rpms/selinux-policy/F-10 policy-20080710.patch, 1.172, 1.173 selinux-policy.spec, 1.800, 1.801
Miroslav Grepl
mgrepl at fedoraproject.org
Fri Jul 3 09:09:30 UTC 2009
- Previous message (by thread): rpms/perl-Sysadm-Install/devel .cvsignore, 1.3, 1.4 perl-Sysadm-Install.spec, 1.3, 1.4 sources, 1.3, 1.4
- Next message (by thread): rpms/vim-perl-support/devel sources, 1.7, 1.8 vim-perl-support.spec, 1.9, 1.10
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mgrepl
Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv5471
Modified Files:
policy-20080710.patch selinux-policy.spec
Log Message:
- Allow ftpd to create shm
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.172
retrieving revision 1.173
diff -u -p -r1.172 -r1.173
--- policy-20080710.patch 24 Jun 2009 08:43:53 -0000 1.172
+++ policy-20080710.patch 3 Jul 2009 09:09:29 -0000 1.173
@@ -17541,7 +17541,7 @@ diff --exclude-from=exclude -N -u -r nsa
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.5.13/policy/modules/services/ftp.te
--- nsaserefpolicy/policy/modules/services/ftp.te 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/ftp.te 2009-05-15 09:30:07.000000000 +0200
++++ serefpolicy-3.5.13/policy/modules/services/ftp.te 2009-07-03 11:05:13.000000000 +0200
@@ -26,7 +26,7 @@
## <desc>
## <p>
@@ -17575,15 +17575,16 @@ diff --exclude-from=exclude -N -u -r nsa
type ftpd_t;
type ftpd_exec_t;
init_daemon_domain(ftpd_t, ftpd_exec_t)
-@@ -92,6 +100,7 @@
+@@ -92,6 +100,8 @@
allow ftpd_t self:unix_stream_socket create_stream_socket_perms;
allow ftpd_t self:tcp_socket create_stream_socket_perms;
allow ftpd_t self:udp_socket create_socket_perms;
++allow ftpd_t self:shm create_shm_perms;
+allow ftpd_t self:key manage_key_perms;
allow ftpd_t ftpd_etc_t:file read_file_perms;
-@@ -158,8 +167,10 @@
+@@ -158,8 +168,10 @@
files_read_etc_runtime_files(ftpd_t)
files_search_var_lib(ftpd_t)
@@ -17594,7 +17595,7 @@ diff --exclude-from=exclude -N -u -r nsa
auth_use_nsswitch(ftpd_t)
auth_domtrans_chk_passwd(ftpd_t)
-@@ -226,8 +237,16 @@
+@@ -226,8 +238,16 @@
userdom_manage_all_users_home_content_dirs(ftpd_t)
userdom_manage_all_users_home_content_files(ftpd_t)
userdom_manage_all_users_home_content_symlinks(ftpd_t)
@@ -17611,7 +17612,7 @@ diff --exclude-from=exclude -N -u -r nsa
tunable_policy(`ftp_home_dir && use_nfs_home_dirs',`
fs_manage_nfs_files(ftpd_t)
fs_read_nfs_symlinks(ftpd_t)
-@@ -238,6 +257,11 @@
+@@ -238,6 +258,11 @@
fs_read_cifs_symlinks(ftpd_t)
')
@@ -17623,7 +17624,7 @@ diff --exclude-from=exclude -N -u -r nsa
optional_policy(`
tunable_policy(`ftp_home_dir',`
apache_search_sys_content(ftpd_t)
-@@ -245,6 +269,18 @@
+@@ -245,6 +270,18 @@
')
optional_policy(`
@@ -17642,7 +17643,7 @@ diff --exclude-from=exclude -N -u -r nsa
corecmd_exec_shell(ftpd_t)
files_read_usr_files(ftpd_t)
-@@ -261,7 +297,9 @@
+@@ -261,7 +298,9 @@
')
optional_policy(`
@@ -17653,7 +17654,7 @@ diff --exclude-from=exclude -N -u -r nsa
')
optional_policy(`
-@@ -273,6 +311,14 @@
+@@ -273,6 +312,14 @@
')
optional_policy(`
@@ -33826,7 +33827,7 @@ diff --exclude-from=exclude -N -u -r nsa
allow iscsid_t iscsi_tmp_t:dir manage_dir_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.5.13/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/system/libraries.fc 2009-06-11 12:23:47.000000000 +0200
++++ serefpolicy-3.5.13/policy/modules/system/libraries.fc 2009-06-29 15:07:26.000000000 +0200
@@ -60,12 +60,15 @@
#
# /opt
@@ -33978,7 +33979,12 @@ diff --exclude-from=exclude -N -u -r nsa
# Jai, Sun Microsystems (Jpackage SPRM)
/usr/lib(64)?/libmlib_jai\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libdivxdecore\.so\.0 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -267,6 +293,9 @@
+@@ -263,10 +289,14 @@
+ /usr/lib(64)?/python2.4/site-packages/M2Crypto/__m2crypto\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+
+ # vmware
++HOME_DIR/\.mozilla(/.*)?/plugins/np-vmware-vmrc-.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/vmware/lib(/.*)?/libgdk-x11-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/vmware/lib(/.*)?/HConfig\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/vmware/(.*/)?VmPerl\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -33988,7 +33994,7 @@ diff --exclude-from=exclude -N -u -r nsa
# Java, Sun Microsystems (JPackage SRPM)
/usr/(.*/)?jre.*/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/local/(.*/)?jre.*/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -283,6 +312,7 @@
+@@ -283,6 +313,7 @@
/usr/(local/)?matlab.*/bin/glnx86/libmwlapack\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/(local/)?matlab.*/bin/glnx86/(libmw(lapack|mathutil|services)|lapack|libmkl)\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/(local/)?matlab.*/sys/os/glnx86/libtermcap\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -33996,7 +34002,7 @@ diff --exclude-from=exclude -N -u -r nsa
/usr/(.*/)?intellinux/SPPlugins/ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -291,6 +321,8 @@
+@@ -291,6 +322,8 @@
/usr/lib/acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/acroread/.+\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/acroread/(.*/)?ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -34005,7 +34011,7 @@ diff --exclude-from=exclude -N -u -r nsa
') dnl end distro_redhat
#
-@@ -307,6 +339,36 @@
+@@ -307,6 +340,36 @@
/var/lib/samba/bin/.+\.so(\.[^/]*)* -l gen_context(system_u:object_r:lib_t,s0)
')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/selinux-policy.spec,v
retrieving revision 1.800
retrieving revision 1.801
diff -u -p -r1.800 -r1.801
--- selinux-policy.spec 24 Jun 2009 08:43:56 -0000 1.800
+++ selinux-policy.spec 3 Jul 2009 09:09:30 -0000 1.801
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.5.13
-Release: 65%{?dist}
+Release: 66%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -462,6 +462,9 @@ exit 0
%endif
%changelog
+* Fri Jul 3 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-66
+- Allow ftpd to create shm
+
* Wed Jun 24 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-65
- Dontaudit dhcpc to access sys_ptrace
- Previous message (by thread): rpms/perl-Sysadm-Install/devel .cvsignore, 1.3, 1.4 perl-Sysadm-Install.spec, 1.3, 1.4 sources, 1.3, 1.4
- Next message (by thread): rpms/vim-perl-support/devel sources, 1.7, 1.8 vim-perl-support.spec, 1.9, 1.10
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list