rpms/selinux-policy/F-10 policy-20080710.patch, 1.172, 1.173 selinux-policy.spec, 1.800, 1.801

Fri Jul 3 09:09:30 UTC 2009

Author: mgrepl

Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv5471

Modified Files:
	policy-20080710.patch selinux-policy.spec 
Log Message:
- Allow ftpd to create shm



policy-20080710.patch:

Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.172
retrieving revision 1.173
diff -u -p -r1.172 -r1.173

--- policy-20080710.patch	24 Jun 2009 08:43:53 -0000	1.172
+++ policy-20080710.patch	3 Jul 2009 09:09:29 -0000	1.173
@@ -17541,7 +17541,7 @@ diff --exclude-from=exclude -N -u -r nsa
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.5.13/policy/modules/services/ftp.te
 --- nsaserefpolicy/policy/modules/services/ftp.te	2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/ftp.te	2009-05-15 09:30:07.000000000 +0200
++++ serefpolicy-3.5.13/policy/modules/services/ftp.te	2009-07-03 11:05:13.000000000 +0200
 @@ -26,7 +26,7 @@
  ## <desc>
  ## <p>
@@ -17575,15 +17575,16 @@ diff --exclude-from=exclude -N -u -r nsa
  type ftpd_t;
  type ftpd_exec_t;
  init_daemon_domain(ftpd_t, ftpd_exec_t)
-@@ -92,6 +100,7 @@
+@@ -92,6 +100,8 @@
  allow ftpd_t self:unix_stream_socket create_stream_socket_perms;
  allow ftpd_t self:tcp_socket create_stream_socket_perms;
  allow ftpd_t self:udp_socket create_socket_perms;
++allow ftpd_t self:shm create_shm_perms;
 +allow ftpd_t self:key manage_key_perms;
  
  allow ftpd_t ftpd_etc_t:file read_file_perms;
  
-@@ -158,8 +167,10 @@
+@@ -158,8 +168,10 @@
  files_read_etc_runtime_files(ftpd_t)
  files_search_var_lib(ftpd_t)
  
@@ -17594,7 +17595,7 @@ diff --exclude-from=exclude -N -u -r nsa
  
  auth_use_nsswitch(ftpd_t)
  auth_domtrans_chk_passwd(ftpd_t)
-@@ -226,8 +237,16 @@
+@@ -226,8 +238,16 @@
  	userdom_manage_all_users_home_content_dirs(ftpd_t)
  	userdom_manage_all_users_home_content_files(ftpd_t)
  	userdom_manage_all_users_home_content_symlinks(ftpd_t)
@@ -17611,7 +17612,7 @@ diff --exclude-from=exclude -N -u -r nsa
  tunable_policy(`ftp_home_dir && use_nfs_home_dirs',`
  	fs_manage_nfs_files(ftpd_t)
  	fs_read_nfs_symlinks(ftpd_t)
-@@ -238,6 +257,11 @@
+@@ -238,6 +258,11 @@
  	fs_read_cifs_symlinks(ftpd_t)
  ')
  
@@ -17623,7 +17624,7 @@ diff --exclude-from=exclude -N -u -r nsa
  optional_policy(`
  	tunable_policy(`ftp_home_dir',`
  		apache_search_sys_content(ftpd_t)
-@@ -245,6 +269,18 @@
+@@ -245,6 +270,18 @@
  ')
  
  optional_policy(`
@@ -17642,7 +17643,7 @@ diff --exclude-from=exclude -N -u -r nsa
  	corecmd_exec_shell(ftpd_t)
  
  	files_read_usr_files(ftpd_t)
-@@ -261,7 +297,9 @@
+@@ -261,7 +298,9 @@
  ')
  
  optional_policy(`
@@ -17653,7 +17654,7 @@ diff --exclude-from=exclude -N -u -r nsa
  ')
  
  optional_policy(`
-@@ -273,6 +311,14 @@
+@@ -273,6 +312,14 @@
  ')
  
  optional_policy(`
@@ -33826,7 +33827,7 @@ diff --exclude-from=exclude -N -u -r nsa
  allow iscsid_t iscsi_tmp_t:dir manage_dir_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.5.13/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/system/libraries.fc	2009-06-11 12:23:47.000000000 +0200
++++ serefpolicy-3.5.13/policy/modules/system/libraries.fc	2009-06-29 15:07:26.000000000 +0200
 @@ -60,12 +60,15 @@
  #
  # /opt
@@ -33978,7 +33979,12 @@ diff --exclude-from=exclude -N -u -r nsa
  # Jai, Sun Microsystems (Jpackage SPRM)
  /usr/lib(64)?/libmlib_jai\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/libdivxdecore\.so\.0	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -267,6 +293,9 @@
+@@ -263,10 +289,14 @@
+ /usr/lib(64)?/python2.4/site-packages/M2Crypto/__m2crypto\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ 
+ # vmware 
++HOME_DIR/\.mozilla(/.*)?/plugins/np-vmware-vmrc-.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/vmware/lib(/.*)?/libgdk-x11-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/vmware/lib(/.*)?/HConfig\.so  --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/vmware/(.*/)?VmPerl\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  
@@ -33988,7 +33994,7 @@ diff --exclude-from=exclude -N -u -r nsa
  # Java, Sun Microsystems (JPackage SRPM)
  /usr/(.*/)?jre.*/.*\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/local/(.*/)?jre.*/.*\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -283,6 +312,7 @@
+@@ -283,6 +313,7 @@
  /usr/(local/)?matlab.*/bin/glnx86/libmwlapack\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/(local/)?matlab.*/bin/glnx86/(libmw(lapack|mathutil|services)|lapack|libmkl)\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/(local/)?matlab.*/sys/os/glnx86/libtermcap\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -33996,7 +34002,7 @@ diff --exclude-from=exclude -N -u -r nsa
  
  /usr/(.*/)?intellinux/SPPlugins/ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  
-@@ -291,6 +321,8 @@
+@@ -291,6 +322,8 @@
  /usr/lib/acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib/acroread/.+\.api		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib/acroread/(.*/)?ADMPlugin\.apl	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -34005,7 +34011,7 @@ diff --exclude-from=exclude -N -u -r nsa
  ') dnl end distro_redhat
  
  #
-@@ -307,6 +339,36 @@
+@@ -307,6 +340,36 @@
  /var/lib/samba/bin/.+\.so(\.[^/]*)*	-l	gen_context(system_u:object_r:lib_t,s0)
  ')
  


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/selinux-policy.spec,v
retrieving revision 1.800
retrieving revision 1.801
diff -u -p -r1.800 -r1.801
--- selinux-policy.spec	24 Jun 2009 08:43:56 -0000	1.800
+++ selinux-policy.spec	3 Jul 2009 09:09:30 -0000	1.801
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.5.13
-Release: 65%{?dist}
+Release: 66%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -462,6 +462,9 @@ exit 0
 %endif
 
 %changelog
+* Fri Jul 3 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-66
+- Allow ftpd to create shm
+
 * Wed Jun 24 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-65
 - Dontaudit dhcpc to access sys_ptrace
 


