rpms/selinux-policy/devel policy-F12.patch, 1.21, 1.22 selinux-policy.spec, 1.874, 1.875

Daniel J Walsh dwalsh at fedoraproject.org
Tue Jun 30 11:46:57 UTC 2009 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv8183

Modified Files:
	policy-F12.patch selinux-policy.spec 
Log Message:
* Tue Jun 30 2009 Dan Walsh <dwalsh at redhat.com> 3.6.20-2
- Add rules for rtkit-daemon


policy-F12.patch:

Index: policy-F12.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-F12.patch,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -p -r1.21 -r1.22
--- policy-F12.patch	26 Jun 2009 20:13:03 -0000	1.21
+++ policy-F12.patch	30 Jun 2009 11:46:55 -0000	1.22
@@ -1701,8 +1701,8 @@ diff -b -B --ignore-all-space --exclude-
 +/var/lib/gitosis(/.*)?                            gen_context(system_u:object_r:gitosis_var_lib_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.if serefpolicy-3.6.20/policy/modules/apps/gitosis.if
 --- nsaserefpolicy/policy/modules/apps/gitosis.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.20/policy/modules/apps/gitosis.if	2009-06-26 14:09:22.000000000 -0400
-@@ -0,0 +1,94 @@
++++ serefpolicy-3.6.20/policy/modules/apps/gitosis.if	2009-06-29 12:24:01.000000000 -0400
+@@ -0,0 +1,96 @@
 +## <summary>gitosis interface</summary>
 +
 +#######################################
@@ -1771,6 +1771,7 @@ diff -b -B --ignore-all-space --exclude-
 +
 +        ')
 +
++	files_search_var_lib($1)
 +        read_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
 +	read_lnk_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
 +        list_dirs_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
@@ -1793,6 +1794,7 @@ diff -b -B --ignore-all-space --exclude-
 +
 +        ')
 +
++	files_search_var_lib($1)
 +        manage_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
 +        manage_lnk_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
 +	manage_dirs_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
@@ -5444,7 +5446,7 @@ diff -b -B --ignore-all-space --exclude-
 +/usr/lib(64)?/gimp/.*/plug-ins(/.*)?  gen_context(system_u:object_r:bin_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.6.20/policy/modules/kernel/corecommands.if
 --- nsaserefpolicy/policy/modules/kernel/corecommands.if	2009-06-26 13:59:17.000000000 -0400
-+++ serefpolicy-3.6.20/policy/modules/kernel/corecommands.if	2009-06-26 14:09:22.000000000 -0400
++++ serefpolicy-3.6.20/policy/modules/kernel/corecommands.if	2009-06-29 08:33:09.000000000 -0400
 @@ -893,6 +893,7 @@
  
  	read_lnk_files_pattern($1, bin_t, bin_t)
@@ -5791,7 +5793,7 @@ diff -b -B --ignore-all-space --exclude-
  type lvm_control_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.6.20/policy/modules/kernel/domain.if
 --- nsaserefpolicy/policy/modules/kernel/domain.if	2009-06-12 09:08:48.000000000 -0400
-+++ serefpolicy-3.6.20/policy/modules/kernel/domain.if	2009-06-26 14:09:22.000000000 -0400
++++ serefpolicy-3.6.20/policy/modules/kernel/domain.if	2009-06-29 08:19:04.000000000 -0400
 @@ -44,34 +44,6 @@
  interface(`domain_type',`
  	# start with basic domain
@@ -5827,7 +5829,32 @@ diff -b -B --ignore-all-space --exclude-
  ')
  
  ########################################
-@@ -1248,18 +1220,34 @@
+@@ -791,6 +763,24 @@
+ 
+ ########################################
+ ## <summary>
++##	Get the scheduler information of all domains.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`domain_getsched_all_domains',`
++	gen_require(`
++		attribute domain;
++	')
++
++	allow $1 domain:process getsched;
++')
++
++########################################
++## <summary>
+ ##	Do not audit attempts to get the
+ ##	session ID of all domains.
+ ## </summary>
+@@ -1248,18 +1238,34 @@
  ##	</summary>
  ## </param>
  #
@@ -5865,7 +5892,7 @@ diff -b -B --ignore-all-space --exclude-
  ##	Allow specified type to receive labeled
  ##	networking packets from all domains, over
  ##	all protocols (TCP, UDP, etc)
-@@ -1280,6 +1268,24 @@
+@@ -1280,6 +1286,24 @@
  
  ########################################
  ## <summary>
@@ -13480,6 +13507,18 @@ diff -b -B --ignore-all-space --exclude-
 +	mta_manage_spool(dovecot_deliver_t)
 +')
 +
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.te serefpolicy-3.6.20/policy/modules/services/fetchmail.te
+--- nsaserefpolicy/policy/modules/services/fetchmail.te	2009-06-12 15:45:03.000000000 -0400
++++ serefpolicy-3.6.20/policy/modules/services/fetchmail.te	2009-06-29 08:33:22.000000000 -0400
+@@ -47,6 +47,8 @@
+ kernel_read_proc_symlinks(fetchmail_t)
+ kernel_dontaudit_read_system_state(fetchmail_t)
+ 
++corecmd_exec_shell(fetchmail_t)
++
+ corenet_all_recvfrom_unlabeled(fetchmail_t)
+ corenet_all_recvfrom_netlabel(fetchmail_t)
+ corenet_tcp_sendrecv_generic_if(fetchmail_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fprintd.fc serefpolicy-3.6.20/policy/modules/services/fprintd.fc
 --- nsaserefpolicy/policy/modules/services/fprintd.fc	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-3.6.20/policy/modules/services/fprintd.fc	2009-06-26 14:09:22.000000000 -0400
@@ -19453,8 +19492,8 @@ diff -b -B --ignore-all-space --exclude-
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtkit_daemon.te serefpolicy-3.6.20/policy/modules/services/rtkit_daemon.te
 --- nsaserefpolicy/policy/modules/services/rtkit_daemon.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.20/policy/modules/services/rtkit_daemon.te	2009-06-26 14:09:22.000000000 -0400
-@@ -0,0 +1,33 @@
++++ serefpolicy-3.6.20/policy/modules/services/rtkit_daemon.te	2009-06-29 08:19:15.000000000 -0400
+@@ -0,0 +1,36 @@
 +policy_module(rtkit_daemon,1.0.0)
 +
 +########################################
@@ -19477,6 +19516,9 @@ diff -b -B --ignore-all-space --exclude-
 +allow rtkit_daemon_t self:process { setsched getcap setcap setrlimit };
 +allow rtkit_daemon_t self:capability sys_nice;
 +
++domain_getsched_all_domains(rtkit_daemon_t)
++domain_read_all_domains_state(rtkit_daemon_t)
++
 +fs_rw_anon_inodefs_files(rtkit_daemon_t)
 +
 +auth_use_nsswitch(rtkit_daemon_t)
@@ -22020,7 +22062,7 @@ diff -b -B --ignore-all-space --exclude-
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.6.20/policy/modules/services/ssh.te
 --- nsaserefpolicy/policy/modules/services/ssh.te	2009-06-26 13:59:19.000000000 -0400
-+++ serefpolicy-3.6.20/policy/modules/services/ssh.te	2009-06-26 14:09:22.000000000 -0400
++++ serefpolicy-3.6.20/policy/modules/services/ssh.te	2009-06-29 12:21:20.000000000 -0400
 @@ -41,6 +41,9 @@
  files_tmp_file(sshd_tmp_t)
  files_poly_parent(sshd_tmp_t)
@@ -22124,7 +22166,7 @@ diff -b -B --ignore-all-space --exclude-
  ')
  
  ########################################
-@@ -318,16 +314,30 @@
+@@ -318,16 +314,34 @@
  corenet_tcp_bind_xserver_port(sshd_t)
  corenet_sendrecv_xserver_server_packets(sshd_t)
  
@@ -22153,11 +22195,15 @@ diff -b -B --ignore-all-space --exclude-
 +')
 +
 +optional_policy(`
++	gitosis_manage_var_lib(sshd_t)
++')
++
++optional_policy(`
 +	xserver_getattr_xauth(sshd_t)
  ')
  
  optional_policy(`
-@@ -349,7 +359,11 @@
+@@ -349,7 +363,11 @@
  ')
  
  optional_policy(`
@@ -22170,7 +22216,7 @@ diff -b -B --ignore-all-space --exclude-
  	unconfined_shell_domtrans(sshd_t)
  ')
  
-@@ -408,15 +422,13 @@
+@@ -408,15 +426,13 @@
  init_use_fds(ssh_keygen_t)
  init_use_script_ptys(ssh_keygen_t)
  


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.874
retrieving revision 1.875
diff -u -p -r1.874 -r1.875
--- selinux-policy.spec	26 Jun 2009 20:13:03 -0000	1.874
+++ selinux-policy.spec	30 Jun 2009 11:46:56 -0000	1.875
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.20
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -473,6 +473,9 @@ exit 0
 %endif
 
 %changelog
+* Tue Jun 30 2009 Dan Walsh <dwalsh at redhat.com> 3.6.20-2
+- Add rules for rtkit-daemon
+
 * Thu Jun 25 2009 Dan Walsh <dwalsh at redhat.com> 3.6.20-1
 - Update to upstream
 - Fix nlscd_stream_connect

More information about the fedora-extras-commits mailing list