rpms/selinux-policy/F-10 modules-targeted.conf, 1.108, 1.109 policy-20080710.patch, 1.94, 1.95
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Nov 13 19:16:12 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv22520
Modified Files:
modules-targeted.conf policy-20080710.patch
Log Message:
* Mon Nov 10 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-20
- Change default boolean settings for xguest
- Allow mount to r/w image files
- Fix labes for several libraries that need textrel_shlib_t
- portreserve needs to be able to sendrecv unlabeled_t
- Fix Kerberos labeling
- Fix cups printing on hp printers
- Allow relabeling on blk devices on the homedir
- Allow nslpugin to r/w inodefs
Index: modules-targeted.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/modules-targeted.conf,v
retrieving revision 1.108
retrieving revision 1.109
diff -u -r1.108 -r1.109
--- modules-targeted.conf 5 Nov 2008 18:26:36 -0000 1.108
+++ modules-targeted.conf 13 Nov 2008 19:15:40 -0000 1.109
@@ -1705,3 +1705,8 @@
#
zosremote = module
+# Layer: services
+# Module: pki
+#
+#
+pki = module
policy-20080710.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.94 -r 1.95 policy-20080710.patch
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.94
retrieving revision 1.95
diff -u -r1.94 -r1.95
--- policy-20080710.patch 10 Nov 2008 21:51:06 -0000 1.94
+++ policy-20080710.patch 13 Nov 2008 19:15:40 -0000 1.95
@@ -1,6 +1,6 @@
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.5.13/Makefile
---- nsaserefpolicy/Makefile 2008-08-07 11:15:00.000000000 -0400
-+++ serefpolicy-3.5.13/Makefile 2008-10-28 10:56:19.000000000 -0400
+--- nsaserefpolicy/Makefile 2008-10-17 08:49:11.000000000 -0400
++++ serefpolicy-3.5.13/Makefile 2008-11-11 16:22:02.000000000 -0500
@@ -311,20 +311,22 @@
# parse-rolemap modulename,outputfile
@@ -46,8 +46,8 @@
@mkdir -p $(appdir)
$(verbose) $(INSTALL) -m 644 $< $@
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.5.13/Rules.modular
---- nsaserefpolicy/Rules.modular 2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/Rules.modular 2008-10-28 10:56:19.000000000 -0400
+--- nsaserefpolicy/Rules.modular 2008-10-17 08:49:14.000000000 -0400
++++ serefpolicy-3.5.13/Rules.modular 2008-11-11 16:22:02.000000000 -0500
@@ -73,8 +73,8 @@
$(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
@echo "Compliling $(NAME) $(@F) module"
@@ -95,8 +95,8 @@
#
$(appdir)/customizable_types: $(base_conf)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.5.13/config/appconfig-mcs/default_contexts
---- nsaserefpolicy/config/appconfig-mcs/default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mcs/default_contexts 2008-10-28 10:56:19.000000000 -0400
+--- nsaserefpolicy/config/appconfig-mcs/default_contexts 2008-10-17 08:49:10.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/default_contexts 2008-11-11 16:22:02.000000000 -0500
@@ -1,15 +1,6 @@
-system_r:crond_t:s0 user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 unconfined_r:unconfined_crond_t:s0
-system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
@@ -119,24 +119,14 @@
-user_r:user_sudo_t:s0 sysadm_r:sysadm_t:s0 user_r:user_t:s0
+system_r:xdm_t:s0 user_r:user_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.5.13/config/appconfig-mcs/failsafe_context
---- nsaserefpolicy/config/appconfig-mcs/failsafe_context 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mcs/failsafe_context 2008-10-28 10:56:19.000000000 -0400
+--- nsaserefpolicy/config/appconfig-mcs/failsafe_context 2008-10-17 08:49:10.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/failsafe_context 2008-11-11 16:22:02.000000000 -0500
@@ -1 +1 @@
-sysadm_r:sysadm_t:s0
+system_r:unconfined_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/guest_u_default_contexts
---- nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/config/appconfig-mcs/guest_u_default_contexts 2008-10-28 10:56:19.000000000 -0400
-@@ -0,0 +1,6 @@
-+system_r:local_login_t:s0 guest_r:guest_t:s0
-+system_r:remote_login_t:s0 guest_r:guest_t:s0
-+system_r:sshd_t:s0 guest_r:guest_t:s0
-+system_r:crond_t:s0 guest_r:guest_t:s0
-+system_r:initrc_su_t:s0 guest_r:guest_t:s0
-+guest_r:guest_t:s0 guest_r:guest_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/root_default_contexts
---- nsaserefpolicy/config/appconfig-mcs/root_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mcs/root_default_contexts 2008-10-28 10:56:19.000000000 -0400
+--- nsaserefpolicy/config/appconfig-mcs/root_default_contexts 2008-10-17 08:49:10.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/root_default_contexts 2008-11-11 16:22:02.000000000 -0500
@@ -1,11 +1,7 @@
-system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
+system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -152,8 +142,8 @@
-#system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/seusers serefpolicy-3.5.13/config/appconfig-mcs/seusers
---- nsaserefpolicy/config/appconfig-mcs/seusers 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mcs/seusers 2008-10-28 11:08:43.000000000 -0400
+--- nsaserefpolicy/config/appconfig-mcs/seusers 2008-10-17 08:49:10.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/seusers 2008-11-11 16:22:02.000000000 -0500
@@ -1,3 +1,3 @@
system_u:system_u:s0-mcs_systemhigh
-root:root:s0-mcs_systemhigh
@@ -161,8 +151,8 @@
+root:unconfined_u:s0-mcs_systemhigh
+__default__:unconfined_u:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/staff_u_default_contexts
---- nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mcs/staff_u_default_contexts 2008-10-28 10:56:19.000000000 -0400
+--- nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts 2008-10-17 08:49:10.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/staff_u_default_contexts 2008-11-11 16:22:02.000000000 -0500
@@ -1,10 +1,12 @@
system_r:local_login_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
system_r:remote_login_t:s0 staff_r:staff_t:s0
@@ -178,8 +168,8 @@
sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/unconfined_u_default_contexts
---- nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mcs/unconfined_u_default_contexts 2008-10-28 10:56:19.000000000 -0400
+--- nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts 2008-10-17 08:49:10.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/unconfined_u_default_contexts 2008-11-11 16:22:02.000000000 -0500
@@ -6,4 +6,6 @@
system_r:sshd_t:s0 unconfined_r:unconfined_t:s0
system_r:sysadm_su_t:s0 unconfined_r:unconfined_t:s0
@@ -188,8 +178,8 @@
+unconfined_r:unconfined_t:s0 unconfined_r:unconfined_t:s0
system_r:xdm_t:s0 unconfined_r:unconfined_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/user_u_default_contexts
---- nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mcs/user_u_default_contexts 2008-10-28 10:56:19.000000000 -0400
+--- nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts 2008-10-17 08:49:10.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/user_u_default_contexts 2008-11-11 16:22:02.000000000 -0500
@@ -1,8 +1,9 @@
system_r:local_login_t:s0 user_r:user_t:s0
system_r:remote_login_t:s0 user_r:user_t:s0
@@ -203,25 +193,14 @@
+system_r:initrc_su_t:s0 user_r:user_t:s0
+user_r:user_t:s0 user_r:user_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.5.13/config/appconfig-mcs/userhelper_context
---- nsaserefpolicy/config/appconfig-mcs/userhelper_context 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mcs/userhelper_context 2008-10-28 10:56:19.000000000 -0400
+--- nsaserefpolicy/config/appconfig-mcs/userhelper_context 2008-10-17 08:49:10.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/userhelper_context 2008-11-11 16:22:02.000000000 -0500
@@ -1 +1 @@
-system_u:sysadm_r:sysadm_t:s0
+system_u:system_r:unconfined_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/xguest_u_default_contexts
---- nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/config/appconfig-mcs/xguest_u_default_contexts 2008-10-28 10:56:19.000000000 -0400
-@@ -0,0 +1,7 @@
-+system_r:local_login_t xguest_r:xguest_t:s0
-+system_r:remote_login_t xguest_r:xguest_t:s0
-+system_r:sshd_t xguest_r:xguest_t:s0
-+system_r:crond_t xguest_r:xguest_t:s0
-+system_r:xdm_t xguest_r:xguest_t:s0
-+system_r:initrc_su_t:s0 xguest_r:xguest_t:s0
-+xguest_r:xguest_t:s0 xguest_r:xguest_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/default_contexts serefpolicy-3.5.13/config/appconfig-mls/default_contexts
---- nsaserefpolicy/config/appconfig-mls/default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mls/default_contexts 2008-10-28 10:56:19.000000000 -0400
+--- nsaserefpolicy/config/appconfig-mls/default_contexts 2008-10-17 08:49:10.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mls/default_contexts 2008-11-11 16:22:02.000000000 -0500
@@ -1,15 +1,6 @@
-system_r:crond_t:s0 user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 unconfined_r:unconfined_crond_t:s0
-system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
@@ -243,17 +222,9 @@
-user_r:user_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
-user_r:user_sudo_t:s0 sysadm_r:sysadm_t:s0 user_r:user_t:s0
+system_r:xdm_t:s0 user_r:user_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts serefpolicy-3.5.13/config/appconfig-mls/guest_u_default_contexts
---- nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/config/appconfig-mls/guest_u_default_contexts 2008-10-28 10:56:19.000000000 -0400
-@@ -0,0 +1,4 @@
-+system_r:local_login_t:s0 guest_r:guest_t:s0
-+system_r:remote_login_t:s0 guest_r:guest_t:s0
-+system_r:sshd_t:s0 guest_r:guest_t:s0
-+system_r:crond_t:s0 guest_r:guest_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/root_default_contexts serefpolicy-3.5.13/config/appconfig-mls/root_default_contexts
---- nsaserefpolicy/config/appconfig-mls/root_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mls/root_default_contexts 2008-10-28 10:56:19.000000000 -0400
+--- nsaserefpolicy/config/appconfig-mls/root_default_contexts 2008-10-17 08:49:10.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mls/root_default_contexts 2008-11-11 16:22:02.000000000 -0500
@@ -1,11 +1,11 @@
-system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
-system_r:local_login_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -273,8 +244,8 @@
-#system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+#system_r:sshd_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/staff_u_default_contexts serefpolicy-3.5.13/config/appconfig-mls/staff_u_default_contexts
---- nsaserefpolicy/config/appconfig-mls/staff_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mls/staff_u_default_contexts 2008-10-28 10:56:19.000000000 -0400
+--- nsaserefpolicy/config/appconfig-mls/staff_u_default_contexts 2008-10-17 08:49:10.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mls/staff_u_default_contexts 2008-11-11 16:22:02.000000000 -0500
@@ -1,7 +1,7 @@
system_r:local_login_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
system_r:remote_login_t:s0 staff_r:staff_t:s0
@@ -285,8 +256,8 @@
staff_r:staff_su_t:s0 staff_r:staff_t:s0
staff_r:staff_sudo_t:s0 staff_r:staff_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/user_u_default_contexts serefpolicy-3.5.13/config/appconfig-mls/user_u_default_contexts
---- nsaserefpolicy/config/appconfig-mls/user_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/config/appconfig-mls/user_u_default_contexts 2008-10-28 10:56:19.000000000 -0400
+--- nsaserefpolicy/config/appconfig-mls/user_u_default_contexts 2008-10-17 08:49:10.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mls/user_u_default_contexts 2008-11-11 16:22:02.000000000 -0500
@@ -1,7 +1,7 @@
system_r:local_login_t:s0 user_r:user_t:s0
system_r:remote_login_t:s0 user_r:user_t:s0
@@ -296,28 +267,9 @@
system_r:xdm_t:s0 user_r:user_t:s0
user_r:user_su_t:s0 user_r:user_t:s0
user_r:user_sudo_t:s0 user_r:user_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/xguest_u_default_contexts serefpolicy-3.5.13/config/appconfig-mls/xguest_u_default_contexts
---- nsaserefpolicy/config/appconfig-mls/xguest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/config/appconfig-mls/xguest_u_default_contexts 2008-10-28 10:56:19.000000000 -0400
-@@ -0,0 +1,7 @@
-+system_r:local_login_t xguest_r:xguest_t:s0
-+system_r:remote_login_t xguest_r:xguest_t:s0
-+system_r:sshd_t xguest_r:xguest_t:s0
-+system_r:crond_t xguest_r:xguest_t:s0
-+system_r:xdm_t xguest_r:xguest_t:s0
-+system_r:initrc_su_t:s0 xguest_r:xguest_t:s0
-+xguest_r:xguest_t:s0 xguest_r:xguest_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/guest_u_default_contexts serefpolicy-3.5.13/config/appconfig-standard/guest_u_default_contexts
[...9059 lines suppressed...]
/etc/dhclient-script -- gen_context(system_u:object_r:dhcp_etc_t,s0)
/etc/dhcpc.* gen_context(system_u:object_r:dhcp_etc_t,s0)
@@ -30065,8 +27671,8 @@
+
+/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.5.13/policy/modules/system/sysnetwork.if
---- nsaserefpolicy/policy/modules/system/sysnetwork.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/sysnetwork.if 2008-10-28 10:56:19.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/sysnetwork.if 2008-10-17 08:49:13.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/sysnetwork.if 2008-11-11 16:22:03.000000000 -0500
@@ -553,6 +553,7 @@
type net_conf_t;
')
@@ -30146,8 +27752,8 @@
+ role_transition $1 dhcpc_exec_t system_r;
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.5.13/policy/modules/system/sysnetwork.te
---- nsaserefpolicy/policy/modules/system/sysnetwork.te 2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/sysnetwork.te 2008-11-03 13:42:28.000000000 -0500
+--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2008-10-17 08:49:13.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/sysnetwork.te 2008-11-11 16:22:03.000000000 -0500
@@ -20,6 +20,9 @@
init_daemon_domain(dhcpc_t,dhcpc_exec_t)
role system_r types dhcpc_t;
@@ -30327,8 +27933,8 @@
kernel_write_xen_state(ifconfig_t)
xen_append_log(ifconfig_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.fc serefpolicy-3.5.13/policy/modules/system/udev.fc
---- nsaserefpolicy/policy/modules/system/udev.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/udev.fc 2008-11-03 11:39:49.000000000 -0500
+--- nsaserefpolicy/policy/modules/system/udev.fc 2008-10-17 08:49:13.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/udev.fc 2008-11-11 16:22:03.000000000 -0500
@@ -13,8 +13,11 @@
/sbin/start_udev -- gen_context(system_u:object_r:udev_exec_t,s0)
/sbin/udev -- gen_context(system_u:object_r:udev_exec_t,s0)
@@ -30342,8 +27948,8 @@
+
+/var/run/PackageKit/udev(/.*)? gen_context(system_u:object_r:rpm_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.if serefpolicy-3.5.13/policy/modules/system/udev.if
---- nsaserefpolicy/policy/modules/system/udev.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/udev.if 2008-10-28 10:56:19.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/udev.if 2008-10-17 08:49:13.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/udev.if 2008-11-11 16:22:03.000000000 -0500
@@ -96,6 +96,24 @@
########################################
@@ -30398,8 +28004,8 @@
+ allow $1 udev_tbl_t:file rw_file_perms;
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.5.13/policy/modules/system/udev.te
---- nsaserefpolicy/policy/modules/system/udev.te 2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/udev.te 2008-11-03 11:41:29.000000000 -0500
+--- nsaserefpolicy/policy/modules/system/udev.te 2008-10-17 08:49:13.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/udev.te 2008-11-11 16:22:03.000000000 -0500
@@ -83,6 +83,7 @@
kernel_rw_unix_dgram_sockets(udev_t)
kernel_dgram_send(udev_t)
@@ -30457,8 +28063,8 @@
xserver_read_xdm_pid(udev_t)
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.5.13/policy/modules/system/unconfined.fc
---- nsaserefpolicy/policy/modules/system/unconfined.fc 2008-09-11 16:42:49.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/unconfined.fc 2008-11-06 13:03:04.000000000 -0500
+--- nsaserefpolicy/policy/modules/system/unconfined.fc 2008-10-17 08:49:13.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/unconfined.fc 2008-11-11 16:22:03.000000000 -0500
@@ -2,15 +2,29 @@
# e.g.:
# /usr/local/bin/appsrv -- gen_context(system_u:object_r:unconfined_exec_t,s0)
@@ -30499,8 +28105,8 @@
+/opt/real/(.*/)?realplay\.bin -- gen_context(system_u:object_r:execmem_exec_t,s0)
+/usr/bin/gcl -- gen_context(system_u:object_r:execmem_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.5.13/policy/modules/system/unconfined.if
---- nsaserefpolicy/policy/modules/system/unconfined.if 2008-09-11 16:42:49.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/unconfined.if 2008-10-29 13:21:22.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/unconfined.if 2008-10-17 08:49:13.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/unconfined.if 2008-11-11 16:22:03.000000000 -0500
@@ -12,14 +12,13 @@
#
interface(`unconfined_domain_noaudit',`
@@ -30830,8 +28436,8 @@
+')
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.5.13/policy/modules/system/unconfined.te
---- nsaserefpolicy/policy/modules/system/unconfined.te 2008-10-14 11:58:09.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/unconfined.te 2008-10-28 11:00:08.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/unconfined.te 2008-10-17 08:49:13.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/unconfined.te 2008-11-11 16:22:03.000000000 -0500
@@ -6,35 +6,76 @@
# Declarations
#
@@ -31190,8 +28796,8 @@
+
+gen_user(unconfined_u, user, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.5.13/policy/modules/system/userdomain.fc
---- nsaserefpolicy/policy/modules/system/userdomain.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/userdomain.fc 2008-10-28 10:56:19.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/userdomain.fc 2008-10-17 08:49:13.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/userdomain.fc 2008-11-11 16:22:03.000000000 -0500
@@ -1,4 +1,5 @@
-HOME_DIR -d gen_context(system_u:object_r:ROLE_home_dir_t,s0-mls_systemhigh)
-HOME_DIR/.+ gen_context(system_u:object_r:ROLE_home_t,s0)
@@ -31203,8 +28809,8 @@
+/tmp/gconfd-USER -d gen_context(system_u:object_r:user_tmp_t,s0)
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.5.13/policy/modules/system/userdomain.if
---- nsaserefpolicy/policy/modules/system/userdomain.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/userdomain.if 2008-11-10 11:10:03.000000000 -0500
+--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-10-17 08:49:13.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/userdomain.if 2008-11-13 14:05:51.000000000 -0500
@@ -28,10 +28,14 @@
class context contains;
')
@@ -33933,8 +31539,8 @@
+ fs_tmpfs_filetrans($1, user_tmpfs_t, { dir file lnk_file sock_file fifo_file })
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.5.13/policy/modules/system/userdomain.te
---- nsaserefpolicy/policy/modules/system/userdomain.te 2008-10-14 11:58:09.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/userdomain.te 2008-10-28 10:56:19.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/userdomain.te 2008-10-17 08:49:13.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/userdomain.te 2008-11-11 16:22:03.000000000 -0500
@@ -8,13 +8,6 @@
## <desc>
@@ -34054,8 +31660,8 @@
+')
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-3.5.13/policy/modules/system/xen.fc
---- nsaserefpolicy/policy/modules/system/xen.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/xen.fc 2008-10-28 10:56:19.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/xen.fc 2008-10-17 08:49:13.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/xen.fc 2008-11-11 16:22:03.000000000 -0500
@@ -20,6 +20,7 @@
/var/run/xenconsoled\.pid -- gen_context(system_u:object_r:xenconsoled_var_run_t,s0)
/var/run/xend(/.*)? gen_context(system_u:object_r:xend_var_run_t,s0)
@@ -34065,8 +31671,8 @@
/var/run/xenstored(/.*)? gen_context(system_u:object_r:xenstored_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.5.13/policy/modules/system/xen.if
---- nsaserefpolicy/policy/modules/system/xen.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/xen.if 2008-11-04 11:36:33.000000000 -0500
+--- nsaserefpolicy/policy/modules/system/xen.if 2008-10-17 08:49:13.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/xen.if 2008-11-11 16:22:03.000000000 -0500
@@ -155,7 +155,7 @@
stream_connect_pattern($1,xenstored_var_run_t,xenstored_var_run_t,xenstored_t)
')
@@ -34118,8 +31724,8 @@
+ rw_files_pattern($1, xen_image_t, xen_image_t)
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.5.13/policy/modules/system/xen.te
---- nsaserefpolicy/policy/modules/system/xen.te 2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/xen.te 2008-10-28 10:56:19.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/xen.te 2008-10-17 08:49:13.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/xen.te 2008-11-11 16:22:03.000000000 -0500
@@ -6,6 +6,13 @@
# Declarations
#
@@ -34344,8 +31950,8 @@
+ unconfined_domain(xend_t)
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/policy_capabilities serefpolicy-3.5.13/policy/policy_capabilities
---- nsaserefpolicy/policy/policy_capabilities 2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/policy/policy_capabilities 2008-10-28 10:56:19.000000000 -0400
+--- nsaserefpolicy/policy/policy_capabilities 2008-10-17 08:49:14.000000000 -0400
++++ serefpolicy-3.5.13/policy/policy_capabilities 2008-11-11 16:22:03.000000000 -0500
@@ -29,4 +29,4 @@
# chr_file: open
# blk_file: open
@@ -34353,8 +31959,8 @@
-policycap open_perms;
+#policycap open_perms;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.5.13/policy/support/obj_perm_sets.spt
---- nsaserefpolicy/policy/support/obj_perm_sets.spt 2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/policy/support/obj_perm_sets.spt 2008-10-28 10:56:19.000000000 -0400
+--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2008-10-17 08:49:14.000000000 -0400
++++ serefpolicy-3.5.13/policy/support/obj_perm_sets.spt 2008-11-11 16:22:03.000000000 -0500
@@ -59,22 +59,22 @@
#
# Permissions for executing files.
@@ -34503,8 +32109,8 @@
+
+define(`manage_key_perms', `{ create link read search setattr view write } ')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.5.13/policy/users
---- nsaserefpolicy/policy/users 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/users 2008-10-28 19:21:24.000000000 -0400
+--- nsaserefpolicy/policy/users 2008-10-17 08:49:11.000000000 -0400
++++ serefpolicy-3.5.13/policy/users 2008-11-11 16:22:03.000000000 -0500
@@ -25,11 +25,8 @@
# permit any access to such users, then remove this entry.
#
@@ -34530,8 +32136,8 @@
-')
+gen_user(root, user, unconfined_r sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-3.5.13/support/Makefile.devel
---- nsaserefpolicy/support/Makefile.devel 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.13/support/Makefile.devel 2008-10-28 10:56:19.000000000 -0400
+--- nsaserefpolicy/support/Makefile.devel 2008-10-17 08:49:14.000000000 -0400
++++ serefpolicy-3.5.13/support/Makefile.devel 2008-11-11 16:22:03.000000000 -0500
@@ -181,8 +181,7 @@
tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
@$(EINFO) "Compiling $(NAME) $(basename $(@F)) module"
More information about the fedora-extras-commits
mailing list