rpms/selinux-policy/F-9 policy-20071130.patch, 1.239, 1.240 selinux-policy.spec, 1.727, 1.728
Daniel J Walsh
dwalsh at fedoraproject.org
Mon Nov 24 14:03:52 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv4773
Modified Files:
policy-20071130.patch selinux-policy.spec
Log Message:
* Thu Nov 20 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-112
- Allow automount to read nfs
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.239
retrieving revision 1.240
diff -u -r1.239 -r1.240
--- policy-20071130.patch 19 Nov 2008 19:18:34 -0000 1.239
+++ policy-20071130.patch 24 Nov 2008 14:03:51 -0000 1.240
@@ -12532,7 +12532,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.3.1/policy/modules/services/automount.te
--- nsaserefpolicy/policy/modules/services/automount.te 2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/automount.te 2008-11-03 16:14:20.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/automount.te 2008-11-20 11:07:33.000000000 -0500
@@ -20,6 +20,9 @@
files_tmp_file(automount_tmp_t)
files_mountpoint(automount_tmp_t)
@@ -12562,7 +12562,7 @@
kernel_read_kernel_sysctls(automount_t)
kernel_read_irq_sysctls(automount_t)
-@@ -69,6 +71,7 @@
+@@ -69,9 +71,18 @@
files_mounton_all_mountpoints(automount_t)
files_mount_all_file_type_fs(automount_t)
files_unmount_all_file_type_fs(automount_t)
@@ -12570,7 +12570,18 @@
fs_mount_all_fs(automount_t)
fs_unmount_all_fs(automount_t)
-@@ -98,6 +101,7 @@
++fs_getattr_all_fs(automount_t)
++fs_getattr_all_dirs(automount_t)
++fs_search_auto_mountpoints(automount_t)
++fs_manage_auto_mountpoints(automount_t)
++fs_unmount_autofs(automount_t)
++fs_mount_autofs(automount_t)
++fs_manage_autofs_symlinks(automount_t)
++fs_read_nfs_files(automount_t)
+
+ corecmd_exec_bin(automount_t)
+ corecmd_exec_shell(automount_t)
+@@ -98,6 +109,7 @@
corenet_udp_bind_all_rpc_ports(automount_t)
dev_read_sysfs(automount_t)
@@ -12578,7 +12589,7 @@
# for SSP
dev_read_rand(automount_t)
dev_read_urand(automount_t)
-@@ -126,8 +130,12 @@
+@@ -126,8 +138,12 @@
fs_mount_autofs(automount_t)
fs_manage_autofs_symlinks(automount_t)
@@ -12591,7 +12602,7 @@
libs_use_ld_so(automount_t)
libs_use_shared_libs(automount_t)
-@@ -140,10 +148,6 @@
+@@ -140,10 +156,6 @@
# Run mount in the mount_t domain.
mount_domtrans(automount_t)
@@ -12602,7 +12613,7 @@
userdom_dontaudit_use_unpriv_user_fds(automount_t)
userdom_dontaudit_search_sysadm_home_dirs(automount_t)
-@@ -156,17 +160,18 @@
+@@ -156,17 +168,18 @@
')
optional_policy(`
@@ -20889,7 +20900,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.3.1/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/networkmanager.te 2008-11-17 15:45:13.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/networkmanager.te 2008-11-20 17:43:52.000000000 -0500
@@ -1,5 +1,5 @@
-policy_module(networkmanager,1.9.0)
@@ -20966,11 +20977,12 @@
corenet_all_recvfrom_unlabeled(NetworkManager_t)
corenet_all_recvfrom_netlabel(NetworkManager_t)
-@@ -64,9 +87,11 @@
+@@ -64,9 +87,12 @@
dev_read_sysfs(NetworkManager_t)
dev_read_rand(NetworkManager_t)
dev_read_urand(NetworkManager_t)
+dev_dontaudit_getattr_generic_blk_files(NetworkManager_t)
++dev_getattr_all_chr_files(NetworkManager_t)
fs_getattr_all_fs(NetworkManager_t)
fs_search_auto_mountpoints(NetworkManager_t)
@@ -20978,7 +20990,7 @@
mls_file_read_all_levels(NetworkManager_t)
-@@ -83,9 +108,14 @@
+@@ -83,9 +109,14 @@
files_read_etc_runtime_files(NetworkManager_t)
files_read_usr_files(NetworkManager_t)
@@ -20993,26 +21005,27 @@
libs_use_ld_so(NetworkManager_t)
libs_use_shared_libs(NetworkManager_t)
-@@ -98,26 +128,41 @@
+@@ -98,26 +129,41 @@
seutil_read_config(NetworkManager_t)
-sysnet_domtrans_ifconfig(NetworkManager_t)
-+sysnet_etc_filetrans_config(NetworkManager_t)
-+sysnet_delete_dhcpc_pid(NetworkManager_t)
- sysnet_domtrans_dhcpc(NetworkManager_t)
+-sysnet_domtrans_dhcpc(NetworkManager_t)
-sysnet_signal_dhcpc(NetworkManager_t)
+-sysnet_read_dhcpc_pid(NetworkManager_t)
++sysnet_etc_filetrans_config(NetworkManager_t)
+ sysnet_delete_dhcpc_pid(NetworkManager_t)
+-sysnet_search_dhcp_state(NetworkManager_t)
+-# in /etc created by NetworkManager will be labelled net_conf_t.
++sysnet_domtrans_dhcpc(NetworkManager_t)
+sysnet_domtrans_ifconfig(NetworkManager_t)
+sysnet_kill_dhcpc(NetworkManager_t)
-+sysnet_manage_config(NetworkManager_t)
+ sysnet_manage_config(NetworkManager_t)
+-sysnet_etc_filetrans_config(NetworkManager_t)
+sysnet_read_dhcp_config(NetworkManager_t)
- sysnet_read_dhcpc_pid(NetworkManager_t)
--sysnet_delete_dhcpc_pid(NetworkManager_t)
++sysnet_read_dhcpc_pid(NetworkManager_t)
+sysnet_delete_dhcpc_state(NetworkManager_t)
- sysnet_search_dhcp_state(NetworkManager_t)
--# in /etc created by NetworkManager will be labelled net_conf_t.
--sysnet_manage_config(NetworkManager_t)
--sysnet_etc_filetrans_config(NetworkManager_t)
++sysnet_read_dhcp_state(NetworkManager_t)
+sysnet_signal_dhcpc(NetworkManager_t)
userdom_dontaudit_use_unpriv_user_fds(NetworkManager_t)
@@ -21042,7 +21055,7 @@
')
optional_policy(`
-@@ -129,8 +174,23 @@
+@@ -129,8 +175,23 @@
')
optional_policy(`
@@ -21068,7 +21081,7 @@
')
optional_policy(`
-@@ -138,39 +198,86 @@
+@@ -138,39 +199,86 @@
')
optional_policy(`
@@ -35209,8 +35222,8 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.3.1/policy/modules/system/iptables.te
--- nsaserefpolicy/policy/modules/system/iptables.te 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/iptables.te 2008-11-03 16:14:39.000000000 -0500
-@@ -48,6 +48,7 @@
++++ serefpolicy-3.3.1/policy/modules/system/iptables.te 2008-11-21 16:14:31.000000000 -0500
+@@ -48,10 +48,12 @@
fs_getattr_xattr_fs(iptables_t)
fs_search_auto_mountpoints(iptables_t)
@@ -35218,7 +35231,12 @@
mls_file_read_all_levels(iptables_t)
-@@ -70,8 +71,6 @@
+ term_dontaudit_use_console(iptables_t)
++term_use_generic_ptys(iptables_t)
+
+ domain_use_interactive_fds(iptables_t)
+
+@@ -70,8 +72,6 @@
libs_use_shared_libs(iptables_t)
logging_send_syslog_msg(iptables_t)
@@ -35227,7 +35245,7 @@
miscfiles_read_localization(iptables_t)
-@@ -113,3 +112,7 @@
+@@ -113,3 +113,7 @@
optional_policy(`
udev_read_db(iptables_t)
')
@@ -35279,7 +35297,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.3.1/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/libraries.fc 2008-11-13 18:43:05.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/system/libraries.fc 2008-11-24 09:03:21.000000000 -0500
@@ -69,8 +69,10 @@
ifdef(`distro_gentoo',`
# despite the extensions, they are actually libs
@@ -35372,7 +35390,7 @@
/var/ftp/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
/var/ftp/lib(64)?/ld[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0)
-@@ -304,3 +318,17 @@
+@@ -304,3 +318,18 @@
/var/spool/postfix/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
/var/spool/postfix/usr(/.*)? gen_context(system_u:object_r:lib_t,s0)
/var/spool/postfix/lib(64)?/ld.*\.so.* -- gen_context(system_u:object_r:ld_so_t,s0)
@@ -35389,7 +35407,8 @@
+
+/usr/lib(64)?/libav.*\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib/sse2/libav.*\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/usr/lib(64)?/sse2/libpostproc\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib(64)?/sse2/.*\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.3.1/policy/modules/system/libraries.te
--- nsaserefpolicy/policy/modules/system/libraries.te 2008-06-12 23:38:01.000000000 -0400
+++ serefpolicy-3.3.1/policy/modules/system/libraries.te 2008-11-03 16:14:39.000000000 -0500
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/selinux-policy.spec,v
retrieving revision 1.727
retrieving revision 1.728
diff -u -r1.727 -r1.728
--- selinux-policy.spec 19 Nov 2008 19:18:36 -0000 1.727
+++ selinux-policy.spec 24 Nov 2008 14:03:52 -0000 1.728
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.3.1
-Release: 111%{?dist}
+Release: 112%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -382,6 +382,9 @@
%endif
%changelog
+* Thu Nov 20 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-112
+- Allow automount to read nfs
+
* Wed Nov 19 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-111
- Fix cyphesis policy
More information about the fedora-extras-commits
mailing list