rpms/selinux-policy/F-10 policy-20080710.patch, 1.162, 1.163 selinux-policy.spec, 1.790, 1.791
Miroslav Grepl
mgrepl at fedoraproject.org
Thu Apr 16 09:49:21 UTC 2009
- Previous message (by thread): rpms/geoclue/F-9 geoclue.spec,1.10,1.11 sources,1.2,1.3
- Next message (by thread): rpms/gnome-applet-timer/F-10 .cvsignore, 1.7, 1.8 gnome-applet-timer.spec, 1.23, 1.24 sources, 1.7, 1.8 timer-applet-2.0.1-stop-pulsing.patch, 1.2, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mgrepl
Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15877
Modified Files:
policy-20080710.patch selinux-policy.spec
Log Message:
- Fix iptables labeling
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.162
retrieving revision 1.163
diff -u -r1.162 -r1.163
--- policy-20080710.patch 14 Apr 2009 15:54:45 -0000 1.162
+++ policy-20080710.patch 16 Apr 2009 09:49:20 -0000 1.163
@@ -23475,7 +23475,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.5.13/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/postfix.te 2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/postfix.te 2009-04-16 11:01:18.000000000 +0200
@@ -6,6 +6,15 @@
# Declarations
#
@@ -23554,7 +23554,15 @@
allow postfix_master_t postfix_etc_t:file rw_file_perms;
-@@ -142,6 +159,7 @@
+@@ -132,6 +149,7 @@
+ # allow access to deferred queue and allow removing bogus incoming entries
+ manage_dirs_pattern(postfix_master_t, postfix_spool_t, postfix_spool_t)
+ manage_files_pattern(postfix_master_t, postfix_spool_t, postfix_spool_t)
++files_spool_filetrans(postfix_master_t, postfix_spool_t, dir)
+
+ allow postfix_master_t postfix_spool_bounce_t:dir manage_dir_perms;
+ allow postfix_master_t postfix_spool_bounce_t:file getattr;
+@@ -142,6 +160,7 @@
delete_files_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
rename_files_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
@@ -23562,7 +23570,7 @@
kernel_read_all_sysctls(postfix_master_t)
-@@ -153,14 +171,19 @@
+@@ -153,14 +172,19 @@
corenet_udp_sendrecv_all_nodes(postfix_master_t)
corenet_tcp_sendrecv_all_ports(postfix_master_t)
corenet_udp_sendrecv_all_ports(postfix_master_t)
@@ -23582,7 +23590,7 @@
# for a find command
selinux_dontaudit_search_fs(postfix_master_t)
-@@ -170,6 +193,8 @@
+@@ -170,6 +194,8 @@
domain_use_interactive_fds(postfix_master_t)
files_read_usr_files(postfix_master_t)
@@ -23591,7 +23599,7 @@
term_dontaudit_search_ptys(postfix_master_t)
-@@ -181,15 +206,14 @@
+@@ -181,15 +207,14 @@
mta_rw_aliases(postfix_master_t)
mta_read_sendmail_bin(postfix_master_t)
@@ -23611,7 +23619,7 @@
')
optional_policy(`
-@@ -202,9 +226,29 @@
+@@ -202,9 +227,29 @@
')
optional_policy(`
@@ -23641,7 +23649,7 @@
########################################
#
# Postfix bounce local policy
-@@ -245,6 +289,10 @@
+@@ -245,6 +290,10 @@
corecmd_exec_bin(postfix_cleanup_t)
@@ -23652,7 +23660,7 @@
########################################
#
# Postfix local local policy
-@@ -270,18 +318,25 @@
+@@ -270,18 +319,25 @@
files_read_etc_files(postfix_local_t)
@@ -23678,7 +23686,7 @@
')
optional_policy(`
-@@ -292,8 +347,7 @@
+@@ -292,8 +348,7 @@
#
# Postfix map local policy
#
@@ -23688,7 +23696,7 @@
allow postfix_map_t self:unix_stream_socket create_stream_socket_perms;
allow postfix_map_t self:unix_dgram_socket create_socket_perms;
allow postfix_map_t self:tcp_socket create_stream_socket_perms;
-@@ -343,8 +397,6 @@
+@@ -343,8 +398,6 @@
miscfiles_read_localization(postfix_map_t)
@@ -23697,7 +23705,7 @@
tunable_policy(`read_default_t',`
files_list_default(postfix_map_t)
files_read_default_files(postfix_map_t)
-@@ -357,6 +409,11 @@
+@@ -357,6 +410,11 @@
locallogin_dontaudit_use_fds(postfix_map_t)
')
@@ -23709,7 +23717,7 @@
########################################
#
# Postfix pickup local policy
-@@ -381,6 +438,7 @@
+@@ -381,6 +439,7 @@
#
allow postfix_pipe_t self:fifo_file rw_fifo_file_perms;
@@ -23717,7 +23725,7 @@
write_sock_files_pattern(postfix_pipe_t, postfix_private_t, postfix_private_t)
-@@ -388,6 +446,12 @@
+@@ -388,6 +447,12 @@
rw_files_pattern(postfix_pipe_t, postfix_spool_t, postfix_spool_t)
@@ -23730,7 +23738,7 @@
optional_policy(`
procmail_domtrans(postfix_pipe_t)
')
-@@ -397,6 +461,15 @@
+@@ -397,6 +462,15 @@
')
optional_policy(`
@@ -23746,7 +23754,7 @@
uucp_domtrans_uux(postfix_pipe_t)
')
-@@ -433,8 +506,11 @@
+@@ -433,8 +507,11 @@
')
optional_policy(`
@@ -23760,7 +23768,7 @@
')
#######################################
-@@ -460,6 +536,15 @@
+@@ -460,6 +537,15 @@
init_sigchld_script(postfix_postqueue_t)
init_use_script_fds(postfix_postqueue_t)
@@ -23776,7 +23784,7 @@
########################################
#
# Postfix qmgr local policy
-@@ -520,6 +605,11 @@
+@@ -520,6 +606,11 @@
cyrus_stream_connect(postfix_smtp_t)
')
@@ -23788,7 +23796,7 @@
########################################
#
# Postfix smtpd local policy
-@@ -540,9 +630,18 @@
+@@ -540,9 +631,18 @@
# for OpenSSL certificates
files_read_usr_files(postfix_smtpd_t)
@@ -23807,7 +23815,7 @@
mailman_read_data_files(postfix_smtpd_t)
')
-@@ -569,7 +668,7 @@
+@@ -569,7 +669,7 @@
files_tmp_filetrans(postfix_virtual_t, postfix_virtual_tmp_t, { file dir })
# connect to master process
@@ -33416,20 +33424,27 @@
allow setkey_t ipsec_conf_file_t:dir list_dir_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.fc serefpolicy-3.5.13/policy/modules/system/iptables.fc
--- nsaserefpolicy/policy/modules/system/iptables.fc 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/system/iptables.fc 2009-04-14 17:49:05.000000000 +0200
-@@ -1,8 +1,6 @@
++++ serefpolicy-3.5.13/policy/modules/system/iptables.fc 2009-04-16 11:43:52.000000000 +0200
+@@ -1,8 +1,13 @@
++/sbin/ip6tables.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
++/sbin/ipchains.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
++/sbin/ip6?tables -- gen_context(system_u:object_r:iptables_exec_t,s0)
++/sbin/ip6?tables-restore -- gen_context(system_u:object_r:iptables_exec_t,s0)
++/sbin/ip6?tables-multi -- gen_context(system_u:object_r:iptables_exec_t,s0)
-/sbin/ip6tables.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
-/sbin/ipchains.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
-/sbin/iptables.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
-+/sbin/ip6?tables -- gen_context(system_u:object_r:iptables_exec_t,s0)
-+/sbin/ip6?tables-restore -- gen_context(system_u:object_r:iptables_exec_t,s0)
-+/sbin/ip6?tables-multi -- gen_context(system_u:object_r:iptables_exec_t,s0)
++/usr/sbin/ipchains.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
++/usr/sbin/iptables -- gen_context(system_u:object_r:iptables_exec_t,s0)
++/usr/sbin/iptables-restore -- gen_context(system_u:object_r:iptables_exec_t,s0)
++/usr/sbin/iptables-multi -- gen_context(system_u:object_r:iptables_exec_t,s0)
++
++/var/lib/shorewall(/.*)? -- gen_context(system_u:object_r:iptables_var_run_t,s0)
-/usr/sbin/ip6tables.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
-/usr/sbin/ipchains.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
-/usr/sbin/iptables.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
-+/var/lib/shorewall(/.*)? -- gen_context(system_u:object_r:iptables_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.5.13/policy/modules/system/iptables.te
--- nsaserefpolicy/policy/modules/system/iptables.te 2008-10-17 14:49:13.000000000 +0200
+++ serefpolicy-3.5.13/policy/modules/system/iptables.te 2009-02-10 15:07:15.000000000 +0100
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/selinux-policy.spec,v
retrieving revision 1.790
retrieving revision 1.791
diff -u -r1.790 -r1.791
--- selinux-policy.spec 14 Apr 2009 15:54:46 -0000 1.790
+++ selinux-policy.spec 16 Apr 2009 09:49:20 -0000 1.791
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.5.13
-Release: 56%{?dist}
+Release: 57%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -460,6 +460,9 @@
%endif
%changelog
+* Thu Apr 16 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-57
+- Fix iptables labeling
+
* Tue Apr 14 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-56
- Fix fail2ban policy
- Allow sendmail to read fail2ban_var_lib_t
- Previous message (by thread): rpms/geoclue/F-9 geoclue.spec,1.10,1.11 sources,1.2,1.3
- Next message (by thread): rpms/gnome-applet-timer/F-10 .cvsignore, 1.7, 1.8 gnome-applet-timer.spec, 1.23, 1.24 sources, 1.7, 1.8 timer-applet-2.0.1-stop-pulsing.patch, 1.2, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list