rpms/selinux-policy/F-9 policy-20071130.patch, 1.161, 1.162 selinux-policy.spec, 1.676, 1.677
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Thu May 29 19:44:13 UTC 2008
- Previous message (by thread): rpms/fedora-logos/devel sources,1.80,1.81
- Next message (by thread): rpms/libvirt-cim/F-9 poolconf.patch, NONE, 1.1 procfix.patch, NONE, 1.1 vcpufix.patch, NONE, 1.1 .cvsignore, 1.6, 1.7 libvirt-cim.spec, 1.12, 1.13 sources, 1.8, 1.9
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1649
Modified Files:
policy-20071130.patch selinux-policy.spec
Log Message:
* Thu May 29 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-60
- Allow policykit_resolve to read polkit_var_lib
- Other policykit fixes
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.161
retrieving revision 1.162
diff -u -r1.161 -r1.162
--- policy-20071130.patch 29 May 2008 17:45:04 -0000 1.161
+++ policy-20071130.patch 29 May 2008 19:43:21 -0000 1.162
@@ -7829,7 +7829,7 @@
type power_device_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.3.1/policy/modules/kernel/domain.if
--- nsaserefpolicy/policy/modules/kernel/domain.if 2008-02-26 08:23:11.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/kernel/domain.if 2008-05-28 09:06:13.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/kernel/domain.if 2008-05-29 15:38:40.259396000 -0400
@@ -525,7 +525,7 @@
')
@@ -19557,7 +19557,7 @@
+/var/lib/PolicyKit-public(/.*)? gen_context(system_u:object_r:polkit_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.if serefpolicy-3.3.1/policy/modules/services/polkit.if
--- nsaserefpolicy/policy/modules/services/polkit.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/polkit.if 2008-05-28 09:06:14.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/polkit.if 2008-05-29 15:40:58.041343000 -0400
@@ -0,0 +1,208 @@
+
+## <summary>policy for polkit_auth</summary>
@@ -19769,8 +19769,8 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.te serefpolicy-3.3.1/policy/modules/services/polkit.te
--- nsaserefpolicy/policy/modules/services/polkit.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/polkit.te 2008-05-29 09:55:32.281989000 -0400
-@@ -0,0 +1,206 @@
++++ serefpolicy-3.3.1/policy/modules/services/polkit.te 2008-05-29 15:41:37.897816000 -0400
+@@ -0,0 +1,213 @@
+policy_module(polkit_auth,1.0.0)
+
+########################################
@@ -19946,16 +19946,20 @@
+# polkit_resolve local policy
+#
+
-+allow polkit_resolve_t self:capability { setuid sys_ptrace };
++allow polkit_resolve_t self:capability { setuid sys_nice sys_ptrace };
+allow polkit_resolve_t self:process getattr;
+
+allow polkit_resolve_t self:unix_dgram_socket create_socket_perms;
+allow polkit_resolve_t self:fifo_file rw_file_perms;
+allow polkit_resolve_t self:unix_stream_socket create_stream_socket_perms;
+
++read_files_pattern(polkit_resolve_t, polkit_var_lib_t, polkit_var_lib_t)
++
+can_exec(polkit_resolve_t, polkit_resolve_exec_t)
+corecmd_search_bin(polkit_resolve_t)
+
++polkit_domtrans_auth(polkit_resolve_t)
++
+files_read_etc_files(polkit_resolve_t)
+files_read_usr_files(polkit_resolve_t)
+
@@ -19970,6 +19974,9 @@
+
+optional_policy(`
+ dbus_system_bus_client_template(polkit_resolve, polkit_resolve_t)
++ optional_policy(`
++ consolekit_dbus_chat(polkit_resolve_t)
++ ')
+')
+
+optional_policy(`
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/selinux-policy.spec,v
retrieving revision 1.676
retrieving revision 1.677
diff -u -r1.676 -r1.677
--- selinux-policy.spec 29 May 2008 17:45:04 -0000 1.676
+++ selinux-policy.spec 29 May 2008 19:43:21 -0000 1.677
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.3.1
-Release: 59%{?dist}
+Release: 60%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -385,6 +385,10 @@
%endif
%changelog
+* Thu May 29 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-60
+- Allow policykit_resolve to read polkit_var_lib
+- Other policykit fixes
+
* Thu May 29 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-59
- Allow oddjob to change roles
- Previous message (by thread): rpms/fedora-logos/devel sources,1.80,1.81
- Next message (by thread): rpms/libvirt-cim/F-9 poolconf.patch, NONE, 1.1 procfix.patch, NONE, 1.1 vcpufix.patch, NONE, 1.1 .cvsignore, 1.6, 1.7 libvirt-cim.spec, 1.12, 1.13 sources, 1.8, 1.9
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list