rpms/selinux-policy/F-8 policy-20070703.patch, 1.197, 1.198 selinux-policy.spec, 1.623, 1.624
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Sat Mar 29 18:36:46 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14214
Modified Files:
policy-20070703.patch selinux-policy.spec
Log Message:
* Fri Mar 28 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-97
- Allow stunnel apps to r/w the stunnel socket
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.197
retrieving revision 1.198
diff -u -r1.197 -r1.198
--- policy-20070703.patch 28 Mar 2008 20:19:04 -0000 1.197
+++ policy-20070703.patch 29 Mar 2008 18:36:30 -0000 1.198
@@ -9896,7 +9896,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.0.8/policy/modules/services/dovecot.te
--- nsaserefpolicy/policy/modules/services/dovecot.te 2007-10-22 19:21:36.000000000 +0200
-+++ serefpolicy-3.0.8/policy/modules/services/dovecot.te 2008-01-17 15:03:07.000000000 +0100
++++ serefpolicy-3.0.8/policy/modules/services/dovecot.te 2008-03-29 12:22:55.000000000 +0100
@@ -15,6 +15,12 @@
domain_entry_file(dovecot_auth_t,dovecot_auth_exec_t)
role system_r types dovecot_auth_t;
@@ -10022,7 +10022,7 @@
files_read_usr_symlinks(dovecot_auth_t)
files_search_tmp(dovecot_auth_t)
files_read_var_lib_files(dovecot_t)
-@@ -185,12 +198,54 @@
+@@ -185,12 +198,57 @@
seutil_dontaudit_search_config(dovecot_auth_t)
@@ -10045,7 +10045,7 @@
+optional_policy(`
+ postfix_manage_pivate_sockets(dovecot_auth_t)
+ postfix_search_spool(dovecot_auth_t)
- ')
++')
+
+# for gssapi (kerberos)
+userdom_list_unpriv_users_tmp(dovecot_auth_t)
@@ -10064,11 +10064,11 @@
+kernel_read_all_sysctls(dovecot_deliver_t)
+kernel_read_system_state(dovecot_deliver_t)
+
-+dovecot_auth_stream_connect(dovecot_deliver_t)
-+
+files_read_etc_files(dovecot_deliver_t)
+files_read_etc_runtime_files(dovecot_deliver_t)
+
++auth_use_nsswitch(dovecot_deliver_t)
++
+libs_use_ld_so(dovecot_deliver_t)
+libs_use_shared_libs(dovecot_deliver_t)
+
@@ -10076,10 +10076,13 @@
+
+miscfiles_read_localization(dovecot_deliver_t)
+
++dovecot_auth_stream_connect(dovecot_deliver_t)
++
++userdom_priveleged_home_dir_manager(dovecot_deliver_t)
++
+optional_policy(`
+ mta_manage_spool(dovecot_deliver_t)
-+')
-+
+ ')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.fc serefpolicy-3.0.8/policy/modules/services/exim.fc
--- nsaserefpolicy/policy/modules/services/exim.fc 1970-01-01 01:00:00.000000000 +0100
+++ serefpolicy-3.0.8/policy/modules/services/exim.fc 2008-01-17 15:03:07.000000000 +0100
@@ -16959,8 +16962,8 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.if serefpolicy-3.0.8/policy/modules/services/stunnel.if
--- nsaserefpolicy/policy/modules/services/stunnel.if 2007-10-22 19:21:39.000000000 +0200
-+++ serefpolicy-3.0.8/policy/modules/services/stunnel.if 2008-03-18 19:30:06.000000000 +0100
-@@ -1 +1,24 @@
++++ serefpolicy-3.0.8/policy/modules/services/stunnel.if 2008-03-29 17:44:46.000000000 +0100
+@@ -1 +1,25 @@
## <summary>SSL Tunneling Proxy</summary>
+
+########################################
@@ -16984,6 +16987,7 @@
+ ')
+
+ domtrans_pattern(stunnel_t,$2,$1)
++ allow $1 stunnel_t:tcp_socket rw_socket_perms;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.te serefpolicy-3.0.8/policy/modules/services/stunnel.te
--- nsaserefpolicy/policy/modules/services/stunnel.te 2007-10-22 19:21:36.000000000 +0200
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/selinux-policy.spec,v
retrieving revision 1.623
retrieving revision 1.624
diff -u -r1.623 -r1.624
--- selinux-policy.spec 28 Mar 2008 20:19:04 -0000 1.623
+++ selinux-policy.spec 29 Mar 2008 18:36:30 -0000 1.624
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.8
-Release: 96%{?dist}
+Release: 97%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -381,6 +381,9 @@
%endif
%changelog
+* Fri Mar 28 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-97
+- Allow stunnel apps to r/w the stunnel socket
+
* Fri Mar 28 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-96
- Allow munin-node to bind to socket
More information about the fedora-extras-commits
mailing list