rpms/selinux-policy/devel policy-20090105.patch, 1.42, 1.43 selinux-policy.spec, 1.791, 1.792
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Feb 17 14:07:11 UTC 2009
- Previous message (by thread): rpms/Pound/F-9 Pound.spec,1.28,1.29
- Next message (by thread): rpms/squidGuard/devel squidGuard-1.3-SG-2008-06-13.patch, NONE, 1.1 .cvsignore, 1.3, 1.4 sources, 1.3, 1.4 squidGuard.spec, 1.12, 1.13
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv14521
Modified Files:
policy-20090105.patch selinux-policy.spec
Log Message:
* Tue Feb 17 2009 Dan Walsh <dwalsh at redhat.com> 3.6.6-2
- Fix squidGuard labeling
policy-20090105.patch:
Index: policy-20090105.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20090105.patch,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -r1.42 -r1.43
--- policy-20090105.patch 16 Feb 2009 22:54:22 -0000 1.42
+++ policy-20090105.patch 17 Feb 2009 14:07:10 -0000 1.43
@@ -18513,7 +18513,7 @@
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.6.6/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.6/policy/modules/services/postfix.te 2009-02-16 13:18:06.000000000 -0500
++++ serefpolicy-3.6.6/policy/modules/services/postfix.te 2009-02-17 08:27:34.000000000 -0500
@@ -6,6 +6,15 @@
# Declarations
#
@@ -18829,7 +18829,7 @@
mailman_read_data_files(postfix_smtpd_t)
')
-@@ -572,7 +666,7 @@
+@@ -572,12 +666,13 @@
files_tmp_filetrans(postfix_virtual_t, postfix_virtual_tmp_t, { file dir })
# connect to master process
@@ -18838,6 +18838,12 @@
corecmd_exec_shell(postfix_virtual_t)
corecmd_exec_bin(postfix_virtual_t)
+
+ files_read_etc_files(postfix_virtual_t)
++files_read_usr_files(postfix_virtual_t)
+
+ mta_read_aliases(postfix_virtual_t)
+ mta_delete_spool(postfix_virtual_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.fc serefpolicy-3.6.6/policy/modules/services/postgresql.fc
--- nsaserefpolicy/policy/modules/services/postgresql.fc 2008-08-14 13:08:27.000000000 -0400
+++ serefpolicy-3.6.6/policy/modules/services/postgresql.fc 2009-02-16 13:18:06.000000000 -0500
@@ -22455,6 +22461,21 @@
')
optional_policy(`
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.fc serefpolicy-3.6.6/policy/modules/services/squid.fc
+--- nsaserefpolicy/policy/modules/services/squid.fc 2008-10-08 19:00:27.000000000 -0400
++++ serefpolicy-3.6.6/policy/modules/services/squid.fc 2009-02-17 09:06:28.000000000 -0500
+@@ -6,7 +6,11 @@
+ /usr/sbin/squid -- gen_context(system_u:object_r:squid_exec_t,s0)
+ /usr/share/squid(/.*)? gen_context(system_u:object_r:squid_conf_t,s0)
+
++/var/squidGuard(/.*)? gen_context(system_u:object_r:squid_cache_t,s0)
+ /var/cache/squid(/.*)? gen_context(system_u:object_r:squid_cache_t,s0)
++
+ /var/log/squid(/.*)? gen_context(system_u:object_r:squid_log_t,s0)
++/var/log/squidGuard(/.*)? gen_context(system_u:object_r:squid_log_t,s0)
++
+ /var/run/squid\.pid -- gen_context(system_u:object_r:squid_var_run_t,s0)
+ /var/spool/squid(/.*)? gen_context(system_u:object_r:squid_cache_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.if serefpolicy-3.6.6/policy/modules/services/squid.if
--- nsaserefpolicy/policy/modules/services/squid.if 2008-11-11 16:13:45.000000000 -0500
+++ serefpolicy-3.6.6/policy/modules/services/squid.if 2009-02-16 13:18:06.000000000 -0500
@@ -26077,7 +26098,7 @@
allow iscsid_t iscsi_tmp_t:dir manage_dir_perms;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.6/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.6/policy/modules/system/libraries.fc 2009-02-16 13:18:06.000000000 -0500
++++ serefpolicy-3.6.6/policy/modules/system/libraries.fc 2009-02-17 08:47:24.000000000 -0500
@@ -60,12 +60,15 @@
#
# /opt
@@ -26169,6 +26190,15 @@
/usr/lib(64)?/libSDL-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/xorg/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/X11R6/lib/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+@@ -233,7 +250,7 @@
+ /usr/lib(64)?/php/modules/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+
+ # Livna.org packages: xmms-mp3, ffmpeg, xvidcore, xine-lib, gsm, lame
+-/usr/lib(64)?.*/libmpg123\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib(64)?.*/libmpg123\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/codecs/drv[1-9c]\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libpostproc\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libavformat.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -246,12 +263,13 @@
# Flash plugin, Macromedia
@@ -31490,7 +31520,7 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.6.6/policy/support/obj_perm_sets.spt
--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.6.6/policy/support/obj_perm_sets.spt 2009-02-16 13:18:06.000000000 -0500
++++ serefpolicy-3.6.6/policy/support/obj_perm_sets.spt 2009-02-17 08:43:20.000000000 -0500
@@ -179,20 +179,20 @@
#
# Directory (dir)
@@ -31521,6 +31551,15 @@
#
# Regular file (file)
+@@ -225,7 +225,7 @@
+ define(`create_lnk_file_perms',`{ create getattr }')
+ define(`rename_lnk_file_perms',`{ getattr rename }')
+ define(`delete_lnk_file_perms',`{ getattr unlink }')
+-define(`manage_lnk_file_perms',`{ create read getattr setattr unlink rename }')
++define(`manage_lnk_file_perms',`{ create read getattr setattr link unlink rename }')
+ define(`relabelfrom_lnk_file_perms',`{ getattr relabelfrom }')
+ define(`relabelto_lnk_file_perms',`{ getattr relabelto }')
+ define(`relabel_lnk_file_perms',`{ getattr relabelfrom relabelto }')
@@ -312,3 +312,13 @@
#
define(`client_stream_socket_perms', `{ create ioctl read getattr write setattr append bind getopt setopt shutdown }')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.791
retrieving revision 1.792
diff -u -r1.791 -r1.792
--- selinux-policy.spec 16 Feb 2009 22:30:36 -0000 1.791
+++ selinux-policy.spec 17 Feb 2009 14:07:10 -0000 1.792
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.6.6
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -444,6 +444,9 @@
%endif
%changelog
+* Tue Feb 17 2009 Dan Walsh <dwalsh at redhat.com> 3.6.6-2
+- Fix squidGuard labeling
+
* Wed Feb 11 2009 Dan Walsh <dwalsh at redhat.com> 3.6.6-1
- Re-add corenet_in_generic_if(unlabeled_t)
- Previous message (by thread): rpms/Pound/F-9 Pound.spec,1.28,1.29
- Next message (by thread): rpms/squidGuard/devel squidGuard-1.3-SG-2008-06-13.patch, NONE, 1.1 .cvsignore, 1.3, 1.4 sources, 1.3, 1.4 squidGuard.spec, 1.12, 1.13
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list