rpms/selinux-policy/devel policy-20090105.patch, 1.83, 1.84 selinux-policy.spec, 1.820, 1.821
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Apr 8 13:18:21 UTC 2009
- Previous message (by thread): rpms/amanda/devel amanda-2.6.0p2-tcpport.patch, NONE, 1.1 amanda.spec, 1.57, 1.58
- Next message (by thread): rpms/libhbaapi/devel libhbaapi.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29966
Modified Files:
policy-20090105.patch selinux-policy.spec
Log Message:
* Wed Apr 7 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-2
- Make sure unconfined_java_t and unconfined_mono_t create user_tmpfs_t.
policy-20090105.patch:
Index: policy-20090105.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20090105.patch,v
retrieving revision 1.83
retrieving revision 1.84
diff -u -r1.83 -r1.84
--- policy-20090105.patch 8 Apr 2009 00:59:45 -0000 1.83
+++ policy-20090105.patch 8 Apr 2009 13:18:20 -0000 1.84
@@ -1980,7 +1980,7 @@
+/usr/lib/opera(/.*)?/opera -- gen_context(system_u:object_r:java_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.6.12/policy/modules/apps/java.if
--- nsaserefpolicy/policy/modules/apps/java.if 2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/java.if 2009-04-07 16:01:44.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/java.if 2009-04-08 08:35:54.000000000 -0400
@@ -30,6 +30,7 @@
allow java_t $2:unix_stream_socket connectto;
@@ -1989,7 +1989,7 @@
')
########################################
-@@ -68,3 +69,128 @@
+@@ -68,3 +69,129 @@
domtrans_pattern($1, java_exec_t, unconfined_java_t)
corecmd_search_bin($1)
')
@@ -2104,6 +2104,7 @@
+ domain_interactive_fd($1_java_t)
+
+ userdom_unpriv_usertype($1, $1_java_t)
++ userdom_manage_tmpfs_role($2, $1_java_t)
+
+ allow $1_java_t self:process { ptrace signal getsched execmem execstack };
+ allow $3 $1_java_t:process { getattr ptrace noatsecure signal_perms };
@@ -2266,8 +2267,8 @@
+seutil_domtrans_setfiles_mac(livecd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.6.12/policy/modules/apps/mono.if
--- nsaserefpolicy/policy/modules/apps/mono.if 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/apps/mono.if 2009-04-07 16:01:44.000000000 -0400
-@@ -21,6 +21,103 @@
++++ serefpolicy-3.6.12/policy/modules/apps/mono.if 2009-04-08 08:35:44.000000000 -0400
+@@ -21,6 +21,104 @@
########################################
## <summary>
@@ -2352,6 +2353,7 @@
+ domain_interactive_fd($1_mono_t)
+
+ userdom_unpriv_usertype($1, $1_mono_t)
++ userdom_manage_tmpfs_role($2, $1_mono_t)
+
+ allow $1_mono_t self:process { ptrace signal getsched execheap execmem execstack };
+ allow $3 $1_mono_t:process { getattr ptrace noatsecure signal_perms };
@@ -2371,7 +2373,7 @@
## Execute the mono program in the caller domain.
## </summary>
## <param name="domain">
-@@ -31,7 +128,7 @@
+@@ -31,7 +129,7 @@
#
interface(`mono_exec',`
gen_require(`
@@ -22399,7 +22401,7 @@
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.6.12/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/xserver.te 2009-04-07 16:01:44.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/xserver.te 2009-04-08 08:34:37.000000000 -0400
@@ -34,6 +34,13 @@
## <desc>
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.820
retrieving revision 1.821
diff -u -r1.820 -r1.821
--- selinux-policy.spec 8 Apr 2009 00:59:46 -0000 1.820
+++ selinux-policy.spec 8 Apr 2009 13:18:20 -0000 1.821
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.6.12
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -444,6 +444,9 @@
%endif
%changelog
+* Wed Apr 7 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-2
+- Make sure unconfined_java_t and unconfined_mono_t create user_tmpfs_t.
+
* Tue Apr 7 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-1
- Upgrade to latest upstream
- Allow devicekit_disk sys_rawio
- Previous message (by thread): rpms/amanda/devel amanda-2.6.0p2-tcpport.patch, NONE, 1.1 amanda.spec, 1.57, 1.58
- Next message (by thread): rpms/libhbaapi/devel libhbaapi.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list