rpms/selinux-policy/F-11 policy-20090521.patch, 1.9, 1.10 selinux-policy.spec, 1.869, 1.870

Daniel J Walsh dwalsh at fedoraproject.org
Wed Jun 10 17:47:22 UTC 2009 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv12566

Modified Files:
	policy-20090521.patch selinux-policy.spec 
Log Message:
* Thu Jun 4 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-48
- Allow setroubleshoot to run mlocate


policy-20090521.patch:

Index: policy-20090521.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-11/policy-20090521.patch,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -p -r1.9 -r1.10
--- policy-20090521.patch	8 Jun 2009 18:54:59 -0000	1.9
+++ policy-20090521.patch	10 Jun 2009 17:46:51 -0000	1.10
@@ -77,6 +77,17 @@ diff -b -B --ignore-all-space --exclude-
  /usr/bin/qemu.*	--	gen_context(system_u:object_r:qemu_exec_t,s0)
 +/usr/libexec/qemu.*	--	gen_context(system_u:object_r:qemu_exec_t,s0)
  
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.6.12/policy/modules/apps/qemu.te
+--- nsaserefpolicy/policy/modules/apps/qemu.te	2009-05-21 08:27:59.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/qemu.te	2009-06-09 06:55:30.000000000 -0400
+@@ -93,6 +93,7 @@
+ 
+ optional_policy(`
+ 	virt_manage_images(qemu_t)
++	virt_append_log(qemu_t)
+ ')
+ 
+ optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.te serefpolicy-3.6.12/policy/modules/apps/sandbox.te
 --- nsaserefpolicy/policy/modules/apps/sandbox.te	2009-05-21 08:27:59.000000000 -0400
 +++ serefpolicy-3.6.12/policy/modules/apps/sandbox.te	2009-05-22 10:14:07.000000000 -0400
@@ -503,6 +514,35 @@ diff -b -B --ignore-all-space --exclude-
  	optional_policy(`
  		gen_require(`
  			class dbus send_msg;
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.6.12/policy/modules/services/dcc.te
+--- nsaserefpolicy/policy/modules/services/dcc.te	2009-05-21 08:27:59.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/dcc.te	2009-06-09 07:21:39.000000000 -0400
+@@ -130,11 +130,13 @@
+ 
+ # Access files in /var/dcc. The map file can be updated
+ allow dcc_client_t dcc_var_t:dir list_dir_perms;
+-read_files_pattern(dcc_client_t, dcc_var_t, dcc_var_t)
++manage_files_pattern(dcc_client_t, dcc_var_t, dcc_var_t)
+ read_lnk_files_pattern(dcc_client_t, dcc_var_t, dcc_var_t)
+ 
+ kernel_read_system_state(dcc_client_t)
+ 
++fs_getattr_all_fs(dcc_client_t)
++
+ corenet_all_recvfrom_unlabeled(dcc_client_t)
+ corenet_all_recvfrom_netlabel(dcc_client_t)
+ corenet_udp_bind_generic_node(dcc_client_t)
+@@ -154,6 +156,10 @@
+ userdom_use_user_terminals(dcc_client_t)
+ 
+ optional_policy(`
++	amavis_read_spool_files(dcc_client_t)
++')
++
++optional_policy(`
+ 	spamassassin_read_spamd_tmp_files(dcc_client_t)
+ ')
+ 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.te serefpolicy-3.6.12/policy/modules/services/devicekit.te
 --- nsaserefpolicy/policy/modules/services/devicekit.te	2009-05-21 08:27:59.000000000 -0400
 +++ serefpolicy-3.6.12/policy/modules/services/devicekit.te	2009-05-21 12:57:07.000000000 -0400
@@ -629,6 +669,18 @@ diff -b -B --ignore-all-space --exclude-
  
  /usr/bin/pyzor		--	gen_context(system_u:object_r:pyzor_exec_t,s0)
  /usr/bin/pyzord		--	gen_context(system_u:object_r:pyzord_exec_t,s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.6.12/policy/modules/services/pyzor.te
+--- nsaserefpolicy/policy/modules/services/pyzor.te	2009-05-21 08:27:59.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/pyzor.te	2009-06-09 07:21:04.000000000 -0400
+@@ -97,6 +97,8 @@
+ kernel_read_kernel_sysctls(pyzor_t)  
+ kernel_read_system_state(pyzor_t)
+ 
++fs_getattr_xattr_fs(pyzor_t)
++
+ corecmd_list_bin(pyzor_t)
+ corecmd_getattr_bin_files(pyzor_t)
+ 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.6.12/policy/modules/services/rpc.te
 --- nsaserefpolicy/policy/modules/services/rpc.te	2009-05-21 08:27:59.000000000 -0400
 +++ serefpolicy-3.6.12/policy/modules/services/rpc.te	2009-06-08 08:39:25.000000000 -0400
@@ -677,6 +729,20 @@ diff -b -B --ignore-all-space --exclude-
  	postfix_domtrans_master(sendmail_t)
  	postfix_read_config(sendmail_t)
  	postfix_search_spool(sendmail_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.6.12/policy/modules/services/setroubleshoot.te
+--- nsaserefpolicy/policy/modules/services/setroubleshoot.te	2009-05-21 08:27:59.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/setroubleshoot.te	2009-06-10 11:22:59.000000000 -0400
+@@ -121,6 +121,10 @@
+ userdom_dontaudit_read_user_home_content_files(setroubleshootd_t)
+ 
+ optional_policy(`
++	locate_read_lib_files(setroubleshootd_t)
++')
++
++optional_policy(`
+ 	dbus_system_bus_client(setroubleshootd_t)
+ 	dbus_connect_system_bus(setroubleshootd_t)
+ 	dbus_system_domain(setroubleshootd_t, setroubleshootd_exec_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.6.12/policy/modules/services/spamassassin.fc
 --- nsaserefpolicy/policy/modules/services/spamassassin.fc	2009-05-21 08:27:59.000000000 -0400
 +++ serefpolicy-3.6.12/policy/modules/services/spamassassin.fc	2009-05-21 08:31:58.000000000 -0400
@@ -687,7 +753,7 @@ diff -b -B --ignore-all-space --exclude-
  /etc/rc\.d/init\.d/spamd	--	gen_context(system_u:object_r:spamd_initrc_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.6.12/policy/modules/services/virt.te
 --- nsaserefpolicy/policy/modules/services/virt.te	2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/virt.te	2009-05-21 12:58:18.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/virt.te	2009-06-09 06:54:00.000000000 -0400
 @@ -183,6 +183,7 @@
  seutil_read_default_contexts(virtd_t)
  


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-11/selinux-policy.spec,v
retrieving revision 1.869
retrieving revision 1.870
diff -u -p -r1.869 -r1.870
--- selinux-policy.spec	8 Jun 2009 18:54:59 -0000	1.869
+++ selinux-policy.spec	10 Jun 2009 17:46:51 -0000	1.870
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.12
-Release: 47%{?dist}
+Release: 48%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -475,6 +475,9 @@ exit 0
 %endif
 
 %changelog
+* Thu Jun 4 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-48
+- Allow setroubleshoot to run mlocate
+
 * Thu Jun 4 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-47
 - Allow fprintd to read /proc

More information about the fedora-extras-commits mailing list