rpms/selinux-policy/devel modules-minimum.conf, 1.3, 1.4 modules-targeted.conf, 1.105, 1.106 policy-20080710.patch, 1.85, 1.86
Daniel J Walsh
dwalsh at fedoraproject.org
Mon Nov 3 22:43:25 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30260
Modified Files:
modules-minimum.conf modules-targeted.conf
policy-20080710.patch
Log Message:
* Mon Nov 3 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-13
- Allow dhcpc to restart ypbind
- Fixup labeling in /var/run
Index: modules-minimum.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/modules-minimum.conf,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- modules-minimum.conf 3 Nov 2008 20:42:37 -0000 1.3
+++ modules-minimum.conf 3 Nov 2008 22:42:53 -0000 1.4
@@ -185,9 +185,9 @@
# Layer: admin
# Module: certmaster
#
-# Digital Certificate Tracking
+# Digital Certificate master
#
-certmanager = module
+certmaster = module
# Layer: services
# Module: cipe
Index: modules-targeted.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/modules-targeted.conf,v
retrieving revision 1.105
retrieving revision 1.106
diff -u -r1.105 -r1.106
--- modules-targeted.conf 3 Nov 2008 20:42:37 -0000 1.105
+++ modules-targeted.conf 3 Nov 2008 22:42:53 -0000 1.106
@@ -185,9 +185,9 @@
# Layer: admin
# Module: certmaster
#
-# Digital Certificate Tracking
+# Digital Certificate master
#
-certmanager = module
+certmaster = module
# Layer: services
# Module: cipe
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080710.patch,v
retrieving revision 1.85
retrieving revision 1.86
diff -u -r1.85 -r1.86
--- policy-20080710.patch 3 Nov 2008 21:09:40 -0000 1.85
+++ policy-20080710.patch 3 Nov 2008 22:42:53 -0000 1.86
@@ -676,7 +676,7 @@
ifdef(`distro_suse', `
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.5.13/policy/modules/admin/rpm.if
--- nsaserefpolicy/policy/modules/admin/rpm.if 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/admin/rpm.if 2008-11-03 11:41:00.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/admin/rpm.if 2008-11-03 17:02:00.000000000 -0500
@@ -152,6 +152,24 @@
########################################
@@ -755,7 +755,7 @@
########################################
## <summary>
-+## Create, read, write, and delete the RPM log.
++## Search RPM log directory.
+## </summary>
+## <param name="domain">
+## <summary>
@@ -8902,7 +8902,7 @@
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.5.13/policy/modules/roles/sysadm.te
--- nsaserefpolicy/policy/modules/roles/sysadm.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/roles/sysadm.te 2008-10-29 12:02:23.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/roles/sysadm.te 2008-11-03 17:03:51.000000000 -0500
@@ -15,7 +14,7 @@
role sysadm_r;
@@ -8945,12 +8945,6 @@
')
optional_policy(`
-@@ -328,3 +327,5 @@
- optional_policy(`
- yam_run(sysadm_t, sysadm_r, { sysadm_tty_device_t sysadm_devpts_t })
- ')
-+
-+#gen_user(sysadm_u, user, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.if serefpolicy-3.5.13/policy/modules/roles/unprivuser.if
--- nsaserefpolicy/policy/modules/roles/unprivuser.if 2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.13/policy/modules/roles/unprivuser.if 2008-10-30 13:58:02.000000000 -0400
@@ -12178,8 +12172,8 @@
+/var/log/certmaster(/.*)? gen_context(system_u:object_r:certmaster_var_log_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.if serefpolicy-3.5.13/policy/modules/services/certmaster.if
--- nsaserefpolicy/policy/modules/services/certmaster.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/policy/modules/services/certmaster.if 2008-11-03 15:55:54.000000000 -0500
-@@ -0,0 +1,132 @@
++++ serefpolicy-3.5.13/policy/modules/services/certmaster.if 2008-11-03 17:32:32.000000000 -0500
+@@ -0,0 +1,128 @@
+## <summary>policy for certmaster</summary>
+
+########################################
@@ -12214,7 +12208,6 @@
+## Domain allowed access.
+## </summary>
+## </param>
-+##
+#
+interface(`certmaster_read_log',`
+ gen_require(`
@@ -12233,7 +12226,6 @@
+## Domain allowed access.
+## </summary>
+## </param>
-+##
+#
+interface(`certmaster_append_log',`
+ gen_require(`
@@ -12253,7 +12245,6 @@
+## Domain allowed access.
+## </summary>
+## </param>
-+##
+#
+interface(`certmaster_manage_log',`
+ gen_require(`
@@ -12281,12 +12272,11 @@
+## </param>
+## <rolecap/>
+#
-+
+interface(`certmaster_admin',`
+ gen_require(`
+ type certmaster_t, certmaster_var_run_t, certmaster_var_lib_t;
+ type certmaster_etc_rw_t, certmaster_var_log_t;
-+ certmaster_initrc_exec_t;
++ type certmaster_initrc_exec_t;
+ ')
+
+ allow $1 certmaster_t:process { ptrace signal_perms };
@@ -12314,8 +12304,8 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.te serefpolicy-3.5.13/policy/modules/services/certmaster.te
--- nsaserefpolicy/policy/modules/services/certmaster.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/policy/modules/services/certmaster.te 2008-10-30 14:48:03.000000000 -0400
-@@ -0,0 +1,85 @@
++++ serefpolicy-3.5.13/policy/modules/services/certmaster.te 2008-11-03 17:19:28.000000000 -0500
+@@ -0,0 +1,81 @@
+policy_module(certmaster,1.0.0)
+
+########################################
@@ -12337,7 +12327,7 @@
+
+# config files
+type certmaster_etc_rw_t;
-+files_config_type(certmaster_etc_rw_t)
++files_config_file(certmaster_etc_rw_t)
+
+# log files
+type certmaster_var_log_t;
@@ -12354,10 +12344,6 @@
+
+allow certmaster_t self:tcp_socket create_stream_socket_perms;
+
-+# certification files
-+manage_dirs_pattern(certmaster_t,certmaster_cert_t,certmaster_cert_t)
-+manage_files_pattern(certmaster_t, certmaster_cert_t, certmaster_cert_t)
-+
+# config files
+list_dirs_pattern(certmaster_t,certmaster_etc_rw_t,certmaster_etc_rw_t)
+manage_files_pattern(certmaster_t, certmaster_etc_rw_t, certmaster_etc_rw_t)
@@ -17638,7 +17624,7 @@
/usr/sbin/rpc\.ypxfrd -- gen_context(system_u:object_r:ypxfr_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.5.13/policy/modules/services/nis.if
--- nsaserefpolicy/policy/modules/services/nis.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/nis.if 2008-11-03 14:12:23.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/services/nis.if 2008-11-03 17:06:55.000000000 -0500
@@ -28,7 +28,7 @@
type var_yp_t;
')
@@ -17685,7 +17671,7 @@
## Execute ypbind in the ypbind domain.
## </summary>
## <param name="domain">
-@@ -244,3 +263,105 @@
+@@ -244,3 +263,104 @@
corecmd_search_bin($1)
domtrans_pattern($1, ypxfr_exec_t, ypxfr_t)
')
@@ -17719,7 +17705,6 @@
+## </summary>
+## </param>
+#
-+#
+interface(`nis_ypbind_initrc_domtrans',`
+ gen_require(`
+ type ypbind_initrc_exec_t;
@@ -28186,7 +28171,7 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-3.5.13/policy/modules/system/miscfiles.if
--- nsaserefpolicy/policy/modules/system/miscfiles.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/miscfiles.if 2008-10-31 11:01:20.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/miscfiles.if 2008-11-03 17:18:22.000000000 -0500
@@ -23,6 +23,45 @@
########################################
@@ -28200,7 +28185,7 @@
+## </param>
+## <rolecap/>
+#
-+interface(`
++interface(`miscfiles_manage_cert_dirs',`
+ gen_require(`
+ type cert_t;
+ ')
@@ -30572,7 +30557,7 @@
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.5.13/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/userdomain.if 2008-10-30 16:14:16.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/userdomain.if 2008-11-03 17:15:19.000000000 -0500
@@ -28,10 +28,14 @@
class context contains;
')
@@ -32685,31 +32670,32 @@
')
allow $1 userdomain:process getattr;
-@@ -5429,7 +5528,7 @@
+@@ -5447,6 +5546,24 @@
########################################
## <summary>
--## Send general signals to all user domains.
+## Send signull to all user domains.
- ## </summary>
- ## <param name="domain">
- ## <summary>
-@@ -5437,12 +5536,12 @@
- ## </summary>
- ## </param>
- #
--interface(`userdom_signal_all_users',`
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
+interface(`userdom_signull_all_users',`
- gen_require(`
- attribute userdomain;
- ')
-
-- allow $1 userdomain:process signal;
++ gen_require(`
++ attribute userdomain;
++ ')
++
+ allow $1 userdomain:process signull;
- ')
-
- ########################################
-@@ -5483,6 +5582,42 @@
++')
++
++########################################
++## <summary>
+ ## Send a SIGCHLD signal to all user domains.
+ ## </summary>
+ ## <param name="domain">
+@@ -5483,6 +5600,42 @@
########################################
## <summary>
@@ -32752,7 +32738,7 @@
## Send a dbus message to all user domains.
## </summary>
## <param name="domain">
-@@ -5513,3 +5648,546 @@
+@@ -5513,3 +5666,546 @@
interface(`userdom_unconfined',`
refpolicywarn(`$0($*) has been deprecated.')
')
More information about the fedora-extras-commits
mailing list