rpms/selinux-policy/F-10 policy-20080710.patch,1.153,1.154
Miroslav Grepl
mgrepl at fedoraproject.org
Fri Mar 27 08:33:16 UTC 2009
Author: mgrepl
Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1730
Modified Files:
policy-20080710.patch
Log Message:
- Allow bitlbee_t to read /proc/meminfo
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.153
retrieving revision 1.154
diff -u -r1.153 -r1.154
--- policy-20080710.patch 25 Mar 2009 13:43:12 -0000 1.153
+++ policy-20080710.patch 27 Mar 2009 08:33:15 -0000 1.154
@@ -9698,8 +9698,8 @@
+logging_admin(logadm_t, logadm_r, { logadm_devpts_t logadm_tty_device_t })
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.5.13/policy/modules/roles/staff.te
--- nsaserefpolicy/policy/modules/roles/staff.te 2008-10-17 14:49:14.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/roles/staff.te 2009-02-10 15:07:15.000000000 +0100
-@@ -4,27 +4,79 @@
++++ serefpolicy-3.5.13/policy/modules/roles/staff.te 2009-03-27 09:03:11.000000000 +0100
+@@ -4,27 +4,81 @@
########################################
#
# Declarations
@@ -9721,6 +9721,8 @@
+kernel_getattr_message_if(staff_t)
+kernel_read_software_raid_state(staff_t)
+
++term_use_unallocated_ttys(staff_t)
++
+auth_domtrans_pam_console(staff_t)
+
+libs_manage_shared_libs(staff_t)
@@ -13240,6 +13242,18 @@
# for /etc/rndc.key
ifdef(`distro_redhat',`
allow ndc_t named_conf_t:dir search;
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.te serefpolicy-3.5.13/policy/modules/services/bitlbee.te
+--- nsaserefpolicy/policy/modules/services/bitlbee.te 2008-10-17 14:49:13.000000000 +0200
++++ serefpolicy-3.5.13/policy/modules/services/bitlbee.te 2009-03-27 09:08:23.000000000 +0100
+@@ -69,6 +69,8 @@
+ corenet_tcp_connect_http_port(bitlbee_t)
+ corenet_tcp_sendrecv_http_port(bitlbee_t)
+
++kernel_read_system_state(bitlbee_t)
++
+ dev_read_rand(bitlbee_t)
+ dev_read_urand(bitlbee_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.fc serefpolicy-3.5.13/policy/modules/services/bluetooth.fc
--- nsaserefpolicy/policy/modules/services/bluetooth.fc 2008-10-17 14:49:13.000000000 +0200
+++ serefpolicy-3.5.13/policy/modules/services/bluetooth.fc 2009-02-10 15:07:15.000000000 +0100
@@ -32696,7 +32710,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.5.13/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/system/init.te 2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/system/init.te 2009-03-27 09:06:57.000000000 +0100
@@ -17,6 +17,20 @@
## </desc>
gen_tunable(init_upstart,false)
@@ -32943,7 +32957,7 @@
vmware_read_system_config(initrc_t)
vmware_append_system_config(initrc_t)
')
-@@ -795,3 +864,11 @@
+@@ -795,3 +864,17 @@
optional_policy(`
zebra_read_config(initrc_t)
')
@@ -32954,6 +32968,12 @@
+
+optional_policy(`
+ xserver_rw_xdm_home_files(daemon)
++ tunable_policy(`use_nfs_home_dirs',`
++ fs_dontaudit_rw_nfs_files(daemon)
++ ')
++ tunable_policy(`use_samba_home_dirs',`
++ fs_dontaudit_rw_cifs_files(daemon)
++ ')
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.fc serefpolicy-3.5.13/policy/modules/system/ipsec.fc
--- nsaserefpolicy/policy/modules/system/ipsec.fc 2008-10-17 14:49:13.000000000 +0200
@@ -33100,7 +33120,7 @@
allow setkey_t ipsec_conf_file_t:dir list_dir_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.fc serefpolicy-3.5.13/policy/modules/system/iptables.fc
--- nsaserefpolicy/policy/modules/system/iptables.fc 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/system/iptables.fc 2009-03-25 01:47:29.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/system/iptables.fc 2009-03-25 22:38:51.000000000 +0100
@@ -6,3 +6,4 @@
/usr/sbin/ip6tables.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
/usr/sbin/ipchains.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
More information about the fedora-extras-commits
mailing list