rpms/selinux-policy/F-11 policy-20090521.patch,1.17,1.18
Daniel J Walsh
dwalsh at fedoraproject.org
Sat Jun 20 13:59:46 UTC 2009
- Previous message (by thread): rpms/libguestfs/devel guestfs-daemon-find.patch, NONE, 1.1 libguestfs.spec, 1.55, 1.56
- Next message (by thread): rpms/evolution/devel .cvsignore, 1.116.2.2, 1.116.2.3 evolution.spec, 1.394.2.9, 1.394.2.10 sources, 1.116.2.3, 1.116.2.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7250
Modified Files:
policy-20090521.patch
Log Message:
* Sat Jun 20 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-56
- Add gitosis policy
policy-20090521.patch:
Index: policy-20090521.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-11/policy-20090521.patch,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -p -r1.17 -r1.18
--- policy-20090521.patch 19 Jun 2009 16:44:49 -0000 1.17
+++ policy-20090521.patch 20 Jun 2009 13:59:16 -0000 1.18
@@ -115,6 +115,159 @@ diff -b -B --ignore-all-space --exclude-
# Execute /usr/bin/{passwd,chfn,chsh} and /usr/sbin/{useradd,vipw}.
corecmd_exec_bin(groupadd_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.fc serefpolicy-3.6.12/policy/modules/apps/gitosis.fc
+--- nsaserefpolicy/policy/modules/apps/gitosis.fc 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.12/policy/modules/apps/gitosis.fc 2009-06-20 07:16:05.000000000 -0400
+@@ -0,0 +1,4 @@
++
++/usr/bin/gitosis-serve -- gen_context(system_u:object_r:gitosis_exec_t,s0)
++
++/var/lib/gitosis(/.*)? gen_context(system_u:object_r:gitosis_var_lib_t,s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.if serefpolicy-3.6.12/policy/modules/apps/gitosis.if
+--- nsaserefpolicy/policy/modules/apps/gitosis.if 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.12/policy/modules/apps/gitosis.if 2009-06-20 07:16:05.000000000 -0400
+@@ -0,0 +1,94 @@
++## <summary>gitosis interface</summary>
++
++#######################################
++## <summary>
++## Execute a domain transition to run gitosis.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed to transition.
++## </summary>
++## </param>
++#
++interface(`gitosis_domtrans',`
++ gen_require(`
++ type gitosis_t, gitosis_exec_t;
++ ')
++
++ domtrans_pattern($1, gitosis_exec_t, gitosis_t)
++')
++
++#######################################
++## <summary>
++## Execute gitosis-serve in the gitosis domain, and
++## allow the specified role the gitosis domain.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access
++## </summary>
++## </param>
++## <param name="role">
++## <summary>
++## The role to be allowed the gpsd domain.
++## </summary>
++## </param>
++## <param name="terminal">
++## <summary>
++## The type of the role's terminal.
++## </summary>
++## </param>
++#
++interface(`gitosis_run',`
++ gen_require(`
++ type gitosis_t;
++ ')
++
++ gitosis_domtrans($1)
++ role $2 types gitosis_t;
++ allow gitosis_t $3:chr_file rw_term_perms;
++')
++
++#######################################
++## <summary>
++## Allow the specified domain to read
++## gitosis lib files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`gitosis_read_var_lib',`
++ gen_require(`
++ type gitosis_var_lib_t;
++
++ ')
++
++ read_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
++ read_lnk_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
++ list_dirs_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
++')
++
++######################################
++## <summary>
++## Allow the specified domain to manage
++## gitosis lib files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`gitosis_manage_var_lib',`
++ gen_require(`
++ type gitosis_var_lib_t;
++
++ ')
++
++ manage_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
++ manage_lnk_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
++ manage_dirs_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
++')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.te serefpolicy-3.6.12/policy/modules/apps/gitosis.te
+--- nsaserefpolicy/policy/modules/apps/gitosis.te 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.12/policy/modules/apps/gitosis.te 2009-06-20 07:16:05.000000000 -0400
+@@ -0,0 +1,43 @@
++policy_module(gitosis,1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++type gitosis_t;
++type gitosis_exec_t;
++application_domain(gitosis_t, gitosis_exec_t)
++role system_r types gitosis_t;
++
++type gitosis_var_lib_t;
++files_type(gitosis_var_lib_t)
++
++########################################
++#
++# gitosis local policy
++#
++
++allow gitosis_t self:fifo_file rw_fifo_file_perms;
++
++exec_files_pattern(gitosis_t,gitosis_var_lib_t,gitosis_var_lib_t)
++manage_files_pattern(gitosis_t,gitosis_var_lib_t,gitosis_var_lib_t)
++manage_lnk_files_pattern(gitosis_t,gitosis_var_lib_t,gitosis_var_lib_t)
++manage_dirs_pattern(gitosis_t,gitosis_var_lib_t,gitosis_var_lib_t)
++
++corecmd_exec_bin(gitosis_t)
++corecmd_exec_shell(gitosis_t)
++
++kernel_read_system_state(gitosis_t)
++
++files_read_usr_files(gitosis_t)
++files_search_var_lib(gitosis_t)
++
++libs_use_ld_so(gitosis_t)
++libs_use_shared_libs(gitosis_t)
++
++miscfiles_read_localization(gitosis_t)
++
++optional_policy(`
++ ssh_rw_pipes(gitosis_t)
++')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.6.12/policy/modules/apps/qemu.fc
--- nsaserefpolicy/policy/modules/apps/qemu.fc 2009-05-21 08:27:59.000000000 -0400
+++ serefpolicy-3.6.12/policy/modules/apps/qemu.fc 2009-06-08 13:49:44.000000000 -0400
@@ -680,6 +833,18 @@ diff -b -B --ignore-all-space --exclude-
optional_policy(`
gen_require(`
class dbus send_msg;
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.6.12/policy/modules/services/cups.fc
+--- nsaserefpolicy/policy/modules/services/cups.fc 2009-05-21 08:27:59.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/cups.fc 2009-06-19 14:21:26.000000000 -0400
+@@ -36,6 +36,8 @@
+ # keep as separate lines to ensure proper sorting
+ /usr/lib/cups/backend/hp.* -- gen_context(system_u:object_r:hplip_exec_t,s0)
+ /usr/lib64/cups/backend/hp.* -- gen_context(system_u:object_r:hplip_exec_t,s0)
++/usr/lib/cups/filter/hp.* -- gen_context(system_u:object_r:hplip_exec_t,s0)
++/usr/lib64/cups/filter/hp.* -- gen_context(system_u:object_r:hplip_exec_t,s0)
+
+ /usr/sbin/printconf-backend -- gen_context(system_u:object_r:cupsd_config_exec_t,s0)
+ /usr/sbin/ptal-printd -- gen_context(system_u:object_r:ptal_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.6.12/policy/modules/services/dcc.te
--- nsaserefpolicy/policy/modules/services/dcc.te 2009-05-21 08:27:59.000000000 -0400
+++ serefpolicy-3.6.12/policy/modules/services/dcc.te 2009-06-09 07:21:39.000000000 -0400
@@ -746,7 +911,7 @@ diff -b -B --ignore-all-space --exclude-
## </summary>
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.te serefpolicy-3.6.12/policy/modules/services/devicekit.te
--- nsaserefpolicy/policy/modules/services/devicekit.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/devicekit.te 2009-06-11 08:32:09.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/devicekit.te 2009-06-20 06:24:36.000000000 -0400
@@ -55,7 +55,7 @@
#
# DeviceKit-Power local policy
@@ -764,6 +929,14 @@ diff -b -B --ignore-all-space --exclude-
dev_rw_generic_usb_dev(devicekit_power_t)
dev_rw_netcontrol(devicekit_power_t)
dev_rw_sysfs(devicekit_power_t)
+@@ -107,6 +108,7 @@
+ ')
+
+ optional_policy(`
++ polkit_dbus_chat(devicekit_power_t)
+ polkit_domtrans_auth(devicekit_power_t)
+ polkit_read_lib(devicekit_power_t)
+ polkit_read_reload(devicekit_power_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.6.12/policy/modules/services/dnsmasq.te
--- nsaserefpolicy/policy/modules/services/dnsmasq.te 2009-05-21 08:27:59.000000000 -0400
+++ serefpolicy-3.6.12/policy/modules/services/dnsmasq.te 2009-06-19 07:12:28.000000000 -0400
@@ -823,6 +996,17 @@ diff -b -B --ignore-all-space --exclude-
logging_log_filetrans(ftpd_t, xferlog_t, file)
kernel_read_kernel_sysctls(ftpd_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.te serefpolicy-3.6.12/policy/modules/services/gnomeclock.te
+--- nsaserefpolicy/policy/modules/services/gnomeclock.te 2009-05-21 08:27:59.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/gnomeclock.te 2009-06-20 06:24:32.000000000 -0400
+@@ -44,6 +44,7 @@
+ ')
+
+ optional_policy(`
++ polkit_dbus_chat(gnomeclock_t)
+ polkit_domtrans_auth(gnomeclock_t)
+ polkit_read_lib(gnomeclock_t)
+ polkit_read_reload(gnomeclock_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.12/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2009-05-21 08:27:59.000000000 -0400
+++ serefpolicy-3.6.12/policy/modules/services/hal.te 2009-05-27 07:02:29.000000000 -0400
- Previous message (by thread): rpms/libguestfs/devel guestfs-daemon-find.patch, NONE, 1.1 libguestfs.spec, 1.55, 1.56
- Next message (by thread): rpms/evolution/devel .cvsignore, 1.116.2.2, 1.116.2.3 evolution.spec, 1.394.2.9, 1.394.2.10 sources, 1.116.2.3, 1.116.2.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list