rpms/selinux-policy/F-8 policy-20070703.patch, 1.222, 1.223 selinux-policy.spec, 1.642, 1.643
Daniel J Walsh
dwalsh at fedoraproject.org
Mon Sep 8 20:59:25 UTC 2008
- Previous message (by thread): rpms/themes-backgrounds-gnome/devel themes-backgrounds-gnome.xml-0.4, NONE, 1.1 .cvsignore, 1.3, 1.4 sources, 1.3, 1.4 themes-backgrounds-gnome.spec, 1.14, 1.15 themes-backgrounds-gnome.xml, 1.1, 1.2
- Next message (by thread): rpms/selinux-policy/devel .cvsignore, 1.146, 1.147 sources, 1.161, 1.162
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29783
Modified Files:
policy-20070703.patch selinux-policy.spec
Log Message:
* Tue Aug 26 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-115
- Remove definition for /var/run/mod_fcgid(/.*)?
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.222
retrieving revision 1.223
diff -u -r1.222 -r1.223
--- policy-20070703.patch 12 Aug 2008 20:14:56 -0000 1.222
+++ policy-20070703.patch 8 Sep 2008 20:59:24 -0000 1.223
@@ -6893,7 +6893,7 @@
dev_read_rand(amavis_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.0.8/policy/modules/services/apache.fc
--- nsaserefpolicy/policy/modules/services/apache.fc 2008-06-12 23:37:57.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/apache.fc 2008-06-12 23:37:58.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/apache.fc 2008-08-26 20:36:50.000000000 -0400
@@ -3,12 +3,13 @@
/etc/apache(2)?(/.*)? gen_context(system_u:object_r:httpd_config_t,s0)
/etc/apache-ssl(2)?(/.*)? gen_context(system_u:object_r:httpd_config_t,s0)
@@ -6955,12 +6955,11 @@
ifdef(`distro_debian', `
/var/log/horde2(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
')
-@@ -65,11 +71,24 @@
+@@ -65,11 +71,23 @@
/var/run/apache.* gen_context(system_u:object_r:httpd_var_run_t,s0)
/var/run/gcache_port -s gen_context(system_u:object_r:httpd_var_run_t,s0)
/var/run/httpd.* gen_context(system_u:object_r:httpd_var_run_t,s0)
+/var/run/lighttpd(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0)
-+/var/run/mod_fcgid(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0)
/var/spool/gosa(/.*)? gen_context(system_u:object_r:httpd_sys_script_rw_t,s0)
/var/spool/squirrelmail(/.*)? gen_context(system_u:object_r:squirrelmail_spool_t,s0)
@@ -9205,7 +9204,7 @@
-') dnl end TODO
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.0.8/policy/modules/services/cups.fc
--- nsaserefpolicy/policy/modules/services/cups.fc 2008-06-12 23:37:57.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/cups.fc 2008-07-30 11:33:25.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/cups.fc 2008-09-08 11:56:44.000000000 -0400
@@ -8,24 +8,28 @@
/etc/cups/ppd/.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
/etc/cups/ppds\.dat -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -9249,7 +9248,13 @@
/var/cache/alchemist/printconf.* gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
/var/cache/foomatic(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-@@ -51,4 +55,8 @@
+@@ -46,9 +50,14 @@
+ /var/log/turboprint_cups\.log.* -- gen_context(system_u:object_r:cupsd_log_t,s0)
+
+ /var/run/cups(/.*)? gen_context(system_u:object_r:cupsd_var_run_t,s0)
++/var/ccpd(/.*)? gen_context(system_u:object_r:cupsd_var_run_t,s0)
+ /var/run/hp.*\.pid -- gen_context(system_u:object_r:hplip_var_run_t,s0)
+ /var/run/hp.*\.port -- gen_context(system_u:object_r:hplip_var_run_t,s0)
/var/run/ptal-printd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
/var/run/ptal-mlcd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
@@ -9269,7 +9274,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.0.8/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2008-06-12 23:37:57.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/cups.te 2008-06-12 23:37:58.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/cups.te 2008-09-08 11:56:57.000000000 -0400
@@ -48,9 +48,8 @@
type hplip_t;
type hplip_exec_t;
@@ -9309,8 +9314,11 @@
allow cupsd_t cupsd_exec_t:lnk_file read;
manage_files_pattern(cupsd_t,cupsd_log_t,cupsd_log_t)
-@@ -122,13 +121,14 @@
+@@ -120,15 +119,17 @@
+ allow cupsd_t cupsd_var_run_t:dir setattr;
+ manage_files_pattern(cupsd_t,cupsd_var_run_t,cupsd_var_run_t)
manage_sock_files_pattern(cupsd_t,cupsd_var_run_t,cupsd_var_run_t)
++manage_fifo_files_pattern(cupsd_t,cupsd_var_run_t,cupsd_var_run_t)
files_pid_filetrans(cupsd_t,cupsd_var_run_t,file)
-read_files_pattern(cupsd_t,hplip_etc_t,hplip_etc_t)
@@ -9326,7 +9334,7 @@
kernel_read_system_state(cupsd_t)
kernel_read_network_state(cupsd_t)
kernel_read_all_sysctls(cupsd_t)
-@@ -150,21 +150,27 @@
+@@ -150,21 +151,27 @@
corenet_tcp_bind_reserved_port(cupsd_t)
corenet_dontaudit_tcp_bind_all_reserved_ports(cupsd_t)
corenet_tcp_connect_all_ports(cupsd_t)
@@ -9355,7 +9363,7 @@
mls_file_downgrade(cupsd_t)
mls_file_write_all_levels(cupsd_t)
mls_file_read_all_levels(cupsd_t)
-@@ -174,6 +180,7 @@
+@@ -174,6 +181,7 @@
term_search_ptys(cupsd_t)
auth_domtrans_chk_passwd(cupsd_t)
@@ -9363,7 +9371,7 @@
auth_dontaudit_read_pam_pid(cupsd_t)
# Filter scripts may be shell scripts, and may invoke progs like /bin/mktemp
-@@ -187,7 +194,7 @@
+@@ -187,7 +195,7 @@
# read python modules
files_read_usr_files(cupsd_t)
# for /var/lib/defoma
@@ -9372,7 +9380,7 @@
files_list_world_readable(cupsd_t)
files_read_world_readable_files(cupsd_t)
files_read_world_readable_symlinks(cupsd_t)
-@@ -196,12 +203,9 @@
+@@ -196,12 +204,9 @@
files_read_var_symlinks(cupsd_t)
# for /etc/printcap
files_dontaudit_write_etc_files(cupsd_t)
@@ -9386,7 +9394,7 @@
init_exec_script_files(cupsd_t)
-@@ -220,18 +224,41 @@
+@@ -220,18 +225,41 @@
seutil_read_config(cupsd_t)
sysnet_read_config(cupsd_t)
@@ -9428,7 +9436,7 @@
apm_domtrans_client(cupsd_t)
')
-@@ -263,16 +290,16 @@
+@@ -263,16 +291,16 @@
')
optional_policy(`
@@ -9449,7 +9457,7 @@
seutil_sigchld_newrole(cupsd_t)
')
-@@ -331,6 +358,7 @@
+@@ -331,6 +359,7 @@
dev_read_sysfs(cupsd_config_t)
dev_read_urand(cupsd_config_t)
dev_read_rand(cupsd_config_t)
@@ -9457,7 +9465,7 @@
fs_getattr_all_fs(cupsd_config_t)
fs_search_auto_mountpoints(cupsd_config_t)
-@@ -356,6 +384,7 @@
+@@ -356,6 +385,7 @@
logging_send_syslog_msg(cupsd_config_t)
miscfiles_read_localization(cupsd_config_t)
@@ -9465,7 +9473,7 @@
seutil_dontaudit_search_config(cupsd_config_t)
-@@ -377,6 +406,14 @@
+@@ -377,6 +407,14 @@
')
optional_policy(`
@@ -9480,7 +9488,7 @@
cron_system_entry(cupsd_config_t, cupsd_config_exec_t)
')
-@@ -393,6 +430,7 @@
+@@ -393,6 +431,7 @@
optional_policy(`
hal_domtrans(cupsd_config_t)
hal_read_tmp_files(cupsd_config_t)
@@ -9488,7 +9496,7 @@
')
optional_policy(`
-@@ -482,6 +520,8 @@
+@@ -482,6 +521,8 @@
files_read_etc_files(cupsd_lpd_t)
@@ -9497,7 +9505,7 @@
libs_use_ld_so(cupsd_lpd_t)
libs_use_shared_libs(cupsd_lpd_t)
-@@ -489,22 +529,12 @@
+@@ -489,22 +530,12 @@
miscfiles_read_localization(cupsd_lpd_t)
@@ -9520,7 +9528,7 @@
########################################
#
# HPLIP local policy
-@@ -522,14 +552,12 @@
+@@ -522,14 +553,12 @@
allow hplip_t self:udp_socket create_socket_perms;
allow hplip_t self:rawip_socket create_socket_perms;
@@ -9539,7 +9547,7 @@
manage_files_pattern(hplip_t,hplip_var_run_t,hplip_var_run_t)
files_pid_filetrans(hplip_t,hplip_var_run_t,file)
-@@ -560,7 +588,7 @@
+@@ -560,7 +589,7 @@
dev_read_urand(hplip_t)
dev_read_rand(hplip_t)
dev_rw_generic_usb_dev(hplip_t)
@@ -9548,7 +9556,7 @@
fs_getattr_all_fs(hplip_t)
fs_search_auto_mountpoints(hplip_t)
-@@ -587,7 +615,7 @@
+@@ -587,7 +616,7 @@
userdom_dontaudit_search_sysadm_home_dirs(hplip_t)
userdom_dontaudit_search_all_users_home_content(hplip_t)
@@ -9557,7 +9565,7 @@
optional_policy(`
seutil_sigchld_newrole(hplip_t)
-@@ -668,3 +696,15 @@
+@@ -668,3 +697,15 @@
optional_policy(`
udev_read_db(ptal_t)
')
@@ -11826,7 +11834,7 @@
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.0.8/policy/modules/services/mailman.te
--- nsaserefpolicy/policy/modules/services/mailman.te 2008-06-12 23:37:57.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/mailman.te 2008-06-12 23:37:58.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/mailman.te 2008-08-28 09:25:27.000000000 -0400
@@ -55,6 +55,8 @@
apache_use_fds(mailman_cgi_t)
apache_dontaudit_append_log(mailman_cgi_t)
@@ -11840,7 +11848,7 @@
#
allow mailman_mail_t self:unix_dgram_socket create_socket_perms;
-+allow mailman_mail_t self:process signal;
++allow mailman_mail_t self:process { signal signull };
+allow mailman_mail_t initrc_t:process signal;
+allow mailman_mail_t self:capability { setuid setgid };
+
@@ -19381,7 +19389,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.0.8/policy/modules/system/authlogin.te
--- nsaserefpolicy/policy/modules/system/authlogin.te 2008-06-12 23:37:57.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/authlogin.te 2008-07-24 06:57:59.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/authlogin.te 2008-08-29 12:42:00.000000000 -0400
@@ -1,4 +1,4 @@
-
+
@@ -19453,7 +19461,7 @@
+userdom_write_unpriv_users_tmp_files(pam_t)
+userdom_unlink_unpriv_users_tmp_files(pam_t)
+userdom_dontaudit_read_unpriv_users_home_content_files(pam_t)
-+userdom_dontaudit_write_user_home_content_files(user, pam_t)
++userdom_dontaudit_write_unpriv_user_home_content_files(pam_t)
+userdom_append_unpriv_users_home_content_files(pam_t)
+userdom_dontaudit_read_user_tmp_files(user, pam_t)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/selinux-policy.spec,v
retrieving revision 1.642
retrieving revision 1.643
diff -u -r1.642 -r1.643
--- selinux-policy.spec 12 Aug 2008 20:17:47 -0000 1.642
+++ selinux-policy.spec 8 Sep 2008 20:59:24 -0000 1.643
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.8
-Release: 114%{?dist}
+Release: 115%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -381,6 +381,9 @@
%endif
%changelog
+* Tue Aug 26 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-115
+- Remove definition for /var/run/mod_fcgid(/.*)?
+
* Tue Aug 12 2008 Dan Walsh <dwalsh at redhat.com> 3.0.8-114
- Allow bluetooth to read hwdate
- Previous message (by thread): rpms/themes-backgrounds-gnome/devel themes-backgrounds-gnome.xml-0.4, NONE, 1.1 .cvsignore, 1.3, 1.4 sources, 1.3, 1.4 themes-backgrounds-gnome.spec, 1.14, 1.15 themes-backgrounds-gnome.xml, 1.1, 1.2
- Next message (by thread): rpms/selinux-policy/devel .cvsignore, 1.146, 1.147 sources, 1.161, 1.162
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list