread): rpms/kernel/devel patch-2.6.25-rc5-git2.bz2.sign, NONE, 1.1 .cvsignore, 1.779, 1.780 kernel.spec, 1.495, 1.496 sources, 1.739, 1.740 upstream, 1.661, 1.662 linux-2.6-ia32-syscall-restart.patch, 1.1, NONE patch-2.6.25-rc5-git1.bz2.sign, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list