rpms/selinux-policy/devel modules-mls.conf, 1.36, 1.37 modules-targeted.conf, 1.101, 1.102 policy-20080710.patch, 1.38, 1.39 selinux-policy.spec, 1.706, 1.707

Daniel J Walsh dwalsh at fedoraproject.org
Thu Sep 18 20:47:12 UTC 2008 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv4154

Modified Files:
	modules-mls.conf modules-targeted.conf policy-20080710.patch 
	selinux-policy.spec 
Log Message:
* Thu Sep 18 2008 Dan Walsh <dwalsh at redhat.com> 3.5.8-3
- Fix labeling on new pm*log
- Allow ssh to bind to all nodes



Index: modules-mls.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/modules-mls.conf,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- modules-mls.conf	18 Sep 2008 14:19:06 -0000	1.36
+++ modules-mls.conf	18 Sep 2008 20:46:41 -0000	1.37
@@ -409,14 +409,14 @@
 #
 # Policy for rshd, rlogind, and telnetd.
 # 
-remotelogin = base
+remotelogin = module
 
 # Layer: services
 # Module: telnet
 #
 # Telnet daemon
 # 
-telnet = base
+telnet = module
 
 # Layer: services
 # Module: irqbalance


Index: modules-targeted.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/modules-targeted.conf,v
retrieving revision 1.101
retrieving revision 1.102
diff -u -r1.101 -r1.102
--- modules-targeted.conf	18 Sep 2008 19:34:12 -0000	1.101
+++ modules-targeted.conf	18 Sep 2008 20:46:41 -0000	1.102
@@ -1040,7 +1040,7 @@
 #
 # Policy for rshd, rlogind, and telnetd.
 # 
-remotelogin = base
+remotelogin = module
 
 # Layer: services
 # Module: ricci

policy-20080710.patch:

Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080710.patch,v
retrieving revision 1.38
retrieving revision 1.39
diff -u -r1.38 -r1.39
--- policy-20080710.patch	18 Sep 2008 19:34:12 -0000	1.38
+++ policy-20080710.patch	18 Sep 2008 20:46:41 -0000	1.39
@@ -23287,7 +23287,7 @@
  ## <param name="domain">
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.5.8/policy/modules/services/rpc.te
 --- nsaserefpolicy/policy/modules/services/rpc.te	2008-08-14 13:08:27.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/services/rpc.te	2008-09-17 08:49:09.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/services/rpc.te	2008-09-18 16:45:56.000000000 -0400
 @@ -23,7 +23,7 @@
  gen_tunable(allow_nfsd_anon_write, false)
  
@@ -23321,7 +23321,7 @@
  ')
  
  tunable_policy(`nfs_export_all_ro',`
-@@ -170,9 +173,13 @@
+@@ -170,9 +173,14 @@
  files_read_usr_symlinks(gssd_t) 
  
  auth_use_nsswitch(gssd_t)
@@ -23329,13 +23329,14 @@
  
  miscfiles_read_certs(gssd_t)
  
-+userdom_dontaudit_search_users_home_dirs(rpcd_t)
-+sysadm_dontaudit_search_home_dirs(rpcd_t)
++userdom_dontaudit_search_users_home_dirs(gssd_t)
++sysadm_dontaudit_search_home_dirs(gssd_t)
++userdom_dontaudit_write_user_tmp_files(user, gssd_t)
 +
  tunable_policy(`allow_gssd_read_tmp',`
  	userdom_list_unpriv_users_tmp(gssd_t) 
  	userdom_read_unpriv_users_tmp_files(gssd_t) 
-@@ -180,8 +187,7 @@
+@@ -180,8 +188,7 @@
  ')
  
  optional_policy(`
@@ -26609,7 +26610,7 @@
  /etc/ssh/ssh_host_key 		--	gen_context(system_u:object_r:sshd_key_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.5.8/policy/modules/services/ssh.if
 --- nsaserefpolicy/policy/modules/services/ssh.if	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/services/ssh.if	2008-09-18 08:51:19.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/services/ssh.if	2008-09-18 15:56:17.000000000 -0400
 @@ -36,6 +36,7 @@
  	gen_require(`
  		attribute ssh_server;
@@ -26709,7 +26710,11 @@
  	# Write to the user domain tty.
  	userdom_use_user_terminals($1,$1_ssh_t)
  	# needs to read krb tgt
-@@ -282,21 +289,10 @@
+@@ -279,24 +286,14 @@
+ 	# for port forwarding
+ 	tunable_policy(`user_tcp_server',`
+ 		corenet_tcp_bind_ssh_port($1_ssh_t)
++		corenet_tcp_bind_all_nodes($1_ssh_t)
  	')
  
  	optional_policy(`
@@ -26732,7 +26737,7 @@
  	##############################
  	#
  	# $1_ssh_agent_t local policy
-@@ -383,10 +379,6 @@
+@@ -383,10 +380,6 @@
  		xserver_rw_xdm_pipes($1_ssh_agent_t)
  	')
  
@@ -26743,7 +26748,7 @@
  	##############################
  	#
  	# $1_ssh_keysign_t local policy
-@@ -413,6 +405,25 @@
+@@ -413,6 +406,25 @@
  	')
  ')
  
@@ -26769,7 +26774,7 @@
  #######################################
  ## <summary>
  ##	The template to define a ssh server.
-@@ -443,13 +454,14 @@
+@@ -443,13 +455,14 @@
  	type $1_var_run_t;
  	files_pid_file($1_var_run_t)
  
@@ -26785,7 +26790,7 @@
  
  	allow $1_t $1_devpts_t:chr_file { rw_chr_file_perms setattr getattr relabelfrom };
  	term_create_pty($1_t,$1_devpts_t)
-@@ -479,6 +491,10 @@
+@@ -479,6 +492,10 @@
  	corenet_tcp_bind_ssh_port($1_t)
  	corenet_tcp_connect_all_ports($1_t)
  	corenet_sendrecv_ssh_server_packets($1_t)
@@ -26796,7 +26801,7 @@
  
  	fs_dontaudit_getattr_all_fs($1_t)
  
-@@ -506,9 +522,14 @@
+@@ -506,9 +523,14 @@
  
  	userdom_dontaudit_relabelfrom_unpriv_users_ptys($1_t)
  	userdom_search_all_users_home_dirs($1_t)
@@ -26811,7 +26816,7 @@
  	')
  
  	tunable_policy(`use_samba_home_dirs',`
-@@ -517,11 +538,7 @@
+@@ -517,11 +539,7 @@
  
  	optional_policy(`
  		kerberos_use($1_t)
@@ -26824,7 +26829,7 @@
  	')
  
  	optional_policy(`
-@@ -710,3 +727,22 @@
+@@ -710,3 +728,22 @@
  
  	dontaudit $1 sshd_key_t:file { getattr read };
  ')
@@ -26934,7 +26939,7 @@
  corenet_tcp_sendrecv_all_if(stunnel_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/telnet.te serefpolicy-3.5.8/policy/modules/services/telnet.te
 --- nsaserefpolicy/policy/modules/services/telnet.te	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/services/telnet.te	2008-09-17 08:49:09.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/services/telnet.te	2008-09-18 16:12:20.000000000 -0400
 @@ -89,15 +89,19 @@
  
  userdom_search_unpriv_users_home_dirs(telnetd_t)


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.706
retrieving revision 1.707
diff -u -r1.706 -r1.707
--- selinux-policy.spec	18 Sep 2008 19:34:12 -0000	1.706
+++ selinux-policy.spec	18 Sep 2008 20:46:41 -0000	1.707
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.5.8
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -381,7 +381,7 @@
 %endif
 
 %changelog
-* Thu Sep 18 2008 Dan Walsh <dwalsh at redhat.com> 3.5.8-2
+* Thu Sep 18 2008 Dan Walsh <dwalsh at redhat.com> 3.5.8-3
 - Fix labeling on new pm*log
 - Allow ssh to bind to all nodes

More information about the fedora-extras-commits mailing list