rpms/selinux-policy/devel policy-20080710.patch, 1.42, 1.43 selinux-policy.spec, 1.709, 1.710
Daniel J Walsh
dwalsh at fedoraproject.org
Mon Sep 22 20:07:59 UTC 2008
- Previous message (by thread): rpms/file-browser-applet/F-9 .cvsignore, 1.2, 1.3 file-browser-applet.spec, 1.1, 1.2 sources, 1.2, 1.3 fba-cflags.patch, 1.1, NONE fba-libexecdir.patch, 1.1, NONE
- Next message (by thread): rpms/kernel/devel kernel.spec, 1.965, 1.966 linux-2.6-utrace.patch, 1.97, 1.98 linux-2.6-x86-tracehook.patch, 1.8, 1.9
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv3439
Modified Files:
policy-20080710.patch selinux-policy.spec
Log Message:
* Mon Sep 22 2008 Dan Walsh <dwalsh at redhat.com> 3.5.8-6
- Fix transition to nsplugin
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080710.patch,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -r1.42 -r1.43
--- policy-20080710.patch 22 Sep 2008 17:55:56 -0000 1.42
+++ policy-20080710.patch 22 Sep 2008 20:07:59 -0000 1.43
@@ -79,13 +79,17 @@
$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(tmpdir)/rolemap.conf
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.5.8/config/appconfig-mcs/default_contexts
--- nsaserefpolicy/config/appconfig-mcs/default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.8/config/appconfig-mcs/default_contexts 2008-09-17 08:49:08.000000000 -0400
-@@ -1,15 +0,0 @@
++++ serefpolicy-3.5.8/config/appconfig-mcs/default_contexts 2008-09-22 15:25:07.000000000 -0400
+@@ -1,15 +1,6 @@
-system_r:crond_t:s0 user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 unconfined_r:unconfined_crond_t:s0
-system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
-system_r:remote_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 unconfined_r:unconfined_t:s0
-system_r:sshd_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
--system_r:sulogin_t:s0 sysadm_r:sysadm_t:s0
++system_r:crond_t:s0 system_r:system_crond_t:s0
++system_r:local_login_t:s0 user_r:user_t:s0
++system_r:remote_login_t:s0 user_r:user_t:s0
++system_r:sshd_t:s0 user_r:user_t:s0
+ system_r:sulogin_t:s0 sysadm_r:sysadm_t:s0
-system_r:xdm_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
-
-staff_r:staff_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
@@ -96,6 +100,7 @@
-
-user_r:user_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
-user_r:user_sudo_t:s0 sysadm_r:sysadm_t:s0 user_r:user_t:s0
++system_r:xdm_t:s0 user_r:user_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.5.8/config/appconfig-mcs/failsafe_context
--- nsaserefpolicy/config/appconfig-mcs/failsafe_context 2008-08-07 11:15:14.000000000 -0400
+++ serefpolicy-3.5.8/config/appconfig-mcs/failsafe_context 2008-09-17 08:49:08.000000000 -0400
@@ -104,19 +109,20 @@
+system_r:unconfined_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts serefpolicy-3.5.8/config/appconfig-mcs/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.8/config/appconfig-mcs/guest_u_default_contexts 2008-09-17 08:49:08.000000000 -0400
++++ serefpolicy-3.5.8/config/appconfig-mcs/guest_u_default_contexts 2008-09-22 15:33:55.000000000 -0400
@@ -0,0 +1,6 @@
+system_r:local_login_t:s0 guest_r:guest_t:s0
+system_r:remote_login_t:s0 guest_r:guest_t:s0
+system_r:sshd_t:s0 guest_r:guest_t:s0
-+system_r:crond_t:s0 guest_r:guest_crond_t:s0
++system_r:crond_t:s0 guest_r:guest_t:s0
+system_r:initrc_su_t:s0 guest_r:guest_t:s0
+guest_r:guest_t:s0 guest_r:guest_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.5.8/config/appconfig-mcs/root_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/root_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.8/config/appconfig-mcs/root_default_contexts 2008-09-17 08:49:08.000000000 -0400
++++ serefpolicy-3.5.8/config/appconfig-mcs/root_default_contexts 2008-09-22 15:36:05.000000000 -0400
@@ -1,11 +1,7 @@
- system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
+-system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
++system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
system_r:local_login_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
-staff_r:staff_su_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -130,8 +136,13 @@
+system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts serefpolicy-3.5.8/config/appconfig-mcs/staff_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.8/config/appconfig-mcs/staff_u_default_contexts 2008-09-17 08:49:08.000000000 -0400
-@@ -5,6 +5,8 @@
++++ serefpolicy-3.5.8/config/appconfig-mcs/staff_u_default_contexts 2008-09-22 15:33:36.000000000 -0400
+@@ -1,10 +1,12 @@
+ system_r:local_login_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+ system_r:remote_login_t:s0 staff_r:staff_t:s0
+ system_r:sshd_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+-system_r:crond_t:s0 staff_r:staff_crond_t:s0
++system_r:crond_t:s0 staff_r:staff_t:s0
system_r:xdm_t:s0 staff_r:staff_t:s0
staff_r:staff_su_t:s0 staff_r:staff_t:s0
staff_r:staff_sudo_t:s0 staff_r:staff_t:s0
@@ -152,8 +163,13 @@
system_r:xdm_t:s0 unconfined_r:unconfined_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts serefpolicy-3.5.8/config/appconfig-mcs/user_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.8/config/appconfig-mcs/user_u_default_contexts 2008-09-17 08:49:08.000000000 -0400
-@@ -5,4 +5,5 @@
++++ serefpolicy-3.5.8/config/appconfig-mcs/user_u_default_contexts 2008-09-22 15:33:49.000000000 -0400
+@@ -1,8 +1,9 @@
+ system_r:local_login_t:s0 user_r:user_t:s0
+ system_r:remote_login_t:s0 user_r:user_t:s0
+ system_r:sshd_t:s0 user_r:user_t:s0
+-system_r:crond_t:s0 user_r:user_crond_t:s0
++system_r:crond_t:s0 user_r:user_t:s0
system_r:xdm_t:s0 user_r:user_t:s0
user_r:user_su_t:s0 user_r:user_t:s0
user_r:user_sudo_t:s0 user_r:user_t:s0
@@ -168,23 +184,103 @@
+system_u:system_r:unconfined_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.5.8/config/appconfig-mcs/xguest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.8/config/appconfig-mcs/xguest_u_default_contexts 2008-09-17 08:49:08.000000000 -0400
++++ serefpolicy-3.5.8/config/appconfig-mcs/xguest_u_default_contexts 2008-09-22 15:34:01.000000000 -0400
@@ -0,0 +1,7 @@
+system_r:local_login_t xguest_r:xguest_t:s0
+system_r:remote_login_t xguest_r:xguest_t:s0
+system_r:sshd_t xguest_r:xguest_t:s0
-+system_r:crond_t xguest_r:xguest_crond_t:s0
++system_r:crond_t xguest_r:xguest_t:s0
+system_r:xdm_t xguest_r:xguest_t:s0
+system_r:initrc_su_t:s0 xguest_r:xguest_t:s0
+xguest_r:xguest_t:s0 xguest_r:xguest_t:s0
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/default_contexts serefpolicy-3.5.8/config/appconfig-mls/default_contexts
+--- nsaserefpolicy/config/appconfig-mls/default_contexts 2008-08-07 11:15:14.000000000 -0400
++++ serefpolicy-3.5.8/config/appconfig-mls/default_contexts 2008-09-22 15:37:18.000000000 -0400
+@@ -1,15 +1,6 @@
+-system_r:crond_t:s0 user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 unconfined_r:unconfined_crond_t:s0
+-system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
+-system_r:remote_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 unconfined_r:unconfined_t:s0
+-system_r:sshd_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
++system_r:crond_t:s0 system_r:system_crond_t:s0
++system_r:local_login_t:s0 user_r:user_t:s0
++system_r:remote_login_t:s0 user_r:user_t:s0
++system_r:sshd_t:s0 user_r:user_t:s0
+ system_r:sulogin_t:s0 sysadm_r:sysadm_t:s0
+-system_r:xdm_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
+-
+-staff_r:staff_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+-staff_r:staff_sudo_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
+-
+-sysadm_r:sysadm_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+-sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0
+-
+-user_r:user_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+-user_r:user_sudo_t:s0 sysadm_r:sysadm_t:s0 user_r:user_t:s0
++system_r:xdm_t:s0 user_r:user_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts serefpolicy-3.5.8/config/appconfig-mls/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.8/config/appconfig-mls/guest_u_default_contexts 2008-09-17 08:49:08.000000000 -0400
++++ serefpolicy-3.5.8/config/appconfig-mls/guest_u_default_contexts 2008-09-22 15:34:31.000000000 -0400
@@ -0,0 +1,4 @@
+system_r:local_login_t:s0 guest_r:guest_t:s0
+system_r:remote_login_t:s0 guest_r:guest_t:s0
+system_r:sshd_t:s0 guest_r:guest_t:s0
-+system_r:crond_t:s0 guest_r:guest_crond_t:s0
++system_r:crond_t:s0 guest_r:guest_t:s0
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/root_default_contexts serefpolicy-3.5.8/config/appconfig-mls/root_default_contexts
+--- nsaserefpolicy/config/appconfig-mls/root_default_contexts 2008-08-07 11:15:14.000000000 -0400
++++ serefpolicy-3.5.8/config/appconfig-mls/root_default_contexts 2008-09-22 15:47:13.000000000 -0400
+@@ -1,11 +1,11 @@
+-system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
+-system_r:local_login_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
++system_r:crond_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
++system_r:local_login_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
+
+-staff_r:staff_su_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+-sysadm_r:sysadm_su_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+-user_r:user_su_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
++staff_r:staff_su_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
++sysadm_r:sysadm_su_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
++user_r:user_su_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
+
+ #
+ # Uncomment if you want to automatically login as sysadm_r
+ #
+-#system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
++#system_r:sshd_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/staff_u_default_contexts serefpolicy-3.5.8/config/appconfig-mls/staff_u_default_contexts
+--- nsaserefpolicy/config/appconfig-mls/staff_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
++++ serefpolicy-3.5.8/config/appconfig-mls/staff_u_default_contexts 2008-09-22 15:34:13.000000000 -0400
+@@ -1,7 +1,7 @@
+ system_r:local_login_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+ system_r:remote_login_t:s0 staff_r:staff_t:s0
+ system_r:sshd_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+-system_r:crond_t:s0 staff_r:staff_crond_t:s0
++system_r:crond_t:s0 staff_r:staff_t:s0
+ system_r:xdm_t:s0 staff_r:staff_t:s0
+ staff_r:staff_su_t:s0 staff_r:staff_t:s0
+ staff_r:staff_sudo_t:s0 staff_r:staff_t:s0
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/user_u_default_contexts serefpolicy-3.5.8/config/appconfig-mls/user_u_default_contexts
+--- nsaserefpolicy/config/appconfig-mls/user_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
++++ serefpolicy-3.5.8/config/appconfig-mls/user_u_default_contexts 2008-09-22 15:34:21.000000000 -0400
+@@ -1,7 +1,7 @@
+ system_r:local_login_t:s0 user_r:user_t:s0
+ system_r:remote_login_t:s0 user_r:user_t:s0
+ system_r:sshd_t:s0 user_r:user_t:s0
+-system_r:crond_t:s0 user_r:user_crond_t:s0
++system_r:crond_t:s0 user_r:user_t:s0
+ system_r:xdm_t:s0 user_r:user_t:s0
+ user_r:user_su_t:s0 user_r:user_t:s0
+ user_r:user_sudo_t:s0 user_r:user_t:s0
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/xguest_u_default_contexts serefpolicy-3.5.8/config/appconfig-mls/xguest_u_default_contexts
+--- nsaserefpolicy/config/appconfig-mls/xguest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.5.8/config/appconfig-mls/xguest_u_default_contexts 2008-09-22 15:37:37.000000000 -0400
+@@ -0,0 +1,7 @@
++system_r:local_login_t xguest_r:xguest_t:s0
++system_r:remote_login_t xguest_r:xguest_t:s0
++system_r:sshd_t xguest_r:xguest_t:s0
++system_r:crond_t xguest_r:xguest_t:s0
++system_r:xdm_t xguest_r:xguest_t:s0
++system_r:initrc_su_t:s0 xguest_r:xguest_t:s0
++xguest_r:xguest_t:s0 xguest_r:xguest_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/guest_u_default_contexts serefpolicy-3.5.8/config/appconfig-standard/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-standard/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.5.8/config/appconfig-standard/guest_u_default_contexts 2008-09-17 08:49:08.000000000 -0400
@@ -209,6 +305,30 @@
#
-#system_r:sshd_t unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
+system_r:sshd_t unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/staff_u_default_contexts serefpolicy-3.5.8/config/appconfig-standard/staff_u_default_contexts
+--- nsaserefpolicy/config/appconfig-standard/staff_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
++++ serefpolicy-3.5.8/config/appconfig-standard/staff_u_default_contexts 2008-09-22 15:34:45.000000000 -0400
+@@ -1,7 +1,7 @@
+ system_r:local_login_t staff_r:staff_t sysadm_r:sysadm_t
+ system_r:remote_login_t staff_r:staff_t
+ system_r:sshd_t staff_r:staff_t sysadm_r:sysadm_t
+-system_r:crond_t staff_r:staff_crond_t
++system_r:crond_t staff_r:staff_t
+ system_r:xdm_t staff_r:staff_t
+ staff_r:staff_su_t staff_r:staff_t
+ staff_r:staff_sudo_t staff_r:staff_t
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/user_u_default_contexts serefpolicy-3.5.8/config/appconfig-standard/user_u_default_contexts
+--- nsaserefpolicy/config/appconfig-standard/user_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
++++ serefpolicy-3.5.8/config/appconfig-standard/user_u_default_contexts 2008-09-22 15:34:52.000000000 -0400
+@@ -1,7 +1,7 @@
+ system_r:local_login_t user_r:user_t
+ system_r:remote_login_t user_r:user_t
+ system_r:sshd_t user_r:user_t
+-system_r:crond_t user_r:user_crond_t
++system_r:crond_t user_r:user_t
+ system_r:xdm_t user_r:user_t
+ user_r:user_su_t user_r:user_t
+ user_r:user_sudo_t user_r:user_t
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/xguest_u_default_contexts serefpolicy-3.5.8/config/appconfig-standard/xguest_u_default_contexts
--- nsaserefpolicy/config/appconfig-standard/xguest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.5.8/config/appconfig-standard/xguest_u_default_contexts 2008-09-17 08:49:08.000000000 -0400
@@ -4279,8 +4399,8 @@
+HOME_DIR/\.gstreamer-.* gen_context(system_u:object_r:nsplugin_home_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.5.8/policy/modules/apps/nsplugin.if
--- nsaserefpolicy/policy/modules/apps/nsplugin.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.8/policy/modules/apps/nsplugin.if 2008-09-21 07:27:44.000000000 -0400
-@@ -0,0 +1,493 @@
++++ serefpolicy-3.5.8/policy/modules/apps/nsplugin.if 2008-09-22 15:35:16.000000000 -0400
+@@ -0,0 +1,293 @@
+
+## <summary>policy for nsplugin</summary>
+
@@ -4363,247 +4483,45 @@
+ type nsplugin_exec_t;
+ type nsplugin_config_exec_t;
+ type $1_tmpfs_t;
++ type nsplugin_t;
++ type nsplugin_config_t;
+ ')
-+ type $1_nsplugin_t;
-+ domain_type($1_nsplugin_t)
-+ domain_entry_file($1_nsplugin_t, nsplugin_exec_t)
-+ role $3 types $1_nsplugin_t;
-+
-+ type $1_nsplugin_config_t;
-+ domain_type($1_nsplugin_config_t)
-+ domain_entry_file($1_nsplugin_config_t, nsplugin_config_exec_t)
-+ role $3 types $1_nsplugin_config_t;
+
-+ role $3 types $1_nsplugin_t;
-+ role $3 types $1_nsplugin_config_t;
++ role $3 types nsplugin_t;
++ role $3 types nsplugin_config_t;
+
-+ allow $1_nsplugin_t $2:process signull;
++ allow nsplugin_t $2:process signull;
+
+ list_dirs_pattern($2, nsplugin_rw_t, nsplugin_rw_t)
+ read_files_pattern($2, nsplugin_rw_t, nsplugin_rw_t)
+ read_lnk_files_pattern($2, nsplugin_rw_t, nsplugin_rw_t)
+ can_exec($2, nsplugin_rw_t)
+
-+ allow $1_nsplugin_t $1_tmpfs_t:file { read getattr };
-+
+ #Leaked File Descriptors
-+ dontaudit $1_nsplugin_t $2:tcp_socket rw_socket_perms;
-+ dontaudit $1_nsplugin_t $2:udp_socket rw_socket_perms;
-+ dontaudit $1_nsplugin_t $2:unix_stream_socket rw_socket_perms;
-+ dontaudit $1_nsplugin_t $2:unix_dgram_socket rw_socket_perms;
-+ dontaudit $1_nsplugin_config_t $2:tcp_socket rw_socket_perms;
-+ dontaudit $1_nsplugin_config_t $2:udp_socket rw_socket_perms;
-+ dontaudit $1_nsplugin_config_t $2:unix_stream_socket rw_socket_perms;
-+ dontaudit $1_nsplugin_config_t $2:unix_dgram_socket rw_socket_perms;
-+ allow $1_nsplugin_t $2:unix_stream_socket connectto;
-+ dontaudit $1_nsplugin_t $2:process ptrace;
++ dontaudit nsplugin_t $2:tcp_socket rw_socket_perms;
++ dontaudit nsplugin_t $2:udp_socket rw_socket_perms;
++ dontaudit nsplugin_t $2:unix_stream_socket rw_socket_perms;
++ dontaudit nsplugin_t $2:unix_dgram_socket rw_socket_perms;
++ dontaudit nsplugin_config_t $2:tcp_socket rw_socket_perms;
++ dontaudit nsplugin_config_t $2:udp_socket rw_socket_perms;
++ dontaudit nsplugin_config_t $2:unix_stream_socket rw_socket_perms;
++ dontaudit nsplugin_config_t $2:unix_dgram_socket rw_socket_perms;
++ allow nsplugin_t $2:unix_stream_socket connectto;
++ dontaudit nsplugin_t $2:process ptrace;
+
-+ allow $2 $1_nsplugin_t:process { getattr ptrace signal_perms };
-+ allow $2 $1_nsplugin_t:unix_stream_socket connectto;
++ allow $2 nsplugin_t:process { getattr ptrace signal_perms };
++ allow $2 nsplugin_t:unix_stream_socket connectto;
+
+ # Connect to pulseaudit server
-+ stream_connect_pattern($1_nsplugin_t, user_home_t, user_home_t, $2)
-+ gnome_stream_connect($1_nsplugin_t, $2)
-+
-+ userdom_use_user_terminals($1, $1_nsplugin_t)
-+ userdom_use_user_terminals($1, $1_nsplugin_config_t)
-+
-+ xserver_common_app($1, $1_nsplugin_t)
-+
-+########################################
-+#
-+# nsplugin local policy
-+#
-+dontaudit $1_nsplugin_t self:capability sys_tty_config;
-+allow $1_nsplugin_t self:fifo_file rw_file_perms;
-+allow $1_nsplugin_t self:process { ptrace getsched setsched signal_perms };
-+
-+allow $1_nsplugin_t self:sem create_sem_perms;
-+allow $1_nsplugin_t self:shm create_shm_perms;
-+allow $1_nsplugin_t self:msgq create_msgq_perms;
-+allow $1_nsplugin_t self:unix_stream_socket { connectto create_stream_socket_perms };
-+
-+tunable_policy(`allow_nsplugin_execmem',`
-+ allow $1_nsplugin_t self:process { execstack execmem };
-+ allow $1_nsplugin_config_t self:process { execstack execmem };
-+')
-+
-+manage_dirs_pattern($1_nsplugin_t, nsplugin_home_t, nsplugin_home_t)
-+exec_files_pattern($1_nsplugin_t, nsplugin_home_t, nsplugin_home_t)
-+manage_files_pattern($1_nsplugin_t, nsplugin_home_t, nsplugin_home_t)
-+manage_lnk_files_pattern($1_nsplugin_t, nsplugin_home_t, nsplugin_home_t)
-+userdom_user_home_dir_filetrans(user, $1_nsplugin_t, nsplugin_home_t, {file dir})
-+unprivuser_dontaudit_write_home_content_files($1_nsplugin_t)
-+
-+corecmd_exec_bin($1_nsplugin_t)
-+corecmd_exec_shell($1_nsplugin_t)
-+
-+corenet_all_recvfrom_unlabeled($1_nsplugin_t)
-+corenet_all_recvfrom_netlabel($1_nsplugin_t)
-+corenet_tcp_connect_flash_port($1_nsplugin_t)
-+corenet_tcp_connect_pulseaudio_port($1_nsplugin_t)
-+corenet_tcp_connect_http_port($1_nsplugin_t)
-+corenet_tcp_sendrecv_generic_if($1_nsplugin_t)
-+corenet_tcp_sendrecv_all_nodes($1_nsplugin_t)
-+
-+domain_dontaudit_read_all_domains_state($1_nsplugin_t)
-+
-+dev_read_rand($1_nsplugin_t)
-+dev_read_sound($1_nsplugin_t)
-+dev_write_sound($1_nsplugin_t)
-+dev_read_video_dev($1_nsplugin_t)
-+dev_write_video_dev($1_nsplugin_t)
-+dev_getattr_dri_dev($1_nsplugin_t)
-+dev_rwx_zero($1_nsplugin_t)
-+
-+kernel_read_kernel_sysctls($1_nsplugin_t)
-+kernel_read_system_state($1_nsplugin_t)
-+
-+files_read_usr_files($1_nsplugin_t)
-+files_read_etc_files($1_nsplugin_t)
-+files_read_config_files($1_nsplugin_t)
-+
-+fs_list_inotifyfs($1_nsplugin_t)
-+fs_manage_tmpfs_files($1_nsplugin_t)
-+fs_getattr_tmpfs($1_nsplugin_t)
-+fs_getattr_xattr_fs($1_nsplugin_t)
-+
-+term_dontaudit_getattr_all_user_ptys($1_nsplugin_t)
-+term_dontaudit_getattr_all_user_ttys($1_nsplugin_t)
-+
-+auth_use_nsswitch($1_nsplugin_t)
-+
-+libs_use_ld_so($1_nsplugin_t)
-+libs_use_shared_libs($1_nsplugin_t)
-+libs_exec_ld_so($1_nsplugin_t)
-+
-+miscfiles_read_localization($1_nsplugin_t)
-+miscfiles_read_fonts($1_nsplugin_t)
-+
-+unprivuser_manage_tmp_dirs($1_nsplugin_t)
-+unprivuser_manage_tmp_files($1_nsplugin_t)
-+unprivuser_manage_tmp_sockets($1_nsplugin_t)
-+userdom_tmp_filetrans_user_tmp(user, $1_nsplugin_t, { file dir sock_file })
-+unprivuser_read_tmpfs_files($1_nsplugin_t)
-+unprivuser_rw_semaphores($1_nsplugin_t)
-+unprivuser_delete_tmpfs_files($1_nsplugin_t)
-+
-+unprivuser_read_home_content_symlinks($1_nsplugin_t)
-+unprivuser_read_home_content_files($1_nsplugin_t)
-+unprivuser_read_tmp_files($1_nsplugin_t)
-+userdom_write_user_tmp_sockets(user, $1_nsplugin_t)
-+unprivuser_dontaudit_append_home_content_files($1_nsplugin_t)
-+userdom_dontaudit_unlink_unpriv_home_content_files($1_nsplugin_t)
-+userdom_dontaudit_manage_user_tmp_files(user, $1_nsplugin_t)
-+
-+optional_policy(`
-+ alsa_read_rw_config($1_nsplugin_t)
-+')
-+
-+optional_policy(`
-+ gnome_exec_gconf($1_nsplugin_t)
-+ gnome_manage_user_gnome_config(user, $1_nsplugin_t)
-+ allow $1_nsplugin_t gnome_home_t:sock_file write;
-+')
-+
-+optional_policy(`
-+ mozilla_read_user_home_files(user, $1_nsplugin_t)
-+ mozilla_write_user_home_files(user, $1_nsplugin_t)
-+')
-+
-+optional_policy(`
-+ mplayer_exec($1_nsplugin_t)
-+ mplayer_read_user_home_files(user, $1_nsplugin_t)
-+')
-+
-+optional_policy(`
-+ unconfined_execmem_signull($1_nsplugin_t)
-+ unconfined_delete_tmpfs_files($1_nsplugin_t)
-+')
-+
-+optional_policy(`
-+ xserver_stream_connect_xdm_xserver($1_nsplugin_t)
-+ xserver_xdm_rw_shm($1_nsplugin_t)
-+ xserver_read_xdm_tmp_files($1_nsplugin_t)
-+ xserver_read_xdm_pid($1_nsplugin_t)
-+ xserver_read_user_xauth(user, $1_nsplugin_t)
-+ xserver_read_user_iceauth(user, $1_nsplugin_t)
-+ xserver_use_user_fonts(user, $1_nsplugin_t)
-+ xserver_manage_home_fonts($1_nsplugin_t)
-+ xserver_dontaudit_rw_xdm_home_files($1_nsplugin_t)
-+')
-+
-+########################################
-+#
-+# $1_nsplugin_config local policy
-+#
-+
-+allow $1_nsplugin_config_t self:capability { dac_override dac_read_search sys_nice setuid setgid };
-+allow $1_nsplugin_config_t self:process { setsched sigkill getsched execmem };
-+#execing pulseaudio
-+dontaudit $1_nsplugin_t self:process { getcap setcap };
-+
-+allow $1_nsplugin_config_t self:fifo_file rw_file_perms;
-+allow $1_nsplugin_config_t self:unix_stream_socket create_stream_socket_perms;
-+
-+fs_list_inotifyfs($1_nsplugin_config_t)
-+
-+can_exec($1_nsplugin_config_t, nsplugin_rw_t)
-+manage_dirs_pattern($1_nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
-+manage_files_pattern($1_nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
-+manage_lnk_files_pattern($1_nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
-+
-+manage_dirs_pattern($1_nsplugin_config_t, nsplugin_home_t, nsplugin_home_t)
-+manage_files_pattern($1_nsplugin_config_t, nsplugin_home_t, nsplugin_home_t)
-+manage_lnk_files_pattern($1_nsplugin_config_t, nsplugin_home_t, nsplugin_home_t)
++ stream_connect_pattern(nsplugin_t, user_home_t, user_home_t, $2)
++ gnome_stream_connect(nsplugin_t, $2)
+
-+corecmd_exec_bin($1_nsplugin_config_t)
-+corecmd_exec_shell($1_nsplugin_config_t)
++ allow nsplugin_t $1_tmpfs_t:file { read getattr };
+
-+kernel_read_system_state($1_nsplugin_config_t)
++ userdom_use_user_terminals($1, nsplugin_t)
++ userdom_use_user_terminals($1, nsplugin_config_t)
+
-+files_read_etc_files($1_nsplugin_config_t)
-+files_read_usr_files($1_nsplugin_config_t)
-+files_dontaudit_search_home($1_nsplugin_config_t)
-+files_list_tmp($1_nsplugin_config_t)
-+
-+auth_use_nsswitch($1_nsplugin_config_t)
-+
-+libs_use_ld_so($1_nsplugin_config_t)
-+libs_use_shared_libs($1_nsplugin_config_t)
-+
-+miscfiles_read_localization($1_nsplugin_config_t)
-+miscfiles_read_fonts($1_nsplugin_config_t)
-+
-+userdom_search_all_users_home_content($1_nsplugin_config_t)
-+
-+tunable_policy(`use_nfs_home_dirs',`
-+ fs_manage_nfs_dirs($1_nsplugin_t)
-+ fs_manage_nfs_files($1_nsplugin_t)
-+ fs_manage_nfs_dirs($1_nsplugin_config_t)
-+ fs_manage_nfs_files($1_nsplugin_config_t)
-+')
-+
-+tunable_policy(`use_samba_home_dirs',`
-+ fs_manage_cifs_dirs($1_nsplugin_t)
-+ fs_manage_cifs_files($1_nsplugin_t)
-+ fs_manage_cifs_dirs($1_nsplugin_config_t)
-+ fs_manage_cifs_files($1_nsplugin_config_t)
-+')
-+
-+domtrans_pattern($1_nsplugin_config_t, nsplugin_exec_t, $1_nsplugin_t)
-+
-+optional_policy(`
-+ xserver_read_home_fonts($1_nsplugin_config_t)
-+')
-+
-+optional_policy(`
-+ mozilla_read_user_home_files(user, $1_nsplugin_config_t)
-+')
-+
-+ optional_policy(`
-+ openoffice_plugin_per_role_template($1, $1_nsplugin_t)
-+ ')
++ xserver_common_app($1, nsplugin_t)
+')
+
+#######################################
@@ -4642,12 +4560,14 @@
+ gen_require(`
+ type nsplugin_exec_t;
+ type nsplugin_config_exec_t;
++ type nsplugin_t;
++ type nsplugin_config_t;
+ ')
+
+ nsplugin_per_role_template_notrans($1, $2, $3)
+
-+ domtrans_pattern($2, nsplugin_exec_t, $1_nsplugin_t)
-+ domtrans_pattern($2, nsplugin_config_exec_t, $1_nsplugin_config_t)
++ domtrans_pattern($2, nsplugin_exec_t, nsplugin_t)
++ domtrans_pattern($2, nsplugin_config_exec_t, nsplugin_config_t)
+')
+
+#######################################
@@ -4680,10 +4600,10 @@
+interface(`nsplugin_domtrans_user',`
+ gen_require(`
+ type nsplugin_exec_t;
-+ type $1_nsplugin_t;
++ type nsplugin_t;
+ ')
+
-+ domtrans_pattern($2, nsplugin_exec_t, $1_nsplugin_t)
++ domtrans_pattern($2, nsplugin_exec_t, nsplugin_t)
+')
+#######################################
+## <summary>
@@ -4715,10 +4635,10 @@
+interface(`nsplugin_domtrans_user_config',`
+ gen_require(`
+ type nsplugin_config_exec_t;
-+ type $1_nsplugin_config_t;
++ type nsplugin_config_t;
+ ')
+
-+ domtrans_pattern($2, nsplugin_config_exec_t, $1_nsplugin_config_t)
++ domtrans_pattern($2, nsplugin_config_exec_t, nsplugin_config_t)
+')
+
+########################################
@@ -4776,8 +4696,8 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.5.8/policy/modules/apps/nsplugin.te
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.8/policy/modules/apps/nsplugin.te 2008-09-17 19:06:31.000000000 -0400
-@@ -0,0 +1,36 @@
++++ serefpolicy-3.5.8/policy/modules/apps/nsplugin.te 2008-09-22 14:52:12.000000000 -0400
+@@ -0,0 +1,234 @@
+
+policy_module(nsplugin, 1.0.0)
+
@@ -4810,10 +4730,208 @@
+userdom_user_home_content(user, nsplugin_home_t)
+typealias nsplugin_home_t alias user_nsplugin_home_t;
+
++type nsplugin_t;
++domain_type(nsplugin_t)
++domain_entry_file(nsplugin_t, nsplugin_exec_t)
++
++type nsplugin_config_t;
++domain_type(nsplugin_config_t)
++domain_entry_file(nsplugin_config_t, nsplugin_config_exec_t)
++
+application_executable_file(nsplugin_exec_t)
+application_executable_file(nsplugin_config_exec_t)
+
+
++########################################
++#
++# nsplugin local policy
++#
++dontaudit nsplugin_t self:capability sys_tty_config;
++allow nsplugin_t self:fifo_file rw_file_perms;
++allow nsplugin_t self:process { ptrace getsched setsched signal_perms };
++
++allow nsplugin_t self:sem create_sem_perms;
++allow nsplugin_t self:shm create_shm_perms;
++allow nsplugin_t self:msgq create_msgq_perms;
++allow nsplugin_t self:unix_stream_socket { connectto create_stream_socket_perms };
++
++tunable_policy(`allow_nsplugin_execmem',`
++ allow nsplugin_t self:process { execstack execmem };
++ allow nsplugin_config_t self:process { execstack execmem };
++')
++
++manage_dirs_pattern(nsplugin_t, nsplugin_home_t, nsplugin_home_t)
++exec_files_pattern(nsplugin_t, nsplugin_home_t, nsplugin_home_t)
++manage_files_pattern(nsplugin_t, nsplugin_home_t, nsplugin_home_t)
++manage_lnk_files_pattern(nsplugin_t, nsplugin_home_t, nsplugin_home_t)
++userdom_user_home_dir_filetrans(user, nsplugin_t, nsplugin_home_t, {file dir})
++unprivuser_dontaudit_write_home_content_files(nsplugin_t)
++
++corecmd_exec_bin(nsplugin_t)
++corecmd_exec_shell(nsplugin_t)
++
++corenet_all_recvfrom_unlabeled(nsplugin_t)
++corenet_all_recvfrom_netlabel(nsplugin_t)
++corenet_tcp_connect_flash_port(nsplugin_t)
++corenet_tcp_connect_pulseaudio_port(nsplugin_t)
++corenet_tcp_connect_http_port(nsplugin_t)
++corenet_tcp_sendrecv_generic_if(nsplugin_t)
++corenet_tcp_sendrecv_all_nodes(nsplugin_t)
++
++domain_dontaudit_read_all_domains_state(nsplugin_t)
++
++dev_read_rand(nsplugin_t)
++dev_read_sound(nsplugin_t)
++dev_write_sound(nsplugin_t)
++dev_read_video_dev(nsplugin_t)
++dev_write_video_dev(nsplugin_t)
++dev_getattr_dri_dev(nsplugin_t)
++dev_rwx_zero(nsplugin_t)
++
++kernel_read_kernel_sysctls(nsplugin_t)
++kernel_read_system_state(nsplugin_t)
++
++files_read_usr_files(nsplugin_t)
++files_read_etc_files(nsplugin_t)
++files_read_config_files(nsplugin_t)
++
++fs_list_inotifyfs(nsplugin_t)
++fs_manage_tmpfs_files(nsplugin_t)
++fs_getattr_tmpfs(nsplugin_t)
++fs_getattr_xattr_fs(nsplugin_t)
++
++term_dontaudit_getattr_all_user_ptys(nsplugin_t)
++term_dontaudit_getattr_all_user_ttys(nsplugin_t)
++
++auth_use_nsswitch(nsplugin_t)
++
++libs_use_ld_so(nsplugin_t)
++libs_use_shared_libs(nsplugin_t)
++libs_exec_ld_so(nsplugin_t)
++
++miscfiles_read_localization(nsplugin_t)
++miscfiles_read_fonts(nsplugin_t)
++
++unprivuser_manage_tmp_dirs(nsplugin_t)
++unprivuser_manage_tmp_files(nsplugin_t)
++unprivuser_manage_tmp_sockets(nsplugin_t)
++userdom_tmp_filetrans_user_tmp(user, nsplugin_t, { file dir sock_file })
++unprivuser_read_tmpfs_files(nsplugin_t)
++unprivuser_rw_semaphores(nsplugin_t)
++unprivuser_delete_tmpfs_files(nsplugin_t)
++
++unprivuser_read_home_content_symlinks(nsplugin_t)
++unprivuser_read_home_content_files(nsplugin_t)
++unprivuser_read_tmp_files(nsplugin_t)
++userdom_write_user_tmp_sockets(user, nsplugin_t)
++unprivuser_dontaudit_append_home_content_files(nsplugin_t)
++userdom_dontaudit_unlink_unpriv_home_content_files(nsplugin_t)
++userdom_dontaudit_manage_user_tmp_files(user, nsplugin_t)
++
++optional_policy(`
++ alsa_read_rw_config(nsplugin_t)
++')
++
++optional_policy(`
++ gnome_exec_gconf(nsplugin_t)
++ gnome_manage_user_gnome_config(user, nsplugin_t)
++ allow nsplugin_t gnome_home_t:sock_file write;
++')
++
++optional_policy(`
++ mozilla_read_user_home_files(user, nsplugin_t)
++ mozilla_write_user_home_files(user, nsplugin_t)
++')
++
++optional_policy(`
++ mplayer_exec(nsplugin_t)
++ mplayer_read_user_home_files(user, nsplugin_t)
++')
++
++optional_policy(`
++ unconfined_execmem_signull(nsplugin_t)
++ unconfined_delete_tmpfs_files(nsplugin_t)
++')
++
++optional_policy(`
++ xserver_stream_connect_xdm_xserver(nsplugin_t)
++ xserver_xdm_rw_shm(nsplugin_t)
++ xserver_read_xdm_tmp_files(nsplugin_t)
++ xserver_read_xdm_pid(nsplugin_t)
++ xserver_read_user_xauth(user, nsplugin_t)
++ xserver_read_user_iceauth(user, nsplugin_t)
++ xserver_use_user_fonts(user, nsplugin_t)
++ xserver_manage_home_fonts(nsplugin_t)
++ xserver_dontaudit_rw_xdm_home_files(nsplugin_t)
++')
++
++########################################
++#
++# nsplugin_config local policy
++#
++
++allow nsplugin_config_t self:capability { dac_override dac_read_search sys_nice setuid setgid };
++allow nsplugin_config_t self:process { setsched sigkill getsched execmem };
++#execing pulseaudio
++dontaudit nsplugin_t self:process { getcap setcap };
++
++allow nsplugin_config_t self:fifo_file rw_file_perms;
++allow nsplugin_config_t self:unix_stream_socket create_stream_socket_perms;
++
++fs_list_inotifyfs(nsplugin_config_t)
++
++can_exec(nsplugin_config_t, nsplugin_rw_t)
++manage_dirs_pattern(nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
++manage_files_pattern(nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
++manage_lnk_files_pattern(nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
++
++manage_dirs_pattern(nsplugin_config_t, nsplugin_home_t, nsplugin_home_t)
++manage_files_pattern(nsplugin_config_t, nsplugin_home_t, nsplugin_home_t)
++manage_lnk_files_pattern(nsplugin_config_t, nsplugin_home_t, nsplugin_home_t)
++
++corecmd_exec_bin(nsplugin_config_t)
++corecmd_exec_shell(nsplugin_config_t)
++
++kernel_read_system_state(nsplugin_config_t)
++
++files_read_etc_files(nsplugin_config_t)
++files_read_usr_files(nsplugin_config_t)
++files_dontaudit_search_home(nsplugin_config_t)
++files_list_tmp(nsplugin_config_t)
++
++auth_use_nsswitch(nsplugin_config_t)
++
++libs_use_ld_so(nsplugin_config_t)
++libs_use_shared_libs(nsplugin_config_t)
++
++miscfiles_read_localization(nsplugin_config_t)
++miscfiles_read_fonts(nsplugin_config_t)
++
++userdom_search_all_users_home_content(nsplugin_config_t)
++
++tunable_policy(`use_nfs_home_dirs',`
++ fs_manage_nfs_dirs(nsplugin_t)
++ fs_manage_nfs_files(nsplugin_t)
++ fs_manage_nfs_dirs(nsplugin_config_t)
++ fs_manage_nfs_files(nsplugin_config_t)
++')
++
++tunable_policy(`use_samba_home_dirs',`
++ fs_manage_cifs_dirs(nsplugin_t)
++ fs_manage_cifs_files(nsplugin_t)
++ fs_manage_cifs_dirs(nsplugin_config_t)
++ fs_manage_cifs_files(nsplugin_config_t)
++')
++
++domtrans_pattern(nsplugin_config_t, nsplugin_exec_t, nsplugin_t)
++
++optional_policy(`
++ xserver_read_home_fonts(nsplugin_config_t)
++')
++
++optional_policy(`
++ mozilla_read_user_home_files(user, nsplugin_config_t)
++')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.fc serefpolicy-3.5.8/policy/modules/apps/openoffice.fc
--- nsaserefpolicy/policy/modules/apps/openoffice.fc 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.5.8/policy/modules/apps/openoffice.fc 2008-09-17 08:49:08.000000000 -0400
@@ -8292,7 +8410,7 @@
neverallow ~{ selinux_unconfined_type can_setsecparam } security_t:security setsecparam;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-3.5.8/policy/modules/kernel/storage.fc
--- nsaserefpolicy/policy/modules/kernel/storage.fc 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/kernel/storage.fc 2008-09-22 12:22:40.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/kernel/storage.fc 2008-09-22 15:56:42.000000000 -0400
@@ -27,6 +27,7 @@
/dev/mcdx? -b gen_context(system_u:object_r:removable_device_t,s0)
/dev/megadev.* -c gen_context(system_u:object_r:removable_device_t,s0)
@@ -8301,14 +8419,6 @@
/dev/nb[^/]+ -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
/dev/optcd -b gen_context(system_u:object_r:removable_device_t,s0)
/dev/p[fg][0-3] -b gen_context(system_u:object_r:removable_device_t,s0)
-@@ -65,6 +66,7 @@
-
- /dev/md/.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
- /dev/mapper/.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-+/dev/mspblk.* -b gen_context(system_u:object_r:removable_device_t,s0)
-
- /dev/raw/raw[0-9]+ -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.fc serefpolicy-3.5.8/policy/modules/roles/guest.fc
--- nsaserefpolicy/policy/modules/roles/guest.fc 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.5.8/policy/modules/roles/guest.fc 2008-09-17 08:49:08.000000000 -0400
@@ -13976,7 +14086,7 @@
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.5.8/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2008-09-03 07:59:15.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/services/cups.te 2008-09-17 08:49:08.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/services/cups.te 2008-09-22 14:18:53.000000000 -0400
@@ -48,6 +48,10 @@
type hplip_t;
type hplip_exec_t;
@@ -14058,7 +14168,7 @@
allow cupsd_t hplip_var_run_t:file { read getattr };
stream_connect_pattern(cupsd_t, ptal_var_run_t, ptal_var_run_t, ptal_t)
-@@ -149,44 +174,48 @@
+@@ -149,44 +174,49 @@
corenet_tcp_bind_reserved_port(cupsd_t)
corenet_dontaudit_tcp_bind_all_reserved_ports(cupsd_t)
corenet_tcp_connect_all_ports(cupsd_t)
@@ -14072,6 +14182,7 @@
dev_read_urand(cupsd_t)
dev_read_sysfs(cupsd_t)
-dev_read_usbfs(cupsd_t)
++dev_rw_input_dev(cupsd_t) #447878
+dev_rw_generic_usb_dev(cupsd_t)
+dev_rw_usbfs(cupsd_t)
dev_getattr_printer_dev(cupsd_t)
@@ -14112,7 +14223,7 @@
files_list_world_readable(cupsd_t)
files_read_world_readable_files(cupsd_t)
files_read_world_readable_symlinks(cupsd_t)
-@@ -195,15 +224,16 @@
+@@ -195,15 +225,16 @@
files_read_var_symlinks(cupsd_t)
# for /etc/printcap
files_dontaudit_write_etc_files(cupsd_t)
@@ -14133,7 +14244,7 @@
auth_use_nsswitch(cupsd_t)
libs_use_ld_so(cupsd_t)
-@@ -219,17 +249,22 @@
+@@ -219,17 +250,22 @@
miscfiles_read_fonts(cupsd_t)
seutil_read_config(cupsd_t)
@@ -14158,7 +14269,7 @@
')
optional_policy(`
-@@ -246,8 +281,16 @@
+@@ -246,8 +282,16 @@
userdom_dbus_send_all_users(cupsd_t)
optional_policy(`
@@ -14175,7 +14286,7 @@
')
optional_policy(`
-@@ -263,6 +306,10 @@
+@@ -263,6 +307,10 @@
')
optional_policy(`
@@ -14186,7 +14297,7 @@
# cups execs smbtool which reads samba_etc_t files
samba_read_config(cupsd_t)
samba_rw_var_files(cupsd_t)
-@@ -281,7 +328,7 @@
+@@ -281,7 +329,7 @@
# Cups configuration daemon local policy
#
@@ -14195,7 +14306,7 @@
dontaudit cupsd_config_t self:capability sys_tty_config;
allow cupsd_config_t self:process signal_perms;
allow cupsd_config_t self:fifo_file rw_fifo_file_perms;
-@@ -326,6 +373,7 @@
+@@ -326,6 +374,7 @@
dev_read_sysfs(cupsd_config_t)
dev_read_urand(cupsd_config_t)
dev_read_rand(cupsd_config_t)
@@ -14203,7 +14314,7 @@
fs_getattr_all_fs(cupsd_config_t)
fs_search_auto_mountpoints(cupsd_config_t)
-@@ -343,7 +391,7 @@
+@@ -343,7 +392,7 @@
files_read_var_symlinks(cupsd_config_t)
# Alternatives asks for this
@@ -14212,7 +14323,7 @@
auth_use_nsswitch(cupsd_config_t)
-@@ -353,6 +401,7 @@
+@@ -353,6 +402,7 @@
logging_send_syslog_msg(cupsd_config_t)
miscfiles_read_localization(cupsd_config_t)
@@ -14220,7 +14331,7 @@
seutil_dontaudit_search_config(cupsd_config_t)
-@@ -365,14 +414,16 @@
+@@ -365,14 +415,16 @@
sysadm_dontaudit_search_home_dirs(cupsd_config_t)
ifdef(`distro_redhat',`
@@ -14239,7 +14350,7 @@
cron_system_entry(cupsd_config_t, cupsd_config_exec_t)
')
-@@ -388,6 +439,7 @@
+@@ -388,6 +440,7 @@
optional_policy(`
hal_domtrans(cupsd_config_t)
hal_read_tmp_files(cupsd_config_t)
@@ -14247,7 +14358,7 @@
')
optional_policy(`
-@@ -500,7 +552,7 @@
+@@ -500,7 +553,7 @@
allow hplip_t self:udp_socket create_socket_perms;
allow hplip_t self:rawip_socket create_socket_perms;
@@ -14256,7 +14367,7 @@
cups_stream_connect(hplip_t)
-@@ -509,6 +561,8 @@
+@@ -509,6 +562,8 @@
read_lnk_files_pattern(hplip_t, hplip_etc_t, hplip_etc_t)
files_search_etc(hplip_t)
@@ -14265,7 +14376,7 @@
manage_files_pattern(hplip_t, hplip_var_run_t, hplip_var_run_t)
files_pid_filetrans(hplip_t, hplip_var_run_t, file)
-@@ -538,7 +592,8 @@
+@@ -538,7 +593,8 @@
dev_read_urand(hplip_t)
dev_read_rand(hplip_t)
dev_rw_generic_usb_dev(hplip_t)
@@ -14275,7 +14386,7 @@
fs_getattr_all_fs(hplip_t)
fs_search_auto_mountpoints(hplip_t)
-@@ -564,12 +619,14 @@
+@@ -564,12 +620,14 @@
userdom_dontaudit_use_unpriv_user_fds(hplip_t)
userdom_dontaudit_search_all_users_home_content(hplip_t)
@@ -14291,7 +14402,7 @@
')
optional_policy(`
-@@ -651,3 +708,45 @@
+@@ -651,3 +709,45 @@
optional_policy(`
udev_read_db(ptal_t)
')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.709
retrieving revision 1.710
diff -u -r1.709 -r1.710
--- selinux-policy.spec 22 Sep 2008 17:55:56 -0000 1.709
+++ selinux-policy.spec 22 Sep 2008 20:07:59 -0000 1.710
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.5.8
-Release: 5%{?dist}
+Release: 6%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -381,6 +381,9 @@
%endif
%changelog
+* Mon Sep 22 2008 Dan Walsh <dwalsh at redhat.com> 3.5.8-6
+- Fix transition to nsplugin
+
* Mon Sep 22 2008 Dan Walsh <dwalsh at redhat.com> 3.5.8-5
- Add file context for /dev/mspblk.*
- Previous message (by thread): rpms/file-browser-applet/F-9 .cvsignore, 1.2, 1.3 file-browser-applet.spec, 1.1, 1.2 sources, 1.2, 1.3 fba-cflags.patch, 1.1, NONE fba-libexecdir.patch, 1.1, NONE
- Next message (by thread): rpms/kernel/devel kernel.spec, 1.965, 1.966 linux-2.6-utrace.patch, 1.97, 1.98 linux-2.6-x86-tracehook.patch, 1.8, 1.9
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list