rpms/selinux-policy/F-10 policy-20080710.patch, 1.161, 1.162 selinux-policy.spec, 1.789, 1.790
Miroslav Grepl
mgrepl at fedoraproject.org
Tue Apr 14 15:55:17 UTC 2009
- Previous message (by thread): rpms/uriparser/devel .cvsignore, 1.2, 1.3 import.log, 1.1, 1.2 sources, 1.2, 1.3 uriparser.spec, 1.2, 1.3
- Next message (by thread): rpms/pyodbc/F-9 .cvsignore,1.3,1.4 sources,1.3,1.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mgrepl
Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv11704
Modified Files:
policy-20080710.patch selinux-policy.spec
Log Message:
- Fix iptables labeling
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.161
retrieving revision 1.162
diff -u -r1.161 -r1.162
--- policy-20080710.patch 14 Apr 2009 10:34:48 -0000 1.161
+++ policy-20080710.patch 14 Apr 2009 15:54:45 -0000 1.162
@@ -25651,9 +25651,11 @@
allow radvd_t self:unix_dgram_socket create_socket_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.fc serefpolicy-3.5.13/policy/modules/services/razor.fc
--- nsaserefpolicy/policy/modules/services/razor.fc 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/razor.fc 2009-02-10 15:07:15.000000000 +0100
-@@ -1,4 +1,4 @@
++++ serefpolicy-3.5.13/policy/modules/services/razor.fc 2009-04-14 17:49:39.000000000 +0200
+@@ -1,4 +1,6 @@
-HOME_DIR/\.razor(/.*)? gen_context(system_u:object_r:ROLE_razor_home_t,s0)
++/root/\.razor(/.*)? gen_context(system_u:object_r:spamc_home_t,s0)
++
+HOME_DIR/\.razor(/.*)? gen_context(system_u:object_r:razor_home_t,s0)
/etc/razor(/.*)? gen_context(system_u:object_r:razor_etc_t,s0)
@@ -28048,13 +28050,11 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.5.13/policy/modules/services/spamassassin.fc
--- nsaserefpolicy/policy/modules/services/spamassassin.fc 2008-10-17 14:49:11.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/spamassassin.fc 2009-04-14 10:34:25.000000000 +0200
-@@ -1,16 +1,26 @@
++++ serefpolicy-3.5.13/policy/modules/services/spamassassin.fc 2009-04-14 17:49:28.000000000 +0200
+@@ -1,16 +1,24 @@
-HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:ROLE_spamassassin_home_t,s0)
+HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:spamc_home_t,s0)
+
-+/root/\.razor(/.*)? gen_context(system_u:object_r:spamc_home_t,s0)
-+
+/etc/rc\.d/init\.d/spamd -- gen_context(system_u:object_r:spamd_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/mimedefang.* -- gen_context(system_u:object_r:spamd_initrc_exec_t,s0)
@@ -33416,11 +33416,19 @@
allow setkey_t ipsec_conf_file_t:dir list_dir_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.fc serefpolicy-3.5.13/policy/modules/system/iptables.fc
--- nsaserefpolicy/policy/modules/system/iptables.fc 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/system/iptables.fc 2009-03-25 22:38:51.000000000 +0100
-@@ -6,3 +6,4 @@
- /usr/sbin/ip6tables.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
- /usr/sbin/ipchains.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
- /usr/sbin/iptables.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
++++ serefpolicy-3.5.13/policy/modules/system/iptables.fc 2009-04-14 17:49:05.000000000 +0200
+@@ -1,8 +1,6 @@
+
+-/sbin/ip6tables.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
+-/sbin/ipchains.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
+-/sbin/iptables.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
++/sbin/ip6?tables -- gen_context(system_u:object_r:iptables_exec_t,s0)
++/sbin/ip6?tables-restore -- gen_context(system_u:object_r:iptables_exec_t,s0)
++/sbin/ip6?tables-multi -- gen_context(system_u:object_r:iptables_exec_t,s0)
+
+-/usr/sbin/ip6tables.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
+-/usr/sbin/ipchains.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
+-/usr/sbin/iptables.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
+/var/lib/shorewall(/.*)? -- gen_context(system_u:object_r:iptables_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.5.13/policy/modules/system/iptables.te
--- nsaserefpolicy/policy/modules/system/iptables.te 2008-10-17 14:49:13.000000000 +0200
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/selinux-policy.spec,v
retrieving revision 1.789
retrieving revision 1.790
diff -u -r1.789 -r1.790
--- selinux-policy.spec 14 Apr 2009 10:34:50 -0000 1.789
+++ selinux-policy.spec 14 Apr 2009 15:54:46 -0000 1.790
@@ -463,6 +463,7 @@
* Tue Apr 14 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-56
- Fix fail2ban policy
- Allow sendmail to read fail2ban_var_lib_t
+- Fix iptables labeling
* Tue Apr 7 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-55
- Allow swat_t domtrans to smbd_t
- Previous message (by thread): rpms/uriparser/devel .cvsignore, 1.2, 1.3 import.log, 1.1, 1.2 sources, 1.2, 1.3 uriparser.spec, 1.2, 1.3
- Next message (by thread): rpms/pyodbc/F-9 .cvsignore,1.3,1.4 sources,1.3,1.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list