rpms/selinux-policy/F-9 policy-20071130.patch, 1.214, 1.215 selinux-policy.spec, 1.710, 1.711
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Sep 23 20:09:58 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv12131
Modified Files:
policy-20071130.patch selinux-policy.spec
Log Message:
* Tue Sep 23 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-94
- Update to latest policy for NetworkManager
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.214
retrieving revision 1.215
diff -u -r1.214 -r1.215
--- policy-20071130.patch 23 Sep 2008 14:04:56 -0000 1.214
+++ policy-20071130.patch 23 Sep 2008 20:09:57 -0000 1.215
@@ -15267,7 +15267,7 @@
/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.3.1/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/dbus.if 2008-09-08 11:45:12.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/dbus.if 2008-09-23 15:34:07.000000000 -0400
@@ -53,6 +53,7 @@
gen_require(`
type system_dbusd_exec_t, system_dbusd_t, dbusd_etc_t;
@@ -15479,7 +15479,7 @@
## Read dbus configuration.
## </summary>
## <param name="domain">
-@@ -366,3 +431,73 @@
+@@ -366,3 +431,74 @@
allow $1 system_dbusd_t:dbus *;
')
@@ -15552,10 +15552,11 @@
+ ')
+
+ allow $1 system_dbusd_t:tcp_socket { read write };
++ allow $1 system_dbusd_t:fd use;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.3.1/policy/modules/services/dbus.te
--- nsaserefpolicy/policy/modules/services/dbus.te 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/dbus.te 2008-09-08 11:45:12.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/dbus.te 2008-09-23 15:32:58.000000000 -0400
@@ -9,9 +9,10 @@
#
# Delcarations
@@ -15628,20 +15629,25 @@
domain_use_interactive_fds(system_dbusd_t)
-@@ -91,6 +107,8 @@
+@@ -91,6 +107,9 @@
init_use_fds(system_dbusd_t)
init_use_script_ptys(system_dbusd_t)
+init_dbus_chat_script(system_dbusd_t)
+init_bin_domtrans_spec(system_dbusd_t)
++init_domtrans_script(system_dbusd_t)
libs_use_ld_so(system_dbusd_t)
libs_use_shared_libs(system_dbusd_t)
-@@ -121,9 +139,37 @@
+@@ -121,9 +140,37 @@
')
optional_policy(`
-+ networkmanager_init_script_domtrans_spec(system_dbusd_t)
++ consolekit_dbus_chat(system_dbusd_t)
++')
++
++optional_policy(`
++ networkmanager_script_domtrans(system_dbusd_t)
+')
+
+optional_policy(`
@@ -15658,10 +15664,6 @@
')
+
+optional_policy(`
-+ consolekit_dbus_chat(system_dbusd_t)
-+')
-+
-+optional_policy(`
+ gen_require(`
+ type unconfined_dbusd_t;
+ attribute domain;
@@ -20330,24 +20332,36 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.3.1/policy/modules/services/networkmanager.fc
--- nsaserefpolicy/policy/modules/services/networkmanager.fc 2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/networkmanager.fc 2008-09-08 11:45:12.000000000 -0400
-@@ -1,7 +1,13 @@
++++ serefpolicy-3.3.1/policy/modules/services/networkmanager.fc 2008-09-23 15:27:49.000000000 -0400
+@@ -1,7 +1,16 @@
++/etc/NetworkManager/dispatcher\.d(/.*) gen_context(system_u:object_r:NetworkManager_script_exec_t,s0)
++
++/sbin/wpa_supplicant -- gen_context(system_u:object_r:NetworkManager_exec_t,s0)
++
/usr/s?bin/NetworkManager -- gen_context(system_u:object_r:NetworkManager_exec_t,s0)
/usr/s?bin/wpa_supplicant -- gen_context(system_u:object_r:NetworkManager_exec_t,s0)
+/usr/sbin/NetworkManagerDispatcher -- gen_context(system_u:object_r:NetworkManager_exec_t,s0)
+/usr/sbin/nm-system-settings -- gen_context(system_u:object_r:NetworkManager_exec_t,s0)
++
++/var/log/wpa_supplicant.* -- gen_context(system_u:object_r:NetworkManager_log_t,s0)
/var/run/NetworkManager\.pid -- gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
/var/run/NetworkManager(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
/var/run/wpa_supplicant(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
/var/run/wpa_supplicant-global -s gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
+/var/run/nm-dhclient.* gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-+
-+/var/log/wpa_supplicant\.log.* -- gen_context(system_u:object_r:NetworkManager_log_t,s0)
-+/etc/NetworkManager/dispatcher.d(/.*) gen_context(system_u:object_r:NetworkManager_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.3.1/policy/modules/services/networkmanager.if
--- nsaserefpolicy/policy/modules/services/networkmanager.if 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/networkmanager.if 2008-09-08 11:45:12.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/networkmanager.if 2008-09-23 15:27:57.000000000 -0400
+@@ -74,7 +74,7 @@
+ ')
+
+ corecmd_search_bin($1)
+- domtrans_pattern($1,NetworkManager_exec_t,NetworkManager_t)
++ domtrans_pattern($1, NetworkManager_exec_t, NetworkManager_t)
+ ')
+
+ ########################################
@@ -97,3 +97,58 @@
allow $1 NetworkManager_t:dbus send_msg;
allow NetworkManager_t $1:dbus send_msg;
@@ -20381,7 +20395,7 @@
+## </summary>
+## </param>
+#
-+interface(`networkmanager_init_script_domtrans_spec',`
++interface(`networkmanager_script_domtrans',`
+ gen_require(`
+ type NetworkManager_script_exec_t;
+ ')
@@ -20405,44 +20419,66 @@
+ ')
+
+ files_search_pids($1)
-+ read_files_pattern($1, NetworkManager_var_run_t, NetworkManager_var_run_t)
++ allow $1 NetworkManager_var_run_t:file read_file_perms;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.3.1/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/networkmanager.te 2008-09-08 11:45:12.000000000 -0400
-@@ -13,6 +13,13 @@
- type NetworkManager_var_run_t;
- files_pid_file(NetworkManager_var_run_t)
++++ serefpolicy-3.3.1/policy/modules/services/networkmanager.te 2008-09-23 16:07:05.000000000 -0400
+@@ -1,5 +1,5 @@
+-policy_module(networkmanager,1.9.0)
++policy_module(networkmanager, 1.10.2)
+
+ ########################################
+ #
+@@ -8,7 +8,16 @@
+
+ type NetworkManager_t;
+ type NetworkManager_exec_t;
+-init_daemon_domain(NetworkManager_t,NetworkManager_exec_t)
++init_daemon_domain(NetworkManager_t, NetworkManager_exec_t)
++
+type NetworkManager_log_t;
+logging_log_file(NetworkManager_log_t)
+
+type NetworkManager_script_exec_t;
+init_script_file(NetworkManager_script_exec_t)
-+init_script_domtrans_spec(NetworkManager_t, NetworkManager_script_exec_t)
+
- ########################################
- #
- # Local policy
-@@ -20,9 +27,9 @@
++type NetworkManager_tmp_t;
++files_tmp_file(NetworkManager_tmp_t)
+
+ type NetworkManager_var_run_t;
+ files_pid_file(NetworkManager_var_run_t)
+@@ -20,9 +29,9 @@
# networkmanager will ptrace itself if gdb is installed
# and it receives a unexpected signal (rh bug #204161)
-allow NetworkManager_t self:capability { kill setgid setuid sys_nice dac_override net_admin net_raw net_bind_service ipc_lock };
-+allow NetworkManager_t self:capability { chown fsetid kill setgid setuid sys_nice dac_override net_admin net_raw net_bind_service ipc_lock };
++allow NetworkManager_t self:capability { chown fsetid kill setgid setuid sys_admin sys_nice dac_override net_admin net_raw net_bin_dservice ipc_lock };
dontaudit NetworkManager_t self:capability { sys_tty_config sys_ptrace };
-allow NetworkManager_t self:process { ptrace setcap setpgid getsched signal_perms };
+allow NetworkManager_t self:process { ptrace getcap setcap setpgid getsched setsched signal_perms };
allow NetworkManager_t self:fifo_file rw_fifo_file_perms;
allow NetworkManager_t self:unix_dgram_socket { sendto create_socket_perms };
allow NetworkManager_t self:unix_stream_socket create_stream_socket_perms;
-@@ -38,10 +45,14 @@
- manage_sock_files_pattern(NetworkManager_t,NetworkManager_var_run_t,NetworkManager_var_run_t)
+@@ -33,15 +42,22 @@
+
+ can_exec(NetworkManager_t, NetworkManager_exec_t)
+
+-manage_dirs_pattern(NetworkManager_t,NetworkManager_var_run_t,NetworkManager_var_run_t)
+-manage_files_pattern(NetworkManager_t,NetworkManager_var_run_t,NetworkManager_var_run_t)
+-manage_sock_files_pattern(NetworkManager_t,NetworkManager_var_run_t,NetworkManager_var_run_t)
++manage_files_pattern(NetworkManager_t, NetworkManager_log_t, NetworkManager_log_t)
++logging_log_filetrans(NetworkManager_t, NetworkManager_log_t, file)
++
++manage_sock_files_pattern(NetworkManager_t, NetworkManager_tmp_t, NetworkManager_tmp_t)
++files_tmp_filetrans(NetworkManager_t, NetworkManager_tmp_t, sock_file)
++
++manage_dirs_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
++manage_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
++manage_sock_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
files_pid_filetrans(NetworkManager_t,NetworkManager_var_run_t, { dir file sock_file })
-+manage_files_pattern(NetworkManager_t,NetworkManager_log_t,NetworkManager_log_t)
-+logging_log_filetrans(NetworkManager_t,NetworkManager_log_t, file)
-+
kernel_read_system_state(NetworkManager_t)
kernel_read_network_state(NetworkManager_t)
kernel_read_kernel_sysctls(NetworkManager_t)
@@ -20451,7 +20487,7 @@
corenet_all_recvfrom_unlabeled(NetworkManager_t)
corenet_all_recvfrom_netlabel(NetworkManager_t)
-@@ -64,9 +75,11 @@
+@@ -64,9 +80,11 @@
dev_read_sysfs(NetworkManager_t)
dev_read_rand(NetworkManager_t)
dev_read_urand(NetworkManager_t)
@@ -20463,14 +20499,12 @@
mls_file_read_all_levels(NetworkManager_t)
-@@ -82,10 +95,16 @@
- files_read_etc_files(NetworkManager_t)
+@@ -83,9 +101,14 @@
files_read_etc_runtime_files(NetworkManager_t)
files_read_usr_files(NetworkManager_t)
-+files_list_tmp(NetworkManager_t)
-+
-+storage_getattr_fixed_disk_dev(NetworkManager_t)
++storage_getattr_fixed_disk_dev(NetworkManager_t)
++
init_read_utmp(NetworkManager_t)
+init_dontaudit_write_utmp(NetworkManager_t)
init_domtrans_script(NetworkManager_t)
@@ -20480,23 +20514,29 @@
libs_use_ld_so(NetworkManager_t)
libs_use_shared_libs(NetworkManager_t)
-@@ -113,6 +132,9 @@
+@@ -109,10 +132,14 @@
+ sysnet_etc_filetrans_config(NetworkManager_t)
+
+ userdom_dontaudit_use_unpriv_user_fds(NetworkManager_t)
+-userdom_dontaudit_search_sysadm_home_dirs(NetworkManager_t)
userdom_dontaudit_use_unpriv_users_ttys(NetworkManager_t)
# Read gnome-keyring
userdom_read_unpriv_users_home_content_files(NetworkManager_t)
+userdom_unpriv_users_stream_connect(NetworkManager_t)
+
++userdom_dontaudit_search_sysadm_home_dirs(NetworkManager_t)
++
+cron_read_system_job_lib_files(NetworkManager_t)
optional_policy(`
bind_domtrans(NetworkManager_t)
-@@ -129,21 +151,21 @@
+@@ -129,21 +156,26 @@
')
optional_policy(`
- dbus_system_bus_client_template(NetworkManager,NetworkManager_t)
- dbus_connect_system_bus(NetworkManager_t)
-+ dbus_system_domain(NetworkManager_t,NetworkManager_exec_t)
++ dbus_system_domain(NetworkManager_t, NetworkManager_exec_t)
')
optional_policy(`
@@ -20511,14 +20551,23 @@
optional_policy(`
- nscd_socket_use(NetworkManager_t)
++ nscd_domtrans(NetworkManager_t)
nscd_signal(NetworkManager_t)
+ nscd_script_domtrans(NetworkManager_t)
-+ nscd_domtrans(NetworkManager_t)
++')
++
++optional_policy(`
++ # Dispatcher starting and stoping ntp
++ ntp_script_domtrans(NetworkManager_t)
')
optional_policy(`
-@@ -155,19 +177,21 @@
- ppp_domtrans(NetworkManager_t)
+@@ -152,22 +184,25 @@
+ ')
+
+ optional_policy(`
+- ppp_domtrans(NetworkManager_t)
++ ppp_script_domtrans(NetworkManager_t)
ppp_read_pid_files(NetworkManager_t)
ppp_signal(NetworkManager_t)
+ ppp_signull(NetworkManager_t)
@@ -20527,8 +20576,9 @@
optional_policy(`
- seutil_sigchld_newrole(NetworkManager_t)
-+ # Dispatcher starting and stoping ntp
-+ ntp_script_domtrans(NetworkManager_t)
++ rpm_exec(NetworkManager_t)
++ rpm_read_db(NetworkManager_t)
++ rpm_dontaudit_manage_db(NetworkManager_t)
')
optional_policy(`
@@ -23461,17 +23511,20 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.fc serefpolicy-3.3.1/policy/modules/services/ppp.fc
--- nsaserefpolicy/policy/modules/services/ppp.fc 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/ppp.fc 2008-09-08 11:45:12.000000000 -0400
-@@ -33,3 +33,5 @@
-
- /var/log/ppp-connect-errors.* -- gen_context(system_u:object_r:pppd_log_t,s0)
- /var/log/ppp/.* -- gen_context(system_u:object_r:pppd_log_t,s0)
-+
++++ serefpolicy-3.3.1/policy/modules/services/ppp.fc 2008-09-23 15:54:31.000000000 -0400
+@@ -1,6 +1,8 @@
+ #
+ # /etc
+ #
+/etc/rc\.d/init\.d/ppp -- gen_context(system_u:object_r:pppd_script_exec_t,s0)
++
+ /etc/ppp -d gen_context(system_u:object_r:pppd_etc_t,s0)
+ /etc/ppp(/.*)? -- gen_context(system_u:object_r:pppd_etc_rw_t,s0)
+ /etc/ppp/peers(/.*)? gen_context(system_u:object_r:pppd_etc_rw_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.3.1/policy/modules/services/ppp.if
--- nsaserefpolicy/policy/modules/services/ppp.if 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/ppp.if 2008-09-08 11:45:12.000000000 -0400
-@@ -95,6 +95,24 @@
++++ serefpolicy-3.3.1/policy/modules/services/ppp.if 2008-09-23 15:53:51.000000000 -0400
+@@ -76,6 +76,24 @@
########################################
## <summary>
@@ -23493,16 +23546,62 @@
+
+########################################
+## <summary>
- ## Conditionally execute ppp daemon on behalf of a user or staff type.
+ ## Execute domain in the ppp domain.
## </summary>
## <param name="domain">
-@@ -297,38 +315,42 @@
+@@ -102,6 +120,16 @@
+ ## Domain allowed access.
+ ## </summary>
+ ## </param>
++## <param name="role">
++## <summary>
++## The role to allow the ppp domain.
++## </summary>
++## </param>
++## <param name="terminal">
++## <summary>
++## The type of the terminal allow the ppp domain to use.
++## </summary>
++## </param>
+ ## <rolecap/>
+ #
+ interface(`ppp_run_cond',`
+@@ -272,6 +300,24 @@
+
+ ########################################
+ ## <summary>
++## Execute ppp server in the ntpd domain.
++## </summary>
++## <param name="domain">
++## <summary>
++## The type of the process performing this action.
++## </summary>
++## </param>
++#
++interface(`ppp_script_domtrans',`
++ gen_require(`
++ type pppd_script_exec_t;
++ ')
++
++ init_script_domtrans_spec($1, pppd_script_exec_t)
++')
++
++########################################
++## <summary>
+ ## All of the rules required to administrate
+ ## an ppp environment
+ ## </summary>
+@@ -295,40 +341,51 @@
+ interface(`ppp_admin',`
+ gen_require(`
type pppd_t, pppd_tmp_t, pppd_log_t, pppd_lock_t;
- type pppd_etc_t, pppd_script_t, pppd_secret_t;
- type pppd_etc_rw_t, pppd_var_lib_t, pppd_var_run_t;
--
+- type pppd_etc_t, pppd_script_t, pppd_secret_t;
+- type pppd_etc_rw_t, pppd_var_lib_t, pppd_var_run_t;
++ type pppd_etc_t, pppd_secret_t;
++ type pppd_etc_rw_t, pppd_var_run_t;
+
type pptp_t, pptp_log_t, pptp_var_run_t;
-+ type pppd_script_exec_t;
++ type pppd_script_exec_t;
')
allow $1 pppd_t:process { ptrace signal_perms getattr };
@@ -23511,6 +23610,12 @@
+ allow $1 pptp_t:process { ptrace signal_perms getattr };
+ ps_process_pattern($1, pptp_t)
+
++ # Allow admin domain to restart the pppd_t service
++ ppp_script_domtrans($1)
++ domain_system_change_exemption($1)
++ role_transition $2 pppd_script_exec_t system_r;
++ allow $2 system_r;
++
files_list_tmp($1)
- manage_files_pattern($1, pppd_tmp_t, pppd_tmp_t)
+ manage_all_pattern($1,pppd_tmp_t)
@@ -23518,22 +23623,22 @@
logging_list_logs($1)
- manage_files_pattern($1, pppd_log_t, pppd_log_t)
+ manage_all_pattern($1,pppd_log_t)
++
++ manage_all_pattern($1,pptp_log_t)
- manage_files_pattern($1, pppd_lock_t, pppd_lock_t)
-+ manage_all_pattern($1,pptp_log_t)
-+
+ manage_all_pattern($1,pppd_lock_t)
files_list_etc($1)
- manage_files_pattern($1, pppd_etc_t, pppd_etc_t)
+ manage_all_pattern($1,pppd_etc_t)
-+
-+ manage_all_pattern($1,pppd_etc_rw_t)
- manage_files_pattern($1, pppd_etc_rw_t, pppd_etc_rw_t)
-+ manage_all_pattern($1,pppd_secret_t)
++ manage_all_pattern($1,pppd_etc_rw_t)
- manage_files_pattern($1, pppd_secret_t, pppd_secret_t)
++ manage_all_pattern($1,pppd_secret_t)
++
+ manage_all_pattern($1,pppd_script_exec_t)
files_list_var_lib($1)
@@ -28744,7 +28849,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.3.1/policy/modules/services/squid.te
--- nsaserefpolicy/policy/modules/services/squid.te 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/squid.te 2008-09-08 11:45:13.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/squid.te 2008-09-23 15:23:50.000000000 -0400
@@ -31,12 +31,15 @@
type squid_var_run_t;
files_pid_file(squid_var_run_t)
@@ -28795,7 +28900,11 @@
libs_use_ld_so(squid_t)
libs_use_shared_libs(squid_t)
-@@ -148,11 +156,7 @@
+@@ -145,14 +153,11 @@
+
+ tunable_policy(`squid_connect_any',`
+ corenet_tcp_connect_all_ports(squid_t)
++ corenet_tcp_bind_all_ports(squid_t)
')
optional_policy(`
@@ -28808,7 +28917,7 @@
')
optional_policy(`
-@@ -167,7 +171,12 @@
+@@ -167,7 +172,12 @@
udev_read_db(squid_t)
')
@@ -32875,7 +32984,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.3.1/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/init.te 2008-09-08 11:45:13.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/init.te 2008-09-23 15:44:00.000000000 -0400
@@ -10,6 +10,20 @@
# Declarations
#
@@ -33054,7 +33163,15 @@
selinux_get_enforce_mode(initrc_t)
-@@ -496,6 +535,31 @@
+@@ -352,6 +391,7 @@
+ libs_use_shared_libs(initrc_t)
+ libs_exec_lib_files(initrc_t)
+
++logging_send_audit_msgs(initrc_t)
+ logging_send_syslog_msg(initrc_t)
+ logging_manage_generic_logs(initrc_t)
+ logging_read_all_logs(initrc_t)
+@@ -496,6 +536,31 @@
')
')
@@ -33086,7 +33203,7 @@
optional_policy(`
amavis_search_lib(initrc_t)
amavis_setattr_pid_files(initrc_t)
-@@ -554,16 +618,12 @@
+@@ -554,16 +619,12 @@
dbus_read_config(initrc_t)
optional_policy(`
@@ -33107,7 +33224,7 @@
')
optional_policy(`
-@@ -639,12 +699,6 @@
+@@ -639,12 +700,6 @@
mta_read_config(initrc_t)
mta_dontaudit_read_spool_symlinks(initrc_t)
')
@@ -33120,7 +33237,7 @@
optional_policy(`
ifdef(`distro_redhat',`
-@@ -705,6 +759,9 @@
+@@ -705,6 +760,9 @@
# why is this needed:
rpm_manage_db(initrc_t)
@@ -33130,7 +33247,7 @@
')
optional_policy(`
-@@ -717,9 +774,11 @@
+@@ -717,9 +775,11 @@
squid_manage_logs(initrc_t)
')
@@ -33145,7 +33262,7 @@
')
optional_policy(`
-@@ -738,6 +797,11 @@
+@@ -738,6 +798,11 @@
uml_setattr_util_sockets(initrc_t)
')
@@ -33157,7 +33274,7 @@
optional_policy(`
unconfined_domain(initrc_t)
-@@ -752,6 +816,10 @@
+@@ -752,6 +817,10 @@
')
optional_policy(`
@@ -33168,7 +33285,7 @@
vmware_read_system_config(initrc_t)
vmware_append_system_config(initrc_t)
')
-@@ -774,3 +842,4 @@
+@@ -774,3 +843,4 @@
optional_policy(`
zebra_read_config(initrc_t)
')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/selinux-policy.spec,v
retrieving revision 1.710
retrieving revision 1.711
diff -u -r1.710 -r1.711
--- selinux-policy.spec 23 Sep 2008 13:27:34 -0000 1.710
+++ selinux-policy.spec 23 Sep 2008 20:09:58 -0000 1.711
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.3.1
-Release: 93%{?dist}
+Release: 94%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -386,6 +386,9 @@
%endif
%changelog
+* Tue Sep 23 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-94
+- Update to latest policy for NetworkManager
+
* Mon Sep 22 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-93
- Add /dev/msp* support
- Update prewikka support
More information about the fedora-extras-commits
mailing list