rpms/selinux-policy/F-10 policy-20080710.patch,1.153,1.154

Miroslav Grepl mgrepl at fedoraproject.org
Fri Mar 27 08:33:16 UTC 2009 

Author: mgrepl

Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1730

Modified Files:
	policy-20080710.patch 
Log Message:
- Allow bitlbee_t to read /proc/meminfo



policy-20080710.patch:

Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.153
retrieving revision 1.154
diff -u -r1.153 -r1.154
--- policy-20080710.patch	25 Mar 2009 13:43:12 -0000	1.153
+++ policy-20080710.patch	27 Mar 2009 08:33:15 -0000	1.154
@@ -9698,8 +9698,8 @@
 +logging_admin(logadm_t, logadm_r, { logadm_devpts_t logadm_tty_device_t })
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.5.13/policy/modules/roles/staff.te
 --- nsaserefpolicy/policy/modules/roles/staff.te	2008-10-17 14:49:14.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/roles/staff.te	2009-02-10 15:07:15.000000000 +0100
-@@ -4,27 +4,79 @@
++++ serefpolicy-3.5.13/policy/modules/roles/staff.te	2009-03-27 09:03:11.000000000 +0100
+@@ -4,27 +4,81 @@
  ########################################
  #
  # Declarations
@@ -9721,6 +9721,8 @@
 +kernel_getattr_message_if(staff_t)
 +kernel_read_software_raid_state(staff_t)
 +
++term_use_unallocated_ttys(staff_t)
++
 +auth_domtrans_pam_console(staff_t)
 +
 +libs_manage_shared_libs(staff_t)
@@ -13240,6 +13242,18 @@
  # for /etc/rndc.key
  ifdef(`distro_redhat',`
  	allow ndc_t named_conf_t:dir search;
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.te serefpolicy-3.5.13/policy/modules/services/bitlbee.te
+--- nsaserefpolicy/policy/modules/services/bitlbee.te	2008-10-17 14:49:13.000000000 +0200
++++ serefpolicy-3.5.13/policy/modules/services/bitlbee.te	2009-03-27 09:08:23.000000000 +0100
+@@ -69,6 +69,8 @@
+ corenet_tcp_connect_http_port(bitlbee_t)
+ corenet_tcp_sendrecv_http_port(bitlbee_t)
+ 
++kernel_read_system_state(bitlbee_t)  
++
+ dev_read_rand(bitlbee_t)
+ dev_read_urand(bitlbee_t)
+ 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.fc serefpolicy-3.5.13/policy/modules/services/bluetooth.fc
 --- nsaserefpolicy/policy/modules/services/bluetooth.fc	2008-10-17 14:49:13.000000000 +0200
 +++ serefpolicy-3.5.13/policy/modules/services/bluetooth.fc	2009-02-10 15:07:15.000000000 +0100
@@ -32696,7 +32710,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.5.13/policy/modules/system/init.te
 --- nsaserefpolicy/policy/modules/system/init.te	2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/system/init.te	2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/system/init.te	2009-03-27 09:06:57.000000000 +0100
 @@ -17,6 +17,20 @@
  ## </desc>
  gen_tunable(init_upstart,false)
@@ -32943,7 +32957,7 @@
  	vmware_read_system_config(initrc_t)
  	vmware_append_system_config(initrc_t)
  ')
-@@ -795,3 +864,11 @@
+@@ -795,3 +864,17 @@
  optional_policy(`
  	zebra_read_config(initrc_t)
  ')
@@ -32954,6 +32968,12 @@
 +
 +optional_policy(`
 +	xserver_rw_xdm_home_files(daemon)
++	tunable_policy(`use_nfs_home_dirs',`
++		fs_dontaudit_rw_nfs_files(daemon)
++	')
++	tunable_policy(`use_samba_home_dirs',`
++ 		fs_dontaudit_rw_cifs_files(daemon)
++	')
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.fc serefpolicy-3.5.13/policy/modules/system/ipsec.fc
 --- nsaserefpolicy/policy/modules/system/ipsec.fc	2008-10-17 14:49:13.000000000 +0200
@@ -33100,7 +33120,7 @@
  allow setkey_t ipsec_conf_file_t:dir list_dir_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.fc serefpolicy-3.5.13/policy/modules/system/iptables.fc
 --- nsaserefpolicy/policy/modules/system/iptables.fc	2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/system/iptables.fc	2009-03-25 01:47:29.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/system/iptables.fc	2009-03-25 22:38:51.000000000 +0100
 @@ -6,3 +6,4 @@
  /usr/sbin/ip6tables.*	--	gen_context(system_u:object_r:iptables_exec_t,s0)
  /usr/sbin/ipchains.*	--	gen_context(system_u:object_r:iptables_exec_t,s0)

More information about the fedora-extras-commits mailing list