rpms/selinux-policy/devel modules-mls.conf, 1.36, 1.37 modules-targeted.conf, 1.101, 1.102 policy-20080710.patch, 1.38, 1.39 selinux-policy.spec, 1.706, 1.707
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Sep 18 20:47:12 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv4154
Modified Files:
modules-mls.conf modules-targeted.conf policy-20080710.patch
selinux-policy.spec
Log Message:
* Thu Sep 18 2008 Dan Walsh <dwalsh at redhat.com> 3.5.8-3
- Fix labeling on new pm*log
- Allow ssh to bind to all nodes
Index: modules-mls.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/modules-mls.conf,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- modules-mls.conf 18 Sep 2008 14:19:06 -0000 1.36
+++ modules-mls.conf 18 Sep 2008 20:46:41 -0000 1.37
@@ -409,14 +409,14 @@
#
# Policy for rshd, rlogind, and telnetd.
#
-remotelogin = base
+remotelogin = module
# Layer: services
# Module: telnet
#
# Telnet daemon
#
-telnet = base
+telnet = module
# Layer: services
# Module: irqbalance
Index: modules-targeted.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/modules-targeted.conf,v
retrieving revision 1.101
retrieving revision 1.102
diff -u -r1.101 -r1.102
--- modules-targeted.conf 18 Sep 2008 19:34:12 -0000 1.101
+++ modules-targeted.conf 18 Sep 2008 20:46:41 -0000 1.102
@@ -1040,7 +1040,7 @@
#
# Policy for rshd, rlogind, and telnetd.
#
-remotelogin = base
+remotelogin = module
# Layer: services
# Module: ricci
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080710.patch,v
retrieving revision 1.38
retrieving revision 1.39
diff -u -r1.38 -r1.39
--- policy-20080710.patch 18 Sep 2008 19:34:12 -0000 1.38
+++ policy-20080710.patch 18 Sep 2008 20:46:41 -0000 1.39
@@ -23287,7 +23287,7 @@
## <param name="domain">
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.5.8/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2008-08-14 13:08:27.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/services/rpc.te 2008-09-17 08:49:09.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/services/rpc.te 2008-09-18 16:45:56.000000000 -0400
@@ -23,7 +23,7 @@
gen_tunable(allow_nfsd_anon_write, false)
@@ -23321,7 +23321,7 @@
')
tunable_policy(`nfs_export_all_ro',`
-@@ -170,9 +173,13 @@
+@@ -170,9 +173,14 @@
files_read_usr_symlinks(gssd_t)
auth_use_nsswitch(gssd_t)
@@ -23329,13 +23329,14 @@
miscfiles_read_certs(gssd_t)
-+userdom_dontaudit_search_users_home_dirs(rpcd_t)
-+sysadm_dontaudit_search_home_dirs(rpcd_t)
++userdom_dontaudit_search_users_home_dirs(gssd_t)
++sysadm_dontaudit_search_home_dirs(gssd_t)
++userdom_dontaudit_write_user_tmp_files(user, gssd_t)
+
tunable_policy(`allow_gssd_read_tmp',`
userdom_list_unpriv_users_tmp(gssd_t)
userdom_read_unpriv_users_tmp_files(gssd_t)
-@@ -180,8 +187,7 @@
+@@ -180,8 +188,7 @@
')
optional_policy(`
@@ -26609,7 +26610,7 @@
/etc/ssh/ssh_host_key -- gen_context(system_u:object_r:sshd_key_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.5.8/policy/modules/services/ssh.if
--- nsaserefpolicy/policy/modules/services/ssh.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/services/ssh.if 2008-09-18 08:51:19.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/services/ssh.if 2008-09-18 15:56:17.000000000 -0400
@@ -36,6 +36,7 @@
gen_require(`
attribute ssh_server;
@@ -26709,7 +26710,11 @@
# Write to the user domain tty.
userdom_use_user_terminals($1,$1_ssh_t)
# needs to read krb tgt
-@@ -282,21 +289,10 @@
+@@ -279,24 +286,14 @@
+ # for port forwarding
+ tunable_policy(`user_tcp_server',`
+ corenet_tcp_bind_ssh_port($1_ssh_t)
++ corenet_tcp_bind_all_nodes($1_ssh_t)
')
optional_policy(`
@@ -26732,7 +26737,7 @@
##############################
#
# $1_ssh_agent_t local policy
-@@ -383,10 +379,6 @@
+@@ -383,10 +380,6 @@
xserver_rw_xdm_pipes($1_ssh_agent_t)
')
@@ -26743,7 +26748,7 @@
##############################
#
# $1_ssh_keysign_t local policy
-@@ -413,6 +405,25 @@
+@@ -413,6 +406,25 @@
')
')
@@ -26769,7 +26774,7 @@
#######################################
## <summary>
## The template to define a ssh server.
-@@ -443,13 +454,14 @@
+@@ -443,13 +455,14 @@
type $1_var_run_t;
files_pid_file($1_var_run_t)
@@ -26785,7 +26790,7 @@
allow $1_t $1_devpts_t:chr_file { rw_chr_file_perms setattr getattr relabelfrom };
term_create_pty($1_t,$1_devpts_t)
-@@ -479,6 +491,10 @@
+@@ -479,6 +492,10 @@
corenet_tcp_bind_ssh_port($1_t)
corenet_tcp_connect_all_ports($1_t)
corenet_sendrecv_ssh_server_packets($1_t)
@@ -26796,7 +26801,7 @@
fs_dontaudit_getattr_all_fs($1_t)
-@@ -506,9 +522,14 @@
+@@ -506,9 +523,14 @@
userdom_dontaudit_relabelfrom_unpriv_users_ptys($1_t)
userdom_search_all_users_home_dirs($1_t)
@@ -26811,7 +26816,7 @@
')
tunable_policy(`use_samba_home_dirs',`
-@@ -517,11 +538,7 @@
+@@ -517,11 +539,7 @@
optional_policy(`
kerberos_use($1_t)
@@ -26824,7 +26829,7 @@
')
optional_policy(`
-@@ -710,3 +727,22 @@
+@@ -710,3 +728,22 @@
dontaudit $1 sshd_key_t:file { getattr read };
')
@@ -26934,7 +26939,7 @@
corenet_tcp_sendrecv_all_if(stunnel_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/telnet.te serefpolicy-3.5.8/policy/modules/services/telnet.te
--- nsaserefpolicy/policy/modules/services/telnet.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/services/telnet.te 2008-09-17 08:49:09.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/services/telnet.te 2008-09-18 16:12:20.000000000 -0400
@@ -89,15 +89,19 @@
userdom_search_unpriv_users_home_dirs(telnetd_t)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.706
retrieving revision 1.707
diff -u -r1.706 -r1.707
--- selinux-policy.spec 18 Sep 2008 19:34:12 -0000 1.706
+++ selinux-policy.spec 18 Sep 2008 20:46:41 -0000 1.707
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.5.8
-Release: 2%{?dist}
+Release: 3%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -381,7 +381,7 @@
%endif
%changelog
-* Thu Sep 18 2008 Dan Walsh <dwalsh at redhat.com> 3.5.8-2
+* Thu Sep 18 2008 Dan Walsh <dwalsh at redhat.com> 3.5.8-3
- Fix labeling on new pm*log
- Allow ssh to bind to all nodes
More information about the fedora-extras-commits
mailing list