rpms/selinux-policy/F-9 policy-20071130.patch,1.254,1.255

Miroslav Grepl mgrepl at fedoraproject.org
Thu Feb 19 13:10:40 UTC 2009 

Author: mgrepl

Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv6619

Modified Files:
	policy-20071130.patch 
Log Message:
- Fix lables for libraries that need textrel_shlib_t



policy-20071130.patch:

Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.254
retrieving revision 1.255
diff -u -r1.254 -r1.255
--- policy-20071130.patch	19 Feb 2009 10:33:02 -0000	1.254
+++ policy-20071130.patch	19 Feb 2009 13:10:37 -0000	1.255
@@ -664897,10 +664897,17 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.fc serefpolicy-3.3.1/policy/modules/services/squid.fc
 --- nsaserefpolicy/policy/modules/services/squid.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/squid.fc	2009-02-12 22:21:57.000000000 +0100
-@@ -12,3 +12,8 @@
++++ serefpolicy-3.3.1/policy/modules/services/squid.fc	2009-02-19 11:42:55.000000000 +0100
+@@ -9,6 +9,15 @@
+ 
+ /var/log/squid(/.*)?		gen_context(system_u:object_r:squid_log_t,s0)
+ 
++/var/log/squidGuard(/.*)?       gen_context(system_u:object_r:squid_log_t,s0)
++
  /var/run/squid\.pid	--	gen_context(system_u:object_r:squid_var_run_t,s0)
  
++/var/squidGuard(/.*)?           gen_context(system_u:object_r:squid_cache_t,s0)
++
  /var/spool/squid(/.*)?		gen_context(system_u:object_r:squid_cache_t,s0)
 +/usr/lib/squid/cachemgr\.cgi	--	gen_context(system_u:object_r:httpd_squid_script_exec_t,s0)
 +/usr/lib64/squid/cachemgr\.cgi	--	gen_context(system_u:object_r:httpd_squid_script_exec_t,s0)
@@ -669817,7 +669824,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.3.1/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/libraries.fc	2009-02-13 09:43:12.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/libraries.fc	2009-02-19 13:58:47.000000000 +0100
 @@ -69,8 +69,10 @@
  ifdef(`distro_gentoo',`
  # despite the extensions, they are actually libs
@@ -669882,7 +669889,17 @@
  /usr/lib(64)?/libSDL-.*\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/xorg/modules/dri/.+\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/X11R6/lib/modules/dri/.+\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -242,12 +251,13 @@
+@@ -229,7 +238,8 @@
+ /usr/lib(64)?/php/modules/.+\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ 
+ # Livna.org packages: xmms-mp3, ffmpeg, xvidcore, xine-lib, gsm, lame
+-/usr/lib(64)?.*/libmpg123\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
++#/usr/lib(64)?.*/libmpg123\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib(64)?.*/libmpg123\.so(\.[^/]*)*  --     gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/codecs/drv[1-9c]\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libpostproc\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libavformat.*\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
+@@ -242,12 +252,13 @@
  
  # Flash plugin, Macromedia
  HOME_DIR/\.mozilla(/.*)?/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -669898,7 +669915,7 @@
  
  # Jai, Sun Microsystems (Jpackage SPRM)
  /usr/lib(64)?/libmlib_jai\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -263,6 +273,8 @@
+@@ -263,6 +274,8 @@
  /usr/lib(64)?/vmware/lib(/.*)?/HConfig\.so  --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/vmware/(.*/)?VmPerl\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  
@@ -669907,7 +669924,7 @@
  # Java, Sun Microsystems (JPackage SRPM)
  /usr/(.*/)?jre.*/.*\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/local/(.*/)?jre.*/.*\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -287,11 +299,15 @@
+@@ -287,11 +300,15 @@
  /usr/lib/acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib/acroread/.+\.api		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib/acroread/(.*/)?ADMPlugin\.apl	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -669923,7 +669940,7 @@
  /var/ftp/lib(64)?(/.*)?				gen_context(system_u:object_r:lib_t,s0)
  /var/ftp/lib(64)?/ld[^/]*\.so(\.[^/]*)*	--	gen_context(system_u:object_r:ld_so_t,s0)
  
-@@ -301,6 +317,23 @@
+@@ -301,6 +318,23 @@
  /var/lib/samba/bin/.+\.so(\.[^/]*)*	-l	gen_context(system_u:object_r:lib_t,s0)
  ')
  
@@ -678803,7 +678820,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.3.1/policy/support/obj_perm_sets.spt
 --- nsaserefpolicy/policy/support/obj_perm_sets.spt	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/support/obj_perm_sets.spt	2009-02-12 22:21:57.000000000 +0100
++++ serefpolicy-3.3.1/policy/support/obj_perm_sets.spt	2009-02-19 11:39:16.000000000 +0100
 @@ -193,7 +193,7 @@
  define(`create_dir_perms',`{ getattr create }')
  define(`rename_dir_perms',`{ getattr rename }')
@@ -678826,7 +678843,7 @@
  define(`relabelfrom_file_perms',`{ getattr relabelfrom }')
  define(`relabelto_file_perms',`{ getattr relabelto }')
  define(`relabel_file_perms',`{ getattr relabelfrom relabelto }')
-@@ -223,7 +223,8 @@
+@@ -223,12 +223,13 @@
  define(`getattr_lnk_file_perms',`{ getattr }')
  define(`setattr_lnk_file_perms',`{ setattr }')
  define(`read_lnk_file_perms',`{ getattr read }')
@@ -678836,6 +678853,12 @@
  define(`rw_lnk_file_perms',`{ getattr read write lock ioctl }')
  define(`create_lnk_file_perms',`{ create getattr }')
  define(`rename_lnk_file_perms',`{ getattr rename }')
+ define(`delete_lnk_file_perms',`{ getattr unlink }')
+-define(`manage_lnk_file_perms',`{ create read getattr setattr unlink rename }')
++define(`manage_lnk_file_perms',`{ create read getattr setattr link unlink rename }')
+ define(`relabelfrom_lnk_file_perms',`{ getattr relabelfrom }')
+ define(`relabelto_lnk_file_perms',`{ getattr relabelto }')
+ define(`relabel_lnk_file_perms',`{ getattr relabelfrom relabelto }')
 @@ -242,10 +243,10 @@
  define(`append_fifo_file_perms',`{ getattr append lock ioctl }')
  define(`write_fifo_file_perms',`{ getattr write append lock ioctl }')

More information about the fedora-extras-commits mailing list