rpms/selinux-policy/devel policy-F12.patch,1.27,1.28
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Jul 15 19:12:05 UTC 2009
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30383
Modified Files:
policy-F12.patch
Log Message:
* Tue Jul 14 2009 Dan Walsh <dwalsh at redhat.com> 3.6.22-1
- Update to upstream
policy-F12.patch:
Index: policy-F12.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-F12.patch,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -p -r1.27 -r1.28
--- policy-F12.patch 15 Jul 2009 18:14:21 -0000 1.27
+++ policy-F12.patch 15 Jul 2009 19:12:04 -0000 1.28
@@ -5617,8 +5617,8 @@ diff -b -B --ignore-all-space --exclude-
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.te serefpolicy-3.6.22/policy/modules/apps/wm.te
--- nsaserefpolicy/policy/modules/apps/wm.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.22/policy/modules/apps/wm.te 2009-07-15 14:06:36.000000000 -0400
-@@ -0,0 +1,13 @@
++++ serefpolicy-3.6.22/policy/modules/apps/wm.te 2009-07-15 15:11:12.000000000 -0400
+@@ -0,0 +1,9 @@
+policy_module(wm,0.0.4)
+
+########################################
@@ -5628,10 +5628,6 @@ diff -b -B --ignore-all-space --exclude-
+
+type wm_exec_t;
+corecmd_executable_file(wm_exec_t)
-+
-+type wm_t;
-+domain_type(wm_t)
-+domain_entry_file(wm_t, wm_exec_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.6.22/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2009-07-14 14:19:57.000000000 -0400
+++ serefpolicy-3.6.22/policy/modules/kernel/corecommands.fc 2009-07-15 14:06:36.000000000 -0400
@@ -6798,7 +6794,7 @@ diff -b -B --ignore-all-space --exclude-
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.6.22/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.22/policy/modules/kernel/kernel.if 2009-07-15 14:06:36.000000000 -0400
++++ serefpolicy-3.6.22/policy/modules/kernel/kernel.if 2009-07-15 14:51:40.000000000 -0400
@@ -1807,7 +1807,7 @@
')
@@ -13924,7 +13920,7 @@ diff -b -B --ignore-all-space --exclude-
/usr/libexec/hald-addon-macbookpro-backlight -- gen_context(system_u:object_r:hald_mac_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.6.22/policy/modules/services/hal.if
--- nsaserefpolicy/policy/modules/services/hal.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.22/policy/modules/services/hal.if 2009-07-15 14:06:36.000000000 -0400
++++ serefpolicy-3.6.22/policy/modules/services/hal.if 2009-07-15 14:55:28.000000000 -0400
@@ -20,6 +20,24 @@
########################################
@@ -14052,7 +14048,7 @@ diff -b -B --ignore-all-space --exclude-
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.22/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.22/policy/modules/services/hal.te 2009-07-15 14:06:36.000000000 -0400
++++ serefpolicy-3.6.22/policy/modules/services/hal.te 2009-07-15 14:59:38.000000000 -0400
@@ -49,6 +49,15 @@
type hald_var_lib_t;
files_type(hald_var_lib_t)
@@ -14069,7 +14065,15 @@ diff -b -B --ignore-all-space --exclude-
########################################
#
# Local policy
-@@ -141,13 +150,20 @@
+@@ -94,6 +103,7 @@
+ kernel_rw_irq_sysctls(hald_t)
+ kernel_rw_vm_sysctls(hald_t)
+ kernel_write_proc_files(hald_t)
++kernel_search_network_sysctl(hald_t)
+ kernel_setsched(hald_t)
+
+ auth_read_pam_console_data(hald_t)
+@@ -141,13 +151,20 @@
# hal is now execing pm-suspend
files_create_boot_flag(hald_t)
files_getattr_all_dirs(hald_t)
@@ -14090,7 +14094,7 @@ diff -b -B --ignore-all-space --exclude-
files_getattr_all_mountpoints(hald_t)
mls_file_read_all_levels(hald_t)
-@@ -195,6 +211,7 @@
+@@ -195,6 +212,7 @@
seutil_read_file_contexts(hald_t)
sysnet_read_config(hald_t)
@@ -14098,7 +14102,7 @@ diff -b -B --ignore-all-space --exclude-
userdom_dontaudit_use_unpriv_user_fds(hald_t)
userdom_dontaudit_search_user_home_dirs(hald_t)
-@@ -277,6 +294,18 @@
+@@ -277,6 +295,18 @@
')
optional_policy(`
@@ -14117,7 +14121,7 @@ diff -b -B --ignore-all-space --exclude-
rpc_search_nfs_state_data(hald_t)
')
-@@ -298,7 +327,11 @@
+@@ -298,7 +328,11 @@
')
optional_policy(`
@@ -14130,7 +14134,7 @@ diff -b -B --ignore-all-space --exclude-
')
########################################
-@@ -306,7 +339,7 @@
+@@ -306,7 +340,7 @@
# Hal acl local policy
#
@@ -14139,7 +14143,7 @@ diff -b -B --ignore-all-space --exclude-
allow hald_acl_t self:process { getattr signal };
allow hald_acl_t self:fifo_file rw_fifo_file_perms;
-@@ -321,6 +354,7 @@
+@@ -321,6 +355,7 @@
manage_dirs_pattern(hald_acl_t, hald_var_run_t, hald_var_run_t)
manage_files_pattern(hald_acl_t, hald_var_run_t, hald_var_run_t)
files_pid_filetrans(hald_acl_t, hald_var_run_t, { dir file })
@@ -14147,7 +14151,7 @@ diff -b -B --ignore-all-space --exclude-
corecmd_exec_bin(hald_acl_t)
-@@ -339,6 +373,8 @@
+@@ -339,6 +374,8 @@
storage_getattr_removable_dev(hald_acl_t)
storage_setattr_removable_dev(hald_acl_t)
@@ -14156,7 +14160,7 @@ diff -b -B --ignore-all-space --exclude-
auth_use_nsswitch(hald_acl_t)
-@@ -346,12 +382,19 @@
+@@ -346,12 +383,19 @@
miscfiles_read_localization(hald_acl_t)
@@ -14177,7 +14181,7 @@ diff -b -B --ignore-all-space --exclude-
domtrans_pattern(hald_t, hald_mac_exec_t, hald_mac_t)
allow hald_t hald_mac_t:process signal;
-@@ -374,6 +417,8 @@
+@@ -374,6 +418,8 @@
auth_use_nsswitch(hald_mac_t)
@@ -14186,7 +14190,7 @@ diff -b -B --ignore-all-space --exclude-
miscfiles_read_localization(hald_mac_t)
########################################
-@@ -415,6 +460,55 @@
+@@ -415,6 +461,62 @@
dev_rw_input_dev(hald_keymap_t)
@@ -14203,6 +14207,7 @@ diff -b -B --ignore-all-space --exclude-
+#
+# Local hald dccm policy
+#
++allow hald_dccm_t self:fifo_file rw_fifo_file_perms;
+allow hald_dccm_t self:capability { net_bind_service };
+allow hald_dccm_t self:process getsched;
+allow hald_dccm_t self:tcp_socket create_stream_socket_perms;
@@ -14213,6 +14218,8 @@ diff -b -B --ignore-all-space --exclude-
+allow hald_t hald_dccm_t:process signal;
+allow hald_dccm_t hald_t:unix_stream_socket connectto;
+
++hal_rw_dgram_sockets(hald_dccm_t)
++
+corenet_all_recvfrom_unlabeled(hald_dccm_t)
+corenet_all_recvfrom_netlabel(hald_dccm_t)
+corenet_tcp_sendrecv_generic_if(hald_dccm_t)
@@ -14241,6 +14248,10 @@ diff -b -B --ignore-all-space --exclude-
+
+miscfiles_read_localization(hald_dccm_t)
+
++optional_policy(`
++ dbus_system_bus_client(hald_dccm_t)
++')
++
+permissive hald_dccm_t;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.fc serefpolicy-3.6.22/policy/modules/services/kerberos.fc
--- nsaserefpolicy/policy/modules/services/kerberos.fc 2009-07-14 14:19:57.000000000 -0400
@@ -27138,7 +27149,7 @@ diff -b -B --ignore-all-space --exclude-
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.6.22/policy/modules/system/sysnetwork.te
--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.22/policy/modules/system/sysnetwork.te 2009-07-15 14:06:36.000000000 -0400
++++ serefpolicy-3.6.22/policy/modules/system/sysnetwork.te 2009-07-15 14:56:56.000000000 -0400
@@ -20,6 +20,9 @@
init_daemon_domain(dhcpc_t, dhcpc_exec_t)
role system_r types dhcpc_t;
@@ -27186,7 +27197,7 @@ diff -b -B --ignore-all-space --exclude-
files_etc_filetrans(dhcpc_t, net_conf_t, file)
# create temp files
-@@ -115,8 +121,9 @@
+@@ -115,11 +121,13 @@
corecmd_exec_bin(dhcpc_t)
corecmd_exec_shell(dhcpc_t)
@@ -27197,7 +27208,11 @@ diff -b -B --ignore-all-space --exclude-
files_read_etc_files(dhcpc_t)
files_read_etc_runtime_files(dhcpc_t)
-@@ -183,25 +190,23 @@
++files_read_usr_files(dhcpc_t)
+ files_search_home(dhcpc_t)
+ files_search_var_lib(dhcpc_t)
+ files_dontaudit_search_locks(dhcpc_t)
+@@ -183,25 +191,23 @@
')
optional_policy(`
@@ -27231,7 +27246,7 @@ diff -b -B --ignore-all-space --exclude-
')
optional_policy(`
-@@ -212,6 +217,7 @@
+@@ -212,6 +218,7 @@
optional_policy(`
seutil_sigchld_newrole(dhcpc_t)
seutil_dontaudit_search_config(dhcpc_t)
@@ -27239,7 +27254,7 @@ diff -b -B --ignore-all-space --exclude-
')
optional_policy(`
-@@ -223,6 +229,10 @@
+@@ -223,6 +230,10 @@
')
optional_policy(`
@@ -27250,7 +27265,7 @@ diff -b -B --ignore-all-space --exclude-
kernel_read_xen_state(dhcpc_t)
kernel_write_xen_state(dhcpc_t)
xen_append_log(dhcpc_t)
-@@ -236,7 +246,6 @@
+@@ -236,7 +247,6 @@
allow ifconfig_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execheap execstack };
allow ifconfig_t self:capability { net_raw net_admin sys_tty_config };
@@ -27258,7 +27273,7 @@ diff -b -B --ignore-all-space --exclude-
allow ifconfig_t self:fd use;
allow ifconfig_t self:fifo_file rw_fifo_file_perms;
-@@ -250,6 +259,7 @@
+@@ -250,6 +260,7 @@
allow ifconfig_t self:sem create_sem_perms;
allow ifconfig_t self:msgq create_msgq_perms;
allow ifconfig_t self:msg { send receive };
@@ -27266,7 +27281,7 @@ diff -b -B --ignore-all-space --exclude-
# Create UDP sockets, necessary when called from dhcpc
allow ifconfig_t self:udp_socket create_socket_perms;
-@@ -259,13 +269,20 @@
+@@ -259,13 +270,20 @@
allow ifconfig_t self:netlink_route_socket create_netlink_socket_perms;
allow ifconfig_t self:netlink_xfrm_socket { create_netlink_socket_perms nlmsg_read };
allow ifconfig_t self:tcp_socket { create ioctl };
@@ -27287,7 +27302,7 @@ diff -b -B --ignore-all-space --exclude-
corenet_rw_tun_tap_dev(ifconfig_t)
-@@ -276,8 +293,13 @@
+@@ -276,8 +294,13 @@
fs_getattr_xattr_fs(ifconfig_t)
fs_search_auto_mountpoints(ifconfig_t)
@@ -27301,7 +27316,7 @@ diff -b -B --ignore-all-space --exclude-
domain_use_interactive_fds(ifconfig_t)
-@@ -296,6 +318,8 @@
+@@ -296,6 +319,8 @@
seutil_use_runinit_fds(ifconfig_t)
@@ -27310,7 +27325,7 @@ diff -b -B --ignore-all-space --exclude-
userdom_use_user_terminals(ifconfig_t)
userdom_use_all_users_fds(ifconfig_t)
-@@ -332,6 +356,14 @@
+@@ -332,8 +357,22 @@
')
optional_policy(`
@@ -27325,6 +27340,14 @@ diff -b -B --ignore-all-space --exclude-
kernel_read_xen_state(ifconfig_t)
kernel_write_xen_state(ifconfig_t)
xen_append_log(ifconfig_t)
+ xen_dontaudit_rw_unix_stream_sockets(ifconfig_t)
+ ')
++
++optional_policy(`
++ hal_rw_dgram_sockets(dhcpc_t)
++ hal_dontaudit_rw_pipes(ifconfig_t)
++')
++
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.fc serefpolicy-3.6.22/policy/modules/system/udev.fc
--- nsaserefpolicy/policy/modules/system/udev.fc 2009-07-14 14:19:57.000000000 -0400
+++ serefpolicy-3.6.22/policy/modules/system/udev.fc 2009-07-15 14:06:36.000000000 -0400
More information about the fedora-extras-commits
mailing list