rpms/selinux-policy/F-11 policy-20090105.patch, 1.98, 1.99 selinux-policy.spec, 1.833, 1.834
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Apr 23 13:19:54 UTC 2009
- Previous message (by thread): rpms/vlgothic-fonts/F-10 .cvsignore, 1.2, 1.3 sources, 1.2, 1.3 vlgothic-fonts.spec, 1.1, 1.2
- Next message (by thread): rpms/ipsec-tools/devel ipsec-tools-0.7.2-natt-linux.patch, NONE, 1.1 ipsec-tools-0.7.1-dpd-fixes.patch, 1.2, 1.3 ipsec-tools.spec, 1.63, 1.64 ipsec-tools-0.7.1-leaks.patch, 1.1, NONE ipsec-tools-0.7.1-natt-linux.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv17994
Modified Files:
policy-20090105.patch selinux-policy.spec
Log Message:
* Thu Apr 23 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-13
- Allow sysadm_t to run rpm directly
- libvirt needs fowner
policy-20090105.patch:
Index: policy-20090105.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-11/policy-20090105.patch,v
retrieving revision 1.98
retrieving revision 1.99
diff -u -r1.98 -r1.99
--- policy-20090105.patch 22 Apr 2009 19:17:13 -0000 1.98
+++ policy-20090105.patch 23 Apr 2009 13:19:23 -0000 1.99
@@ -5003,7 +5003,7 @@
#network_node(multicast, s0 - mls_systemhigh, ff00::, ff00::)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.6.12/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2009-03-05 14:09:51.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/kernel/devices.fc 2009-04-07 16:01:44.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/kernel/devices.fc 2009-04-23 08:12:34.000000000 -0400
@@ -91,6 +91,7 @@
/dev/sndstat -c gen_context(system_u:object_r:sound_device_t,s0)
/dev/sonypi -c gen_context(system_u:object_r:v4l_device_t,s0)
@@ -5014,7 +5014,7 @@
/dev/usb.+ -c gen_context(system_u:object_r:usb_device_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.6.12/policy/modules/kernel/devices.te
--- nsaserefpolicy/policy/modules/kernel/devices.te 2009-03-05 12:28:57.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/kernel/devices.te 2009-04-14 12:49:22.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/kernel/devices.te 2009-04-23 08:12:42.000000000 -0400
@@ -188,6 +188,12 @@
genfscon sysfs / gen_context(system_u:object_r:sysfs_t,s0)
@@ -6355,7 +6355,7 @@
## requiring the caller to use setexeccon().
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.6.12/policy/modules/roles/sysadm.te
--- nsaserefpolicy/policy/modules/roles/sysadm.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/roles/sysadm.te 2009-04-21 15:50:14.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/roles/sysadm.te 2009-04-22 15:56:34.000000000 -0400
@@ -15,7 +15,7 @@
role sysadm_r;
@@ -6519,7 +6519,7 @@
quota_run(sysadm_t, sysadm_r)
')
-@@ -320,22 +258,10 @@
+@@ -320,19 +258,12 @@
')
optional_policy(`
@@ -6531,18 +6531,16 @@
')
optional_policy(`
-- rpm_run(sysadm_t, sysadm_r)
+ rpm_run(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
- rssh_role(sysadm_r, sysadm_t)
--')
--
--optional_policy(`
- rsync_exec(sysadm_t)
++ rpm_role_transition(sysadm_r)
')
-@@ -345,10 +271,6 @@
+ optional_policy(`
+@@ -345,10 +276,6 @@
')
optional_policy(`
@@ -6553,7 +6551,7 @@
secadm_role_change(sysadm_r)
')
-@@ -358,35 +280,15 @@
+@@ -358,35 +285,15 @@
')
optional_policy(`
@@ -6589,7 +6587,7 @@
tripwire_run_siggen(sysadm_t, sysadm_r)
tripwire_run_tripwire(sysadm_t, sysadm_r)
tripwire_run_twadmin(sysadm_t, sysadm_r)
-@@ -394,18 +296,10 @@
+@@ -394,18 +301,10 @@
')
optional_policy(`
@@ -6608,7 +6606,7 @@
unconfined_domtrans(sysadm_t)
')
-@@ -418,20 +312,12 @@
+@@ -418,20 +317,12 @@
')
optional_policy(`
@@ -6629,7 +6627,7 @@
vpn_run(sysadm_t, sysadm_r)
')
-@@ -440,13 +326,5 @@
+@@ -440,13 +331,10 @@
')
optional_policy(`
@@ -6643,6 +6641,11 @@
-optional_policy(`
yam_run(sysadm_t, sysadm_r)
')
++
++domain_user_exemption_target(sysadm_t)
++allow sysadm_r system_r;
++init_script_role_transition(sysadm_r)
++role system_r types sysadm_t;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.fc serefpolicy-3.6.12/policy/modules/roles/unconfineduser.fc
--- nsaserefpolicy/policy/modules/roles/unconfineduser.fc 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.6.12/policy/modules/roles/unconfineduser.fc 2009-04-15 10:01:33.000000000 -0400
@@ -9489,7 +9492,7 @@
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.6.12/policy/modules/services/automount.te
--- nsaserefpolicy/policy/modules/services/automount.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/automount.te 2009-04-07 16:01:44.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/automount.te 2009-04-23 08:19:25.000000000 -0400
@@ -71,6 +71,7 @@
files_mounton_all_mountpoints(automount_t)
files_mount_all_file_type_fs(automount_t)
@@ -23228,7 +23231,7 @@
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.6.12/policy/modules/services/virt.te
--- nsaserefpolicy/policy/modules/services/virt.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/virt.te 2009-04-20 07:48:51.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/virt.te 2009-04-23 07:20:35.000000000 -0400
@@ -8,19 +8,24 @@
## <desc>
@@ -23300,7 +23303,7 @@
-allow virtd_t self:capability { dac_override kill net_admin setgid sys_nice sys_ptrace };
-allow virtd_t self:process { getsched sigkill signal execmem };
-+allow virtd_t self:capability { chown dac_override ipc_lock kill mknod net_admin net_raw setuid setgid sys_admin sys_nice sys_ptrace };
++allow virtd_t self:capability { chown dac_override fowner ipc_lock kill mknod net_admin net_raw setuid setgid sys_admin sys_nice sys_ptrace };
+allow virtd_t self:process { getsched sigkill signal signull execmem setexec setfscreate setsched };
allow virtd_t self:fifo_file rw_file_perms;
allow virtd_t self:unix_stream_socket create_stream_socket_perms;
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-11/selinux-policy.spec,v
retrieving revision 1.833
retrieving revision 1.834
diff -u -r1.833 -r1.834
--- selinux-policy.spec 22 Apr 2009 19:17:15 -0000 1.833
+++ selinux-policy.spec 23 Apr 2009 13:19:24 -0000 1.834
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.6.12
-Release: 12%{?dist}
+Release: 13%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -446,6 +446,10 @@
%endif
%changelog
+* Thu Apr 23 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-13
+- Allow sysadm_t to run rpm directly
+- libvirt needs fowner
+
* Wed Apr 22 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-12
- Allow sshd to read var_lib symlinks for freenx
- Previous message (by thread): rpms/vlgothic-fonts/F-10 .cvsignore, 1.2, 1.3 sources, 1.2, 1.3 vlgothic-fonts.spec, 1.1, 1.2
- Next message (by thread): rpms/ipsec-tools/devel ipsec-tools-0.7.2-natt-linux.patch, NONE, 1.1 ipsec-tools-0.7.1-dpd-fixes.patch, 1.2, 1.3 ipsec-tools.spec, 1.63, 1.64 ipsec-tools-0.7.1-leaks.patch, 1.1, NONE ipsec-tools-0.7.1-natt-linux.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list