rpms/selinux-policy/F-9 policy-20071130.patch,1.259,1.260

Miroslav Grepl mgrepl at fedoraproject.org
Thu Mar 12 15:57:24 UTC 2009 

Author: mgrepl

Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15341

Modified Files:
	policy-20071130.patch 
Log Message:
- Allow NetworkManager_t to execute udev


policy-20071130.patch:

Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.259
retrieving revision 1.260
diff -u -r1.259 -r1.260
--- policy-20071130.patch	6 Mar 2009 13:34:25 -0000	1.259
+++ policy-20071130.patch	12 Mar 2009 15:57:20 -0000	1.260
@@ -644463,7 +644463,7 @@
  read_files_pattern(amavis_t,amavis_etc_t,amavis_etc_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.3.1/policy/modules/services/apache.fc
 --- nsaserefpolicy/policy/modules/services/apache.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/apache.fc	2009-02-27 09:29:43.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/apache.fc	2009-03-12 15:23:33.000000000 +0100
 @@ -1,28 +1,28 @@
 -HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_ROLE_content_t,s0)
 -
@@ -644532,7 +644532,7 @@
  /var/log/apache(2)?(/.*)?		gen_context(system_u:object_r:httpd_log_t,s0)
  /var/log/apache-ssl(2)?(/.*)?		gen_context(system_u:object_r:httpd_log_t,s0)
  /var/log/cacti(/.*)?			gen_context(system_u:object_r:httpd_log_t,s0)
-@@ -65,11 +75,26 @@
+@@ -65,11 +75,27 @@
  /var/run/apache.*			gen_context(system_u:object_r:httpd_var_run_t,s0)
  /var/run/gcache_port		-s	gen_context(system_u:object_r:httpd_var_run_t,s0)
  /var/run/httpd.*			gen_context(system_u:object_r:httpd_var_run_t,s0)
@@ -644550,6 +644550,7 @@
 +/var/www/[^/]*/cgi-bin(/.*)?		gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
  /var/www/icons(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)
  /var/www/perl(/.*)?			gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
++/var/www/svn(/.*)?  			gen_context(system_u:object_r:httpd_sys_content_rw_t,s0)
 +
 +#Bugzilla file context
 +/usr/share/bugzilla(/.*)?	-d	gen_context(system_u:object_r:httpd_bugzilla_content_t,s0)
@@ -655260,7 +655261,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.3.1/policy/modules/services/networkmanager.te
 --- nsaserefpolicy/policy/modules/services/networkmanager.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/networkmanager.te	2009-02-12 22:47:15.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/networkmanager.te	2009-03-12 15:22:58.000000000 +0100
 @@ -1,5 +1,5 @@
  
 -policy_module(networkmanager,1.9.0)
@@ -655447,7 +655448,7 @@
  ')
  
  optional_policy(`
-@@ -138,39 +205,86 @@
+@@ -138,39 +205,87 @@
  ')
  
  optional_policy(`
@@ -655507,6 +655508,7 @@
 -	# Read gnome-keyring
 -	unconfined_read_home_content_files(NetworkManager_t)
 +	udev_read_db(NetworkManager_t)
++	udev_exec(NetworkManager_t)
  ')
  
  optional_policy(`
@@ -662928,7 +662930,7 @@
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.3.1/policy/modules/services/sasl.te
 --- nsaserefpolicy/policy/modules/services/sasl.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/sasl.te	2009-02-12 22:21:57.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/sasl.te	2009-03-12 15:24:41.000000000 +0100
 @@ -23,6 +23,9 @@
  type saslauthd_var_run_t;
  files_pid_file(saslauthd_var_run_t)
@@ -662939,16 +662941,17 @@
  ########################################
  #
  # Local policy
-@@ -98,7 +101,7 @@
+@@ -98,7 +101,8 @@
  ')
  
  optional_policy(`
 -	kerberos_read_keytab(saslauthd_t)
 +	kerberos_keytab_template(saslauthd, saslauthd_t)
++	kerberos_manage_host_rcache(saslauthd_t)
  ')
  
  optional_policy(`
-@@ -107,6 +110,10 @@
+@@ -107,6 +111,10 @@
  ')
  
  optional_policy(`
@@ -673319,8 +673322,33 @@
  	xen_append_log(ifconfig_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.if serefpolicy-3.3.1/policy/modules/system/udev.if
 --- nsaserefpolicy/policy/modules/system/udev.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/udev.if	2009-02-12 22:21:57.000000000 +0100
-@@ -96,6 +96,24 @@
++++ serefpolicy-3.3.1/policy/modules/system/udev.if	2009-03-12 16:04:27.000000000 +0100
+@@ -18,6 +18,24 @@
+ 	domtrans_pattern($1, udev_exec_t, udev_t)
+ ')
+ 
++#######################################
++## <summary>
++##      Execute udev in the caller domain.
++## </summary>
++## <param name="domain">
++##      <summary>
++##      The type of the process performing this action.
++##      </summary>
++## </param>
++#
++interface(`udev_exec',`
++        gen_require(`
++                type udev_exec_t;
++        ')
++
++        can_exec($1, udev_exec_t)
++')
++
+ ########################################
+ ## <summary>
+ ##	Execute a udev helper in the udev domain.
+@@ -96,6 +114,24 @@
  
  ########################################
  ## <summary>
@@ -673345,7 +673373,7 @@
  ##	Allow process to read list of devices.
  ## </summary>
  ## <param name="domain">
-@@ -106,11 +124,13 @@
+@@ -106,11 +142,13 @@
  #
  interface(`udev_read_db',`
  	gen_require(`
@@ -673361,7 +673389,7 @@
  ')
  
  ########################################
-@@ -125,9 +145,9 @@
+@@ -125,9 +163,9 @@
  #
  interface(`udev_rw_db',`
  	gen_require(`

More information about the fedora-extras-commits mailing list