rpms/selinux-policy/F-9 policy-20071130.patch, 1.161, 1.162 selinux-policy.spec, 1.676, 1.677

[Daniel J Walsh (dwalsh)]

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1649

Modified Files:
	policy-20071130.patch selinux-policy.spec 
Log Message:
* Thu May 29 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-60
- Allow policykit_resolve to read polkit_var_lib
- Other policykit fixes


policy-20071130.patch:

Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.161
retrieving revision 1.162
diff -u -r1.161 -r1.162
--- policy-20071130.patch	29 May 2008 17:45:04 -0000	1.161
+++ policy-20071130.patch	29 May 2008 19:43:21 -0000	1.162
@@ -7829,7 +7829,7 @@
  type power_device_t;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.3.1/policy/modules/kernel/domain.if
 --- nsaserefpolicy/policy/modules/kernel/domain.if	2008-02-26 08:23:11.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/kernel/domain.if	2008-05-28 09:06:13.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/kernel/domain.if	2008-05-29 15:38:40.259396000 -0400
 @@ -525,7 +525,7 @@
  	')
  
@@ -19557,7 +19557,7 @@
 +/var/lib/PolicyKit-public(/.*)?			gen_context(system_u:object_r:polkit_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.if serefpolicy-3.3.1/policy/modules/services/polkit.if
 --- nsaserefpolicy/policy/modules/services/polkit.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/polkit.if	2008-05-28 09:06:14.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/polkit.if	2008-05-29 15:40:58.041343000 -0400
 @@ -0,0 +1,208 @@
 +
 +## <summary>policy for polkit_auth</summary>
@@ -19769,8 +19769,8 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.te serefpolicy-3.3.1/policy/modules/services/polkit.te
 --- nsaserefpolicy/policy/modules/services/polkit.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/polkit.te	2008-05-29 09:55:32.281989000 -0400
-@@ -0,0 +1,206 @@
++++ serefpolicy-3.3.1/policy/modules/services/polkit.te	2008-05-29 15:41:37.897816000 -0400
+@@ -0,0 +1,213 @@
 +policy_module(polkit_auth,1.0.0)
 +
 +########################################
@@ -19946,16 +19946,20 @@
 +# polkit_resolve local policy
 +#
 +
-+allow polkit_resolve_t self:capability { setuid sys_ptrace };
++allow polkit_resolve_t self:capability { setuid sys_nice sys_ptrace };
 +allow polkit_resolve_t self:process getattr;
 +
 +allow polkit_resolve_t self:unix_dgram_socket create_socket_perms;
 +allow polkit_resolve_t self:fifo_file rw_file_perms;
 +allow polkit_resolve_t self:unix_stream_socket create_stream_socket_perms;
 +
++read_files_pattern(polkit_resolve_t, polkit_var_lib_t, polkit_var_lib_t)
++
 +can_exec(polkit_resolve_t, polkit_resolve_exec_t)
 +corecmd_search_bin(polkit_resolve_t)
 +
++polkit_domtrans_auth(polkit_resolve_t)
++
 +files_read_etc_files(polkit_resolve_t)
 +files_read_usr_files(polkit_resolve_t)
 +
@@ -19970,6 +19974,9 @@
 +
 +optional_policy(`
 +	dbus_system_bus_client_template(polkit_resolve, polkit_resolve_t)
++	optional_policy(`
++		consolekit_dbus_chat(polkit_resolve_t)
++	')
 +')
 +
 +optional_policy(`


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/selinux-policy.spec,v
retrieving revision 1.676
retrieving revision 1.677
diff -u -r1.676 -r1.677
--- selinux-policy.spec	29 May 2008 17:45:04 -0000	1.676
+++ selinux-policy.spec	29 May 2008 19:43:21 -0000	1.677
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.3.1
-Release: 59%{?dist}
+Release: 60%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -385,6 +385,10 @@
 %endif
 
 %changelog
+* Thu May 29 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-60
+- Allow policykit_resolve to read polkit_var_lib
+- Other policykit fixes
+
 * Thu May 29 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-59
 - Allow oddjob to change roles