rpms/selinux-policy/devel policy-20090105.patch, 1.83, 1.84 selinux-policy.spec, 1.820, 1.821

Daniel J Walsh dwalsh at fedoraproject.org
Wed Apr 8 13:18:21 UTC 2009 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29966

Modified Files:
	policy-20090105.patch selinux-policy.spec 
Log Message:
* Wed Apr 7 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-2
- Make sure unconfined_java_t and unconfined_mono_t create user_tmpfs_t.


policy-20090105.patch:

Index: policy-20090105.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20090105.patch,v
retrieving revision 1.83
retrieving revision 1.84
diff -u -r1.83 -r1.84
--- policy-20090105.patch	8 Apr 2009 00:59:45 -0000	1.83
+++ policy-20090105.patch	8 Apr 2009 13:18:20 -0000	1.84
@@ -1980,7 +1980,7 @@
 +/usr/lib/opera(/.*)?/opera	--	gen_context(system_u:object_r:java_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.6.12/policy/modules/apps/java.if
 --- nsaserefpolicy/policy/modules/apps/java.if	2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/java.if	2009-04-07 16:01:44.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/java.if	2009-04-08 08:35:54.000000000 -0400
 @@ -30,6 +30,7 @@
  
  	allow java_t $2:unix_stream_socket connectto;
@@ -1989,7 +1989,7 @@
  ')
  
  ########################################
-@@ -68,3 +69,128 @@
+@@ -68,3 +69,129 @@
  	domtrans_pattern($1, java_exec_t, unconfined_java_t)
  	corecmd_search_bin($1)
  ')
@@ -2104,6 +2104,7 @@
 +	domain_interactive_fd($1_java_t)
 +
 +	userdom_unpriv_usertype($1, $1_java_t)
++	userdom_manage_tmpfs_role($2, $1_java_t)
 +
 +	allow $1_java_t self:process { ptrace signal getsched execmem execstack };
 +	allow $3 $1_java_t:process { getattr ptrace noatsecure signal_perms };
@@ -2266,8 +2267,8 @@
 +seutil_domtrans_setfiles_mac(livecd_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.6.12/policy/modules/apps/mono.if
 --- nsaserefpolicy/policy/modules/apps/mono.if	2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/apps/mono.if	2009-04-07 16:01:44.000000000 -0400
-@@ -21,6 +21,103 @@
++++ serefpolicy-3.6.12/policy/modules/apps/mono.if	2009-04-08 08:35:44.000000000 -0400
+@@ -21,6 +21,104 @@
  
  ########################################
  ## <summary>
@@ -2352,6 +2353,7 @@
 +	domain_interactive_fd($1_mono_t)
 +
 +	userdom_unpriv_usertype($1, $1_mono_t)
++	userdom_manage_tmpfs_role($2, $1_mono_t)
 +
 +	allow $1_mono_t self:process { ptrace signal getsched execheap execmem execstack };
 +	allow $3 $1_mono_t:process { getattr ptrace noatsecure signal_perms };
@@ -2371,7 +2373,7 @@
  ##	Execute the mono program in the caller domain.
  ## </summary>
  ## <param name="domain">
-@@ -31,7 +128,7 @@
+@@ -31,7 +129,7 @@
  #
  interface(`mono_exec',`
  	gen_require(`
@@ -22399,7 +22401,7 @@
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.6.12/policy/modules/services/xserver.te
 --- nsaserefpolicy/policy/modules/services/xserver.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/xserver.te	2009-04-07 16:01:44.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/xserver.te	2009-04-08 08:34:37.000000000 -0400
 @@ -34,6 +34,13 @@
  
  ## <desc>


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.820
retrieving revision 1.821
diff -u -r1.820 -r1.821
--- selinux-policy.spec	8 Apr 2009 00:59:46 -0000	1.820
+++ selinux-policy.spec	8 Apr 2009 13:18:20 -0000	1.821
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.12
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -444,6 +444,9 @@
 %endif
 
 %changelog
+* Wed Apr 7 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-2
+- Make sure unconfined_java_t and unconfined_mono_t create user_tmpfs_t.
+
 * Tue Apr 7 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-1
 - Upgrade to latest upstream
 - Allow devicekit_disk sys_rawio

More information about the fedora-extras-commits mailing list