rpms/selinux-policy/F-11 policy-20090521.patch, 1.10, 1.11 selinux-policy.spec, 1.870, 1.871
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Jun 12 13:08:57 UTC 2009
- Previous message (by thread): rpms/PyKDE/devel PyKDE-3.16.3.patch,1.1,1.2
- Next message (by thread): rpms/PolicyKit-kde/devel dead.package, NONE, 1.1 .cvsignore, 1.3, NONE PolicyKit-kde.spec, 1.7, NONE sources, 1.3, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13111
Modified Files:
policy-20090521.patch selinux-policy.spec
Log Message:
* Fri Jun 12 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-50
- Allow udev to transition to bluetooth
policy-20090521.patch:
Index: policy-20090521.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-11/policy-20090521.patch,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -p -r1.10 -r1.11
--- policy-20090521.patch 10 Jun 2009 17:46:51 -0000 1.10
+++ policy-20090521.patch 12 Jun 2009 13:08:56 -0000 1.11
@@ -109,6 +109,29 @@ diff -b -B --ignore-all-space --exclude-
/var/run/vmnat.* -s gen_context(system_u:object_r:vmware_var_run_t,s0)
/var/run/vmware.* gen_context(system_u:object_r:vmware_var_run_t,s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.te serefpolicy-3.6.12/policy/modules/apps/vmware.te
+--- nsaserefpolicy/policy/modules/apps/vmware.te 2009-05-21 08:27:59.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/apps/vmware.te 2009-06-12 08:42:20.000000000 -0400
+@@ -136,7 +136,7 @@
+
+ miscfiles_read_localization(vmware_host_t)
+
+-sysnet_dns_name_resolve(vmware_host_t)
++auth_use_nsswitch(vmware_host_t)
+
+ storage_getattr_fixed_disk_dev(vmware_host_t)
+
+@@ -160,6 +160,10 @@
+ xserver_common_app(vmware_host_t)
+ ')
+
++optional_policy(`
++ unconfined_domain(vmware_host_t)
++ unconfined_domain(vmware_t)
++')
+
+ ifdef(`TODO',`
+ # VMWare need access to pcmcia devices for network
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.6.12/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2009-05-21 08:27:59.000000000 -0400
+++ serefpolicy-3.6.12/policy/modules/kernel/corecommands.fc 2009-06-08 08:49:07.000000000 -0400
@@ -360,8 +383,16 @@ diff -b -B --ignore-all-space --exclude-
# a keyring
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.6.12/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/kernel/files.if 2009-05-29 11:03:57.000000000 -0400
-@@ -5224,6 +5224,7 @@
++++ serefpolicy-3.6.12/policy/modules/kernel/files.if 2009-06-11 14:03:01.000000000 -0400
+@@ -1953,6 +1953,7 @@
+ allow $1 etc_t:dir list_dir_perms;
+ read_files_pattern($1, etc_t, etc_t)
+ read_lnk_files_pattern($1, etc_t, etc_t)
++ files_read_etc_runtime_files($1)
+ ')
+
+ ########################################
+@@ -5224,6 +5225,7 @@
attribute file_type;
')
@@ -381,6 +412,35 @@ diff -b -B --ignore-all-space --exclude-
')
########################################
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.6.12/policy/modules/kernel/terminal.if
+--- nsaserefpolicy/policy/modules/kernel/terminal.if 2009-05-21 08:27:59.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/kernel/terminal.if 2009-06-11 10:02:45.000000000 -0400
+@@ -571,6 +571,25 @@
+ dontaudit $1 devpts_t:chr_file { getattr read write ioctl };
+ ')
+
++#######################################
++## <summary>
++## Set the attributes of the tty device
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`term_setattr_controlling_term',`
++ gen_require(`
++ type devtty_t;
++ ')
++
++ dev_list_all_dev_nodes($1)
++ allow $1 devtty_t:chr_file setattr;
++')
++
+ ########################################
+ ## <summary>
+ ## Read and write the controlling
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.6.12/policy/modules/roles/staff.te
--- nsaserefpolicy/policy/modules/roles/staff.te 2009-05-21 08:27:59.000000000 -0400
+++ serefpolicy-3.6.12/policy/modules/roles/staff.te 2009-06-01 08:41:46.000000000 -0400
@@ -545,7 +605,7 @@ diff -b -B --ignore-all-space --exclude-
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.te serefpolicy-3.6.12/policy/modules/services/devicekit.te
--- nsaserefpolicy/policy/modules/services/devicekit.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/devicekit.te 2009-05-21 12:57:07.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/devicekit.te 2009-06-11 08:32:09.000000000 -0400
@@ -55,7 +55,7 @@
#
# DeviceKit-Power local policy
@@ -555,6 +615,14 @@ diff -b -B --ignore-all-space --exclude-
allow devicekit_power_t self:fifo_file rw_fifo_file_perms;
allow devicekit_power_t self:unix_dgram_socket create_socket_perms;
+@@ -77,6 +77,7 @@
+ kernel_rw_kernel_sysctl(devicekit_power_t)
+ kernel_write_proc_files(devicekit_power_t)
+
++dev_read_input(devicekit_power_t)
+ dev_rw_generic_usb_dev(devicekit_power_t)
+ dev_rw_netcontrol(devicekit_power_t)
+ dev_rw_sysfs(devicekit_power_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fprintd.te serefpolicy-3.6.12/policy/modules/services/fprintd.te
--- nsaserefpolicy/policy/modules/services/fprintd.te 2009-05-21 08:27:59.000000000 -0400
+++ serefpolicy-3.6.12/policy/modules/services/fprintd.te 2009-06-04 13:23:04.000000000 -0400
@@ -743,6 +811,17 @@ diff -b -B --ignore-all-space --exclude-
dbus_system_bus_client(setroubleshootd_t)
dbus_connect_system_bus(setroubleshootd_t)
dbus_system_domain(setroubleshootd_t, setroubleshootd_exec_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/shorewall.te serefpolicy-3.6.12/policy/modules/services/shorewall.te
+--- nsaserefpolicy/policy/modules/services/shorewall.te 2009-05-21 08:27:59.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/shorewall.te 2009-06-12 07:59:58.000000000 -0400
+@@ -35,6 +35,7 @@
+
+ allow shorewall_t self:capability { dac_override net_admin net_raw setuid setgid sys_nice sys_ptrace};
+ dontaudit shorewall_t self:capability sys_tty_config;
++allow shorewall_t self:process signal;
+
+ allow shorewall_t self:fifo_file rw_fifo_file_perms;
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.6.12/policy/modules/services/spamassassin.fc
--- nsaserefpolicy/policy/modules/services/spamassassin.fc 2009-05-21 08:27:59.000000000 -0400
+++ serefpolicy-3.6.12/policy/modules/services/spamassassin.fc 2009-05-21 08:31:58.000000000 -0400
@@ -751,6 +830,18 @@ diff -b -B --ignore-all-space --exclude-
HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:spamc_home_t,s0)
/etc/rc\.d/init\.d/spamd -- gen_context(system_u:object_r:spamd_initrc_exec_t,s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.te serefpolicy-3.6.12/policy/modules/services/uucp.te
+--- nsaserefpolicy/policy/modules/services/uucp.te 2009-05-21 08:27:59.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/uucp.te 2009-06-10 16:13:54.000000000 -0400
+@@ -95,6 +95,8 @@
+ files_search_home(uucpd_t)
+ files_search_spool(uucpd_t)
+
++term_setattr_controlling_term(uucpd_t)
++
+ auth_use_nsswitch(uucpd_t)
+
+ logging_send_syslog_msg(uucpd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.6.12/policy/modules/services/virt.te
--- nsaserefpolicy/policy/modules/services/virt.te 2009-05-21 08:27:59.000000000 -0400
+++ serefpolicy-3.6.12/policy/modules/services/virt.te 2009-06-09 06:54:00.000000000 -0400
@@ -866,7 +957,7 @@ diff -b -B --ignore-all-space --exclude-
ipsec_setcontext_default_spd(setkey_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.12/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/libraries.fc 2009-06-08 08:45:27.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/libraries.fc 2009-06-12 09:03:04.000000000 -0400
@@ -139,6 +139,7 @@
/usr/lib(64)?/(nvidia/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/fglrx/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -875,7 +966,15 @@ diff -b -B --ignore-all-space --exclude-
/usr/lib(64)?/libjs\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libx264\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/sse2/libx264\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -366,6 +367,7 @@
+@@ -190,6 +191,7 @@
+ /usr/lib/firefox-[^/]*/plugins/nppdf.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib/libFLAC\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib/mozilla/plugins/nppdf\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib64/maxima/[^/]+/binary-gcl/maxima -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib/maxima/[^/]+/binary-gcl/maxima -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib/mozilla/plugins/libvlcplugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib/nx/libXcomp\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+@@ -366,9 +368,10 @@
/usr/matlab.*\.so(\.[^/]*)* gen_context(system_u:object_r:textrel_shlib_t,s0)
/opt/local/matlab.*\.so(\.[^/]*)* gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/local/matlab.*\.so(\.[^/]*)* gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -883,6 +982,10 @@ diff -b -B --ignore-all-space --exclude-
/usr/lib/libcncpmslld328\.so(\.[^/]*)* gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/ICAClient/.*\.so(\.[^/]*)* gen_context(system_u:object_r:textrel_shlib_t,s0)
+
+-
++/usr/lib(64)?/midori/.*\.so(\.[^/]*)* gen_context(system_u:object_r:textrel_shlib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.6.12/policy/modules/system/locallogin.te
--- nsaserefpolicy/policy/modules/system/locallogin.te 2009-05-21 08:27:59.000000000 -0400
+++ serefpolicy-3.6.12/policy/modules/system/locallogin.te 2009-05-28 21:07:39.000000000 -0400
@@ -918,6 +1021,20 @@ diff -b -B --ignore-all-space --exclude-
# for access("/etc/bashrc", X_OK) on Red Hat
dontaudit dhcpc_t self:capability { dac_read_search sys_module };
allow dhcpc_t self:process { setfscreate ptrace signal_perms };
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.6.12/policy/modules/system/udev.te
+--- nsaserefpolicy/policy/modules/system/udev.te 2009-05-21 08:27:59.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/udev.te 2009-06-12 07:55:17.000000000 -0400
+@@ -196,6 +196,10 @@
+ ')
+
+ optional_policy(`
++ bluetooth_domtrans(udev_t)
++')
++
++optional_policy(`
+ brctl_domtrans(udev_t)
+ ')
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.12/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2009-05-21 08:27:59.000000000 -0400
+++ serefpolicy-3.6.12/policy/modules/system/userdomain.if 2009-06-01 08:19:34.000000000 -0400
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-11/selinux-policy.spec,v
retrieving revision 1.870
retrieving revision 1.871
diff -u -p -r1.870 -r1.871
--- selinux-policy.spec 10 Jun 2009 17:46:51 -0000 1.870
+++ selinux-policy.spec 12 Jun 2009 13:08:57 -0000 1.871
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.6.12
-Release: 48%{?dist}
+Release: 50%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -475,6 +475,12 @@ exit 0
%endif
%changelog
+* Fri Jun 12 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-50
+- Allow udev to transition to bluetooth
+
+* Thu Jun 4 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-49
+- Add labeling for midori shared libraries
+
* Thu Jun 4 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-48
- Allow setroubleshoot to run mlocate
- Previous message (by thread): rpms/PyKDE/devel PyKDE-3.16.3.patch,1.1,1.2
- Next message (by thread): rpms/PolicyKit-kde/devel dead.package, NONE, 1.1 .cvsignore, 1.3, NONE PolicyKit-kde.spec, 1.7, NONE sources, 1.3, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list