rpms/selinux-policy/devel policy-F12.patch,1.27,1.28

Daniel J Walsh dwalsh at fedoraproject.org
Wed Jul 15 19:12:05 UTC 2009 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30383

Modified Files:
	policy-F12.patch 
Log Message:
* Tue Jul 14 2009 Dan Walsh <dwalsh at redhat.com> 3.6.22-1
- Update to upstream


policy-F12.patch:

Index: policy-F12.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-F12.patch,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -p -r1.27 -r1.28
--- policy-F12.patch	15 Jul 2009 18:14:21 -0000	1.27
+++ policy-F12.patch	15 Jul 2009 19:12:04 -0000	1.28
@@ -5617,8 +5617,8 @@ diff -b -B --ignore-all-space --exclude-
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.te serefpolicy-3.6.22/policy/modules/apps/wm.te
 --- nsaserefpolicy/policy/modules/apps/wm.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.22/policy/modules/apps/wm.te	2009-07-15 14:06:36.000000000 -0400
-@@ -0,0 +1,13 @@
++++ serefpolicy-3.6.22/policy/modules/apps/wm.te	2009-07-15 15:11:12.000000000 -0400
+@@ -0,0 +1,9 @@
 +policy_module(wm,0.0.4)
 +
 +########################################
@@ -5628,10 +5628,6 @@ diff -b -B --ignore-all-space --exclude-
 +
 +type wm_exec_t;
 +corecmd_executable_file(wm_exec_t)
-+
-+type wm_t;
-+domain_type(wm_t)
-+domain_entry_file(wm_t, wm_exec_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.6.22/policy/modules/kernel/corecommands.fc
 --- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2009-07-14 14:19:57.000000000 -0400
 +++ serefpolicy-3.6.22/policy/modules/kernel/corecommands.fc	2009-07-15 14:06:36.000000000 -0400
@@ -6798,7 +6794,7 @@ diff -b -B --ignore-all-space --exclude-
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.6.22/policy/modules/kernel/kernel.if
 --- nsaserefpolicy/policy/modules/kernel/kernel.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.22/policy/modules/kernel/kernel.if	2009-07-15 14:06:36.000000000 -0400
++++ serefpolicy-3.6.22/policy/modules/kernel/kernel.if	2009-07-15 14:51:40.000000000 -0400
 @@ -1807,7 +1807,7 @@
  	')
  
@@ -13924,7 +13920,7 @@ diff -b -B --ignore-all-space --exclude-
  /usr/libexec/hald-addon-macbookpro-backlight --	gen_context(system_u:object_r:hald_mac_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.6.22/policy/modules/services/hal.if
 --- nsaserefpolicy/policy/modules/services/hal.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.22/policy/modules/services/hal.if	2009-07-15 14:06:36.000000000 -0400
++++ serefpolicy-3.6.22/policy/modules/services/hal.if	2009-07-15 14:55:28.000000000 -0400
 @@ -20,6 +20,24 @@
  
  ########################################
@@ -14052,7 +14048,7 @@ diff -b -B --ignore-all-space --exclude-
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.22/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.22/policy/modules/services/hal.te	2009-07-15 14:06:36.000000000 -0400
++++ serefpolicy-3.6.22/policy/modules/services/hal.te	2009-07-15 14:59:38.000000000 -0400
 @@ -49,6 +49,15 @@
  type hald_var_lib_t;
  files_type(hald_var_lib_t)
@@ -14069,7 +14065,15 @@ diff -b -B --ignore-all-space --exclude-
  ########################################
  #
  # Local policy
-@@ -141,13 +150,20 @@
+@@ -94,6 +103,7 @@
+ kernel_rw_irq_sysctls(hald_t)
+ kernel_rw_vm_sysctls(hald_t)
+ kernel_write_proc_files(hald_t)
++kernel_search_network_sysctl(hald_t)
+ kernel_setsched(hald_t)
+ 
+ auth_read_pam_console_data(hald_t)
+@@ -141,13 +151,20 @@
  # hal is now execing pm-suspend
  files_create_boot_flag(hald_t)
  files_getattr_all_dirs(hald_t)
@@ -14090,7 +14094,7 @@ diff -b -B --ignore-all-space --exclude-
  files_getattr_all_mountpoints(hald_t)
  
  mls_file_read_all_levels(hald_t)
-@@ -195,6 +211,7 @@
+@@ -195,6 +212,7 @@
  seutil_read_file_contexts(hald_t)
  
  sysnet_read_config(hald_t)
@@ -14098,7 +14102,7 @@ diff -b -B --ignore-all-space --exclude-
  
  userdom_dontaudit_use_unpriv_user_fds(hald_t)
  userdom_dontaudit_search_user_home_dirs(hald_t)
-@@ -277,6 +294,18 @@
+@@ -277,6 +295,18 @@
  ')
  
  optional_policy(`
@@ -14117,7 +14121,7 @@ diff -b -B --ignore-all-space --exclude-
  	rpc_search_nfs_state_data(hald_t)
  ')
  
-@@ -298,7 +327,11 @@
+@@ -298,7 +328,11 @@
  ')
  
  optional_policy(`
@@ -14130,7 +14134,7 @@ diff -b -B --ignore-all-space --exclude-
  ')
  
  ########################################
-@@ -306,7 +339,7 @@
+@@ -306,7 +340,7 @@
  # Hal acl local policy
  #
  
@@ -14139,7 +14143,7 @@ diff -b -B --ignore-all-space --exclude-
  allow hald_acl_t self:process { getattr signal };
  allow hald_acl_t self:fifo_file rw_fifo_file_perms;
  
-@@ -321,6 +354,7 @@
+@@ -321,6 +355,7 @@
  manage_dirs_pattern(hald_acl_t, hald_var_run_t, hald_var_run_t)
  manage_files_pattern(hald_acl_t, hald_var_run_t, hald_var_run_t)
  files_pid_filetrans(hald_acl_t, hald_var_run_t, { dir file })
@@ -14147,7 +14151,7 @@ diff -b -B --ignore-all-space --exclude-
  
  corecmd_exec_bin(hald_acl_t)
  
-@@ -339,6 +373,8 @@
+@@ -339,6 +374,8 @@
  
  storage_getattr_removable_dev(hald_acl_t)
  storage_setattr_removable_dev(hald_acl_t)
@@ -14156,7 +14160,7 @@ diff -b -B --ignore-all-space --exclude-
  
  auth_use_nsswitch(hald_acl_t)
  
-@@ -346,12 +382,19 @@
+@@ -346,12 +383,19 @@
  
  miscfiles_read_localization(hald_acl_t)
  
@@ -14177,7 +14181,7 @@ diff -b -B --ignore-all-space --exclude-
  
  domtrans_pattern(hald_t, hald_mac_exec_t, hald_mac_t)
  allow hald_t hald_mac_t:process signal;
-@@ -374,6 +417,8 @@
+@@ -374,6 +418,8 @@
  
  auth_use_nsswitch(hald_mac_t)
  
@@ -14186,7 +14190,7 @@ diff -b -B --ignore-all-space --exclude-
  miscfiles_read_localization(hald_mac_t)
  
  ########################################
-@@ -415,6 +460,55 @@
+@@ -415,6 +461,62 @@
  
  dev_rw_input_dev(hald_keymap_t)
  
@@ -14203,6 +14207,7 @@ diff -b -B --ignore-all-space --exclude-
 +#
 +# Local hald dccm policy
 +#
++allow hald_dccm_t self:fifo_file rw_fifo_file_perms;
 +allow hald_dccm_t self:capability { net_bind_service };
 +allow hald_dccm_t self:process getsched;
 +allow hald_dccm_t self:tcp_socket create_stream_socket_perms;
@@ -14213,6 +14218,8 @@ diff -b -B --ignore-all-space --exclude-
 +allow hald_t hald_dccm_t:process signal;
 +allow hald_dccm_t hald_t:unix_stream_socket connectto;
 +
++hal_rw_dgram_sockets(hald_dccm_t)
++
 +corenet_all_recvfrom_unlabeled(hald_dccm_t)
 +corenet_all_recvfrom_netlabel(hald_dccm_t)
 +corenet_tcp_sendrecv_generic_if(hald_dccm_t)
@@ -14241,6 +14248,10 @@ diff -b -B --ignore-all-space --exclude-
 +
 +miscfiles_read_localization(hald_dccm_t)
 +
++optional_policy(`
++	dbus_system_bus_client(hald_dccm_t)
++')
++
 +permissive hald_dccm_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.fc serefpolicy-3.6.22/policy/modules/services/kerberos.fc
 --- nsaserefpolicy/policy/modules/services/kerberos.fc	2009-07-14 14:19:57.000000000 -0400
@@ -27138,7 +27149,7 @@ diff -b -B --ignore-all-space --exclude-
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.6.22/policy/modules/system/sysnetwork.te
 --- nsaserefpolicy/policy/modules/system/sysnetwork.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.22/policy/modules/system/sysnetwork.te	2009-07-15 14:06:36.000000000 -0400
++++ serefpolicy-3.6.22/policy/modules/system/sysnetwork.te	2009-07-15 14:56:56.000000000 -0400
 @@ -20,6 +20,9 @@
  init_daemon_domain(dhcpc_t, dhcpc_exec_t)
  role system_r types dhcpc_t;
@@ -27186,7 +27197,7 @@ diff -b -B --ignore-all-space --exclude-
  files_etc_filetrans(dhcpc_t, net_conf_t, file)
  
  # create temp files
-@@ -115,8 +121,9 @@
+@@ -115,11 +121,13 @@
  corecmd_exec_bin(dhcpc_t)
  corecmd_exec_shell(dhcpc_t)
  
@@ -27197,7 +27208,11 @@ diff -b -B --ignore-all-space --exclude-
  
  files_read_etc_files(dhcpc_t)
  files_read_etc_runtime_files(dhcpc_t)
-@@ -183,25 +190,23 @@
++files_read_usr_files(dhcpc_t)
+ files_search_home(dhcpc_t)
+ files_search_var_lib(dhcpc_t)
+ files_dontaudit_search_locks(dhcpc_t)
+@@ -183,25 +191,23 @@
  ')
  
  optional_policy(`
@@ -27231,7 +27246,7 @@ diff -b -B --ignore-all-space --exclude-
  ')
  
  optional_policy(`
-@@ -212,6 +217,7 @@
+@@ -212,6 +218,7 @@
  optional_policy(`
  	seutil_sigchld_newrole(dhcpc_t)
  	seutil_dontaudit_search_config(dhcpc_t)
@@ -27239,7 +27254,7 @@ diff -b -B --ignore-all-space --exclude-
  ')
  
  optional_policy(`
-@@ -223,6 +229,10 @@
+@@ -223,6 +230,10 @@
  ')
  
  optional_policy(`
@@ -27250,7 +27265,7 @@ diff -b -B --ignore-all-space --exclude-
  	kernel_read_xen_state(dhcpc_t)
  	kernel_write_xen_state(dhcpc_t)
  	xen_append_log(dhcpc_t)
-@@ -236,7 +246,6 @@
+@@ -236,7 +247,6 @@
  
  allow ifconfig_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execheap execstack };
  allow ifconfig_t self:capability { net_raw net_admin sys_tty_config };
@@ -27258,7 +27273,7 @@ diff -b -B --ignore-all-space --exclude-
  
  allow ifconfig_t self:fd use;
  allow ifconfig_t self:fifo_file rw_fifo_file_perms;
-@@ -250,6 +259,7 @@
+@@ -250,6 +260,7 @@
  allow ifconfig_t self:sem create_sem_perms;
  allow ifconfig_t self:msgq create_msgq_perms;
  allow ifconfig_t self:msg { send receive };
@@ -27266,7 +27281,7 @@ diff -b -B --ignore-all-space --exclude-
  
  # Create UDP sockets, necessary when called from dhcpc
  allow ifconfig_t self:udp_socket create_socket_perms;
-@@ -259,13 +269,20 @@
+@@ -259,13 +270,20 @@
  allow ifconfig_t self:netlink_route_socket create_netlink_socket_perms;
  allow ifconfig_t self:netlink_xfrm_socket { create_netlink_socket_perms nlmsg_read };
  allow ifconfig_t self:tcp_socket { create ioctl };
@@ -27287,7 +27302,7 @@ diff -b -B --ignore-all-space --exclude-
  
  corenet_rw_tun_tap_dev(ifconfig_t)
  
-@@ -276,8 +293,13 @@
+@@ -276,8 +294,13 @@
  fs_getattr_xattr_fs(ifconfig_t)
  fs_search_auto_mountpoints(ifconfig_t)
  
@@ -27301,7 +27316,7 @@ diff -b -B --ignore-all-space --exclude-
  
  domain_use_interactive_fds(ifconfig_t)
  
-@@ -296,6 +318,8 @@
+@@ -296,6 +319,8 @@
  
  seutil_use_runinit_fds(ifconfig_t)
  
@@ -27310,7 +27325,7 @@ diff -b -B --ignore-all-space --exclude-
  userdom_use_user_terminals(ifconfig_t)
  userdom_use_all_users_fds(ifconfig_t)
  
-@@ -332,6 +356,14 @@
+@@ -332,8 +357,22 @@
  ')
  
  optional_policy(`
@@ -27325,6 +27340,14 @@ diff -b -B --ignore-all-space --exclude-
  	kernel_read_xen_state(ifconfig_t)
  	kernel_write_xen_state(ifconfig_t)
  	xen_append_log(ifconfig_t)
+ 	xen_dontaudit_rw_unix_stream_sockets(ifconfig_t)
+ ')
++
++optional_policy(`
++	hal_rw_dgram_sockets(dhcpc_t)
++	hal_dontaudit_rw_pipes(ifconfig_t)
++')
++
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.fc serefpolicy-3.6.22/policy/modules/system/udev.fc
 --- nsaserefpolicy/policy/modules/system/udev.fc	2009-07-14 14:19:57.000000000 -0400
 +++ serefpolicy-3.6.22/policy/modules/system/udev.fc	2009-07-15 14:06:36.000000000 -0400

More information about the fedora-extras-commits mailing list