rpms/selinux-policy/devel policy-20090105.patch,1.70,1.71
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Mar 27 18:37:19 UTC 2009
- Previous message (by thread): rpms/perl/devel perl.spec,1.213,1.214
- Next message (by thread): rpms/libopensync-plugin-python/devel .cvsignore, 1.7, 1.8 libopensync-plugin-python.spec, 1.17, 1.18 sources, 1.7, 1.8 libopensync-plugin-python-python26.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19585
Modified Files:
policy-20090105.patch
Log Message:
* Thu Mar 26 2009 Dan Walsh <dwalsh at redhat.com> 3.6.10-3
- Fixes for svirt
policy-20090105.patch:
Index: policy-20090105.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20090105.patch,v
retrieving revision 1.70
retrieving revision 1.71
diff -u -r1.70 -r1.71
--- policy-20090105.patch 27 Mar 2009 01:39:14 -0000 1.70
+++ policy-20090105.patch 27 Mar 2009 18:37:18 -0000 1.71
@@ -1536,6 +1536,18 @@
+ xserver_write_pid(vbetool_t)
+')
+
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/awstats.te serefpolicy-3.6.10/policy/modules/apps/awstats.te
+--- nsaserefpolicy/policy/modules/apps/awstats.te 2009-02-16 08:44:12.000000000 -0500
++++ serefpolicy-3.6.10/policy/modules/apps/awstats.te 2009-03-27 09:09:07.000000000 -0400
+@@ -51,6 +51,8 @@
+
+ libs_read_lib_files(awstats_t)
+
++logging_read_generic_logs(awstats_t)
++
+ miscfiles_read_localization(awstats_t)
+
+ sysnet_dns_name_resolve(awstats_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cdrecord.fc serefpolicy-3.6.10/policy/modules/apps/cdrecord.fc
--- nsaserefpolicy/policy/modules/apps/cdrecord.fc 2008-08-07 11:15:03.000000000 -0400
+++ serefpolicy-3.6.10/policy/modules/apps/cdrecord.fc 2009-03-24 09:03:48.000000000 -0400
@@ -4771,7 +4783,7 @@
/var/lib/nfs/rpc_pipefs(/.*)? <<none>>
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.6.10/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/kernel/files.if 2009-03-26 21:12:48.000000000 -0400
++++ serefpolicy-3.6.10/policy/modules/kernel/files.if 2009-03-27 09:36:29.000000000 -0400
@@ -110,6 +110,11 @@
## </param>
#
@@ -5121,8 +5133,33 @@
+/dev/shm -d gen_context(system_u:object_r:tmpfs_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.6.10/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2009-03-04 16:49:00.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/kernel/filesystem.if 2009-03-24 09:03:48.000000000 -0400
-@@ -754,6 +754,7 @@
++++ serefpolicy-3.6.10/policy/modules/kernel/filesystem.if 2009-03-27 13:53:56.000000000 -0400
+@@ -723,6 +723,24 @@
+
+ ########################################
+ ## <summary>
++## Dont audit attempts to write to all noxattrfs files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`fs_dontaudit_write_noxattr_fs_files',`
++ gen_require(`
++ attribute noxattrfs;
++ ')
++
++ dontaudit $1 noxattrfs:file write;
++')
++
++########################################
++## <summary>
+ ## Create, read, write, and delete all noxattrfs directories.
+ ## </summary>
+ ## <param name="domain">
+@@ -754,6 +772,7 @@
attribute noxattrfs;
')
@@ -5130,7 +5167,7 @@
read_files_pattern($1, noxattrfs, noxattrfs)
')
-@@ -2173,6 +2174,7 @@
+@@ -2173,6 +2192,7 @@
type removable_t;
')
@@ -5138,7 +5175,7 @@
rw_blk_files_pattern($1, removable_t, removable_t)
')
-@@ -3322,6 +3324,7 @@
+@@ -3322,6 +3342,7 @@
type tmpfs_t;
')
@@ -5146,7 +5183,7 @@
dontaudit $1 tmpfs_t:file rw_file_perms;
')
-@@ -3643,6 +3646,7 @@
+@@ -3643,6 +3664,7 @@
')
allow $1 filesystem_type:filesystem getattr;
@@ -8278,6 +8315,18 @@
')
optional_policy(`
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.te serefpolicy-3.6.10/policy/modules/services/bitlbee.te
+--- nsaserefpolicy/policy/modules/services/bitlbee.te 2009-01-19 11:06:49.000000000 -0500
++++ serefpolicy-3.6.10/policy/modules/services/bitlbee.te 2009-03-27 10:19:31.000000000 -0400
+@@ -75,6 +75,8 @@
+ # grant read-only access to the user help files
+ files_read_usr_files(bitlbee_t)
+
++kernel_read_system_state(bitlbee_t)
++
+ libs_legacy_use_shared_libs(bitlbee_t)
+
+ miscfiles_read_localization(bitlbee_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.fc serefpolicy-3.6.10/policy/modules/services/certmaster.fc
--- nsaserefpolicy/policy/modules/services/certmaster.fc 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.6.10/policy/modules/services/certmaster.fc 2009-03-24 09:03:48.000000000 -0400
@@ -10570,6 +10619,17 @@
+
+allow dbusd_unconfined session_bus_type:dbus all_dbus_perms;
+allow session_bus_type dbusd_unconfined:dbus send_msg;
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.fc serefpolicy-3.6.10/policy/modules/services/dcc.fc
+--- nsaserefpolicy/policy/modules/services/dcc.fc 2008-08-07 11:15:11.000000000 -0400
++++ serefpolicy-3.6.10/policy/modules/services/dcc.fc 2009-03-27 08:55:46.000000000 -0400
+@@ -11,6 +11,7 @@
+ /usr/libexec/dcc/dccm -- gen_context(system_u:object_r:dccm_exec_t,s0)
+
+ /var/dcc(/.*)? gen_context(system_u:object_r:dcc_var_t,s0)
++/var/lib/dcc(/.*)? gen_context(system_u:object_r:dcc_var_t,s0)
+ /var/dcc/map -- gen_context(system_u:object_r:dcc_client_map_t,s0)
+
+ /var/run/dcc(/.*)? gen_context(system_u:object_r:dcc_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.6.10/policy/modules/services/dcc.te
--- nsaserefpolicy/policy/modules/services/dcc.te 2009-01-19 11:06:49.000000000 -0500
+++ serefpolicy-3.6.10/policy/modules/services/dcc.te 2009-03-24 09:03:48.000000000 -0400
@@ -12833,8 +12893,8 @@
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.6.10/policy/modules/services/lircd.te
--- nsaserefpolicy/policy/modules/services/lircd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/lircd.te 2009-03-24 09:03:48.000000000 -0400
-@@ -0,0 +1,51 @@
++++ serefpolicy-3.6.10/policy/modules/services/lircd.te 2009-03-27 09:36:23.000000000 -0400
+@@ -0,0 +1,55 @@
+policy_module(lircd,1.0.0)
+
+########################################
@@ -12883,8 +12943,12 @@
+
+logging_send_syslog_msg(lircd_t)
+
-+miscfiles_read_localization(lircd_t)
++files_read_etc_files(lircd_t)
++files_list_var(lircd_t)
++files_manage_generic_locks(lircd_t)
++files_read_all_locks(lircd_t)
+
++miscfiles_read_localization(lircd_t)
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.fc serefpolicy-3.6.10/policy/modules/services/mailman.fc
--- nsaserefpolicy/policy/modules/services/mailman.fc 2008-08-07 11:15:11.000000000 -0400
@@ -13062,7 +13126,7 @@
-#')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.6.10/policy/modules/services/mta.if
--- nsaserefpolicy/policy/modules/services/mta.if 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/mta.if 2009-03-24 09:03:48.000000000 -0400
++++ serefpolicy-3.6.10/policy/modules/services/mta.if 2009-03-27 09:50:44.000000000 -0400
@@ -130,6 +130,15 @@
sendmail_create_log($1_mail_t)
')
@@ -13130,6 +13194,14 @@
read_lnk_files_pattern($1, mail_spool_t, mail_spool_t)
')
+@@ -806,6 +818,7 @@
+ ')
+
+ files_search_spool($1)
++ manage_dirs_pattern($1, mqueue_spool_t, mqueue_spool_t)
+ manage_files_pattern($1, mqueue_spool_t, mqueue_spool_t)
+ ')
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.6.10/policy/modules/services/mta.te
--- nsaserefpolicy/policy/modules/services/mta.te 2009-01-19 11:06:49.000000000 -0500
+++ serefpolicy-3.6.10/policy/modules/services/mta.te 2009-03-24 09:03:48.000000000 -0400
@@ -21169,7 +21241,7 @@
+/var/run/libvirt/qemu(/.*)? gen_context(system_u:object_r:svirt_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.if serefpolicy-3.6.10/policy/modules/services/virt.if
--- nsaserefpolicy/policy/modules/services/virt.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/virt.if 2009-03-24 09:03:48.000000000 -0400
++++ serefpolicy-3.6.10/policy/modules/services/virt.if 2009-03-27 13:53:49.000000000 -0400
@@ -2,28 +2,6 @@
########################################
@@ -21264,7 +21336,7 @@
## All of the rules required to administrate
## an virt environment
## </summary>
-@@ -327,3 +341,50 @@
+@@ -327,3 +341,53 @@
virt_manage_log($1)
')
@@ -21310,6 +21382,9 @@
+ fs_tmpfs_filetrans($1_t, $1_tmpfs_t, { dir file lnk_file })
+ fs_getattr_tmpfs($1_t)
+
++ fs_read_noxattr_fs_files($1_t)
++ fs_dontaudit_write_noxattr_fs_files($1_t)
++
+ optional_policy(`
+ xserver_common_app($1_t)
+ ')
@@ -24700,7 +24775,7 @@
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.6.10/policy/modules/system/logging.if
--- nsaserefpolicy/policy/modules/system/logging.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/logging.if 2009-03-24 09:03:48.000000000 -0400
++++ serefpolicy-3.6.10/policy/modules/system/logging.if 2009-03-27 09:08:50.000000000 -0400
@@ -623,7 +623,7 @@
')
- Previous message (by thread): rpms/perl/devel perl.spec,1.213,1.214
- Next message (by thread): rpms/libopensync-plugin-python/devel .cvsignore, 1.7, 1.8 libopensync-plugin-python.spec, 1.17, 1.18 sources, 1.7, 1.8 libopensync-plugin-python-python26.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list