rpms/selinux-policy/F-8 policy-20070703.patch, 1.208, 1.209 selinux-policy.spec, 1.630, 1.631

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Mon May 19 17:53:38 UTC 2008 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15096

Modified Files:
	policy-20070703.patch selinux-policy.spec 
Log Message:
* Mon May 19 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-104
- Dontaudit reading of nfs by consolekit


policy-20070703.patch:

Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.208
retrieving revision 1.209
diff -u -r1.208 -r1.209
--- policy-20070703.patch	13 May 2008 18:49:51 -0000	1.208
+++ policy-20070703.patch	19 May 2008 17:52:47 -0000	1.209
@@ -3546,7 +3546,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.0.8/policy/modules/apps/mozilla.if
 --- nsaserefpolicy/policy/modules/apps/mozilla.if	2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/apps/mozilla.if	2008-05-13 09:40:42.560450000 -0400
++++ serefpolicy-3.0.8/policy/modules/apps/mozilla.if	2008-05-13 09:40:42.000000000 -0400
 @@ -36,6 +36,8 @@
  	gen_require(`
  		type mozilla_conf_t, mozilla_exec_t;
@@ -8506,7 +8506,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.0.8/policy/modules/services/consolekit.te
 --- nsaserefpolicy/policy/modules/services/consolekit.te	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/consolekit.te	2008-04-04 16:11:03.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/consolekit.te	2008-05-19 13:51:36.771603000 -0400
 @@ -10,7 +10,6 @@
  type consolekit_exec_t;
  init_daemon_domain(consolekit_t, consolekit_exec_t)
@@ -8550,7 +8550,7 @@
  optional_policy(`
  	dbus_system_bus_client_template(consolekit, consolekit_t)
  	dbus_send_system_bus(consolekit_t)
-@@ -62,9 +71,23 @@
+@@ -62,9 +71,31 @@
  	optional_policy(`
  		unconfined_dbus_chat(consolekit_t)
  	')
@@ -8571,9 +8571,17 @@
 +
 +optional_policy(`
 +	userdom_read_user_tmp_files(user,consolekit_t)
- ')
++')
 +
++tunable_policy(`use_nfs_home_dirs',`
++	fs_dontaudit_list_nfs(consolekit_t)
++	fs_dontaudit_rw_nfs_files(consolekit_t)
++')
 +
++tunable_policy(`use_samba_home_dirs',`
++	fs_dontaudit_list_cifs(consolekit_t)
++	fs_dontaudit_rw_cifs_files(consolekit_t)
+ ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.0.8/policy/modules/services/courier.te
 --- nsaserefpolicy/policy/modules/services/courier.te	2007-10-22 13:21:39.000000000 -0400
 +++ serefpolicy-3.0.8/policy/modules/services/courier.te	2008-04-04 16:11:03.000000000 -0400
@@ -11215,7 +11223,7 @@
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.if serefpolicy-3.0.8/policy/modules/services/inn.if
 --- nsaserefpolicy/policy/modules/services/inn.if	2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/inn.if	2008-05-13 11:43:47.632772000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/inn.if	2008-05-13 11:43:47.000000000 -0400
 @@ -54,8 +54,7 @@
  	')
  
@@ -18992,7 +19000,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.0.8/policy/modules/system/authlogin.te
 --- nsaserefpolicy/policy/modules/system/authlogin.te	2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/authlogin.te	2008-05-13 14:26:59.442650000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/authlogin.te	2008-05-13 14:26:59.000000000 -0400
 @@ -9,6 +9,13 @@
  attribute can_read_shadow_passwords;
  attribute can_write_shadow_passwords;
@@ -19315,7 +19323,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.fc serefpolicy-3.0.8/policy/modules/system/getty.fc
 --- nsaserefpolicy/policy/modules/system/getty.fc	2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/getty.fc	2008-05-13 11:24:02.635908000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/getty.fc	2008-05-13 11:24:02.000000000 -0400
 @@ -8,5 +8,5 @@
  
  /var/run/mgetty\.pid.*	--	gen_context(system_u:object_r:getty_var_run_t,s0)
@@ -19387,7 +19395,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.0.8/policy/modules/system/init.if
 --- nsaserefpolicy/policy/modules/system/init.if	2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/init.if	2008-05-13 14:35:09.563203000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/init.if	2008-05-13 14:35:09.000000000 -0400
 @@ -211,6 +211,21 @@
  			kernel_dontaudit_use_fds($1)
  		')
@@ -20016,7 +20024,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.0.8/policy/modules/system/iptables.te
 --- nsaserefpolicy/policy/modules/system/iptables.te	2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/iptables.te	2008-05-13 13:29:53.001644000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/iptables.te	2008-05-13 13:29:53.000000000 -0400
 @@ -64,13 +64,14 @@
  init_use_script_ptys(iptables_t)
  # to allow rules to be saved on reboot:
@@ -23197,7 +23205,7 @@
  /tmp/gconfd-USER -d	gen_context(system_u:object_r:ROLE_tmp_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.8/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/userdomain.if	2008-05-13 11:36:47.155727000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/userdomain.if	2008-05-13 11:36:47.000000000 -0400
 @@ -29,8 +29,9 @@
  	')
  


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/selinux-policy.spec,v
retrieving revision 1.630
retrieving revision 1.631
diff -u -r1.630 -r1.631
--- selinux-policy.spec	13 May 2008 17:13:01 -0000	1.630
+++ selinux-policy.spec	19 May 2008 17:52:47 -0000	1.631
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.0.8
-Release: 103%{?dist}
+Release: 104%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -380,9 +380,12 @@
 
 %endif
 
-%changelog
+%changelog-
+* Mon May 19 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-104
+- Dontaudit reading of nfs by consolekit
+
 * Tue May 13 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-103
--Fix labeling on /var/spool/fax and /var/spool/voice
+Fix labeling on /var/spool/fax and /var/spool/voice
 
 * Mon May 7 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-102
 - Allow pam_console to setattr on cpu_device_t

More information about the fedora-extras-commits mailing list