rpms/selinux-policy/devel policy-20071130.patch,1.113,1.114
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Sun Mar 30 05:41:25 UTC 2008
- Previous message (by thread): rpms/autofs/devel autofs-5.0.3-map-type-in-map-name.patch, 1.2, 1.3 autofs.spec, 1.237, 1.238
- Next message (by thread): rpms/pcsc-perl/devel .cvsignore, 1.6, 1.7 pcsc-perl.spec, 1.16, 1.17 sources, 1.6, 1.7 pcsc-perl-1.4.6-defines.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24804
Modified Files:
policy-20071130.patch
Log Message:
* Sat Mar 28 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-26
- Allow initrc_t to dbus chat with consolekit.
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.113
retrieving revision 1.114
diff -u -r1.113 -r1.114
--- policy-20071130.patch 29 Mar 2008 18:36:09 -0000 1.113
+++ policy-20071130.patch 30 Mar 2008 05:41:15 -0000 1.114
@@ -12737,7 +12737,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.3.1/policy/modules/services/dbus.te
--- nsaserefpolicy/policy/modules/services/dbus.te 2007-12-19 11:32:17.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dbus.te 2008-03-29 13:18:18.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dbus.te 2008-03-29 19:56:07.000000000 +0100
@@ -9,6 +9,7 @@
#
# Delcarations
@@ -12841,7 +12841,7 @@
+ attribute domain;
+ ')
+ unconfined_domain(unconfined_dbusd_t)
-+ allow dbusd_unconfined domain:consolekit_t:dbus send_msg;
++ allow dbusd_unconfined domain:dbus send_msg;
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.if serefpolicy-3.3.1/policy/modules/services/dcc.if
@@ -25394,7 +25394,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.3.1/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2007-12-19 11:32:17.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/xserver.te 2008-03-28 23:04:06.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/xserver.te 2008-03-30 07:37:14.000000000 +0200
@@ -8,6 +8,14 @@
## <desc>
@@ -25671,7 +25671,7 @@
auth_rw_faillog(xdm_t)
auth_write_login_records(xdm_t)
-@@ -256,12 +381,11 @@
+@@ -256,22 +381,28 @@
libs_exec_lib_files(xdm_t)
logging_read_generic_logs(xdm_t)
@@ -25685,7 +25685,10 @@
userdom_dontaudit_use_unpriv_user_fds(xdm_t)
userdom_dontaudit_search_sysadm_home_dirs(xdm_t)
userdom_create_all_users_keys(xdm_t)
-@@ -270,8 +394,13 @@
+ # for .dmrc
+ userdom_read_unpriv_users_home_content_files(xdm_t)
++userdom_dontaudit_write_user_home_content_files(user, xdm_t)
++
# Search /proc for any user domain processes.
userdom_read_all_users_state(xdm_t)
userdom_signal_all_users(xdm_t)
@@ -25699,7 +25702,7 @@
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs(xdm_t)
-@@ -301,10 +430,15 @@
+@@ -301,10 +432,15 @@
optional_policy(`
alsa_domtrans(xdm_t)
@@ -25716,7 +25719,7 @@
')
optional_policy(`
-@@ -312,6 +446,23 @@
+@@ -312,6 +448,23 @@
')
optional_policy(`
@@ -25740,7 +25743,7 @@
# Talk to the console mouse server.
gpm_stream_connect(xdm_t)
gpm_setattr_gpmctl(xdm_t)
-@@ -322,6 +473,10 @@
+@@ -322,6 +475,10 @@
')
optional_policy(`
@@ -25751,7 +25754,7 @@
loadkeys_exec(xdm_t)
')
-@@ -335,6 +490,11 @@
+@@ -335,6 +492,11 @@
')
optional_policy(`
@@ -25763,7 +25766,7 @@
seutil_sigchld_newrole(xdm_t)
')
-@@ -343,8 +503,8 @@
+@@ -343,8 +505,8 @@
')
optional_policy(`
@@ -25773,7 +25776,7 @@
ifndef(`distro_redhat',`
allow xdm_t self:process { execheap execmem };
-@@ -380,7 +540,7 @@
+@@ -380,7 +542,7 @@
allow xdm_xserver_t xdm_var_lib_t:file { getattr read };
dontaudit xdm_xserver_t xdm_var_lib_t:dir search;
@@ -25782,7 +25785,7 @@
# Label pid and temporary files with derived types.
manage_files_pattern(xdm_xserver_t,xdm_tmp_t,xdm_tmp_t)
-@@ -392,6 +552,15 @@
+@@ -392,6 +554,15 @@
can_exec(xdm_xserver_t, xkb_var_lib_t)
files_search_var_lib(xdm_xserver_t)
@@ -25798,7 +25801,7 @@
# VNC v4 module in X server
corenet_tcp_bind_vnc_port(xdm_xserver_t)
-@@ -404,9 +573,17 @@
+@@ -404,9 +575,17 @@
# to read ROLE_home_t - examine this in more detail
# (xauth?)
userdom_read_unpriv_users_home_content_files(xdm_xserver_t)
@@ -25816,7 +25819,7 @@
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs(xdm_xserver_t)
fs_manage_nfs_files(xdm_xserver_t)
-@@ -420,6 +597,22 @@
+@@ -420,6 +599,22 @@
')
optional_policy(`
@@ -25839,7 +25842,7 @@
resmgr_stream_connect(xdm_t)
')
-@@ -429,47 +622,139 @@
+@@ -429,47 +624,139 @@
')
optional_policy(`
@@ -25903,7 +25906,8 @@
#
-# Wants to delete .xsession-errors file
+# xauth_t Local policy
-+#
+ #
+-allow xdm_t user_home_type:file unlink;
+domtrans_pattern(xdm_xserver_t, xauth_exec_t, xauth_t)
+
+userdom_user_home_dir_filetrans(user,xauth_t,user_xauth_home_t,file)
@@ -25949,8 +25953,7 @@
+')
+
+##############################
- #
--allow xdm_t user_home_type:file unlink;
++#
+# iceauth_t Local policy
+#
+
- Previous message (by thread): rpms/autofs/devel autofs-5.0.3-map-type-in-map-name.patch, 1.2, 1.3 autofs.spec, 1.237, 1.238
- Next message (by thread): rpms/pcsc-perl/devel .cvsignore, 1.6, 1.7 pcsc-perl.spec, 1.16, 1.17 sources, 1.6, 1.7 pcsc-perl-1.4.6-defines.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list