rpms/selinux-policy/F-10 policy-20080710.patch,1.157,1.158

Fri Apr 3 13:33:32 UTC 2009

Author: mgrepl

Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv21355

Modified Files:
	policy-20080710.patch 
Log Message:
- Allow swat_t domtrans to smbd_t


policy-20080710.patch:

Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.157
retrieving revision 1.158
diff -u -r1.157 -r1.158

--- policy-20080710.patch	30 Mar 2009 15:26:50 -0000	1.157
+++ policy-20080710.patch	3 Apr 2009 13:33:31 -0000	1.158
@@ -7200,7 +7200,7 @@
  network_port(xfs, tcp,7100,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.5.13/policy/modules/kernel/devices.fc
 --- nsaserefpolicy/policy/modules/kernel/devices.fc	2008-10-17 14:49:14.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/kernel/devices.fc	2009-03-25 13:47:42.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/kernel/devices.fc	2009-04-03 15:22:46.000000000 +0200
 @@ -1,8 +1,9 @@
  
  /dev			-d	gen_context(system_u:object_r:device_t,s0)
@@ -7342,7 +7342,7 @@
  /dev/usb/mdc800.*	-c	gen_context(system_u:object_r:scanner_device_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.5.13/policy/modules/kernel/devices.if
 --- nsaserefpolicy/policy/modules/kernel/devices.if	2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/kernel/devices.if	2009-03-25 14:08:22.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/kernel/devices.if	2009-04-03 10:50:33.000000000 +0200
 @@ -65,7 +65,7 @@
  
  	relabelfrom_dirs_pattern($1, device_t, device_node)
@@ -7930,7 +7930,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.5.13/policy/modules/kernel/devices.te
 --- nsaserefpolicy/policy/modules/kernel/devices.te	2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/kernel/devices.te	2009-03-25 13:47:42.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/kernel/devices.te	2009-04-03 10:51:23.000000000 +0200
 @@ -1,5 +1,5 @@
  
 -policy_module(devices, 1.7.0)
@@ -18406,7 +18406,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.5.13/policy/modules/services/lircd.te
 --- nsaserefpolicy/policy/modules/services/lircd.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.5.13/policy/modules/services/lircd.te	2009-03-27 14:56:59.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/lircd.te	2009-04-03 15:23:05.000000000 +0200
 @@ -0,0 +1,60 @@
 +policy_module(lircd,1.0.0)
 +
@@ -26581,7 +26581,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.5.13/policy/modules/services/samba.te
 --- nsaserefpolicy/policy/modules/services/samba.te	2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/samba.te	2009-02-26 15:44:58.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/samba.te	2009-04-03 11:57:58.000000000 +0200
 @@ -66,6 +66,13 @@
  ## </desc>
  gen_tunable(samba_share_nfs, false)
@@ -26902,7 +26902,7 @@
  allow swat_t self:udp_socket create_socket_perms;
  
 +allow swat_t self:unix_stream_socket connectto;
-+can_exec(swat_t, smbd_exec_t)
++samba_domtrans_smb(swat_t)
 +allow swat_t smbd_port_t:tcp_socket name_bind;
 +allow swat_t smbd_t:process { signal signull };
 +allow swat_t smbd_var_run_t:file { lock unlink };
@@ -33306,7 +33306,7 @@
  allow iscsid_t iscsi_tmp_t:dir manage_dir_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.5.13/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/system/libraries.fc	2009-03-30 17:17:31.000000000 +0200
++++ serefpolicy-3.5.13/policy/modules/system/libraries.fc	2009-04-03 10:47:07.000000000 +0200
 @@ -60,12 +60,15 @@
  #
  # /opt
@@ -33405,7 +33405,7 @@
  /usr/lib(64)?/libstdc\+\+\.so\.2\.7\.2\.8 --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/libg\+\+\.so\.2\.7\.2\.8	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/libglide3\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -187,6 +205,7 @@
+@@ -187,12 +205,14 @@
  /usr/lib(64)?/libdv\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/helix/plugins/[^/]*\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/helix/codecs/[^/]*\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -33413,7 +33413,14 @@
  /usr/lib(64)?/libSDL-.*\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/xorg/modules/dri/.+\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/X11R6/lib/modules/dri/.+\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -208,6 +227,9 @@
+ /usr/lib(64)?/dri/.+\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/X11R6/lib/libOSMesa\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/X11R6/lib/libfglrx_gamma\.so.* 	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib/libOSMesa\.so.*                --      gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libHermes\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/valgrind/hp2ps		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/valgrind/stage2		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+@@ -208,6 +228,9 @@
  /usr/lib(64)?/.*/program/libsoffice\.so  --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/(.*/)?pcsc/drivers(/.*)?/lib(cm2020|cm4000|SCR24x)\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  
@@ -33423,7 +33430,7 @@
  # Fedora Extras packages: ladspa, imlib2, ocaml
  /usr/lib(64)?/ladspa/analogue_osc_1416\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/ladspa/bandpass_a_iir_1893\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -233,7 +255,7 @@
+@@ -233,7 +256,7 @@
  /usr/lib(64)?/php/modules/.+\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  
  # Livna.org packages: xmms-mp3, ffmpeg, xvidcore, xine-lib, gsm, lame
@@ -33432,7 +33439,7 @@
  /usr/lib(64)?/codecs/drv[1-9c]\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/libpostproc\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/libavformat.*\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -246,13 +268,16 @@
+@@ -246,13 +269,16 @@
  
  # Flash plugin, Macromedia
  HOME_DIR/\.mozilla(/.*)?/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -33451,7 +33458,7 @@
  # Jai, Sun Microsystems (Jpackage SPRM)
  /usr/lib(64)?/libmlib_jai\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/libdivxdecore\.so\.0	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -267,6 +292,9 @@
+@@ -267,6 +293,9 @@
  /usr/lib(64)?/vmware/lib(/.*)?/HConfig\.so  --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/vmware/(.*/)?VmPerl\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  
@@ -33461,7 +33468,7 @@
  # Java, Sun Microsystems (JPackage SRPM)
  /usr/(.*/)?jre.*/.*\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/local/(.*/)?jre.*/.*\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -291,6 +319,8 @@
+@@ -291,6 +320,8 @@
  /usr/lib/acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib/acroread/.+\.api		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib/acroread/(.*/)?ADMPlugin\.apl	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -33470,7 +33477,7 @@
  ') dnl end distro_redhat
  
  #
-@@ -307,6 +337,36 @@
+@@ -307,6 +338,36 @@
  /var/lib/samba/bin/.+\.so(\.[^/]*)*	-l	gen_context(system_u:object_r:lib_t,s0)
  ')
  


