rpms/selinux-policy/devel policy-20080710.patch, 1.89, 1.90 selinux-policy.spec, 1.743, 1.744

Daniel J Walsh dwalsh at fedoraproject.org
Wed Nov 5 22:14:18 UTC 2008 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv5542

Modified Files:
	policy-20080710.patch selinux-policy.spec 
Log Message:
* Wed Nov 5 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-17
- Allow lvm to dbus chat with hal
- Allow rlogind to read nfs_t 


policy-20080710.patch:

Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080710.patch,v
retrieving revision 1.89
retrieving revision 1.90
diff -u -r1.89 -r1.90
--- policy-20080710.patch	5 Nov 2008 20:34:05 -0000	1.89
+++ policy-20080710.patch	5 Nov 2008 22:13:47 -0000	1.90
@@ -21322,8 +21322,8 @@
  files_manage_etc_files(ricci_modstorage_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.te serefpolicy-3.5.13/policy/modules/services/rlogin.te
 --- nsaserefpolicy/policy/modules/services/rlogin.te	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/rlogin.te	2008-10-28 10:56:19.000000000 -0400
-@@ -94,8 +94,8 @@
++++ serefpolicy-3.5.13/policy/modules/services/rlogin.te	2008-11-05 16:47:28.000000000 -0500
+@@ -94,10 +94,22 @@
  remotelogin_signal(rlogind_t)
  
  optional_policy(`
@@ -21334,6 +21334,20 @@
  ')
  
  optional_policy(`
+ 	tcpd_wrapped_domain(rlogind_t, rlogind_exec_t)
+ ')
++
++tunable_policy(`use_nfs_home_dirs',`
++	fs_list_nfs_dirs(rlogind_t)
++	fs_read_nfs_files(rlogind_t)
++	fs_read_nfs_symlinks(rlogind_t)
++')
++
++tunable_policy(`use_samba_home_dirs',`
++	fs_list_cifs_dirs(rlogind_t)
++	fs_read_cifs_files(rlogind_t)
++	fs_read_cifs_symlinks(rlogind_t)
++')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/roundup.fc serefpolicy-3.5.13/policy/modules/services/roundup.fc
 --- nsaserefpolicy/policy/modules/services/roundup.fc	2008-08-07 11:15:11.000000000 -0400
 +++ serefpolicy-3.5.13/policy/modules/services/roundup.fc	2008-10-28 10:56:19.000000000 -0400
@@ -28492,7 +28506,7 @@
 +/var/run/dmevent.*		gen_context(system_u:object_r:lvm_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.5.13/policy/modules/system/lvm.te
 --- nsaserefpolicy/policy/modules/system/lvm.te	2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/lvm.te	2008-10-28 10:56:19.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/lvm.te	2008-11-05 16:20:42.000000000 -0500
 @@ -10,6 +10,9 @@
  type clvmd_exec_t;
  init_daemon_domain(clvmd_t,clvmd_exec_t)
@@ -28575,7 +28589,22 @@
  sysadm_dontaudit_search_home_dirs(clvmd_t)
  
  lvm_domtrans(clvmd_t)
-@@ -137,6 +152,14 @@
+@@ -128,6 +143,14 @@
+ ')
+ 
+ optional_policy(`
++	dbus_system_bus_client_template(lvm,lvm_t)
++
++	optional_policy(`
++		hal_dbus_chat(lvm_t)
++	')
++')
++
++optional_policy(`
+ 	gpm_dontaudit_getattr_gpmctl(clvmd_t)
+ ')
+ 
+@@ -137,6 +160,14 @@
  ')
  
  optional_policy(`
@@ -28590,7 +28619,7 @@
  	udev_read_db(clvmd_t)
  ')
  
-@@ -147,17 +170,19 @@
+@@ -147,17 +178,19 @@
  
  # DAC overrides and mknod for modifying /dev entries (vgmknodes)
  # rawio needed for dmraid
@@ -28613,7 +28642,7 @@
  
  manage_dirs_pattern(lvm_t,lvm_tmp_t,lvm_tmp_t)
  manage_files_pattern(lvm_t,lvm_tmp_t,lvm_tmp_t)
-@@ -189,6 +214,7 @@
+@@ -189,6 +222,7 @@
  manage_files_pattern(lvm_t,lvm_metadata_t,lvm_metadata_t)
  filetrans_pattern(lvm_t,lvm_etc_t,lvm_metadata_t,file)
  files_etc_filetrans(lvm_t,lvm_metadata_t,file)
@@ -28621,7 +28650,7 @@
  
  kernel_read_system_state(lvm_t)
  kernel_read_kernel_sysctls(lvm_t)
-@@ -225,6 +251,7 @@
+@@ -225,6 +259,7 @@
  dev_dontaudit_getattr_generic_blk_files(lvm_t)
  dev_dontaudit_getattr_generic_pipes(lvm_t)
  dev_create_generic_dirs(lvm_t)
@@ -28629,7 +28658,7 @@
  
  fs_getattr_xattr_fs(lvm_t)
  fs_search_auto_mountpoints(lvm_t)
-@@ -243,6 +270,7 @@
+@@ -243,6 +278,7 @@
  storage_dev_filetrans_fixed_disk(lvm_t)
  # Access raw devices and old /dev/lvm (c 109,0).  Is this needed?
  storage_manage_fixed_disk(lvm_t)
@@ -28637,7 +28666,7 @@
  
  term_getattr_all_user_ttys(lvm_t)
  term_list_ptys(lvm_t)
-@@ -252,6 +280,7 @@
+@@ -252,6 +288,7 @@
  
  domain_use_interactive_fds(lvm_t)
  
@@ -28645,7 +28674,7 @@
  files_read_etc_files(lvm_t)
  files_read_etc_runtime_files(lvm_t)
  # for when /usr is not mounted:
-@@ -273,6 +302,8 @@
+@@ -273,6 +310,8 @@
  seutil_search_default_contexts(lvm_t)
  seutil_sigchld_newrole(lvm_t)
  
@@ -28654,7 +28683,7 @@
  ifdef(`distro_redhat',`
  	# this is from the initrd:
  	files_rw_isid_type_dirs(lvm_t)
-@@ -291,5 +322,18 @@
+@@ -291,5 +330,18 @@
  ')
  
  optional_policy(`


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.743
retrieving revision 1.744
diff -u -r1.743 -r1.744
--- selinux-policy.spec	5 Nov 2008 20:34:06 -0000	1.743
+++ selinux-policy.spec	5 Nov 2008 22:13:48 -0000	1.744
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.5.13
-Release: 16%{?dist}
+Release: 17%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -457,6 +457,10 @@
 %endif
 
 %changelog
+* Wed Nov 5 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-17
+- Allow lvm to dbus chat with hal
+- Allow rlogind to read nfs_t 
+
 * Wed Nov 5 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-16
 - Fix cyphesis file context

More information about the fedora-extras-commits mailing list