rpms/selinux-policy/F-8 policy-20070703.patch, 1.197, 1.198 selinux-policy.spec, 1.623, 1.624

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Sat Mar 29 18:36:46 UTC 2008 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14214

Modified Files:
	policy-20070703.patch selinux-policy.spec 
Log Message:
* Fri Mar 28 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-97
- Allow stunnel apps to r/w the stunnel socket


policy-20070703.patch:

Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.197
retrieving revision 1.198
diff -u -r1.197 -r1.198
--- policy-20070703.patch	28 Mar 2008 20:19:04 -0000	1.197
+++ policy-20070703.patch	29 Mar 2008 18:36:30 -0000	1.198
@@ -9896,7 +9896,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.0.8/policy/modules/services/dovecot.te
 --- nsaserefpolicy/policy/modules/services/dovecot.te	2007-10-22 19:21:36.000000000 +0200
-+++ serefpolicy-3.0.8/policy/modules/services/dovecot.te	2008-01-17 15:03:07.000000000 +0100
++++ serefpolicy-3.0.8/policy/modules/services/dovecot.te	2008-03-29 12:22:55.000000000 +0100
 @@ -15,6 +15,12 @@
  domain_entry_file(dovecot_auth_t,dovecot_auth_exec_t)
  role system_r types dovecot_auth_t;
@@ -10022,7 +10022,7 @@
  files_read_usr_symlinks(dovecot_auth_t)
  files_search_tmp(dovecot_auth_t)
  files_read_var_lib_files(dovecot_t)
-@@ -185,12 +198,54 @@
+@@ -185,12 +198,57 @@
  
  seutil_dontaudit_search_config(dovecot_auth_t)
  
@@ -10045,7 +10045,7 @@
 +optional_policy(`
 +	postfix_manage_pivate_sockets(dovecot_auth_t)
 +	postfix_search_spool(dovecot_auth_t)
- ')
++')
 +
 +# for gssapi (kerberos)
 +userdom_list_unpriv_users_tmp(dovecot_auth_t) 
@@ -10064,11 +10064,11 @@
 +kernel_read_all_sysctls(dovecot_deliver_t)
 +kernel_read_system_state(dovecot_deliver_t)
 +
-+dovecot_auth_stream_connect(dovecot_deliver_t)
-+
 +files_read_etc_files(dovecot_deliver_t)
 +files_read_etc_runtime_files(dovecot_deliver_t)
 +
++auth_use_nsswitch(dovecot_deliver_t)
++
 +libs_use_ld_so(dovecot_deliver_t)
 +libs_use_shared_libs(dovecot_deliver_t)
 +
@@ -10076,10 +10076,13 @@
 +
 +miscfiles_read_localization(dovecot_deliver_t)
 +
++dovecot_auth_stream_connect(dovecot_deliver_t)
++
++userdom_priveleged_home_dir_manager(dovecot_deliver_t)
++
 +optional_policy(`
 +	mta_manage_spool(dovecot_deliver_t)
-+')
-+
+ ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.fc serefpolicy-3.0.8/policy/modules/services/exim.fc
 --- nsaserefpolicy/policy/modules/services/exim.fc	1970-01-01 01:00:00.000000000 +0100
 +++ serefpolicy-3.0.8/policy/modules/services/exim.fc	2008-01-17 15:03:07.000000000 +0100
@@ -16959,8 +16962,8 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.if serefpolicy-3.0.8/policy/modules/services/stunnel.if
 --- nsaserefpolicy/policy/modules/services/stunnel.if	2007-10-22 19:21:39.000000000 +0200
-+++ serefpolicy-3.0.8/policy/modules/services/stunnel.if	2008-03-18 19:30:06.000000000 +0100
-@@ -1 +1,24 @@
++++ serefpolicy-3.0.8/policy/modules/services/stunnel.if	2008-03-29 17:44:46.000000000 +0100
+@@ -1 +1,25 @@
  ## <summary>SSL Tunneling Proxy</summary>
 +
 +########################################
@@ -16984,6 +16987,7 @@
 +	')
 +
 +	domtrans_pattern(stunnel_t,$2,$1)
++	allow $1 stunnel_t:tcp_socket rw_socket_perms;
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.te serefpolicy-3.0.8/policy/modules/services/stunnel.te
 --- nsaserefpolicy/policy/modules/services/stunnel.te	2007-10-22 19:21:36.000000000 +0200


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/selinux-policy.spec,v
retrieving revision 1.623
retrieving revision 1.624
diff -u -r1.623 -r1.624
--- selinux-policy.spec	28 Mar 2008 20:19:04 -0000	1.623
+++ selinux-policy.spec	29 Mar 2008 18:36:30 -0000	1.624
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.0.8
-Release: 96%{?dist}
+Release: 97%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -381,6 +381,9 @@
 %endif
 
 %changelog
+* Fri Mar 28 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-97
+- Allow stunnel apps to r/w the stunnel socket
+
 * Fri Mar 28 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-96
 - Allow munin-node to bind to socket

More information about the fedora-extras-commits mailing list