rpms/selinux-policy/devel policy-F12.patch, 1.9, 1.10 selinux-policy.spec, 1.863, 1.864
Daniel J Walsh
dwalsh at fedoraproject.org
Mon Jun 15 20:04:07 UTC 2009
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19922
Modified Files:
policy-F12.patch selinux-policy.spec
Log Message:
* Mon Jun 15 2009 Dan Walsh <dwalsh at redhat.com> 3.6.16-2
- Additional rules for consolekit/udev, privoxy and various other fixes
policy-F12.patch:
Index: policy-F12.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-F12.patch,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -p -r1.9 -r1.10
--- policy-F12.patch 15 Jun 2009 15:26:19 -0000 1.9
+++ policy-F12.patch 15 Jun 2009 20:04:06 -0000 1.10
@@ -7539,8 +7539,8 @@ diff -b -B --ignore-all-space --exclude-
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.te serefpolicy-3.6.16/policy/modules/roles/unconfineduser.te
--- nsaserefpolicy/policy/modules/roles/unconfineduser.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.16/policy/modules/roles/unconfineduser.te 2009-06-12 15:59:08.000000000 -0400
-@@ -0,0 +1,403 @@
++++ serefpolicy-3.6.16/policy/modules/roles/unconfineduser.te 2009-06-15 15:37:34.000000000 -0400
+@@ -0,0 +1,407 @@
+policy_module(unconfineduser, 1.0.0)
+
+########################################
@@ -7798,6 +7798,10 @@ diff -b -B --ignore-all-space --exclude-
+')
+
+optional_policy(`
++ ppp_run(unconfined_t, unconfined_r)
++')
++
++optional_policy(`
+ qemu_role_notrans(unconfined_r, unconfined_t)
+ qemu_unconfined_role(unconfined_r)
+
@@ -12151,6 +12155,41 @@ diff -b -B --ignore-all-space --exclude-
spamassassin_read_spamd_tmp_files(dcc_client_t)
')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddclient.if serefpolicy-3.6.16/policy/modules/services/ddclient.if
+--- nsaserefpolicy/policy/modules/services/ddclient.if 2008-10-08 19:00:27.000000000 -0400
++++ serefpolicy-3.6.16/policy/modules/services/ddclient.if 2009-06-15 15:36:38.000000000 -0400
+@@ -21,6 +21,31 @@
+
+ ########################################
+ ## <summary>
++## Execute ddclient daemon on behalf of a user or staff type.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <param name="role">
++## <summary>
++## The role to allow the ppp domain.
++## </summary>
++## </param>
++## <rolecap/>
++#
++interface(`ddclient_run',`
++ gen_require(`
++ type ddclient_t;
++ ')
++
++ ddclient_domtrans($1)
++ role $2 types ddclient_t;
++')
++
++########################################
++## <summary>
+ ## All of the rules required to administrate
+ ## an ddclient environment
+ ## </summary>
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.fc serefpolicy-3.6.16/policy/modules/services/devicekit.fc
--- nsaserefpolicy/policy/modules/services/devicekit.fc 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.6.16/policy/modules/services/devicekit.fc 2009-06-12 15:59:08.000000000 -0400
@@ -13845,7 +13884,7 @@ diff -b -B --ignore-all-space --exclude-
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.6.16/policy/modules/services/kerberos.te
--- nsaserefpolicy/policy/modules/services/kerberos.te 2009-03-23 13:47:11.000000000 -0400
-+++ serefpolicy-3.6.16/policy/modules/services/kerberos.te 2009-06-12 15:59:08.000000000 -0400
++++ serefpolicy-3.6.16/policy/modules/services/kerberos.te 2009-06-15 15:01:15.000000000 -0400
@@ -33,6 +33,7 @@
type kpropd_t;
type kpropd_exec_t;
@@ -13864,14 +13903,16 @@ diff -b -B --ignore-all-space --exclude-
########################################
#
# kadmind local policy
-@@ -281,6 +285,7 @@
+@@ -281,7 +285,9 @@
allow kpropd_t krb5_keytab_t:file read_file_perms;
+manage_files_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_lock_t)
manage_files_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_principal_t)
++filetrans_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_lock_t, file)
corecmd_exec_bin(kpropd_t)
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.if serefpolicy-3.6.16/policy/modules/services/kerneloops.if
--- nsaserefpolicy/policy/modules/services/kerneloops.if 2009-01-05 15:39:43.000000000 -0500
+++ serefpolicy-3.6.16/policy/modules/services/kerneloops.if 2009-06-12 15:59:08.000000000 -0400
@@ -17538,7 +17579,7 @@ diff -b -B --ignore-all-space --exclude-
# /sbin
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.6.16/policy/modules/services/ppp.if
--- nsaserefpolicy/policy/modules/services/ppp.if 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.16/policy/modules/services/ppp.if 2009-06-12 15:59:08.000000000 -0400
++++ serefpolicy-3.6.16/policy/modules/services/ppp.if 2009-06-15 15:36:20.000000000 -0400
@@ -58,6 +58,25 @@
########################################
@@ -17565,7 +17606,24 @@ diff -b -B --ignore-all-space --exclude-
## Send a generic signal to PPP.
## </summary>
## <param name="domain">
-@@ -298,6 +317,24 @@
+@@ -158,10 +177,16 @@
+ interface(`ppp_run',`
+ gen_require(`
+ type pppd_t;
++ type pptp_t;
+ ')
+
+ ppp_domtrans($1)
+ role $2 types pppd_t;
++ role $2 types pptp_t;
++
++ optional_policy(`
++ ddclient_run(pppd_t, $2)
++ ')
+ ')
+
+ ########################################
+@@ -298,6 +323,24 @@
########################################
## <summary>
@@ -17590,7 +17648,7 @@ diff -b -B --ignore-all-space --exclude-
## All of the rules required to administrate
## an ppp environment
## </summary>
-@@ -315,33 +352,39 @@
+@@ -315,33 +358,39 @@
type pppd_etc_rw_t, pppd_var_run_t;
type pptp_t, pptp_log_t, pptp_var_run_t;
@@ -17641,7 +17699,7 @@ diff -b -B --ignore-all-space --exclude-
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.6.16/policy/modules/services/ppp.te
--- nsaserefpolicy/policy/modules/services/ppp.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.16/policy/modules/services/ppp.te 2009-06-12 15:59:08.000000000 -0400
++++ serefpolicy-3.6.16/policy/modules/services/ppp.te 2009-06-15 14:52:23.000000000 -0400
@@ -37,8 +37,8 @@
type pppd_etc_rw_t;
files_type(pppd_etc_rw_t)
@@ -18194,7 +18252,7 @@ diff -b -B --ignore-all-space --exclude-
mysql_search_db(httpd_prewikka_script_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.te serefpolicy-3.6.16/policy/modules/services/privoxy.te
--- nsaserefpolicy/policy/modules/services/privoxy.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.16/policy/modules/services/privoxy.te 2009-06-12 15:59:08.000000000 -0400
++++ serefpolicy-3.6.16/policy/modules/services/privoxy.te 2009-06-15 15:19:59.000000000 -0400
@@ -6,6 +6,14 @@
# Declarations
#
@@ -18210,7 +18268,18 @@ diff -b -B --ignore-all-space --exclude-
type privoxy_t; # web_client_domain
type privoxy_exec_t;
init_daemon_domain(privoxy_t, privoxy_exec_t)
-@@ -72,21 +80,18 @@
+@@ -39,9 +47,8 @@
+ manage_files_pattern(privoxy_t, privoxy_var_run_t, privoxy_var_run_t)
+ files_pid_filetrans(privoxy_t, privoxy_var_run_t, file)
+
++kernel_read_system_state(privoxy_t)
+ kernel_read_kernel_sysctls(privoxy_t)
+-kernel_list_proc(privoxy_t)
+-kernel_read_proc_symlinks(privoxy_t)
+
+ corenet_all_recvfrom_unlabeled(privoxy_t)
+ corenet_all_recvfrom_netlabel(privoxy_t)
+@@ -72,21 +79,18 @@
logging_send_syslog_msg(privoxy_t)
@@ -24289,7 +24358,7 @@ diff -b -B --ignore-all-space --exclude-
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.6.16/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2009-06-12 15:45:03.000000000 -0400
-+++ serefpolicy-3.6.16/policy/modules/system/authlogin.if 2009-06-12 16:03:57.000000000 -0400
++++ serefpolicy-3.6.16/policy/modules/system/authlogin.if 2009-06-15 15:31:30.000000000 -0400
@@ -46,11 +46,23 @@
')
@@ -24331,7 +24400,7 @@ diff -b -B --ignore-all-space --exclude-
init_rw_utmp($1)
-@@ -105,9 +120,46 @@
+@@ -105,9 +120,47 @@
seutil_read_config($1)
seutil_read_default_contexts($1)
@@ -24362,6 +24431,7 @@ diff -b -B --ignore-all-space --exclude-
+
+ optional_policy(`
+ kerberos_manage_host_rcache($1)
++ kerberos_read_config($1)
+ ')
+
+ optional_policy(`
@@ -24380,7 +24450,7 @@ diff -b -B --ignore-all-space --exclude-
')
########################################
-@@ -305,19 +356,16 @@
+@@ -305,19 +357,16 @@
dev_read_rand($1)
dev_read_urand($1)
@@ -24405,7 +24475,7 @@ diff -b -B --ignore-all-space --exclude-
')
optional_policy(`
-@@ -328,6 +376,29 @@
+@@ -328,6 +377,29 @@
optional_policy(`
samba_stream_connect_winbind($1)
')
@@ -24435,7 +24505,7 @@ diff -b -B --ignore-all-space --exclude-
')
########################################
-@@ -352,6 +423,7 @@
+@@ -352,6 +424,7 @@
auth_domtrans_chk_passwd($1)
role $2 types chkpwd_t;
@@ -24443,7 +24513,7 @@ diff -b -B --ignore-all-space --exclude-
')
########################################
-@@ -1129,6 +1201,32 @@
+@@ -1129,6 +1202,32 @@
########################################
## <summary>
@@ -24476,7 +24546,7 @@ diff -b -B --ignore-all-space --exclude-
## Manage all files on the filesystem, except
## the shadow passwords and listed exceptions.
## </summary>
-@@ -1395,6 +1493,14 @@
+@@ -1395,6 +1494,14 @@
')
optional_policy(`
@@ -24491,7 +24561,7 @@ diff -b -B --ignore-all-space --exclude-
nis_use_ypbind($1)
')
-@@ -1403,8 +1509,13 @@
+@@ -1403,8 +1510,13 @@
')
optional_policy(`
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.863
retrieving revision 1.864
diff -u -p -r1.863 -r1.864
--- selinux-policy.spec 15 Jun 2009 15:26:20 -0000 1.863
+++ selinux-policy.spec 15 Jun 2009 20:04:07 -0000 1.864
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.6.16
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -473,6 +473,9 @@ exit 0
%endif
%changelog
+* Mon Jun 15 2009 Dan Walsh <dwalsh at redhat.com> 3.6.16-2
+- Additional rules for consolekit/udev, privoxy and various other fixes
+
* Fri Jun 12 2009 Dan Walsh <dwalsh at redhat.com> 3.6.16-1
- New version for upstream
More information about the fedora-extras-commits
mailing list