rpms/selinux-policy/F-10 policy-20080710.patch, 1.143, 1.144 selinux-policy.spec, 1.777, 1.778
Miroslav Grepl
mgrepl at fedoraproject.org
Fri Mar 6 11:17:07 UTC 2009
Author: mgrepl
Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv610
Modified Files:
policy-20080710.patch selinux-policy.spec
Log Message:
- Fix wine labeling
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.143
retrieving revision 1.144
diff -u -r1.143 -r1.144
--- policy-20080710.patch 5 Mar 2009 13:35:59 -0000 1.143
+++ policy-20080710.patch 6 Mar 2009 11:17:04 -0000 1.144
@@ -6351,8 +6351,8 @@
files_read_etc_runtime_files(webalizer_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-3.5.13/policy/modules/apps/wine.fc
--- nsaserefpolicy/policy/modules/apps/wine.fc 2008-10-17 14:49:14.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/apps/wine.fc 2009-02-10 15:07:15.000000000 +0100
-@@ -1,4 +1,8 @@
++++ serefpolicy-3.5.13/policy/modules/apps/wine.fc 2009-03-06 09:53:41.000000000 +0100
+@@ -1,4 +1,15 @@
-/usr/bin/wine -- gen_context(system_u:object_r:wine_exec_t,s0)
+HOME_DIR/cxoffice/bin/wine.+ -- gen_context(system_u:object_r:wine_exec_t,s0)
+
@@ -6361,6 +6361,13 @@
+/opt/cxoffice/bin/wine.* -- gen_context(system_u:object_r:wine_exec_t,s0)
+/opt/picasa/wine/bin/wine.* -- gen_context(system_u:object_r:wine_exec_t,s0)
+/opt/google/picasa(/.*)?/bin/wine.* -- gen_context(system_u:object_r:wine_exec_t,s0)
++
++/usr/bin/msiexec -- gen_context(system_u:object_r:wine_exec_t,s0)
++/usr/bin/notepad -- gen_context(system_u:object_r:wine_exec_t,s0)
++/usr/bin/regsvr32 -- gen_context(system_u:object_r:wine_exec_t,s0)
++/usr/bin/regedit -- gen_context(system_u:object_r:wine_exec_t,s0)
++/usr/bin/uninstaller -- gen_context(system_u:object_r:wine_exec_t,s0)
++/usr/bin/progman -- gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/cxoffice/bin/wine -- gen_context(system_u:object_r:wine_exec_t,s0)
-/opt/picasa/wine/bin/wine -- gen_context(system_u:object_r:wine_exec_t,s0)
@@ -16391,7 +16398,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.5.13/policy/modules/services/dovecot.te
--- nsaserefpolicy/policy/modules/services/dovecot.te 2008-10-17 14:49:11.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/dovecot.te 2009-02-25 19:29:32.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/dovecot.te 2009-03-06 09:53:17.000000000 +0100
@@ -15,12 +15,21 @@
domain_entry_file(dovecot_auth_t, dovecot_auth_exec_t)
role system_r types dovecot_auth_t;
@@ -16508,7 +16515,7 @@
files_read_usr_symlinks(dovecot_auth_t)
files_search_tmp(dovecot_auth_t)
files_read_var_lib_files(dovecot_t)
-@@ -185,5 +217,55 @@
+@@ -185,5 +217,59 @@
')
optional_policy(`
@@ -16524,7 +16531,7 @@
+optional_policy(`
+ postfix_manage_private_sockets(dovecot_auth_t)
+ postfix_search_spool(dovecot_auth_t)
-+')
+ ')
+
+# for gssapi (kerberos)
+userdom_list_unpriv_users_tmp(dovecot_auth_t)
@@ -16540,6 +16547,10 @@
+allow dovecot_deliver_t dovecot_etc_t:file read_file_perms;
+allow dovecot_deliver_t dovecot_var_run_t:dir list_dir_perms;
+
++manage_dirs_pattern(dovecot_deliver_t, dovecot_spool_t, dovecot_spool_t)
++manage_files_pattern(dovecot_deliver_t, dovecot_spool_t, dovecot_spool_t)
++manage_lnk_files_pattern(dovecot_deliver_t, dovecot_spool_t, dovecot_spool_t)
++
+kernel_read_all_sysctls(dovecot_deliver_t)
+kernel_read_system_state(dovecot_deliver_t)
+
@@ -16563,7 +16574,7 @@
+
+optional_policy(`
+ mta_manage_spool(dovecot_deliver_t)
- ')
++')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.if serefpolicy-3.5.13/policy/modules/services/exim.if
--- nsaserefpolicy/policy/modules/services/exim.if 2008-10-17 14:49:11.000000000 +0200
@@ -16788,10 +16799,51 @@
+ spamassassin_exec(exim_t)
+ spamassassin_exec_client(exim_t)
')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.fc serefpolicy-3.5.13/policy/modules/services/fetchmail.fc
+--- nsaserefpolicy/policy/modules/services/fetchmail.fc 2008-10-17 14:49:11.000000000 +0200
++++ serefpolicy-3.5.13/policy/modules/services/fetchmail.fc 2009-03-05 15:02:41.000000000 +0100
+@@ -11,9 +11,11 @@
+
+ /usr/bin/fetchmail -- gen_context(system_u:object_r:fetchmail_exec_t,s0)
+
++
+ #
+ # /var
+ #
+
++/var/log/fetchmail\.log -- gen_context(system_u:object_r:fetchmail_log_t,s0)
+ /var/run/fetchmail/.* -- gen_context(system_u:object_r:fetchmail_var_run_t,s0)
+ /var/mail/\.fetchmail-UIDL-cache -- gen_context(system_u:object_r:fetchmail_uidl_cache_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.if serefpolicy-3.5.13/policy/modules/services/fetchmail.if
--- nsaserefpolicy/policy/modules/services/fetchmail.if 2008-10-17 14:49:11.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/fetchmail.if 2009-02-10 15:07:15.000000000 +0100
-@@ -21,10 +21,10 @@
++++ serefpolicy-3.5.13/policy/modules/services/fetchmail.if 2009-03-05 15:06:34.000000000 +0100
+@@ -1,5 +1,25 @@
+ ## <summary>Remote-mail retrieval and forwarding utility</summary>
+
++#######################################
++## <summary>
++## Allow the specified domain to append
++## fetchmail log files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed to transition.
++## </summary>
++## </param>
++#
++interface(`fetchmail_append_log',`
++ gen_require(`
++ type fetchmail_log_t;
++ ')
++
++ logging_search_logs($1)
++ append_files_pattern($1, fetchmail_log_t, fetchmail_log_t)
++')
++
+ ########################################
+ ## <summary>
+ ## All of the rules required to administrate
+@@ -21,10 +41,10 @@
ps_process_pattern($1, fetchmail_t)
files_list_etc($1)
@@ -16807,8 +16859,28 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.te serefpolicy-3.5.13/policy/modules/services/fetchmail.te
--- nsaserefpolicy/policy/modules/services/fetchmail.te 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/fetchmail.te 2009-02-10 15:07:15.000000000 +0100
-@@ -91,6 +91,10 @@
++++ serefpolicy-3.5.13/policy/modules/services/fetchmail.te 2009-03-05 15:01:19.000000000 +0100
+@@ -19,6 +19,9 @@
+ type fetchmail_uidl_cache_t;
+ files_type(fetchmail_uidl_cache_t)
+
++type fetchmail_log_t;
++logging_log_file(fetchmail_log_t)
++
+ ########################################
+ #
+ # Local policy
+@@ -40,6 +43,9 @@
+ manage_files_pattern(fetchmail_t, fetchmail_var_run_t, fetchmail_var_run_t)
+ files_pid_filetrans(fetchmail_t, fetchmail_var_run_t, file)
+
++manage_files_pattern(fetchmail_t, fetchmail_log_t, fetchmail_log_t)
++logging_log_filetrans(fetchmail_t,fetchmail_log_t,file)
++
+ kernel_read_kernel_sysctls(fetchmail_t)
+ kernel_list_proc(fetchmail_t)
+ kernel_getattr_proc_files(fetchmail_t)
+@@ -91,6 +97,10 @@
')
optional_policy(`
@@ -23744,7 +23816,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.5.13/policy/modules/services/procmail.te
--- nsaserefpolicy/policy/modules/services/procmail.te 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/procmail.te 2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/procmail.te 2009-03-05 15:08:42.000000000 +0100
@@ -14,6 +14,10 @@
type procmail_tmp_t;
files_tmp_file(procmail_tmp_t)
@@ -23789,7 +23861,18 @@
mta_manage_spool(procmail_t)
ifdef(`hide_broken_symptoms',`
-@@ -117,11 +125,13 @@
+@@ -103,6 +111,10 @@
+ ')
+
+ optional_policy(`
++ fetchmail_append_log(procmail_t)
++')
++
++optional_policy(`
+ munin_dontaudit_search_lib(procmail_t)
+ ')
+
+@@ -117,11 +129,13 @@
optional_policy(`
pyzor_domtrans(procmail_t)
@@ -23803,7 +23886,7 @@
sendmail_rw_tcp_sockets(procmail_t)
sendmail_rw_unix_stream_sockets(procmail_t)
')
-@@ -130,7 +140,16 @@
+@@ -130,7 +144,16 @@
corenet_udp_bind_generic_port(procmail_t)
corenet_dontaudit_udp_bind_all_ports(procmail_t)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/selinux-policy.spec,v
retrieving revision 1.777
retrieving revision 1.778
diff -u -r1.777 -r1.778
--- selinux-policy.spec 26 Feb 2009 15:04:21 -0000 1.777
+++ selinux-policy.spec 6 Mar 2009 11:17:06 -0000 1.778
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.5.13
-Release: 47%{?dist}
+Release: 48%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -460,6 +460,10 @@
%endif
%changelog
+* Fri March 6 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-48
+- Fix pcscd policy
+- Allow alsa to read hardware state information
+
* Thu Feb 26 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-47
- Allow ktalkd to write to terminals
- Fix qemu labeling
More information about the fedora-extras-commits
mailing list