rpms/selinux-policy/F-8 policy-20070703.patch, 1.208, 1.209 selinux-policy.spec, 1.630, 1.631
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Mon May 19 17:53:38 UTC 2008
- Previous message (by thread): rpms/selinux-policy/devel booleans-mls.conf, 1.9, 1.10 booleans-targeted.conf, 1.41, 1.42
- Next message (by thread): rpms/xorg-x11-server/F-9 .cvsignore, 1.44, 1.45 commitid, 1.16, 1.17 sources, 1.38, 1.39 xorg-x11-server.spec, 1.333, 1.334 xserver-1.5.0-compiz-clip-fix.patch, 1.1, NONE xserver-1.5.0-f-spot-screws-glx.patch, 1.3, NONE xserver-1.5.0-glcore-swap-no-crashy.patch, 1.1, NONE xserver-1.5.0-hal-closedown.patch, 1.1, NONE xserver-1.5.0-selinux-off-by-default.patch, 1.1, NONE xserver-1.5.0-stenciled-visuals.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15096
Modified Files:
policy-20070703.patch selinux-policy.spec
Log Message:
* Mon May 19 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-104
- Dontaudit reading of nfs by consolekit
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.208
retrieving revision 1.209
diff -u -r1.208 -r1.209
--- policy-20070703.patch 13 May 2008 18:49:51 -0000 1.208
+++ policy-20070703.patch 19 May 2008 17:52:47 -0000 1.209
@@ -3546,7 +3546,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.0.8/policy/modules/apps/mozilla.if
--- nsaserefpolicy/policy/modules/apps/mozilla.if 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/apps/mozilla.if 2008-05-13 09:40:42.560450000 -0400
++++ serefpolicy-3.0.8/policy/modules/apps/mozilla.if 2008-05-13 09:40:42.000000000 -0400
@@ -36,6 +36,8 @@
gen_require(`
type mozilla_conf_t, mozilla_exec_t;
@@ -8506,7 +8506,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.0.8/policy/modules/services/consolekit.te
--- nsaserefpolicy/policy/modules/services/consolekit.te 2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/consolekit.te 2008-04-04 16:11:03.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/consolekit.te 2008-05-19 13:51:36.771603000 -0400
@@ -10,7 +10,6 @@
type consolekit_exec_t;
init_daemon_domain(consolekit_t, consolekit_exec_t)
@@ -8550,7 +8550,7 @@
optional_policy(`
dbus_system_bus_client_template(consolekit, consolekit_t)
dbus_send_system_bus(consolekit_t)
-@@ -62,9 +71,23 @@
+@@ -62,9 +71,31 @@
optional_policy(`
unconfined_dbus_chat(consolekit_t)
')
@@ -8571,9 +8571,17 @@
+
+optional_policy(`
+ userdom_read_user_tmp_files(user,consolekit_t)
- ')
++')
+
++tunable_policy(`use_nfs_home_dirs',`
++ fs_dontaudit_list_nfs(consolekit_t)
++ fs_dontaudit_rw_nfs_files(consolekit_t)
++')
+
++tunable_policy(`use_samba_home_dirs',`
++ fs_dontaudit_list_cifs(consolekit_t)
++ fs_dontaudit_rw_cifs_files(consolekit_t)
+ ')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.0.8/policy/modules/services/courier.te
--- nsaserefpolicy/policy/modules/services/courier.te 2007-10-22 13:21:39.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/services/courier.te 2008-04-04 16:11:03.000000000 -0400
@@ -11215,7 +11223,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.if serefpolicy-3.0.8/policy/modules/services/inn.if
--- nsaserefpolicy/policy/modules/services/inn.if 2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/inn.if 2008-05-13 11:43:47.632772000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/inn.if 2008-05-13 11:43:47.000000000 -0400
@@ -54,8 +54,7 @@
')
@@ -18992,7 +19000,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.0.8/policy/modules/system/authlogin.te
--- nsaserefpolicy/policy/modules/system/authlogin.te 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/authlogin.te 2008-05-13 14:26:59.442650000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/authlogin.te 2008-05-13 14:26:59.000000000 -0400
@@ -9,6 +9,13 @@
attribute can_read_shadow_passwords;
attribute can_write_shadow_passwords;
@@ -19315,7 +19323,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.fc serefpolicy-3.0.8/policy/modules/system/getty.fc
--- nsaserefpolicy/policy/modules/system/getty.fc 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/getty.fc 2008-05-13 11:24:02.635908000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/getty.fc 2008-05-13 11:24:02.000000000 -0400
@@ -8,5 +8,5 @@
/var/run/mgetty\.pid.* -- gen_context(system_u:object_r:getty_var_run_t,s0)
@@ -19387,7 +19395,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.0.8/policy/modules/system/init.if
--- nsaserefpolicy/policy/modules/system/init.if 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/init.if 2008-05-13 14:35:09.563203000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/init.if 2008-05-13 14:35:09.000000000 -0400
@@ -211,6 +211,21 @@
kernel_dontaudit_use_fds($1)
')
@@ -20016,7 +20024,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.0.8/policy/modules/system/iptables.te
--- nsaserefpolicy/policy/modules/system/iptables.te 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/iptables.te 2008-05-13 13:29:53.001644000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/iptables.te 2008-05-13 13:29:53.000000000 -0400
@@ -64,13 +64,14 @@
init_use_script_ptys(iptables_t)
# to allow rules to be saved on reboot:
@@ -23197,7 +23205,7 @@
/tmp/gconfd-USER -d gen_context(system_u:object_r:ROLE_tmp_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.8/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-10-22 13:21:40.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2008-05-13 11:36:47.155727000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2008-05-13 11:36:47.000000000 -0400
@@ -29,8 +29,9 @@
')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/selinux-policy.spec,v
retrieving revision 1.630
retrieving revision 1.631
diff -u -r1.630 -r1.631
--- selinux-policy.spec 13 May 2008 17:13:01 -0000 1.630
+++ selinux-policy.spec 19 May 2008 17:52:47 -0000 1.631
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.8
-Release: 103%{?dist}
+Release: 104%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -380,9 +380,12 @@
%endif
-%changelog
+%changelog-
+* Mon May 19 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-104
+- Dontaudit reading of nfs by consolekit
+
* Tue May 13 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-103
--Fix labeling on /var/spool/fax and /var/spool/voice
+Fix labeling on /var/spool/fax and /var/spool/voice
* Mon May 7 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-102
- Allow pam_console to setattr on cpu_device_t
- Previous message (by thread): rpms/selinux-policy/devel booleans-mls.conf, 1.9, 1.10 booleans-targeted.conf, 1.41, 1.42
- Next message (by thread): rpms/xorg-x11-server/F-9 .cvsignore, 1.44, 1.45 commitid, 1.16, 1.17 sources, 1.38, 1.39 xorg-x11-server.spec, 1.333, 1.334 xserver-1.5.0-compiz-clip-fix.patch, 1.1, NONE xserver-1.5.0-f-spot-screws-glx.patch, 1.3, NONE xserver-1.5.0-glcore-swap-no-crashy.patch, 1.1, NONE xserver-1.5.0-hal-closedown.patch, 1.1, NONE xserver-1.5.0-selinux-off-by-default.patch, 1.1, NONE xserver-1.5.0-stenciled-visuals.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list