rpms/selinux-policy/F-10 policy-20080710.patch, 1.155, 1.156 selinux-policy.spec, 1.785, 1.786

Mon Mar 30 14:56:27 UTC 2009

Author: mgrepl

Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv14602

Modified Files:
	policy-20080710.patch selinux-policy.spec 
Log Message:
- Allow logrotate to manage BIND cache files



policy-20080710.patch:

Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.155
retrieving revision 1.156
diff -u -r1.155 -r1.156

--- policy-20080710.patch	27 Mar 2009 16:39:58 -0000	1.155
+++ policy-20080710.patch	30 Mar 2009 14:56:24 -0000	1.156
@@ -665,7 +665,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.5.13/policy/modules/admin/logrotate.te
 --- nsaserefpolicy/policy/modules/admin/logrotate.te	2008-10-17 14:49:14.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/admin/logrotate.te	2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/admin/logrotate.te	2009-03-30 16:34:18.000000000 +0200
 @@ -119,6 +119,7 @@
  seutil_dontaudit_read_config(logrotate_t)
  
@@ -674,7 +674,18 @@
  
  cron_system_entry(logrotate_t, logrotate_exec_t)
  cron_search_spool(logrotate_t)
-@@ -186,9 +187,16 @@
+@@ -152,6 +153,10 @@
+ ')
+ 
+ optional_policy(`
++ 	bind_manage_cache(logrotate_t)
++')
++
++optional_policy(`
+ 	consoletype_exec(logrotate_t)
+ ')
+ 
+@@ -186,9 +191,16 @@
  ')
  
  optional_policy(`
@@ -1869,8 +1880,17 @@
  ## </summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/awstats.te serefpolicy-3.5.13/policy/modules/apps/awstats.te
 --- nsaserefpolicy/policy/modules/apps/awstats.te	2008-10-17 14:49:14.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/apps/awstats.te	2009-03-27 14:17:48.000000000 +0100
-@@ -47,6 +47,8 @@
++++ serefpolicy-3.5.13/policy/modules/apps/awstats.te	2009-03-30 14:37:02.000000000 +0200
+@@ -28,6 +28,8 @@
+ awstats_rw_pipes(awstats_t)
+ awstats_cgi_exec(awstats_t)
+ 
++can_exec(awstats_t, awstats_exec_t)
++
+ manage_dirs_pattern(awstats_t, awstats_tmp_t, awstats_tmp_t)
+ manage_files_pattern(awstats_t, awstats_tmp_t, awstats_tmp_t)
+ files_tmp_filetrans(awstats_t, awstats_tmp_t, { dir file })
+@@ -47,6 +49,8 @@
  # e.g. /usr/share/awstats/lang/awstats-en.txt
  files_read_usr_files(awstats_t)
  
@@ -1879,7 +1899,7 @@
  libs_read_lib_files(awstats_t)
  libs_use_ld_so(awstats_t)
  libs_use_shared_libs(awstats_t)
-@@ -55,6 +57,8 @@
+@@ -55,6 +59,8 @@
  
  sysnet_dns_name_resolve(awstats_t)
  
@@ -13232,7 +13252,7 @@
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-3.5.13/policy/modules/services/bind.te
 --- nsaserefpolicy/policy/modules/services/bind.te	2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/bind.te	2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/bind.te	2009-03-30 11:05:25.000000000 +0200
 @@ -173,7 +173,7 @@
  ')
  
@@ -13242,7 +13262,15 @@
  ')
  
  optional_policy(`
-@@ -247,6 +247,8 @@
+@@ -233,6 +233,7 @@
+ files_search_pids(ndc_t)
+ 
+ fs_getattr_xattr_fs(ndc_t)
++fs_list_inotifyfs(ndc_t)
+ 
+ init_use_fds(ndc_t)
+ init_use_script_ptys(ndc_t)
+@@ -247,6 +248,8 @@
  sysnet_read_config(ndc_t)
  sysnet_dns_name_resolve(ndc_t)
  
@@ -16014,7 +16042,7 @@
  ## </summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.5.13/policy/modules/services/dcc.te
 --- nsaserefpolicy/policy/modules/services/dcc.te	2008-10-17 14:49:11.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/dcc.te	2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/dcc.te	2009-03-30 16:36:54.000000000 +0200
 @@ -105,6 +105,8 @@
  files_read_etc_files(cdcc_t)
  files_read_etc_runtime_files(cdcc_t)
@@ -17144,6 +17172,48 @@
 +	spamassassin_exec(exim_t)
 +	spamassassin_exec_client(exim_t)
  ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.if serefpolicy-3.5.13/policy/modules/services/fail2ban.if
+--- nsaserefpolicy/policy/modules/services/fail2ban.if	2008-10-17 14:49:11.000000000 +0200
++++ serefpolicy-3.5.13/policy/modules/services/fail2ban.if	2009-03-30 12:51:09.000000000 +0200
+@@ -79,6 +79,27 @@
+ 	allow $1 fail2ban_var_run_t:file read_file_perms;
+ ')
+ 
++#######################################
++## <summary>
++##      Connect to fail2ban over a unix domain
++##      stream socket.
++## </summary>
++## <param name="domain">
++##      <summary>
++##      Domain allowed access.
++##      </summary>
++## </param>
++#
++interface(`fail2ban_stream_connect',`
++        gen_require(`
++                type fail2ban_var_run_t, fail2ban_t;
++        ')
++
++        allow $1 fail2ban_t:unix_stream_socket connectto;
++        allow $1 fail2ban_var_run_t:sock_file { getattr write };
++        files_search_pids($1)
++')
++
+ ########################################
+ ## <summary>
+ ##	All of the rules required to administrate 
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-3.5.13/policy/modules/services/fail2ban.te
+--- nsaserefpolicy/policy/modules/services/fail2ban.te	2008-10-17 14:49:11.000000000 +0200
++++ serefpolicy-3.5.13/policy/modules/services/fail2ban.te	2009-03-30 12:52:34.000000000 +0200
+@@ -27,6 +27,7 @@
+ #
+ 
+ allow fail2ban_t self:process signal;
++dontaudit fail2ban_t self:capability sys_tty_config;
+ allow fail2ban_t self:fifo_file rw_fifo_file_perms;
+ allow fail2ban_t self:unix_stream_socket { connectto create_stream_socket_perms };
+ allow fail2ban_t self:tcp_socket create_stream_socket_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.fc serefpolicy-3.5.13/policy/modules/services/fetchmail.fc
 --- nsaserefpolicy/policy/modules/services/fetchmail.fc	2008-10-17 14:49:11.000000000 +0200
 +++ serefpolicy-3.5.13/policy/modules/services/fetchmail.fc	2009-03-05 15:02:41.000000000 +0100
@@ -18655,7 +18725,7 @@
 +/var/spool/milter-regex(/.*)?				gen_context(system_u:object_r:regex_milter_data_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.if serefpolicy-3.5.13/policy/modules/services/milter.if
 --- nsaserefpolicy/policy/modules/services/milter.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.5.13/policy/modules/services/milter.if	2009-03-17 16:49:58.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/milter.if	2009-03-30 11:13:36.000000000 +0200
 @@ -0,0 +1,104 @@
 +## <summary>Milter mail filters</summary>
 +
@@ -18751,7 +18821,7 @@
 +##	</summary>
 +## </param>
 +#
-+interface(`spamass_milter_manage_state',`
++interface(`milter_spamass_manage_state',`
 +	gen_require(`
 +		type spamass_milter_state_t;
 +	')
@@ -28361,7 +28431,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.5.13/policy/modules/services/spamassassin.te
 --- nsaserefpolicy/policy/modules/services/spamassassin.te	2008-10-17 14:49:11.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/spamassassin.te	2009-03-27 16:44:52.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/spamassassin.te	2009-03-30 11:14:39.000000000 +0200
 @@ -21,16 +21,24 @@
  gen_tunable(spamd_enable_home_dirs, true)
  
@@ -28549,7 +28619,7 @@
  ')
  
  optional_policy(`
-+	spamass_milter_manage_state(spamd_t)
++	milter_spamass_manage_state(spamd_t)
 +')
 +
 +optional_policy(`
@@ -28674,7 +28744,7 @@
 +')
 +
 +optional_policy(`
-+        spamass_milter_manage_state(spamc_t)
++        milter_spamass_manage_state(spamc_t)
 +')
 +
 +optional_policy(`


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/selinux-policy.spec,v
retrieving revision 1.785
retrieving revision 1.786
diff -u -r1.785 -r1.786
--- selinux-policy.spec	25 Mar 2009 13:43:12 -0000	1.785
+++ selinux-policy.spec	30 Mar 2009 14:56:27 -0000	1.786
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.5.13
-Release: 53%{?dist}
+Release: 54%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -460,6 +460,11 @@
 %endif
 
 %changelog
+* Mon Mar 30 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-54
+- Allow bitlbee_t to read /proc/meminfo
+- Fix lircd policy
+- Allow logrotate to manage BIND cache files
+
 * Wed Mar 25 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-53
 - Add labeling for new devices
 - Fix devices policy


