rpms/selinux-policy/F-10 policy-20080710.patch, 1.102, 1.103 selinux-policy.spec, 1.752, 1.753
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Nov 25 16:20:07 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13246
Modified Files:
policy-20080710.patch selinux-policy.spec
Log Message:
* Tue Nov 25 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-25
- Allow postfix_smtpd to getattr on directories and file systems
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.102
retrieving revision 1.103
diff -u -r1.102 -r1.103
--- policy-20080710.patch 24 Nov 2008 21:07:37 -0000 1.102
+++ policy-20080710.patch 25 Nov 2008 16:20:06 -0000 1.103
@@ -8358,16 +8358,17 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.5.13/policy/modules/kernel/filesystem.te
--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2008-10-17 08:49:14.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/kernel/filesystem.te 2008-11-24 10:49:49.000000000 -0500
-@@ -21,7 +21,6 @@
++++ serefpolicy-3.5.13/policy/modules/kernel/filesystem.te 2008-11-25 09:48:18.000000000 -0500
+@@ -21,7 +21,7 @@
# Use xattrs for the following filesystem types.
# Requires that a security xattr handler exist for the filesystem.
-fs_use_xattr ecryptfs gen_context(system_u:object_r:fs_t,s0);
++fs_use_xattr btrfs gen_context(system_u:object_r:fs_t,s0);
fs_use_xattr encfs gen_context(system_u:object_r:fs_t,s0);
fs_use_xattr ext2 gen_context(system_u:object_r:fs_t,s0);
fs_use_xattr ext3 gen_context(system_u:object_r:fs_t,s0);
-@@ -76,6 +75,11 @@
+@@ -76,6 +76,11 @@
allow cpusetfs_t self:filesystem associate;
genfscon cpuset / gen_context(system_u:object_r:cpusetfs_t,s0)
@@ -8379,7 +8380,7 @@
type eventpollfs_t;
fs_type(eventpollfs_t)
# change to task SID 20060628
-@@ -141,6 +145,8 @@
+@@ -141,6 +146,8 @@
fs_noxattr_type(vmblock_t)
files_mountpoint(vmblock_t)
genfscon vmblock / gen_context(system_u:object_r:vmblock_t,s0)
@@ -8388,7 +8389,7 @@
type vxfs_t;
fs_noxattr_type(vxfs_t)
-@@ -241,6 +247,7 @@
+@@ -241,6 +248,7 @@
genfscon lustre / gen_context(system_u:object_r:nfs_t,s0)
genfscon reiserfs / gen_context(system_u:object_r:nfs_t,s0)
genfscon panfs / gen_context(system_u:object_r:nfs_t,s0)
@@ -16980,7 +16981,13 @@
+files_type(mailscanner_spool_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.5.13/policy/modules/services/mta.fc
--- nsaserefpolicy/policy/modules/services/mta.fc 2008-10-17 08:49:11.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/mta.fc 2008-11-24 10:49:49.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/services/mta.fc 2008-11-25 08:45:03.000000000 -0500
+@@ -1,4 +1,4 @@
+-/bin/mail -- gen_context(system_u:object_r:sendmail_exec_t,s0)
++/bin/mail(x)? -- gen_context(system_u:object_r:sendmail_exec_t,s0)
+
+ /etc/aliases -- gen_context(system_u:object_r:etc_aliases_t,s0)
+ /etc/aliases\.db -- gen_context(system_u:object_r:etc_aliases_t,s0)
@@ -22,7 +22,3 @@
/var/spool/imap(/.*)? gen_context(system_u:object_r:mail_spool_t,s0)
/var/spool/(client)?mqueue(/.*)? gen_context(system_u:object_r:mqueue_spool_t,s0)
@@ -16991,7 +16998,7 @@
-#')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.5.13/policy/modules/services/mta.if
--- nsaserefpolicy/policy/modules/services/mta.if 2008-10-17 08:49:11.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/mta.if 2008-11-24 10:49:49.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/services/mta.if 2008-11-25 10:14:27.000000000 -0500
@@ -133,6 +133,15 @@
sendmail_create_log($1_mail_t)
')
@@ -17042,6 +17049,15 @@
')
')
+@@ -786,7 +803,7 @@
+ files_search_spool($1)
+ allow $1 mail_spool_t:dir list_dir_perms;
+ allow $1 mail_spool_t:file setattr;
+- rw_files_pattern($1, mail_spool_t, mail_spool_t)
++ manage_files_pattern($1, mail_spool_t, mail_spool_t)
+ read_lnk_files_pattern($1, mail_spool_t, mail_spool_t)
+ ')
+
@@ -893,6 +910,25 @@
########################################
@@ -20786,7 +20802,7 @@
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.5.13/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2008-10-17 08:49:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/postfix.te 2008-11-24 10:49:49.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/services/postfix.te 2008-11-25 08:33:46.000000000 -0500
@@ -6,6 +6,14 @@
# Declarations
#
@@ -21042,7 +21058,15 @@
########################################
#
# Postfix qmgr local policy
-@@ -543,6 +622,10 @@
+@@ -540,9 +619,18 @@
+
+ # for OpenSSL certificates
+ files_read_usr_files(postfix_smtpd_t)
++
++# postfix checks the size of all mounted file systems
++fs_getattr_all_dirs(postfix_smtpd_t)
++fs_getattr_all_fs(postfix_smtpd_t)
++
mta_read_aliases(postfix_smtpd_t)
optional_policy(`
@@ -21053,7 +21077,7 @@
mailman_read_data_files(postfix_smtpd_t)
')
-@@ -569,7 +652,7 @@
+@@ -569,7 +657,7 @@
files_tmp_filetrans(postfix_virtual_t, postfix_virtual_tmp_t, { file dir })
# connect to master process
@@ -24031,7 +24055,7 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.5.13/policy/modules/services/sendmail.te
--- nsaserefpolicy/policy/modules/services/sendmail.te 2008-10-17 08:49:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/sendmail.te 2008-11-24 10:49:49.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/services/sendmail.te 2008-11-25 10:39:57.000000000 -0500
@@ -20,13 +20,17 @@
mta_mailserver_delivery(sendmail_t)
mta_mailserver_sender(sendmail_t)
@@ -24121,22 +24145,22 @@
optional_policy(`
clamav_search_lib(sendmail_t)
+ clamav_stream_connect(sendmail_t)
- ')
-
- optional_policy(`
-- postfix_exec_master(sendmail_t)
-+ cyrus_stream_connect(sendmail_t)
+')
+
+optional_policy(`
-+ kerberos_keytab_template(sendmail, sendmail_t)
++ cyrus_stream_connect(sendmail_t)
+')
+
+optional_policy(`
-+ munin_dontaudit_search_lib(sendmail_t)
++ kerberos_keytab_template(sendmail, sendmail_t)
+')
+
+optional_policy(`
++ munin_dontaudit_search_lib(sendmail_t)
+ ')
+
+ optional_policy(`
+- postfix_exec_master(sendmail_t)
+ postfix_domtrans_postdrop(sendmail_t)
+ postfix_domtrans_master(sendmail_t)
postfix_read_config(sendmail_t)
@@ -24149,7 +24173,7 @@
')
optional_policy(`
-@@ -126,24 +157,25 @@
+@@ -126,24 +157,29 @@
')
optional_policy(`
@@ -24161,6 +24185,10 @@
+')
+
+optional_policy(`
++ uucp_domtrans_uux(sendmail_t)
++')
++
++optional_policy(`
udev_read_db(sendmail_t)
')
@@ -27826,7 +27854,7 @@
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.5.13/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2008-10-17 08:49:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/xserver.te 2008-11-24 10:49:49.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/services/xserver.te 2008-11-25 11:13:22.000000000 -0500
@@ -8,6 +8,14 @@
## <desc>
@@ -28325,7 +28353,7 @@
ifdef(`TODO',`
# Need to further investigate these permissions and
# perhaps define derived types.
-@@ -544,3 +746,70 @@
+@@ -544,3 +746,73 @@
#
allow pam_t xdm_t:fifo_file { getattr ioctl write };
') dnl end TODO
@@ -28347,6 +28375,9 @@
+allow xauth_t xauth_home_t:file manage_file_perms;
+userdom_user_home_dir_filetrans($1, xauth_t, xauth_home_t, file)
+
++manage_dirs_pattern(xauth_t, xdm_var_run_t, xdm_var_run_t)
++manage_files_pattern(xauth_t, xdm_var_run_t, xdm_var_run_t)
++
+manage_dirs_pattern(xauth_t, xauth_tmp_t, xauth_tmp_t)
+manage_files_pattern(xauth_t, xauth_tmp_t, xauth_tmp_t)
+files_tmp_filetrans(xauth_t, xauth_tmp_t, { file dir })
@@ -29522,8 +29553,17 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.fc serefpolicy-3.5.13/policy/modules/system/ipsec.fc
--- nsaserefpolicy/policy/modules/system/ipsec.fc 2008-10-17 08:49:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/ipsec.fc 2008-11-24 10:49:49.000000000 -0500
-@@ -26,6 +26,7 @@
++++ serefpolicy-3.5.13/policy/modules/system/ipsec.fc 2008-11-25 09:56:24.000000000 -0500
+@@ -16,6 +16,8 @@
+ /usr/lib(64)?/ipsec/pluto -- gen_context(system_u:object_r:ipsec_exec_t,s0)
+ /usr/lib(64)?/ipsec/spi -- gen_context(system_u:object_r:ipsec_exec_t,s0)
+
++/usr/libexec/ipsec/_plutoload -- gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0)
++/usr/libexec/ipsec/_plutorun -- gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0)
+ /usr/libexec/ipsec/eroute -- gen_context(system_u:object_r:ipsec_exec_t,s0)
+ /usr/libexec/ipsec/klipsdebug -- gen_context(system_u:object_r:ipsec_exec_t,s0)
+ /usr/libexec/ipsec/pluto -- gen_context(system_u:object_r:ipsec_exec_t,s0)
+@@ -26,6 +28,7 @@
/usr/local/lib(64)?/ipsec/pluto -- gen_context(system_u:object_r:ipsec_exec_t,s0)
/usr/local/lib(64)?/ipsec/spi -- gen_context(system_u:object_r:ipsec_exec_t,s0)
@@ -32717,7 +32757,7 @@
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.5.13/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-10-17 08:49:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/userdomain.if 2008-11-24 10:49:49.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/system/userdomain.if 2008-11-25 10:39:06.000000000 -0500
@@ -28,10 +28,14 @@
class context contains;
')
@@ -33338,7 +33378,7 @@
##############################
#
# User domain Local policy
-@@ -699,188 +668,199 @@
+@@ -699,188 +668,200 @@
dontaudit $1_t self:netlink_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
@@ -33562,6 +33602,7 @@
- # to allow monitoring of pcmcia status
- pcmcia_read_pid($1_t)
+ mta_rw_spool($1_usertype)
++ mta_manage_queue($1_usertype)
')
optional_policy(`
@@ -33618,7 +33659,7 @@
')
#######################################
-@@ -902,9 +882,7 @@
+@@ -902,9 +883,7 @@
## </param>
#
template(`userdom_login_user_template', `
@@ -33629,7 +33670,7 @@
userdom_base_user_template($1)
-@@ -930,74 +908,77 @@
+@@ -930,74 +909,77 @@
allow $1_t self:process ~{ setcurrent setexec setrlimit execmem execstack execheap };
dontaudit $1_t self:process setrlimit;
@@ -33740,7 +33781,7 @@
')
')
-@@ -1031,9 +1012,6 @@
+@@ -1031,9 +1013,6 @@
domain_interactive_fd($1_t)
typeattribute $1_devpts_t user_ptynode;
@@ -33750,7 +33791,7 @@
typeattribute $1_tty_device_t user_ttynode;
##############################
-@@ -1042,12 +1020,32 @@
+@@ -1042,12 +1021,32 @@
#
# privileged home directory writers
@@ -33789,7 +33830,7 @@
optional_policy(`
loadkeys_run($1_t,$1_r,$1_tty_device_t)
-@@ -1079,7 +1077,9 @@
+@@ -1079,7 +1078,9 @@
userdom_restricted_user_template($1)
@@ -33799,7 +33840,7 @@
##############################
#
-@@ -1087,14 +1087,16 @@
+@@ -1087,14 +1088,16 @@
#
authlogin_per_role_template($1, $1_t, $1_r)
@@ -33821,7 +33862,7 @@
logging_dontaudit_send_audit_msgs($1_t)
# Need to to this just so screensaver will work. Should be moved to screensaver domain
-@@ -1102,28 +1104,19 @@
+@@ -1102,28 +1105,19 @@
selinux_get_enforce_mode($1_t)
optional_policy(`
@@ -33854,7 +33895,7 @@
')
')
-@@ -1134,8 +1127,7 @@
+@@ -1134,8 +1128,7 @@
## </summary>
## <desc>
## <p>
@@ -33864,7 +33905,7 @@
## </p>
## <p>
## This template creates a user domain, types, and
-@@ -1157,8 +1149,8 @@
+@@ -1157,8 +1150,8 @@
# Declarations
#
@@ -33874,7 +33915,7 @@
userdom_common_user_template($1)
##############################
-@@ -1167,11 +1159,10 @@
+@@ -1167,11 +1160,10 @@
#
# port access is audited even if dac would not have allowed it, so dontaudit it here
@@ -33887,7 +33928,7 @@
# cjp: why?
files_read_kernel_symbol_table($1_t)
-@@ -1189,36 +1180,41 @@
+@@ -1189,36 +1181,41 @@
')
')
@@ -33942,7 +33983,7 @@
')
')
-@@ -1263,8 +1259,7 @@
+@@ -1263,8 +1260,7 @@
#
# Inherit rules for ordinary users.
@@ -33952,7 +33993,7 @@
typeattribute $1_t privhome;
domain_obj_id_change_exemption($1_t)
-@@ -1295,8 +1290,6 @@
+@@ -1295,8 +1291,6 @@
# Manipulate other users crontab.
allow $1_t self:passwd crontab;
@@ -33961,7 +34002,7 @@
kernel_read_software_raid_state($1_t)
kernel_getattr_core_if($1_t)
kernel_getattr_message_if($1_t)
-@@ -1318,8 +1311,6 @@
+@@ -1318,8 +1312,6 @@
dev_getattr_generic_blk_files($1_t)
dev_getattr_generic_chr_files($1_t)
@@ -33970,7 +34011,7 @@
# Allow MAKEDEV to work
dev_create_all_blk_files($1_t)
dev_create_all_chr_files($1_t)
-@@ -1374,13 +1365,6 @@
+@@ -1374,13 +1366,6 @@
# But presently necessary for installing the file_contexts file.
seutil_manage_bin_policy($1_t)
@@ -33984,7 +34025,7 @@
optional_policy(`
postgresql_unconfined($1_t)
')
-@@ -1432,6 +1416,7 @@
+@@ -1432,6 +1417,7 @@
dev_relabel_all_dev_nodes($1)
files_create_boot_flag($1)
@@ -33992,7 +34033,7 @@
# Necessary for managing /boot/efi
fs_manage_dos_files($1)
-@@ -1461,10 +1446,6 @@
+@@ -1461,10 +1447,6 @@
seutil_run_semanage($1,$2,$3)
seutil_run_setfiles($1, $2, $3)
@@ -34003,7 +34044,7 @@
optional_policy(`
aide_run($1,$2, $3)
')
-@@ -1484,6 +1465,14 @@
+@@ -1484,6 +1466,14 @@
optional_policy(`
netlabel_run_mgmt($1,$2, $3)
')
@@ -34018,7 +34059,7 @@
')
########################################
-@@ -1741,11 +1730,15 @@
+@@ -1741,11 +1731,15 @@
#
template(`userdom_user_home_content',`
gen_require(`
@@ -34037,7 +34078,7 @@
')
########################################
-@@ -1841,11 +1834,11 @@
+@@ -1841,11 +1835,11 @@
#
template(`userdom_search_user_home_dirs',`
gen_require(`
@@ -34051,7 +34092,7 @@
')
########################################
-@@ -1875,11 +1868,11 @@
+@@ -1875,11 +1869,11 @@
#
template(`userdom_list_user_home_dirs',`
gen_require(`
@@ -34065,7 +34106,7 @@
')
########################################
-@@ -1923,12 +1916,12 @@
+@@ -1923,12 +1917,12 @@
#
template(`userdom_user_home_domtrans',`
gen_require(`
@@ -34081,7 +34122,7 @@
')
########################################
-@@ -1958,10 +1951,11 @@
+@@ -1958,10 +1952,11 @@
#
template(`userdom_dontaudit_list_user_home_dirs',`
gen_require(`
@@ -34095,7 +34136,7 @@
')
########################################
-@@ -1993,11 +1987,47 @@
+@@ -1993,11 +1988,47 @@
#
template(`userdom_manage_user_home_content_dirs',`
gen_require(`
@@ -34145,7 +34186,7 @@
')
########################################
-@@ -2029,10 +2059,10 @@
+@@ -2029,10 +2060,10 @@
#
template(`userdom_dontaudit_setattr_user_home_content_files',`
gen_require(`
@@ -34158,7 +34199,7 @@
')
########################################
-@@ -2062,11 +2092,11 @@
+@@ -2062,11 +2093,11 @@
#
template(`userdom_read_user_home_content_files',`
gen_require(`
@@ -34172,7 +34213,7 @@
')
########################################
-@@ -2096,11 +2126,11 @@
+@@ -2096,11 +2127,11 @@
#
template(`userdom_dontaudit_read_user_home_content_files',`
gen_require(`
@@ -34187,7 +34228,7 @@
')
########################################
-@@ -2130,10 +2160,14 @@
+@@ -2130,10 +2161,14 @@
#
template(`userdom_dontaudit_write_user_home_content_files',`
gen_require(`
@@ -34204,7 +34245,7 @@
')
########################################
-@@ -2163,11 +2197,11 @@
+@@ -2163,11 +2198,11 @@
#
template(`userdom_read_user_home_content_symlinks',`
gen_require(`
@@ -34218,7 +34259,7 @@
')
########################################
-@@ -2197,11 +2231,11 @@
+@@ -2197,11 +2232,11 @@
#
template(`userdom_exec_user_home_content_files',`
gen_require(`
@@ -34232,7 +34273,7 @@
')
########################################
-@@ -2231,10 +2265,10 @@
+@@ -2231,10 +2266,10 @@
#
template(`userdom_dontaudit_exec_user_home_content_files',`
gen_require(`
@@ -34245,7 +34286,7 @@
')
########################################
-@@ -2266,12 +2300,12 @@
+@@ -2266,12 +2301,12 @@
#
template(`userdom_manage_user_home_content_files',`
gen_require(`
@@ -34261,7 +34302,7 @@
')
########################################
-@@ -2303,10 +2337,10 @@
+@@ -2303,10 +2338,10 @@
#
template(`userdom_dontaudit_manage_user_home_content_dirs',`
gen_require(`
@@ -34274,7 +34315,7 @@
')
########################################
-@@ -2338,12 +2372,12 @@
+@@ -2338,12 +2373,12 @@
#
template(`userdom_manage_user_home_content_symlinks',`
gen_require(`
@@ -34290,7 +34331,7 @@
')
########################################
-@@ -2375,12 +2409,12 @@
+@@ -2375,12 +2410,12 @@
#
template(`userdom_manage_user_home_content_pipes',`
gen_require(`
@@ -34306,7 +34347,7 @@
')
########################################
-@@ -2412,12 +2446,12 @@
+@@ -2412,12 +2447,12 @@
#
template(`userdom_manage_user_home_content_sockets',`
gen_require(`
@@ -34322,7 +34363,7 @@
')
########################################
-@@ -2462,11 +2496,11 @@
+@@ -2462,11 +2497,11 @@
#
template(`userdom_user_home_dir_filetrans',`
gen_require(`
@@ -34336,7 +34377,7 @@
')
########################################
-@@ -2511,11 +2545,11 @@
+@@ -2511,11 +2546,11 @@
#
template(`userdom_user_home_content_filetrans',`
gen_require(`
@@ -34350,7 +34391,7 @@
')
########################################
-@@ -2555,11 +2589,11 @@
+@@ -2555,11 +2590,11 @@
#
template(`userdom_user_home_dir_filetrans_user_home_content',`
gen_require(`
@@ -34364,7 +34405,7 @@
')
########################################
-@@ -2589,11 +2623,11 @@
+@@ -2589,11 +2624,11 @@
#
template(`userdom_write_user_tmp_sockets',`
gen_require(`
@@ -34378,7 +34419,7 @@
')
########################################
-@@ -2623,11 +2657,11 @@
+@@ -2623,11 +2658,11 @@
#
template(`userdom_list_user_tmp',`
gen_require(`
@@ -34392,7 +34433,7 @@
')
########################################
-@@ -2659,10 +2693,10 @@
+@@ -2659,10 +2694,10 @@
#
template(`userdom_dontaudit_list_user_tmp',`
gen_require(`
@@ -34405,7 +34446,7 @@
')
########################################
-@@ -2694,10 +2728,10 @@
+@@ -2694,10 +2729,10 @@
#
template(`userdom_dontaudit_manage_user_tmp_dirs',`
gen_require(`
@@ -34418,7 +34459,7 @@
')
########################################
-@@ -2727,12 +2761,12 @@
+@@ -2727,12 +2762,12 @@
#
template(`userdom_read_user_tmp_files',`
gen_require(`
@@ -34434,7 +34475,7 @@
')
########################################
-@@ -2764,10 +2798,10 @@
+@@ -2764,10 +2799,10 @@
#
template(`userdom_dontaudit_read_user_tmp_files',`
gen_require(`
@@ -34447,7 +34488,7 @@
')
########################################
-@@ -2799,10 +2833,10 @@
+@@ -2799,10 +2834,10 @@
#
template(`userdom_dontaudit_append_user_tmp_files',`
gen_require(`
@@ -34460,7 +34501,7 @@
')
########################################
-@@ -2832,12 +2866,12 @@
+@@ -2832,12 +2867,12 @@
#
template(`userdom_rw_user_tmp_files',`
gen_require(`
@@ -34476,7 +34517,7 @@
')
########################################
-@@ -2869,10 +2903,10 @@
+@@ -2869,10 +2904,10 @@
#
template(`userdom_dontaudit_manage_user_tmp_files',`
gen_require(`
@@ -34489,7 +34530,7 @@
')
########################################
-@@ -2904,12 +2938,12 @@
+@@ -2904,12 +2939,12 @@
#
template(`userdom_read_user_tmp_symlinks',`
gen_require(`
@@ -34505,7 +34546,7 @@
')
########################################
-@@ -2941,11 +2975,11 @@
+@@ -2941,11 +2976,11 @@
#
template(`userdom_manage_user_tmp_dirs',`
gen_require(`
@@ -34519,7 +34560,7 @@
')
########################################
-@@ -2977,11 +3011,11 @@
+@@ -2977,11 +3012,11 @@
#
template(`userdom_manage_user_tmp_files',`
gen_require(`
@@ -34533,7 +34574,7 @@
')
########################################
-@@ -3013,11 +3047,11 @@
+@@ -3013,11 +3048,11 @@
#
template(`userdom_manage_user_tmp_symlinks',`
gen_require(`
@@ -34547,7 +34588,7 @@
')
########################################
-@@ -3049,11 +3083,11 @@
+@@ -3049,11 +3084,11 @@
#
template(`userdom_manage_user_tmp_pipes',`
gen_require(`
@@ -34561,7 +34602,7 @@
')
########################################
-@@ -3085,11 +3119,11 @@
+@@ -3085,11 +3120,11 @@
#
template(`userdom_manage_user_tmp_sockets',`
gen_require(`
@@ -34575,7 +34616,7 @@
')
########################################
-@@ -3134,10 +3168,10 @@
+@@ -3134,10 +3169,10 @@
#
template(`userdom_user_tmp_filetrans',`
gen_require(`
@@ -34588,7 +34629,7 @@
files_search_tmp($2)
')
-@@ -3178,19 +3212,19 @@
+@@ -3178,19 +3213,19 @@
#
template(`userdom_tmp_filetrans_user_tmp',`
gen_require(`
@@ -34612,7 +34653,7 @@
## </p>
## <p>
## This is a templated interface, and should only
-@@ -3211,13 +3245,13 @@
+@@ -3211,13 +3246,13 @@
#
template(`userdom_rw_user_tmpfs_files',`
gen_require(`
@@ -34630,7 +34671,7 @@
')
########################################
-@@ -4616,11 +4650,11 @@
+@@ -4616,11 +4651,11 @@
#
interface(`userdom_search_all_users_home_dirs',`
gen_require(`
@@ -34644,7 +34685,7 @@
')
########################################
-@@ -4640,6 +4674,14 @@
+@@ -4640,6 +4675,14 @@
files_list_home($1)
allow $1 home_dir_type:dir list_dir_perms;
@@ -34659,7 +34700,7 @@
')
########################################
-@@ -4677,6 +4719,8 @@
+@@ -4677,6 +4720,8 @@
')
dontaudit $1 { home_dir_type home_type }:dir search_dir_perms;
@@ -34668,7 +34709,7 @@
')
########################################
-@@ -4721,6 +4765,25 @@
+@@ -4721,6 +4766,25 @@
########################################
## <summary>
@@ -34694,7 +34735,7 @@
## Create, read, write, and delete all files
## in all users home directories.
## </summary>
-@@ -4946,7 +5009,7 @@
+@@ -4946,7 +5010,7 @@
########################################
## <summary>
@@ -34703,7 +34744,7 @@
## </summary>
## <param name="domain">
## <summary>
-@@ -5318,7 +5381,7 @@
+@@ -5318,7 +5382,7 @@
########################################
## <summary>
@@ -34712,7 +34753,7 @@
## </summary>
## <param name="domain">
## <summary>
-@@ -5326,18 +5389,17 @@
+@@ -5326,18 +5390,17 @@
## </summary>
## </param>
#
@@ -34735,7 +34776,7 @@
## </summary>
## <param name="domain">
## <summary>
-@@ -5345,17 +5407,17 @@
+@@ -5345,17 +5408,17 @@
## </summary>
## </param>
#
@@ -34757,7 +34798,7 @@
## </summary>
## <param name="domain">
## <summary>
-@@ -5363,18 +5425,18 @@
+@@ -5363,18 +5426,18 @@
## </summary>
## </param>
#
@@ -34781,7 +34822,7 @@
## </summary>
## <param name="domain">
## <summary>
-@@ -5382,9 +5444,46 @@
+@@ -5382,9 +5445,46 @@
## </summary>
## </param>
#
@@ -34830,7 +34871,7 @@
')
allow $1 userdomain:process getattr;
-@@ -5447,6 +5546,24 @@
+@@ -5447,6 +5547,24 @@
########################################
## <summary>
@@ -34855,7 +34896,7 @@
## Send a SIGCHLD signal to all user domains.
## </summary>
## <param name="domain">
-@@ -5483,6 +5600,42 @@
+@@ -5483,6 +5601,42 @@
########################################
## <summary>
@@ -34898,7 +34939,7 @@
## Send a dbus message to all user domains.
## </summary>
## <param name="domain">
-@@ -5513,3 +5666,546 @@
+@@ -5513,3 +5667,546 @@
interface(`userdom_unconfined',`
refpolicywarn(`$0($*) has been deprecated.')
')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/selinux-policy.spec,v
retrieving revision 1.752
retrieving revision 1.753
diff -u -r1.752 -r1.753
--- selinux-policy.spec 24 Nov 2008 21:07:37 -0000 1.752
+++ selinux-policy.spec 25 Nov 2008 16:20:06 -0000 1.753
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.5.13
-Release: 24%{?dist}
+Release: 25%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -457,6 +457,9 @@
%endif
%changelog
+* Tue Nov 25 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-25
+- Allow postfix_smtpd to getattr on directories and file systems
+
* Mon Nov 24 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-24
- Fix certwatch creating cache
More information about the fedora-extras-commits
mailing list