rpms/selinux-policy/F-10 policy-20080710.patch, 1.168, 1.169 selinux-policy.spec, 1.795, 1.796
Miroslav Grepl
mgrepl at fedoraproject.org
Wed Jun 3 07:15:08 UTC 2009
- Previous message (by thread): rpms/inkscape/devel inkscape.spec,1.77,1.78
- Next message (by thread): rpms/inkscape/F-10 inkscape-20090226svn-oldcairo.patch, NONE, 1.1 inkscape-20090227svn-automake.patch, NONE, 1.1 inkscape-20090410svn-formats.patch, NONE, 1.1 inkscape-20090410svn-uniconv.patch, NONE, 1.1 inkscape-20090508svn-crc32.patch, NONE, 1.1 .cvsignore, 1.16, 1.17 inkscape.spec, 1.60, 1.61 sources, 1.16, 1.17 inkscape-0.46-bitmap-fonts.patch, 1.1, NONE inkscape-0.46-colors.patch, 1.1, NONE inkscape-0.46-cxxinclude.patch, 1.1, NONE inkscape-0.46-desktop.patch, 1.1, NONE inkscape-0.46-fixlatex.patch, 1.1, NONE inkscape-0.46-gtk2.13.3.patch, 1.1, NONE inkscape-0.46-gtkopen.patch, 1.1, NONE inkscape-0.46-poppler-0.8.3.patch, 1.1, NONE inkscape-0.46-uniconv.patch, 1.1, NONE inkscape-0.46pre2-icons.patch, 1.2, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mgrepl
Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv8313
Modified Files:
policy-20080710.patch selinux-policy.spec
Log Message:
- Allow hald to manage fusefs_t directories
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.168
retrieving revision 1.169
diff -u -p -r1.168 -r1.169
--- policy-20080710.patch 22 May 2009 08:37:34 -0000 1.168
+++ policy-20080710.patch 3 Jun 2009 07:15:05 -0000 1.169
@@ -6875,7 +6875,7 @@ diff --exclude-from=exclude -N -u -r nsa
+wm_domain_template(user,xdm)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.5.13/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2008-10-17 14:49:14.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/kernel/corecommands.fc 2009-03-12 13:44:36.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/kernel/corecommands.fc 2009-06-03 07:57:01.000000000 +0200
@@ -73,10 +73,16 @@
/etc/sysconfig/libvirtd -- gen_context(system_u:object_r:bin_t,s0)
/etc/sysconfig/netconsole -- gen_context(system_u:object_r:bin_t,s0)
@@ -6897,7 +6897,7 @@ diff --exclude-from=exclude -N -u -r nsa
/etc/X11/xdm/GiveConsole -- gen_context(system_u:object_r:bin_t,s0)
/etc/X11/xdm/TakeConsole -- gen_context(system_u:object_r:bin_t,s0)
-@@ -123,12 +129,17 @@
+@@ -123,12 +129,18 @@
/opt/(.*/)?sbin(/.*)? gen_context(system_u:object_r:bin_t,s0)
@@ -6909,13 +6909,14 @@ diff --exclude-from=exclude -N -u -r nsa
/opt/vmware/workstation/lib/lib/wrapper-gtk24\.sh -- gen_context(system_u:object_r:bin_t,s0)
')
-+/opt/gutenprint/cups/lib/filter(/.*)? gen_context(system_u:object_r:bin_t,s0)
-+/opt/Adobe(/.*)?/sidecars(/.*)? gen_context(system_u:object_r:bin_t,s0)
++/opt/gutenprint/cups/lib/filter(/.*)? gen_context(system_u:object_r:bin_t,s0)
++/opt/OpenPrinting-Gutenprint/cups/lib/filter(/.*)? gen_context(system_u:object_r:bin_t,s0)
++/opt/Adobe(/.*)?/sidecars(/.*)? gen_context(system_u:object_r:bin_t,s0)
+
#
# /usr
#
-@@ -176,6 +187,8 @@
+@@ -176,6 +188,8 @@
/usr/lib(64)?/[^/]*/mozilla-xremote-client -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/thunderbird.*/mozilla-xremote-client -- gen_context(system_u:object_r:bin_t,s0)
@@ -6924,7 +6925,7 @@ diff --exclude-from=exclude -N -u -r nsa
/usr/lib(64)?/xen/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/libexec(/.*)? gen_context(system_u:object_r:bin_t,s0)
-@@ -184,10 +197,8 @@
+@@ -184,10 +198,8 @@
/usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
/usr/local/lib(64)?/ipsec/.* -- gen_context(system_u:object_r:bin_t,s0)
@@ -6937,7 +6938,7 @@ diff --exclude-from=exclude -N -u -r nsa
/usr/local/linuxprinter/filters(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/sbin/scponlyc -- gen_context(system_u:object_r:shell_exec_t,s0)
-@@ -202,6 +213,7 @@
+@@ -202,6 +214,7 @@
/usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/hal/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/mc/extfs/.* -- gen_context(system_u:object_r:bin_t,s0)
@@ -6945,7 +6946,7 @@ diff --exclude-from=exclude -N -u -r nsa
/usr/share/printconf/util/print\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/selinux/devel/policygentool -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/turboprint/lib(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
-@@ -222,14 +234,15 @@
+@@ -222,14 +235,15 @@
/usr/lib64/.*/program(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib64/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
@@ -6963,7 +6964,7 @@ diff --exclude-from=exclude -N -u -r nsa
/usr/share/fedora-usermgmt/wrapper -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/hplip/[^/]* -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/hwbrowser/hwbrowser -- gen_context(system_u:object_r:bin_t,s0)
-@@ -292,3 +305,14 @@
+@@ -292,3 +306,14 @@
ifdef(`distro_suse',`
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
')
@@ -11250,7 +11251,7 @@ diff --exclude-from=exclude -N -u -r nsa
## </summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.5.13/policy/modules/services/apache.fc
--- nsaserefpolicy/policy/modules/services/apache.fc 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/apache.fc 2009-03-11 10:38:02.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/apache.fc 2009-06-03 08:00:14.000000000 +0200
@@ -1,16 +1,18 @@
-HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_ROLE_content_t,s0)
+HOME_DIR/((www)|(web)|(public_html)|(public_git))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
@@ -11315,7 +11316,7 @@ diff --exclude-from=exclude -N -u -r nsa
/var/log/apache(2)?(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
/var/log/apache-ssl(2)?(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
/var/log/cacti(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
-@@ -64,11 +76,24 @@
+@@ -64,11 +76,28 @@
/var/run/apache.* gen_context(system_u:object_r:httpd_var_run_t,s0)
/var/run/gcache_port -s gen_context(system_u:object_r:httpd_var_run_t,s0)
/var/run/httpd.* gen_context(system_u:object_r:httpd_var_run_t,s0)
@@ -11331,7 +11332,6 @@ diff --exclude-from=exclude -N -u -r nsa
+/var/www/gallery/albums(/.*)? gen_context(system_u:object_r:httpd_sys_content_rw_t,s0)
/var/www/icons(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
/var/www/perl(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
-+/var/www/svn(/.*)? gen_context(system_u:object_r:httpd_sys_content_rw_t,s0)
+
+#Bugzilla file context
+/usr/share/bugzilla(/.*)? -d gen_context(system_u:object_r:httpd_bugzilla_content_t,s0)
@@ -11340,6 +11340,11 @@ diff --exclude-from=exclude -N -u -r nsa
+#viewvc file context
+/var/spool/viewvc(/.*)? gen_context(system_u:object_r:httpd_sys_content_rw_t,s0)
+/var/www/html/[^/]*/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
++
++/var/www/svn(/.*)? gen_context(system_u:object_r:httpd_sys_script_rw_t,s0)
++/var/www/svn/hooks(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
++/var/www/svn/conf(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.5.13/policy/modules/services/apache.if
--- nsaserefpolicy/policy/modules/services/apache.if 2008-10-17 14:49:11.000000000 +0200
+++ serefpolicy-3.5.13/policy/modules/services/apache.if 2009-02-10 15:07:15.000000000 +0100
@@ -18090,7 +18095,7 @@ diff --exclude-from=exclude -N -u -r nsa
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.5.13/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/hal.te 2009-05-19 10:45:26.000000000 +0200
++++ serefpolicy-3.5.13/policy/modules/services/hal.te 2009-06-03 07:54:09.000000000 +0200
@@ -49,6 +49,15 @@
type hald_var_lib_t;
files_type(hald_var_lib_t)
@@ -18115,7 +18120,7 @@ diff --exclude-from=exclude -N -u -r nsa
kernel_read_system_state(hald_t)
kernel_read_network_state(hald_t)
-@@ -141,13 +151,19 @@
+@@ -141,13 +151,20 @@
# hal is now execing pm-suspend
files_create_boot_flag(hald_t)
files_getattr_all_dirs(hald_t)
@@ -18131,11 +18136,12 @@ diff --exclude-from=exclude -N -u -r nsa
+fs_mount_dos_fs(hald_t)
+fs_unmount_dos_fs(hald_t)
+fs_manage_dos_files(hald_t)
++fs_manage_fusefs_dirs(hald_t)
+
files_getattr_all_mountpoints(hald_t)
mls_file_read_all_levels(hald_t)
-@@ -197,6 +213,7 @@
+@@ -197,6 +214,7 @@
seutil_read_file_contexts(hald_t)
sysnet_read_config(hald_t)
@@ -18143,7 +18149,7 @@ diff --exclude-from=exclude -N -u -r nsa
userdom_dontaudit_use_unpriv_user_fds(hald_t)
-@@ -280,6 +297,16 @@
+@@ -280,6 +298,16 @@
')
optional_policy(`
@@ -18160,7 +18166,7 @@ diff --exclude-from=exclude -N -u -r nsa
rpc_search_nfs_state_data(hald_t)
')
-@@ -300,12 +327,20 @@
+@@ -300,12 +328,20 @@
vbetool_domtrans(hald_t)
')
@@ -18182,7 +18188,7 @@ diff --exclude-from=exclude -N -u -r nsa
allow hald_acl_t self:process { getattr signal };
allow hald_acl_t self:fifo_file rw_fifo_file_perms;
-@@ -326,6 +361,7 @@
+@@ -326,6 +362,7 @@
dev_getattr_all_chr_files(hald_acl_t)
dev_setattr_all_chr_files(hald_acl_t)
dev_getattr_generic_usb_dev(hald_acl_t)
@@ -18190,7 +18196,7 @@ diff --exclude-from=exclude -N -u -r nsa
dev_getattr_video_dev(hald_acl_t)
dev_setattr_video_dev(hald_acl_t)
dev_getattr_sound_dev(hald_acl_t)
-@@ -338,19 +374,30 @@
+@@ -338,19 +375,30 @@
storage_getattr_removable_dev(hald_acl_t)
storage_setattr_removable_dev(hald_acl_t)
@@ -18221,7 +18227,7 @@ diff --exclude-from=exclude -N -u -r nsa
domtrans_pattern(hald_t, hald_mac_exec_t, hald_mac_t)
allow hald_t hald_mac_t:process signal;
allow hald_mac_t hald_t:unix_stream_socket connectto;
-@@ -359,6 +406,8 @@
+@@ -359,6 +407,8 @@
manage_files_pattern(hald_mac_t, hald_var_lib_t, hald_var_lib_t)
files_search_var_lib(hald_mac_t)
@@ -18230,7 +18236,7 @@ diff --exclude-from=exclude -N -u -r nsa
kernel_read_system_state(hald_mac_t)
dev_read_raw_memory(hald_mac_t)
-@@ -366,10 +415,15 @@
+@@ -366,10 +416,15 @@
dev_read_sysfs(hald_mac_t)
files_read_usr_files(hald_mac_t)
@@ -18246,7 +18252,7 @@ diff --exclude-from=exclude -N -u -r nsa
miscfiles_read_localization(hald_mac_t)
########################################
-@@ -388,6 +442,8 @@
+@@ -388,6 +443,8 @@
manage_files_pattern(hald_sonypic_t, hald_var_lib_t, hald_var_lib_t)
files_search_var_lib(hald_sonypic_t)
@@ -18255,7 +18261,7 @@ diff --exclude-from=exclude -N -u -r nsa
files_read_usr_files(hald_sonypic_t)
libs_use_ld_so(hald_sonypic_t)
-@@ -408,6 +464,8 @@
+@@ -408,6 +465,8 @@
manage_files_pattern(hald_keymap_t, hald_var_lib_t, hald_var_lib_t)
files_search_var_lib(hald_keymap_t)
@@ -18264,7 +18270,7 @@ diff --exclude-from=exclude -N -u -r nsa
dev_rw_input_dev(hald_keymap_t)
files_read_usr_files(hald_keymap_t)
-@@ -419,4 +477,53 @@
+@@ -419,4 +478,53 @@
# This is caused by a bug in hald and PolicyKit.
# Should be removed when this is fixed
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/selinux-policy.spec,v
retrieving revision 1.795
retrieving revision 1.796
diff -u -p -r1.795 -r1.796
--- selinux-policy.spec 22 May 2009 08:37:36 -0000 1.795
+++ selinux-policy.spec 3 Jun 2009 07:15:07 -0000 1.796
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.5.13
-Release: 61%{?dist}
+Release: 62%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -462,6 +462,9 @@ exit 0
%endif
%changelog
+* Wed Jun 3 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-62
+- Allow hald to manage fusefs_t directories
+
* Fri May 22 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-61
- Allow hald to gettattr on all files
- Previous message (by thread): rpms/inkscape/devel inkscape.spec,1.77,1.78
- Next message (by thread): rpms/inkscape/F-10 inkscape-20090226svn-oldcairo.patch, NONE, 1.1 inkscape-20090227svn-automake.patch, NONE, 1.1 inkscape-20090410svn-formats.patch, NONE, 1.1 inkscape-20090410svn-uniconv.patch, NONE, 1.1 inkscape-20090508svn-crc32.patch, NONE, 1.1 .cvsignore, 1.16, 1.17 inkscape.spec, 1.60, 1.61 sources, 1.16, 1.17 inkscape-0.46-bitmap-fonts.patch, 1.1, NONE inkscape-0.46-colors.patch, 1.1, NONE inkscape-0.46-cxxinclude.patch, 1.1, NONE inkscape-0.46-desktop.patch, 1.1, NONE inkscape-0.46-fixlatex.patch, 1.1, NONE inkscape-0.46-gtk2.13.3.patch, 1.1, NONE inkscape-0.46-gtkopen.patch, 1.1, NONE inkscape-0.46-poppler-0.8.3.patch, 1.1, NONE inkscape-0.46-uniconv.patch, 1.1, NONE inkscape-0.46pre2-icons.patch, 1.2, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list