rpms/selinux-policy/devel policy-20090105.patch, 1.71, 1.72 selinux-policy.spec, 1.812, 1.813

Daniel J Walsh dwalsh at fedoraproject.org
Fri Mar 27 19:48:48 UTC 2009 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv4238

Modified Files:
	policy-20090105.patch selinux-policy.spec 
Log Message:
* Fri Mar 27 2009 Dan Walsh <dwalsh at redhat.com> 3.6.10-4
- Add label for ~/.forward and /root/.forward


policy-20090105.patch:

Index: policy-20090105.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20090105.patch,v
retrieving revision 1.71
retrieving revision 1.72
diff -u -r1.71 -r1.72
--- policy-20090105.patch	27 Mar 2009 18:37:18 -0000	1.71
+++ policy-20090105.patch	27 Mar 2009 19:48:17 -0000	1.72
@@ -6775,7 +6775,7 @@
 +permissive afs_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.6.10/policy/modules/services/apache.fc
 --- nsaserefpolicy/policy/modules/services/apache.fc	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/apache.fc	2009-03-24 09:03:48.000000000 -0400
++++ serefpolicy-3.6.10/policy/modules/services/apache.fc	2009-03-27 14:54:58.000000000 -0400
 @@ -1,12 +1,13 @@
 -HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
 +HOME_DIR/((www)|(web)|(public_html)|(public_git))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
@@ -8172,7 +8172,7 @@
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.fc serefpolicy-3.6.10/policy/modules/services/bind.fc
 --- nsaserefpolicy/policy/modules/services/bind.fc	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/bind.fc	2009-03-24 09:03:48.000000000 -0400
++++ serefpolicy-3.6.10/policy/modules/services/bind.fc	2009-03-27 15:09:58.000000000 -0400
 @@ -1,17 +1,22 @@
  /etc/rc\.d/init\.d/named --	gen_context(system_u:object_r:named_initrc_exec_t,s0)
 +/etc/rc\.d/init\.d/unbound	--	gen_context(system_u:object_r:named_initrc_exec_t,s0)
@@ -8196,14 +8196,16 @@
  
  ifdef(`distro_debian',`
  /etc/bind(/.*)?			gen_context(system_u:object_r:named_zone_t,s0)
-@@ -40,7 +45,6 @@
+@@ -40,8 +45,8 @@
  /var/named/data(/.*)?		gen_context(system_u:object_r:named_cache_t,s0)
  /var/named/named\.ca	--	gen_context(system_u:object_r:named_conf_t,s0)
  /var/named/chroot(/.*)?		gen_context(system_u:object_r:named_conf_t,s0)
 -/var/named/chroot/etc(/.*)? 	gen_context(system_u:object_r:named_conf_t,s0)
  /var/named/chroot/etc/rndc\.key -- gen_context(system_u:object_r:dnssec_t,s0)
++/var/named/chroot/proc(/.*)? 	<<none>>
  /var/named/chroot/var/run/named.* gen_context(system_u:object_r:named_var_run_t,s0)
  /var/named/chroot/var/tmp(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
+ /var/named/chroot/var/named(/.*)? gen_context(system_u:object_r:named_zone_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-3.6.10/policy/modules/services/bind.if
 --- nsaserefpolicy/policy/modules/services/bind.if	2008-11-11 16:13:46.000000000 -0500
 +++ serefpolicy-3.6.10/policy/modules/services/bind.if	2009-03-24 09:03:48.000000000 -0400
@@ -13095,7 +13097,7 @@
  	cron_system_entry(mailman_queue_t, mailman_queue_exec_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.6.10/policy/modules/services/mta.fc
 --- nsaserefpolicy/policy/modules/services/mta.fc	2008-09-12 10:48:05.000000000 -0400
-+++ serefpolicy-3.6.10/policy/modules/services/mta.fc	2009-03-24 09:03:48.000000000 -0400
++++ serefpolicy-3.6.10/policy/modules/services/mta.fc	2009-03-27 15:09:24.000000000 -0400
 @@ -1,4 +1,4 @@
 -/bin/mail		--	gen_context(system_u:object_r:sendmail_exec_t,s0)
 +/bin/mail(x)?		--	gen_context(system_u:object_r:sendmail_exec_t,s0)
@@ -13116,7 +13118,7 @@
  
  /var/mail(/.*)?			gen_context(system_u:object_r:mail_spool_t,s0)
  
-@@ -22,7 +25,3 @@
+@@ -22,7 +25,5 @@
  /var/spool/imap(/.*)?		gen_context(system_u:object_r:mail_spool_t,s0)
  /var/spool/(client)?mqueue(/.*)? gen_context(system_u:object_r:mqueue_spool_t,s0)
  /var/spool/mail(/.*)?		gen_context(system_u:object_r:mail_spool_t,s0)
@@ -13124,9 +13126,11 @@
 -#ifdef(`postfix.te', `', `
 -#/var/spool/postfix(/.*)?	gen_context(system_u:object_r:mail_spool_t,s0)
 -#')
++HOME_DIR/\.forward	--	gen_context(system_u:object_r:mail_forward_t,s0)
++/root/\.forward		--	gen_context(system_u:object_r:mail_forward_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.6.10/policy/modules/services/mta.if
 --- nsaserefpolicy/policy/modules/services/mta.if	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/mta.if	2009-03-27 09:50:44.000000000 -0400
++++ serefpolicy-3.6.10/policy/modules/services/mta.if	2009-03-27 14:46:53.000000000 -0400
 @@ -130,6 +130,15 @@
  		sendmail_create_log($1_mail_t)
  	')
@@ -13204,8 +13208,18 @@
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.6.10/policy/modules/services/mta.te
 --- nsaserefpolicy/policy/modules/services/mta.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/mta.te	2009-03-24 09:03:48.000000000 -0400
-@@ -47,34 +47,49 @@
++++ serefpolicy-3.6.10/policy/modules/services/mta.te	2009-03-27 15:46:19.000000000 -0400
+@@ -27,6 +27,9 @@
+ type mail_spool_t;
+ files_mountpoint(mail_spool_t)
+ 
++type mail_forward_t, mailcontent_type;
++files_type(mail_forward_t)
++
+ type sendmail_exec_t;
+ mta_agent_executable(sendmail_exec_t)
+ 
+@@ -47,34 +50,49 @@
  #
  
  # newalias required this, not sure if it is needed in 'if' file
@@ -13257,7 +13271,7 @@
  ')
  
  optional_policy(`
-@@ -88,6 +103,13 @@
+@@ -88,6 +106,13 @@
  optional_policy(`
  	cron_read_system_job_tmp_files(system_mail_t)
  	cron_dontaudit_write_pipes(system_mail_t)
@@ -13271,7 +13285,7 @@
  ')
  
  optional_policy(`
-@@ -95,16 +117,16 @@
+@@ -95,16 +120,16 @@
  ')
  
  optional_policy(`
@@ -13292,7 +13306,7 @@
  ')
  
  optional_policy(`
-@@ -132,10 +154,6 @@
+@@ -132,10 +157,6 @@
  		# compatability for old default main.cf
  		postfix_config_filetrans(system_mail_t, etc_aliases_t, { dir file lnk_file sock_file fifo_file })
  	')
@@ -13303,7 +13317,7 @@
  ')
  
  optional_policy(`
-@@ -155,6 +173,19 @@
+@@ -155,6 +176,19 @@
  ')
  
  optional_policy(`
@@ -13323,11 +13337,13 @@
  	smartmon_read_tmp_files(system_mail_t)
  ')
  
-@@ -174,6 +205,23 @@
+@@ -174,6 +208,25 @@
  	')
  ')
  
 +read_files_pattern(mailserver_delivery, system_mail_tmp_t, system_mail_tmp_t)
++userdom_search_admin_dir(mailserver_delivery)
++read_files_pattern(mailserver_delivery, mail_forward_t, mail_forward_t)
 +
 +init_stream_connect_script(mailserver_delivery)
 +init_rw_script_stream_sockets(mailserver_delivery)
@@ -21222,12 +21238,13 @@
  optional_policy(`
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.fc serefpolicy-3.6.10/policy/modules/services/virt.fc
 --- nsaserefpolicy/policy/modules/services/virt.fc	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/virt.fc	2009-03-24 15:39:18.000000000 -0400
-@@ -8,5 +8,15 @@
++++ serefpolicy-3.6.10/policy/modules/services/virt.fc	2009-03-27 15:22:38.000000000 -0400
+@@ -8,5 +8,16 @@
  
  /var/lib/libvirt(/.*)?		gen_context(system_u:object_r:virt_var_lib_t,s0)
  /var/lib/libvirt/images(/.*)? 	gen_context(system_u:object_r:virt_image_t,s0)
 +/var/lib/libvirt/isos(/.*)? 	gen_context(system_u:object_r:virt_content_t,s0)
++/var/lib/libvirt/boot(/.*)? 	gen_context(system_u:object_r:virt_content_t,s0)
 +
  /var/log/libvirt(/.*)?		gen_context(system_u:object_r:virt_log_t,s0)
  /var/run/libvirt(/.*)?		gen_context(system_u:object_r:virt_var_run_t,s0)


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.812
retrieving revision 1.813
diff -u -r1.812 -r1.813
--- selinux-policy.spec	27 Mar 2009 00:01:52 -0000	1.812
+++ selinux-policy.spec	27 Mar 2009 19:48:17 -0000	1.813
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.10
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -444,6 +444,9 @@
 %endif
 
 %changelog
+* Fri Mar 27 2009 Dan Walsh <dwalsh at redhat.com> 3.6.10-4
+- Add label for ~/.forward and /root/.forward
+
 * Thu Mar 26 2009 Dan Walsh <dwalsh at redhat.com> 3.6.10-3
 - Fixes for svirt

More information about the fedora-extras-commits mailing list