rpms/selinux-policy/F-10 policy-20080710.patch,1.138,1.139
Miroslav Grepl
mgrepl at fedoraproject.org
Wed Feb 18 14:46:41 UTC 2009
- Previous message (by thread): rpms/gromacs/F-10 gromacs.spec,1.9,1.10 sources,1.7,1.8
- Next message (by thread): rpms/xterm/devel xterm-242-resources.patch, NONE, 1.1 .cvsignore, 1.32, 1.33 sources, 1.32, 1.33 xterm.desktop, 1.3, 1.4 xterm.spec, 1.70, 1.71 xterm-223-resources.patch, 1.1, NONE xterm-238-windowfontops.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mgrepl
Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv16265
Modified Files:
policy-20080710.patch
Log Message:
- Fix squidGuard labeling
- Allow ftpd to list inotifyfs
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.138
retrieving revision 1.139
diff -u -r1.138 -r1.139
--- policy-20080710.patch 18 Feb 2009 10:00:43 -0000 1.138
+++ policy-20080710.patch 18 Feb 2009 14:46:40 -0000 1.139
@@ -7709,7 +7709,7 @@
## all protocols (TCP, UDP, etc)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.5.13/policy/modules/kernel/domain.te
--- nsaserefpolicy/policy/modules/kernel/domain.te 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/kernel/domain.te 2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/kernel/domain.te 2009-02-18 14:25:11.000000000 +0100
@@ -5,6 +5,13 @@
#
# Declarations
@@ -7766,7 +7766,7 @@
allow unconfined_domain_type domain:lnk_file { read_lnk_file_perms ioctl lock };
# act on all domains keys
-@@ -148,3 +162,39 @@
+@@ -148,3 +162,40 @@
# receive from all domains over labeled networking
domain_all_recvfrom_all_domains(unconfined_domain_type)
@@ -7779,6 +7779,7 @@
+optional_policy(`
+ cron_dontaudit_write_system_job_tmp_files(domain)
+ cron_rw_pipes(domain)
++ cron_rw_system_job_pipes(domain)
+ifdef(`hide_broken_symptoms',`
+ cron_dontaudit_rw_tcp_sockets(domain)
+ allow domain domain:key { link search };
@@ -9026,6 +9027,17 @@
/dev/rd.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
ifdef(`distro_redhat', `
/dev/root -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-3.5.13/policy/modules/kernel/storage.if
+--- nsaserefpolicy/policy/modules/kernel/storage.if 2008-10-17 14:49:14.000000000 +0200
++++ serefpolicy-3.5.13/policy/modules/kernel/storage.if 2009-02-18 14:54:06.000000000 +0100
+@@ -207,6 +207,7 @@
+ dev_list_all_dev_nodes($1)
+ allow $1 self:capability mknod;
+ allow $1 fixed_disk_device_t:blk_file manage_blk_file_perms;
++ allow $1 fixed_disk_device_t:chr_file manage_chr_file_perms;
+ typeattribute $1 fixed_disk_raw_read, fixed_disk_raw_write;
+ ')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.5.13/policy/modules/kernel/terminal.if
--- nsaserefpolicy/policy/modules/kernel/terminal.if 2008-10-17 14:49:14.000000000 +0200
+++ serefpolicy-3.5.13/policy/modules/kernel/terminal.if 2009-02-10 15:07:15.000000000 +0100
@@ -16782,7 +16794,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.5.13/policy/modules/services/ftp.te
--- nsaserefpolicy/policy/modules/services/ftp.te 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/ftp.te 2009-02-11 10:18:48.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/ftp.te 2009-02-18 14:36:11.000000000 +0100
@@ -26,7 +26,7 @@
## <desc>
## <p>
@@ -16816,15 +16828,18 @@
type ftpd_t;
type ftpd_exec_t;
init_daemon_domain(ftpd_t, ftpd_exec_t)
-@@ -160,6 +168,7 @@
+@@ -158,8 +166,10 @@
+ files_read_etc_runtime_files(ftpd_t)
+ files_search_var_lib(ftpd_t)
++fs_list_inotifyfs(ftpd_t)
fs_search_auto_mountpoints(ftpd_t)
fs_getattr_all_fs(ftpd_t)
+fs_search_fusefs_dirs(ftpd_t)
auth_use_nsswitch(ftpd_t)
auth_domtrans_chk_passwd(ftpd_t)
-@@ -226,8 +235,15 @@
+@@ -226,8 +236,15 @@
userdom_manage_all_users_home_content_dirs(ftpd_t)
userdom_manage_all_users_home_content_files(ftpd_t)
userdom_manage_all_users_home_content_symlinks(ftpd_t)
@@ -16840,7 +16855,7 @@
tunable_policy(`ftp_home_dir && use_nfs_home_dirs',`
fs_manage_nfs_files(ftpd_t)
fs_read_nfs_symlinks(ftpd_t)
-@@ -238,6 +254,11 @@
+@@ -238,6 +255,11 @@
fs_read_cifs_symlinks(ftpd_t)
')
@@ -16852,7 +16867,7 @@
optional_policy(`
tunable_policy(`ftp_home_dir',`
apache_search_sys_content(ftpd_t)
-@@ -245,6 +266,18 @@
+@@ -245,6 +267,18 @@
')
optional_policy(`
@@ -16871,7 +16886,7 @@
corecmd_exec_shell(ftpd_t)
files_read_usr_files(ftpd_t)
-@@ -261,7 +294,9 @@
+@@ -261,7 +295,9 @@
')
optional_policy(`
@@ -16882,7 +16897,7 @@
')
optional_policy(`
-@@ -273,6 +308,14 @@
+@@ -273,6 +309,14 @@
')
optional_policy(`
@@ -17839,8 +17854,8 @@
+/var/spool/milter-regex(/.*)? gen_context(system_u:object_r:regex_milter_data_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.if serefpolicy-3.5.13/policy/modules/services/milter.if
--- nsaserefpolicy/policy/modules/services/milter.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.5.13/policy/modules/services/milter.if 2009-02-10 15:07:15.000000000 +0100
-@@ -0,0 +1,121 @@
++++ serefpolicy-3.5.13/policy/modules/services/milter.if 2009-02-18 14:29:13.000000000 +0100
+@@ -0,0 +1,84 @@
+## <summary>Milter mail filters</summary>
+
+########################################
@@ -17925,43 +17940,6 @@
+ getattr_sock_files_pattern($1, milter_data_type, milter_data_type)
+')
+
-+#######################################
-+## <summary>
-+## Read milter data.
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain allowed access.
-+## </summary>
-+## </param>
-+#
-+interface(`milter_read_data',`
-+ gen_require(`
-+ attribute milter_data_type;
-+ ')
-+
-+ read_files_pattern($1, milter_data_type, milter_data_type)
-+')
-+
-+######################################
-+## <summary>
-+## Read milter data.
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain allowed access.
-+## </summary>
-+## </param>
-+#
-+interface(`milter_manage_data',`
-+ gen_require(`
-+ attribute milter_data_type;
-+ ')
-+ manage_dirs_pattern($1, milter_data_type, milter_data_type)
-+ manage_files_pattern($1, milter_data_type, milter_data_type)
-+')
-+
-+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.te serefpolicy-3.5.13/policy/modules/services/milter.te
--- nsaserefpolicy/policy/modules/services/milter.te 1970-01-01 01:00:00.000000000 +0100
+++ serefpolicy-3.5.13/policy/modules/services/milter.te 2009-02-10 15:07:15.000000000 +0100
@@ -27307,7 +27285,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.5.13/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2008-10-17 14:49:11.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/spamassassin.te 2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/spamassassin.te 2009-02-18 14:29:57.000000000 +0100
@@ -21,16 +21,24 @@
gen_tunable(spamd_enable_home_dirs, true)
@@ -27491,7 +27469,7 @@
')
optional_policy(`
-@@ -213,3 +263,138 @@
+@@ -213,3 +263,131 @@
optional_policy(`
udev_read_db(spamd_t)
')
@@ -27534,9 +27512,6 @@
+manage_files_pattern(spamc_t, spamc_tmp_t, spamc_tmp_t)
+files_tmp_filetrans(spamc_t, spamc_tmp_t, { file dir })
+
-+#manage_dirs_pattern(spamc_t, spamd_var_run_t, spamd_var_run_t)
-+#manage_files_pattern(spamc_t, spamd_var_run_t, spamd_var_run_t)
-+
+kernel_read_kernel_sysctls(spamc_t)
+kernel_read_system_state(spamc_t)
+
@@ -27617,10 +27592,6 @@
+')
+
+optional_policy(`
-+ milter_manage_data(spamc_t)
-+')
-+
-+optional_policy(`
+ postfix_rw_local_pipes(spamc_t)
+')
+
@@ -27630,6 +27601,21 @@
+ sendmail_stub(spamc_t)
+ sendmail_rw_pipes(spamc_t)
+')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.fc serefpolicy-3.5.13/policy/modules/services/squid.fc
+--- nsaserefpolicy/policy/modules/services/squid.fc 2008-10-17 14:49:13.000000000 +0200
++++ serefpolicy-3.5.13/policy/modules/services/squid.fc 2009-02-18 14:34:30.000000000 +0100
+@@ -6,7 +6,11 @@
+ /usr/sbin/squid -- gen_context(system_u:object_r:squid_exec_t,s0)
+ /usr/share/squid(/.*)? gen_context(system_u:object_r:squid_conf_t,s0)
+
++/var/squidGuard(/.*)? gen_context(system_u:object_r:squid_cache_t,s0)
+ /var/cache/squid(/.*)? gen_context(system_u:object_r:squid_cache_t,s0)
+ /var/log/squid(/.*)? gen_context(system_u:object_r:squid_log_t,s0)
++/var/log/squidGuard(/.*)? gen_context(system_u:object_r:squid_log_t,s0)
+ /var/run/squid\.pid -- gen_context(system_u:object_r:squid_var_run_t,s0)
+ /var/spool/squid(/.*)? gen_context(system_u:object_r:squid_cache_t,s0)
++
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.if serefpolicy-3.5.13/policy/modules/services/squid.if
--- nsaserefpolicy/policy/modules/services/squid.if 2008-10-17 14:49:13.000000000 +0200
+++ serefpolicy-3.5.13/policy/modules/services/squid.if 2009-02-10 15:07:15.000000000 +0100
@@ -32124,7 +32110,7 @@
allow iscsid_t iscsi_tmp_t:dir manage_dir_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.5.13/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/system/libraries.fc 2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/system/libraries.fc 2009-02-18 14:39:54.000000000 +0100
@@ -60,12 +60,15 @@
#
# /opt
@@ -32223,6 +32209,15 @@
/usr/lib(64)?/libSDL-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/xorg/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/X11R6/lib/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+@@ -233,7 +251,7 @@
+ /usr/lib(64)?/php/modules/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+
+ # Livna.org packages: xmms-mp3, ffmpeg, xvidcore, xine-lib, gsm, lame
+-/usr/lib(64)?.*/libmpg123\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib(64)?.*/libmpg123\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/codecs/drv[1-9c]\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libpostproc\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libavformat.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -246,13 +264,17 @@
# Flash plugin, Macromedia
@@ -38574,7 +38569,7 @@
+#policycap open_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.5.13/policy/support/obj_perm_sets.spt
--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2008-10-17 14:49:14.000000000 +0200
-+++ serefpolicy-3.5.13/policy/support/obj_perm_sets.spt 2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/support/obj_perm_sets.spt 2009-02-18 14:46:51.000000000 +0100
@@ -59,22 +59,22 @@
#
# Permissions for executing files.
@@ -38655,6 +38650,15 @@
define(`create_file_perms',`{ getattr create open }')
define(`rename_file_perms',`{ getattr rename }')
define(`delete_file_perms',`{ getattr unlink }')
+@@ -225,7 +229,7 @@
+ define(`create_lnk_file_perms',`{ create getattr }')
+ define(`rename_lnk_file_perms',`{ getattr rename }')
+ define(`delete_lnk_file_perms',`{ getattr unlink }')
+-define(`manage_lnk_file_perms',`{ create read getattr setattr unlink rename }')
++define(`manage_lnk_file_perms',`{ create read getattr setattr link unlink rename }')
+ define(`relabelfrom_lnk_file_perms',`{ getattr relabelfrom }')
+ define(`relabelto_lnk_file_perms',`{ getattr relabelto }')
+ define(`relabel_lnk_file_perms',`{ getattr relabelfrom relabelto }')
@@ -235,10 +239,10 @@
#
define(`getattr_fifo_file_perms',`{ getattr }')
- Previous message (by thread): rpms/gromacs/F-10 gromacs.spec,1.9,1.10 sources,1.7,1.8
- Next message (by thread): rpms/xterm/devel xterm-242-resources.patch, NONE, 1.1 .cvsignore, 1.32, 1.33 sources, 1.32, 1.33 xterm.desktop, 1.3, 1.4 xterm.spec, 1.70, 1.71 xterm-223-resources.patch, 1.1, NONE xterm-238-windowfontops.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list