rpms/selinux-policy/F-9 policy-20071130.patch,1.259,1.260
Miroslav Grepl
mgrepl at fedoraproject.org
Thu Mar 12 15:57:24 UTC 2009
Author: mgrepl
Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15341
Modified Files:
policy-20071130.patch
Log Message:
- Allow NetworkManager_t to execute udev
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.259
retrieving revision 1.260
diff -u -r1.259 -r1.260
--- policy-20071130.patch 6 Mar 2009 13:34:25 -0000 1.259
+++ policy-20071130.patch 12 Mar 2009 15:57:20 -0000 1.260
@@ -644463,7 +644463,7 @@
read_files_pattern(amavis_t,amavis_etc_t,amavis_etc_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.3.1/policy/modules/services/apache.fc
--- nsaserefpolicy/policy/modules/services/apache.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/apache.fc 2009-02-27 09:29:43.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/apache.fc 2009-03-12 15:23:33.000000000 +0100
@@ -1,28 +1,28 @@
-HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_ROLE_content_t,s0)
-
@@ -644532,7 +644532,7 @@
/var/log/apache(2)?(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
/var/log/apache-ssl(2)?(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
/var/log/cacti(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
-@@ -65,11 +75,26 @@
+@@ -65,11 +75,27 @@
/var/run/apache.* gen_context(system_u:object_r:httpd_var_run_t,s0)
/var/run/gcache_port -s gen_context(system_u:object_r:httpd_var_run_t,s0)
/var/run/httpd.* gen_context(system_u:object_r:httpd_var_run_t,s0)
@@ -644550,6 +644550,7 @@
+/var/www/[^/]*/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
/var/www/icons(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
/var/www/perl(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
++/var/www/svn(/.*)? gen_context(system_u:object_r:httpd_sys_content_rw_t,s0)
+
+#Bugzilla file context
+/usr/share/bugzilla(/.*)? -d gen_context(system_u:object_r:httpd_bugzilla_content_t,s0)
@@ -655260,7 +655261,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.3.1/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/networkmanager.te 2009-02-12 22:47:15.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/networkmanager.te 2009-03-12 15:22:58.000000000 +0100
@@ -1,5 +1,5 @@
-policy_module(networkmanager,1.9.0)
@@ -655447,7 +655448,7 @@
')
optional_policy(`
-@@ -138,39 +205,86 @@
+@@ -138,39 +205,87 @@
')
optional_policy(`
@@ -655507,6 +655508,7 @@
- # Read gnome-keyring
- unconfined_read_home_content_files(NetworkManager_t)
+ udev_read_db(NetworkManager_t)
++ udev_exec(NetworkManager_t)
')
optional_policy(`
@@ -662928,7 +662930,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.3.1/policy/modules/services/sasl.te
--- nsaserefpolicy/policy/modules/services/sasl.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/sasl.te 2009-02-12 22:21:57.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/sasl.te 2009-03-12 15:24:41.000000000 +0100
@@ -23,6 +23,9 @@
type saslauthd_var_run_t;
files_pid_file(saslauthd_var_run_t)
@@ -662939,16 +662941,17 @@
########################################
#
# Local policy
-@@ -98,7 +101,7 @@
+@@ -98,7 +101,8 @@
')
optional_policy(`
- kerberos_read_keytab(saslauthd_t)
+ kerberos_keytab_template(saslauthd, saslauthd_t)
++ kerberos_manage_host_rcache(saslauthd_t)
')
optional_policy(`
-@@ -107,6 +110,10 @@
+@@ -107,6 +111,10 @@
')
optional_policy(`
@@ -673319,8 +673322,33 @@
xen_append_log(ifconfig_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.if serefpolicy-3.3.1/policy/modules/system/udev.if
--- nsaserefpolicy/policy/modules/system/udev.if 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/udev.if 2009-02-12 22:21:57.000000000 +0100
-@@ -96,6 +96,24 @@
++++ serefpolicy-3.3.1/policy/modules/system/udev.if 2009-03-12 16:04:27.000000000 +0100
+@@ -18,6 +18,24 @@
+ domtrans_pattern($1, udev_exec_t, udev_t)
+ ')
+
++#######################################
++## <summary>
++## Execute udev in the caller domain.
++## </summary>
++## <param name="domain">
++## <summary>
++## The type of the process performing this action.
++## </summary>
++## </param>
++#
++interface(`udev_exec',`
++ gen_require(`
++ type udev_exec_t;
++ ')
++
++ can_exec($1, udev_exec_t)
++')
++
+ ########################################
+ ## <summary>
+ ## Execute a udev helper in the udev domain.
+@@ -96,6 +114,24 @@
########################################
## <summary>
@@ -673345,7 +673373,7 @@
## Allow process to read list of devices.
## </summary>
## <param name="domain">
-@@ -106,11 +124,13 @@
+@@ -106,11 +142,13 @@
#
interface(`udev_read_db',`
gen_require(`
@@ -673361,7 +673389,7 @@
')
########################################
-@@ -125,9 +145,9 @@
+@@ -125,9 +163,9 @@
#
interface(`udev_rw_db',`
gen_require(`
More information about the fedora-extras-commits
mailing list