rpms/selinux-policy/devel policy-20090105.patch, 1.42, 1.43 selinux-policy.spec, 1.791, 1.792

Daniel J Walsh dwalsh at fedoraproject.org
Tue Feb 17 14:07:11 UTC 2009 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv14521

Modified Files:
	policy-20090105.patch selinux-policy.spec 
Log Message:
* Tue Feb 17 2009 Dan Walsh <dwalsh at redhat.com> 3.6.6-2
- Fix squidGuard labeling


policy-20090105.patch:

Index: policy-20090105.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20090105.patch,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -r1.42 -r1.43
--- policy-20090105.patch	16 Feb 2009 22:54:22 -0000	1.42
+++ policy-20090105.patch	17 Feb 2009 14:07:10 -0000	1.43
@@ -18513,7 +18513,7 @@
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.6.6/policy/modules/services/postfix.te
 --- nsaserefpolicy/policy/modules/services/postfix.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.6/policy/modules/services/postfix.te	2009-02-16 13:18:06.000000000 -0500
++++ serefpolicy-3.6.6/policy/modules/services/postfix.te	2009-02-17 08:27:34.000000000 -0500
 @@ -6,6 +6,15 @@
  # Declarations
  #
@@ -18829,7 +18829,7 @@
  	mailman_read_data_files(postfix_smtpd_t)
  ')
  
-@@ -572,7 +666,7 @@
+@@ -572,12 +666,13 @@
  files_tmp_filetrans(postfix_virtual_t, postfix_virtual_tmp_t, { file dir })
  
  # connect to master process
@@ -18838,6 +18838,12 @@
  
  corecmd_exec_shell(postfix_virtual_t)
  corecmd_exec_bin(postfix_virtual_t)
+ 
+ files_read_etc_files(postfix_virtual_t)
++files_read_usr_files(postfix_virtual_t)
+ 
+ mta_read_aliases(postfix_virtual_t)
+ mta_delete_spool(postfix_virtual_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.fc serefpolicy-3.6.6/policy/modules/services/postgresql.fc
 --- nsaserefpolicy/policy/modules/services/postgresql.fc	2008-08-14 13:08:27.000000000 -0400
 +++ serefpolicy-3.6.6/policy/modules/services/postgresql.fc	2009-02-16 13:18:06.000000000 -0500
@@ -22455,6 +22461,21 @@
  ')
  
  optional_policy(`
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.fc serefpolicy-3.6.6/policy/modules/services/squid.fc
+--- nsaserefpolicy/policy/modules/services/squid.fc	2008-10-08 19:00:27.000000000 -0400
++++ serefpolicy-3.6.6/policy/modules/services/squid.fc	2009-02-17 09:06:28.000000000 -0500
+@@ -6,7 +6,11 @@
+ /usr/sbin/squid		--	gen_context(system_u:object_r:squid_exec_t,s0)
+ /usr/share/squid(/.*)?		gen_context(system_u:object_r:squid_conf_t,s0)
+ 
++/var/squidGuard(/.*)?		gen_context(system_u:object_r:squid_cache_t,s0)
+ /var/cache/squid(/.*)?		gen_context(system_u:object_r:squid_cache_t,s0)
++
+ /var/log/squid(/.*)?		gen_context(system_u:object_r:squid_log_t,s0)
++/var/log/squidGuard(/.*)?	gen_context(system_u:object_r:squid_log_t,s0)
++
+ /var/run/squid\.pid	--	gen_context(system_u:object_r:squid_var_run_t,s0)
+ /var/spool/squid(/.*)?		gen_context(system_u:object_r:squid_cache_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.if serefpolicy-3.6.6/policy/modules/services/squid.if
 --- nsaserefpolicy/policy/modules/services/squid.if	2008-11-11 16:13:45.000000000 -0500
 +++ serefpolicy-3.6.6/policy/modules/services/squid.if	2009-02-16 13:18:06.000000000 -0500
@@ -26077,7 +26098,7 @@
  allow iscsid_t iscsi_tmp_t:dir manage_dir_perms;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.6/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.6/policy/modules/system/libraries.fc	2009-02-16 13:18:06.000000000 -0500
++++ serefpolicy-3.6.6/policy/modules/system/libraries.fc	2009-02-17 08:47:24.000000000 -0500
 @@ -60,12 +60,15 @@
  #
  # /opt
@@ -26169,6 +26190,15 @@
  /usr/lib(64)?/libSDL-.*\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/xorg/modules/dri/.+\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/X11R6/lib/modules/dri/.+\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+@@ -233,7 +250,7 @@
+ /usr/lib(64)?/php/modules/.+\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ 
+ # Livna.org packages: xmms-mp3, ffmpeg, xvidcore, xine-lib, gsm, lame
+-/usr/lib(64)?.*/libmpg123\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib(64)?.*/libmpg123\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/codecs/drv[1-9c]\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libpostproc\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libavformat.*\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
 @@ -246,12 +263,13 @@
  
  # Flash plugin, Macromedia
@@ -31490,7 +31520,7 @@
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.6.6/policy/support/obj_perm_sets.spt
 --- nsaserefpolicy/policy/support/obj_perm_sets.spt	2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.6.6/policy/support/obj_perm_sets.spt	2009-02-16 13:18:06.000000000 -0500
++++ serefpolicy-3.6.6/policy/support/obj_perm_sets.spt	2009-02-17 08:43:20.000000000 -0500
 @@ -179,20 +179,20 @@
  #
  # Directory (dir)
@@ -31521,6 +31551,15 @@
  
  #
  # Regular file (file)
+@@ -225,7 +225,7 @@
+ define(`create_lnk_file_perms',`{ create getattr }')
+ define(`rename_lnk_file_perms',`{ getattr rename }')
+ define(`delete_lnk_file_perms',`{ getattr unlink }')
+-define(`manage_lnk_file_perms',`{ create read getattr setattr unlink rename }')
++define(`manage_lnk_file_perms',`{ create read getattr setattr link unlink rename }')
+ define(`relabelfrom_lnk_file_perms',`{ getattr relabelfrom }')
+ define(`relabelto_lnk_file_perms',`{ getattr relabelto }')
+ define(`relabel_lnk_file_perms',`{ getattr relabelfrom relabelto }')
 @@ -312,3 +312,13 @@
  #
  define(`client_stream_socket_perms', `{ create ioctl read getattr write setattr append bind getopt setopt shutdown }')


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.791
retrieving revision 1.792
diff -u -r1.791 -r1.792
--- selinux-policy.spec	16 Feb 2009 22:30:36 -0000	1.791
+++ selinux-policy.spec	17 Feb 2009 14:07:10 -0000	1.792
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.6
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -444,6 +444,9 @@
 %endif
 
 %changelog
+* Tue Feb 17 2009 Dan Walsh <dwalsh at redhat.com> 3.6.6-2
+- Fix squidGuard labeling
+
 * Wed Feb 11 2009 Dan Walsh <dwalsh at redhat.com> 3.6.6-1
 - Re-add corenet_in_generic_if(unlabeled_t)

More information about the fedora-extras-commits mailing list