rpms/selinux-policy/F-12 policy-F12.patch, 1.127, 1.128 selinux-policy.spec, 1.960, 1.961
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Nov 3 17:14:56 UTC 2009
- Previous message (by thread): rpms/mingw32-qt/F-12 .cvsignore, 1.4, 1.5 mingw32-qt.spec, 1.13, 1.14 qt-win-configure.patch, 1.2, 1.3 sources, 1.4, 1.5
- Next message (by thread): rpms/cups/devel cups.spec,1.532,1.533
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv24653
Modified Files:
policy-F12.patch selinux-policy.spec
Log Message:
* Tue Nov 3 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-40
- Abrt creates lnk_files
policy-F12.patch:
Makefile | 2
policy/flask/access_vectors | 1
policy/global_tunables | 24
policy/mcs | 10
policy/modules/admin/alsa.te | 2
policy/modules/admin/anaconda.te | 3
policy/modules/admin/brctl.te | 2
policy/modules/admin/certwatch.te | 2
policy/modules/admin/consoletype.te | 1
policy/modules/admin/dmesg.fc | 2
policy/modules/admin/dmesg.te | 10
policy/modules/admin/firstboot.te | 6
policy/modules/admin/logrotate.te | 13
policy/modules/admin/logwatch.te | 1
policy/modules/admin/mrtg.te | 1
policy/modules/admin/netutils.te | 2
policy/modules/admin/ntop.fc | 5
policy/modules/admin/ntop.if | 158 +++
policy/modules/admin/ntop.te | 40
policy/modules/admin/portage.te | 2
policy/modules/admin/prelink.if | 4
policy/modules/admin/prelink.te | 6
policy/modules/admin/readahead.te | 1
policy/modules/admin/rpm.fc | 20
policy/modules/admin/rpm.if | 324 ++++++
policy/modules/admin/rpm.te | 98 +
policy/modules/admin/shorewall.fc | 3
policy/modules/admin/shorewall.if | 40
policy/modules/admin/shorewall.te | 2
policy/modules/admin/smoltclient.fc | 4
policy/modules/admin/smoltclient.if | 1
policy/modules/admin/smoltclient.te | 66 +
policy/modules/admin/sudo.if | 13
policy/modules/admin/tmpreaper.te | 5
policy/modules/admin/tzdata.te | 2
policy/modules/admin/usermanage.if | 5
policy/modules/admin/usermanage.te | 34
policy/modules/admin/vbetool.te | 14
policy/modules/admin/vpn.te | 2
policy/modules/apps/calamaris.te | 7
policy/modules/apps/chrome.fc | 2
policy/modules/apps/chrome.if | 85 +
policy/modules/apps/chrome.te | 71 +
policy/modules/apps/cpufreqselector.te | 2
policy/modules/apps/execmem.fc | 35
policy/modules/apps/execmem.if | 75 +
policy/modules/apps/execmem.te | 11
policy/modules/apps/firewallgui.fc | 3
policy/modules/apps/firewallgui.if | 3
policy/modules/apps/firewallgui.te | 63 +
policy/modules/apps/gitosis.if | 45
policy/modules/apps/gnome.fc | 12
policy/modules/apps/gnome.if | 170 +++
policy/modules/apps/gnome.te | 99 +
policy/modules/apps/gpg.te | 20
policy/modules/apps/java.fc | 18
policy/modules/apps/java.if | 114 ++
policy/modules/apps/java.te | 19
policy/modules/apps/kdumpgui.fc | 2
policy/modules/apps/kdumpgui.if | 2
policy/modules/apps/kdumpgui.te | 65 +
policy/modules/apps/livecd.fc | 2
policy/modules/apps/livecd.if | 52 +
policy/modules/apps/livecd.te | 27
policy/modules/apps/loadkeys.te | 6
policy/modules/apps/mono.if | 101 +
policy/modules/apps/mono.te | 9
policy/modules/apps/mozilla.fc | 1
policy/modules/apps/mozilla.if | 32
policy/modules/apps/mozilla.te | 22
policy/modules/apps/nsplugin.fc | 11
policy/modules/apps/nsplugin.if | 323 ++++++
policy/modules/apps/nsplugin.te | 295 +++++
policy/modules/apps/openoffice.fc | 3
policy/modules/apps/openoffice.if | 93 +
policy/modules/apps/openoffice.te | 11
policy/modules/apps/pulseaudio.if | 2
policy/modules/apps/pulseaudio.te | 11
policy/modules/apps/qemu.fc | 4
policy/modules/apps/qemu.if | 189 +++
policy/modules/apps/qemu.te | 82 +
policy/modules/apps/sambagui.fc | 1
policy/modules/apps/sambagui.if | 2
policy/modules/apps/sambagui.te | 59 +
policy/modules/apps/sandbox.fc | 1
policy/modules/apps/sandbox.if | 184 +++
policy/modules/apps/sandbox.te | 330 ++++++
policy/modules/apps/screen.if | 7
policy/modules/apps/sectoolm.fc | 6
policy/modules/apps/sectoolm.if | 3
policy/modules/apps/sectoolm.te | 120 ++
policy/modules/apps/seunshare.fc | 2
policy/modules/apps/seunshare.if | 81 +
policy/modules/apps/seunshare.te | 45
policy/modules/apps/vmware.te | 1
policy/modules/apps/wine.fc | 24
policy/modules/apps/wine.if | 115 ++
policy/modules/apps/wine.te | 34
policy/modules/kernel/corecommands.fc | 32
policy/modules/kernel/corecommands.if | 21
policy/modules/kernel/corenetwork.te.in | 41
policy/modules/kernel/devices.fc | 11
policy/modules/kernel/devices.if | 255 +++++
policy/modules/kernel/devices.te | 25
policy/modules/kernel/domain.if | 151 ++
policy/modules/kernel/domain.te | 88 +
policy/modules/kernel/files.fc | 3
policy/modules/kernel/files.if | 324 ++++++
policy/modules/kernel/files.te | 6
policy/modules/kernel/filesystem.fc | 2
policy/modules/kernel/filesystem.if | 211 ++++
policy/modules/kernel/filesystem.te | 9
policy/modules/kernel/kernel.if | 58 +
policy/modules/kernel/kernel.te | 29
policy/modules/kernel/selinux.if | 25
policy/modules/kernel/storage.fc | 1
policy/modules/kernel/storage.if | 3
policy/modules/kernel/terminal.fc | 1
policy/modules/kernel/terminal.if | 40
policy/modules/kernel/terminal.te | 1
policy/modules/roles/guest.te | 8
policy/modules/roles/staff.te | 126 --
policy/modules/roles/sysadm.te | 124 --
policy/modules/roles/unconfineduser.fc | 8
policy/modules/roles/unconfineduser.if | 638 ++++++++++++
policy/modules/roles/unconfineduser.te | 428 ++++++++
policy/modules/roles/unprivuser.te | 127 --
policy/modules/roles/xguest.te | 37
policy/modules/services/abrt.fc | 5
policy/modules/services/abrt.if | 58 +
policy/modules/services/abrt.te | 34
policy/modules/services/afs.fc | 1
policy/modules/services/afs.te | 1
policy/modules/services/aisexec.fc | 12
policy/modules/services/aisexec.if | 106 ++
policy/modules/services/aisexec.te | 112 ++
policy/modules/services/amavis.te | 2
policy/modules/services/apache.fc | 42
policy/modules/services/apache.if | 410 +++++---
policy/modules/services/apache.te | 450 +++++++-
policy/modules/services/apm.te | 2
policy/modules/services/asterisk.te | 1
policy/modules/services/automount.te | 1
policy/modules/services/avahi.te | 2
policy/modules/services/bind.if | 40
policy/modules/services/bitlbee.te | 2
policy/modules/services/bluetooth.if | 21
policy/modules/services/bluetooth.te | 11
policy/modules/services/ccs.fc | 8
policy/modules/services/ccs.te | 33
policy/modules/services/certmaster.te | 2
policy/modules/services/chronyd.fc | 11
policy/modules/services/chronyd.if | 105 ++
policy/modules/services/chronyd.te | 67 +
policy/modules/services/clamav.te | 16
policy/modules/services/clogd.fc | 4
policy/modules/services/clogd.if | 98 +
policy/modules/services/clogd.te | 62 +
policy/modules/services/cobbler.fc | 2
policy/modules/services/cobbler.if | 44
policy/modules/services/cobbler.te | 5
policy/modules/services/consolekit.fc | 3
policy/modules/services/consolekit.if | 39
policy/modules/services/consolekit.te | 23
policy/modules/services/corosync.fc | 13
policy/modules/services/corosync.if | 108 ++
policy/modules/services/corosync.te | 109 ++
policy/modules/services/courier.if | 18
policy/modules/services/courier.te | 1
policy/modules/services/cron.fc | 6
policy/modules/services/cron.if | 74 +
policy/modules/services/cron.te | 82 +
policy/modules/services/cups.fc | 13
policy/modules/services/cups.te | 44
policy/modules/services/cvs.te | 1
policy/modules/services/cyrus.te | 1
policy/modules/services/dbus.if | 49
policy/modules/services/dbus.te | 25
policy/modules/services/dcc.te | 8
policy/modules/services/ddclient.if | 25
policy/modules/services/devicekit.fc | 2
policy/modules/services/devicekit.if | 22
policy/modules/services/devicekit.te | 58 +
policy/modules/services/dnsmasq.te | 12
policy/modules/services/dovecot.te | 22
policy/modules/services/exim.te | 5
policy/modules/services/fail2ban.te | 2
policy/modules/services/fetchmail.te | 2
policy/modules/services/fprintd.te | 4
policy/modules/services/ftp.te | 60 +
policy/modules/services/git.fc | 8
policy/modules/services/git.if | 286 +++++
policy/modules/services/git.te | 166 +++
policy/modules/services/gpm.te | 3
policy/modules/services/gpsd.fc | 5
policy/modules/services/gpsd.if | 27
policy/modules/services/gpsd.te | 14
policy/modules/services/hal.fc | 1
policy/modules/services/hal.if | 18
policy/modules/services/hal.te | 48
policy/modules/services/howl.te | 2
policy/modules/services/inetd.fc | 2
policy/modules/services/inetd.te | 4
policy/modules/services/irqbalance.te | 4
policy/modules/services/kerberos.te | 13
policy/modules/services/kerneloops.te | 2
policy/modules/services/ktalk.te | 1
policy/modules/services/lircd.fc | 2
policy/modules/services/lircd.if | 9
policy/modules/services/lircd.te | 23
policy/modules/services/mailman.te | 4
policy/modules/services/memcached.te | 2
policy/modules/services/milter.if | 2
policy/modules/services/modemmanager.te | 3
policy/modules/services/mta.fc | 2
policy/modules/services/mta.if | 10
policy/modules/services/mta.te | 36
policy/modules/services/munin.fc | 3
policy/modules/services/munin.te | 3
policy/modules/services/mysql.te | 7
policy/modules/services/nagios.fc | 16
policy/modules/services/nagios.if | 89 +
policy/modules/services/nagios.te | 72 -
policy/modules/services/networkmanager.fc | 14
policy/modules/services/networkmanager.if | 65 +
policy/modules/services/networkmanager.te | 115 +-
policy/modules/services/nis.fc | 5
policy/modules/services/nis.if | 87 +
policy/modules/services/nis.te | 13
policy/modules/services/nscd.if | 18
policy/modules/services/nscd.te | 17
policy/modules/services/nslcd.if | 8
policy/modules/services/ntp.if | 46
policy/modules/services/ntp.te | 8
policy/modules/services/nut.fc | 15
policy/modules/services/nut.if | 82 +
policy/modules/services/nut.te | 140 ++
policy/modules/services/nx.fc | 1
policy/modules/services/nx.if | 19
policy/modules/services/nx.te | 6
policy/modules/services/oddjob.if | 1
policy/modules/services/openvpn.te | 2
policy/modules/services/pcscd.te | 4
policy/modules/services/pegasus.te | 28
policy/modules/services/plymouth.fc | 5
policy/modules/services/plymouth.if | 286 +++++
policy/modules/services/plymouth.te | 96 +
policy/modules/services/policykit.fc | 5
policy/modules/services/policykit.if | 48
policy/modules/services/policykit.te | 64 -
policy/modules/services/postfix.fc | 2
policy/modules/services/postfix.if | 150 ++
policy/modules/services/postfix.te | 142 ++
policy/modules/services/postgresql.fc | 16
policy/modules/services/postgresql.if | 43
policy/modules/services/postgresql.te | 9
policy/modules/services/ppp.if | 6
policy/modules/services/ppp.te | 16
policy/modules/services/prelude.te | 3
policy/modules/services/privoxy.fc | 3
policy/modules/services/privoxy.te | 3
policy/modules/services/procmail.te | 12
policy/modules/services/pyzor.fc | 4
policy/modules/services/pyzor.if | 47
policy/modules/services/pyzor.te | 37
policy/modules/services/radvd.te | 1
policy/modules/services/razor.fc | 1
policy/modules/services/razor.if | 42
policy/modules/services/razor.te | 32
policy/modules/services/rgmanager.fc | 8
policy/modules/services/rgmanager.if | 59 +
policy/modules/services/rgmanager.te | 83 +
policy/modules/services/rhcs.fc | 22
policy/modules/services/rhcs.if | 348 ++++++
policy/modules/services/rhcs.te | 394 +++++++
policy/modules/services/ricci.te | 30
policy/modules/services/rpc.if | 7
policy/modules/services/rpc.te | 16
policy/modules/services/rpcbind.if | 20
policy/modules/services/rpcbind.te | 1
policy/modules/services/rsync.te | 23
policy/modules/services/rtkit.if | 20
policy/modules/services/rtkit.te | 2
policy/modules/services/samba.fc | 4
policy/modules/services/samba.if | 104 ++
policy/modules/services/samba.te | 89 +
policy/modules/services/sasl.te | 15
policy/modules/services/sendmail.if | 137 ++
policy/modules/services/sendmail.te | 87 +
policy/modules/services/setroubleshoot.fc | 2
policy/modules/services/setroubleshoot.if | 123 ++
policy/modules/services/setroubleshoot.te | 82 +
policy/modules/services/smartmon.te | 15
policy/modules/services/snmp.if | 38
policy/modules/services/snmp.te | 4
policy/modules/services/spamassassin.fc | 15
policy/modules/services/spamassassin.if | 89 +
policy/modules/services/spamassassin.te | 138 ++
policy/modules/services/squid.te | 9
policy/modules/services/ssh.fc | 2
policy/modules/services/ssh.if | 184 ++-
policy/modules/services/ssh.te | 77 -
policy/modules/services/sssd.fc | 5
policy/modules/services/sssd.if | 43
policy/modules/services/sssd.te | 12
policy/modules/services/sysstat.te | 5
policy/modules/services/tftp.fc | 2
policy/modules/services/tuned.fc | 6
policy/modules/services/tuned.if | 140 ++
policy/modules/services/tuned.te | 58 +
policy/modules/services/uucp.te | 7
policy/modules/services/virt.fc | 13
policy/modules/services/virt.if | 181 +++
policy/modules/services/virt.te | 274 +++++
policy/modules/services/w3c.te | 7
policy/modules/services/xserver.fc | 39
policy/modules/services/xserver.if | 618 +++++++++++-
policy/modules/services/xserver.te | 341 +++++-
policy/modules/system/application.if | 20
policy/modules/system/application.te | 11
policy/modules/system/authlogin.fc | 9
policy/modules/system/authlogin.if | 207 +++-
policy/modules/system/authlogin.te | 10
policy/modules/system/fstools.fc | 3
policy/modules/system/fstools.te | 7
policy/modules/system/init.fc | 7
policy/modules/system/init.if | 163 +++
policy/modules/system/init.te | 290 ++++-
policy/modules/system/ipsec.fc | 3
policy/modules/system/ipsec.if | 25
policy/modules/system/ipsec.te | 58 +
policy/modules/system/iptables.fc | 17
policy/modules/system/iptables.if | 97 +
policy/modules/system/iptables.te | 20
policy/modules/system/iscsi.if | 40
policy/modules/system/iscsi.te | 6
policy/modules/system/libraries.fc | 167 ++-
policy/modules/system/libraries.if | 5
policy/modules/system/libraries.te | 18
policy/modules/system/locallogin.te | 30
policy/modules/system/logging.fc | 12
policy/modules/system/logging.if | 18
policy/modules/system/logging.te | 38
policy/modules/system/lvm.if | 39
policy/modules/system/lvm.te | 29
policy/modules/system/miscfiles.fc | 2
policy/modules/system/miscfiles.if | 60 +
policy/modules/system/miscfiles.te | 3
policy/modules/system/modutils.fc | 1
policy/modules/system/modutils.if | 46
policy/modules/system/modutils.te | 46
policy/modules/system/mount.fc | 7
policy/modules/system/mount.if | 2
policy/modules/system/mount.te | 80 +
policy/modules/system/raid.fc | 2
policy/modules/system/raid.te | 8
policy/modules/system/selinuxutil.fc | 17
policy/modules/system/selinuxutil.if | 309 ++++++
policy/modules/system/selinuxutil.te | 229 +---
policy/modules/system/setrans.if | 20
policy/modules/system/sysnetwork.fc | 9
policy/modules/system/sysnetwork.if | 117 ++
policy/modules/system/sysnetwork.te | 77 +
policy/modules/system/udev.fc | 3
policy/modules/system/udev.if | 39
policy/modules/system/udev.te | 39
policy/modules/system/unconfined.fc | 15
policy/modules/system/unconfined.if | 443 --------
policy/modules/system/unconfined.te | 224 ----
policy/modules/system/userdomain.fc | 6
policy/modules/system/userdomain.if | 1517 ++++++++++++++++++++++--------
policy/modules/system/userdomain.te | 47
policy/modules/system/xen.fc | 6
policy/modules/system/xen.if | 28
policy/modules/system/xen.te | 137 ++
policy/support/obj_perm_sets.spt | 14
policy/users | 13
377 files changed, 18379 insertions(+), 2767 deletions(-)
Index: policy-F12.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-12/policy-F12.patch,v
retrieving revision 1.127
retrieving revision 1.128
diff -u -p -r1.127 -r1.128
--- policy-F12.patch 2 Nov 2009 18:59:35 -0000 1.127
+++ policy-F12.patch 3 Nov 2009 17:14:55 -0000 1.128
@@ -3026,8 +3026,14 @@ diff -b -B --ignore-all-space --exclude-
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.te serefpolicy-3.6.32/policy/modules/apps/loadkeys.te
--- nsaserefpolicy/policy/modules/apps/loadkeys.te 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/apps/loadkeys.te 2009-10-01 14:51:17.000000000 -0400
-@@ -45,3 +45,7 @@
++++ serefpolicy-3.6.32/policy/modules/apps/loadkeys.te 2009-11-03 12:14:31.000000000 -0500
+@@ -40,8 +40,12 @@
+ miscfiles_read_localization(loadkeys_t)
+
+ userdom_use_user_ttys(loadkeys_t)
+-userdom_list_user_home_dirs(loadkeys_t)
++userdom_list_user_home_content(loadkeys_t)
+
optional_policy(`
nscd_dontaudit_search_pid(loadkeys_t)
')
@@ -5732,7 +5738,7 @@ diff -b -B --ignore-all-space --exclude-
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.6.32/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/kernel/corenetwork.te.in 2009-10-29 09:23:17.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/kernel/corenetwork.te.in 2009-11-03 12:03:04.000000000 -0500
@@ -65,6 +65,7 @@
type server_packet_t, packet_type, server_packet_type;
@@ -5741,6 +5747,15 @@ diff -b -B --ignore-all-space --exclude-
network_port(afs_fs, tcp,2040,s0, udp,7000,s0, udp,7005,s0)
network_port(afs_ka, udp,7004,s0)
network_port(afs_pt, udp,7002,s0)
+@@ -75,7 +76,7 @@
+ network_port(amavisd_send, tcp,10025,s0)
+ network_port(aol, udp,5190,s0, tcp,5190,s0, udp,5191,s0, tcp,5191,s0, udp,5192,s0, tcp,5192,s0, udp,5193,s0, tcp,5193,s0)
+ network_port(apcupsd, tcp,3551,s0, udp,3551,s0)
+-network_port(asterisk, tcp,1720,s0, udp,2427,s0, udp,2727,s0, udp,4569,s0, udp,5060,s0)
++network_port(asterisk, tcp,1720,s0, udp,2427,s0, udp,2727,s0, udp,4569,s0)
+ network_port(audit, tcp,60,s0)
+ network_port(auth, tcp,113,s0)
+ network_port(bgp, tcp,179,s0, udp,179,s0, tcp,2605,s0, udp,2605,s0)
@@ -87,26 +88,33 @@
network_port(comsat, udp,512,s0)
network_port(cvs, tcp,2401,s0, udp,2401,s0)
@@ -5807,8 +5822,11 @@ diff -b -B --ignore-all-space --exclude-
network_port(printer, tcp,515,s0)
network_port(ptal, tcp,5703,s0)
network_port(pulseaudio, tcp,4713,s0)
-@@ -173,27 +188,34 @@
+@@ -171,29 +186,37 @@
+ network_port(rsync, tcp,873,s0, udp,873,s0)
+ network_port(rwho, udp,513,s0)
network_port(sap, tcp,9875,s0, udp,9875,s0)
++network_port(sip, tcp,5060,s0, udp,5060,s0, tcp,5061,s0, udp,5061,s0)
network_port(smbd, tcp,137-139,s0, tcp,445,s0)
network_port(smtp, tcp,25,s0, tcp,465,s0, tcp,587,s0)
-network_port(snmp, udp,161,s0, udp,162,s0, tcp,199,s0)
@@ -5845,7 +5863,7 @@ diff -b -B --ignore-all-space --exclude-
network_port(xdmcp, udp,177,s0, tcp,177,s0)
network_port(xen, tcp,8002,s0)
network_port(xfs, tcp,7100,s0)
-@@ -222,6 +244,8 @@
+@@ -222,6 +245,8 @@
type node_t, node_type;
sid node gen_context(system_u:object_r:node_t,s0 - mls_systemhigh)
@@ -9672,7 +9690,7 @@ diff -b -B --ignore-all-space --exclude-
## All of the rules required to administrate
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.6.32/policy/modules/services/abrt.te
--- nsaserefpolicy/policy/modules/services/abrt.te 2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/abrt.te 2009-11-02 13:58:48.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/services/abrt.te 2009-11-03 11:21:35.000000000 -0500
@@ -38,7 +38,7 @@
# abrt local policy
#
@@ -9682,7 +9700,7 @@ diff -b -B --ignore-all-space --exclude-
allow abrt_t self:process { signal signull setsched getsched };
allow abrt_t self:fifo_file rw_fifo_file_perms;
-@@ -60,8 +60,9 @@
+@@ -60,13 +60,15 @@
files_tmp_filetrans(abrt_t, abrt_tmp_t, { file dir })
# abrt var/cache files
@@ -9693,7 +9711,14 @@ diff -b -B --ignore-all-space --exclude-
files_var_filetrans(abrt_t, abrt_var_cache_t, { file dir })
# abrt pid files
-@@ -75,11 +76,14 @@
+-manage_files_pattern(abrt_t, abrt_var_run_t, abrt_var_run_t)
+ manage_dirs_pattern(abrt_t, abrt_var_run_t, abrt_var_run_t)
++manage_files_pattern(abrt_t, abrt_var_run_t, abrt_var_run_t)
++manage_lnk_files_pattern(abrt_t, abrt_var_run_t, abrt_var_run_t)
+ files_pid_filetrans(abrt_t, abrt_var_run_t, { file dir })
+
+ kernel_read_ring_buffer(abrt_t)
+@@ -75,11 +77,14 @@
corecmd_exec_bin(abrt_t)
corecmd_exec_shell(abrt_t)
@@ -9708,7 +9733,7 @@ diff -b -B --ignore-all-space --exclude-
files_getattr_all_files(abrt_t)
files_read_etc_files(abrt_t)
files_read_usr_files(abrt_t)
-@@ -101,17 +105,32 @@
+@@ -101,17 +106,32 @@
userdom_read_user_home_content_files(abrt_t)
optional_policy(`
@@ -11550,6 +11575,17 @@ diff -b -B --ignore-all-space --exclude-
allow apmd_t self:process { signal_perms getsession };
allow apmd_t self:fifo_file rw_fifo_file_perms;
allow apmd_t self:unix_dgram_socket create_socket_perms;
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.te serefpolicy-3.6.32/policy/modules/services/asterisk.te
+--- nsaserefpolicy/policy/modules/services/asterisk.te 2009-08-14 16:14:31.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/services/asterisk.te 2009-11-03 12:04:14.000000000 -0500
+@@ -97,6 +97,7 @@
+ corenet_udp_bind_generic_node(asterisk_t)
+ corenet_tcp_bind_asterisk_port(asterisk_t)
+ corenet_udp_bind_asterisk_port(asterisk_t)
++corenet_udp_bind_sip_port(asterisk_t)
+ corenet_sendrecv_asterisk_server_packets(asterisk_t)
+ # for VOIP voice channels.
+ corenet_tcp_bind_generic_port(asterisk_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.6.32/policy/modules/services/automount.te
--- nsaserefpolicy/policy/modules/services/automount.te 2009-08-14 16:14:31.000000000 -0400
+++ serefpolicy-3.6.32/policy/modules/services/automount.te 2009-09-30 16:12:48.000000000 -0400
@@ -12756,7 +12792,7 @@ diff -b -B --ignore-all-space --exclude-
+/var/log/mcelog.* -- gen_context(system_u:object_r:cron_log_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.6.32/policy/modules/services/cron.if
--- nsaserefpolicy/policy/modules/services/cron.if 2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/cron.if 2009-09-30 16:12:48.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/services/cron.if 2009-11-03 08:58:13.000000000 -0500
@@ -12,6 +12,10 @@
## </param>
#
@@ -12824,6 +12860,15 @@ diff -b -B --ignore-all-space --exclude-
role system_r types $1;
')
+@@ -408,7 +404,7 @@
+ type crond_t;
+ ')
+
+- allow $1 crond_t:fifo_file { getattr read write };
++ allow $1 crond_t:fifo_file rw_fifo_file_perms;
+ ')
+
+ ########################################
@@ -587,11 +583,14 @@
#
interface(`cron_read_system_job_tmp_files',`
@@ -23455,7 +23500,7 @@ diff -b -B --ignore-all-space --exclude-
/var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.6.32/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2009-09-09 15:37:17.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/xserver.if 2009-10-29 17:51:12.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/services/xserver.if 2009-11-03 09:21:14.000000000 -0500
@@ -89,8 +89,8 @@
# for when /tmp/.X11-unix is created by the system
allow $2 xdm_t:fd use;
@@ -23606,7 +23651,19 @@ diff -b -B --ignore-all-space --exclude-
')
########################################
-@@ -728,7 +728,7 @@
+@@ -585,6 +585,11 @@
+ ')
+
+ domtrans_pattern($1, xauth_exec_t, xauth_t)
++
++ifdef(`hide_broken_symptoms', `
++ dontaudit xauth_exec_t $1:unix_stream_socket rw_socket_perms;
++ dontaudit xauth_exec_t $1:tcp_socket rw_socket_perms;
++')
+ ')
+
+ ########################################
+@@ -728,7 +733,7 @@
type xdm_t;
')
@@ -23615,7 +23672,7 @@ diff -b -B --ignore-all-space --exclude-
')
########################################
-@@ -764,11 +764,11 @@
+@@ -764,11 +769,11 @@
#
interface(`xserver_stream_connect_xdm',`
gen_require(`
@@ -23629,7 +23686,7 @@ diff -b -B --ignore-all-space --exclude-
')
########################################
-@@ -802,10 +802,10 @@
+@@ -802,10 +807,10 @@
#
interface(`xserver_setattr_xdm_tmp_dirs',`
gen_require(`
@@ -23642,7 +23699,7 @@ diff -b -B --ignore-all-space --exclude-
')
########################################
-@@ -821,12 +821,13 @@
+@@ -821,12 +826,13 @@
#
interface(`xserver_create_xdm_tmp_sockets',`
gen_require(`
@@ -23659,7 +23716,7 @@ diff -b -B --ignore-all-space --exclude-
')
########################################
-@@ -845,7 +846,44 @@
+@@ -845,7 +851,44 @@
')
files_search_pids($1)
@@ -23705,7 +23762,7 @@ diff -b -B --ignore-all-space --exclude-
')
########################################
-@@ -868,6 +906,75 @@
+@@ -868,6 +911,75 @@
########################################
## <summary>
@@ -23781,7 +23838,7 @@ diff -b -B --ignore-all-space --exclude-
## Make an X session script an entrypoint for the specified domain.
## </summary>
## <param name="domain">
-@@ -886,6 +993,24 @@
+@@ -886,6 +998,24 @@
########################################
## <summary>
@@ -23806,7 +23863,7 @@ diff -b -B --ignore-all-space --exclude-
## Execute an X session in the target domain. This
## is an explicit transition, requiring the
## caller to use setexeccon().
-@@ -961,6 +1086,27 @@
+@@ -961,6 +1091,27 @@
########################################
## <summary>
@@ -23834,7 +23891,7 @@ diff -b -B --ignore-all-space --exclude-
## Do not audit attempts to write the X server
## log files.
## </summary>
-@@ -1014,11 +1160,11 @@
+@@ -1014,11 +1165,11 @@
#
interface(`xserver_read_xdm_tmp_files',`
gen_require(`
@@ -23848,7 +23905,7 @@ diff -b -B --ignore-all-space --exclude-
')
########################################
-@@ -1033,11 +1179,11 @@
+@@ -1033,11 +1184,11 @@
#
interface(`xserver_dontaudit_read_xdm_tmp_files',`
gen_require(`
@@ -23863,7 +23920,7 @@ diff -b -B --ignore-all-space --exclude-
')
########################################
-@@ -1052,11 +1198,11 @@
+@@ -1052,11 +1203,11 @@
#
interface(`xserver_rw_xdm_tmp_files',`
gen_require(`
@@ -23878,7 +23935,7 @@ diff -b -B --ignore-all-space --exclude-
')
########################################
-@@ -1071,10 +1217,10 @@
+@@ -1071,10 +1222,10 @@
#
interface(`xserver_manage_xdm_tmp_files',`
gen_require(`
@@ -23891,7 +23948,7 @@ diff -b -B --ignore-all-space --exclude-
')
########################################
-@@ -1089,10 +1235,10 @@
+@@ -1089,10 +1240,10 @@
#
interface(`xserver_dontaudit_getattr_xdm_tmp_sockets',`
gen_require(`
@@ -23904,7 +23961,7 @@ diff -b -B --ignore-all-space --exclude-
')
########################################
-@@ -1107,10 +1253,11 @@
+@@ -1107,10 +1258,11 @@
#
interface(`xserver_domtrans',`
gen_require(`
@@ -23917,7 +23974,7 @@ diff -b -B --ignore-all-space --exclude-
domtrans_pattern($1, xserver_exec_t, xserver_t)
')
-@@ -1248,6 +1395,278 @@
+@@ -1248,6 +1400,278 @@
########################################
## <summary>
@@ -24196,7 +24253,7 @@ diff -b -B --ignore-all-space --exclude-
## Interface to provide X object permissions on a given X server to
## an X client domain. Gives the domain complete control over the
## display.
-@@ -1261,7 +1680,103 @@
+@@ -1261,7 +1685,103 @@
interface(`xserver_unconfined',`
gen_require(`
attribute xserver_unconfined_type;
@@ -24205,7 +24262,7 @@ diff -b -B --ignore-all-space --exclude-
typeattribute $1 xserver_unconfined_type;
+ typeattribute $1 x_domain;
-+')
+ ')
+
+########################################
+## <summary>
@@ -24277,7 +24334,7 @@ diff -b -B --ignore-all-space --exclude-
+ xserver_communicate($1, $1)
+ xserver_stream_connect($1)
+ xserver_use_xdm($1)
- ')
++')
+
+########################################
+## <summary>
@@ -24302,7 +24359,7 @@ diff -b -B --ignore-all-space --exclude-
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.6.32/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2009-08-28 14:58:20.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/xserver.te 2009-11-02 09:24:58.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/services/xserver.te 2009-11-03 09:20:54.000000000 -0500
@@ -34,6 +34,13 @@
## <desc>
@@ -24471,7 +24528,7 @@ diff -b -B --ignore-all-space --exclude-
fs_getattr_xattr_fs(xauth_t)
fs_search_auto_mountpoints(xauth_t)
-@@ -279,6 +301,12 @@
+@@ -279,6 +301,10 @@
userdom_use_user_terminals(xauth_t)
userdom_read_user_tmp_files(xauth_t)
@@ -24479,12 +24536,10 @@ diff -b -B --ignore-all-space --exclude-
+ userdom_manage_user_home_content_files(xauth_t)
+')
+
-+userdom_dontaudit_rw_stream(xauth_t)
-+
xserver_rw_xdm_tmp_files(xauth_t)
tunable_policy(`use_nfs_home_dirs',`
-@@ -300,20 +328,31 @@
+@@ -300,20 +326,31 @@
# XDM Local policy
#
@@ -24519,7 +24574,7 @@ diff -b -B --ignore-all-space --exclude-
# Allow gdm to run gdm-binary
can_exec(xdm_t, xdm_exec_t)
-@@ -325,26 +364,43 @@
+@@ -325,26 +362,43 @@
# this is ugly, daemons should not create files under /etc!
manage_files_pattern(xdm_t, xdm_rw_etc_t, xdm_rw_etc_t)
@@ -24570,7 +24625,7 @@ diff -b -B --ignore-all-space --exclude-
allow xdm_t xserver_t:process signal;
allow xdm_t xserver_t:unix_stream_socket connectto;
-@@ -358,6 +414,7 @@
+@@ -358,6 +412,7 @@
allow xdm_t xserver_t:process { noatsecure siginh rlimitinh signal sigkill };
allow xdm_t xserver_t:shm rw_shm_perms;
@@ -24578,7 +24633,7 @@ diff -b -B --ignore-all-space --exclude-
# connect to xdm xserver over stream socket
stream_connect_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t, xserver_t)
-@@ -366,10 +423,14 @@
+@@ -366,10 +421,14 @@
delete_files_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t)
delete_sock_files_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t)
@@ -24594,7 +24649,7 @@ diff -b -B --ignore-all-space --exclude-
kernel_read_system_state(xdm_t)
kernel_read_kernel_sysctls(xdm_t)
-@@ -389,11 +450,13 @@
+@@ -389,11 +448,13 @@
corenet_udp_sendrecv_all_ports(xdm_t)
corenet_tcp_bind_generic_node(xdm_t)
corenet_udp_bind_generic_node(xdm_t)
@@ -24608,7 +24663,7 @@ diff -b -B --ignore-all-space --exclude-
dev_read_rand(xdm_t)
dev_read_sysfs(xdm_t)
dev_getattr_framebuffer_dev(xdm_t)
-@@ -401,6 +464,7 @@
+@@ -401,6 +462,7 @@
dev_getattr_mouse_dev(xdm_t)
dev_setattr_mouse_dev(xdm_t)
dev_rw_apm_bios(xdm_t)
@@ -24616,7 +24671,7 @@ diff -b -B --ignore-all-space --exclude-
dev_setattr_apm_bios_dev(xdm_t)
dev_rw_dri(xdm_t)
dev_rw_agp(xdm_t)
-@@ -413,14 +477,17 @@
+@@ -413,14 +475,17 @@
dev_setattr_video_dev(xdm_t)
dev_getattr_scanner_dev(xdm_t)
dev_setattr_scanner_dev(xdm_t)
@@ -24636,7 +24691,7 @@ diff -b -B --ignore-all-space --exclude-
files_read_etc_files(xdm_t)
files_read_var_files(xdm_t)
-@@ -431,9 +498,13 @@
+@@ -431,9 +496,13 @@
files_read_usr_files(xdm_t)
# Poweroff wants to create the /poweroff file when run from xdm
files_create_boot_flag(xdm_t)
@@ -24650,7 +24705,7 @@ diff -b -B --ignore-all-space --exclude-
storage_dontaudit_read_fixed_disk(xdm_t)
storage_dontaudit_write_fixed_disk(xdm_t)
-@@ -442,6 +513,7 @@
+@@ -442,6 +511,7 @@
storage_dontaudit_raw_write_removable_device(xdm_t)
storage_dontaudit_setattr_removable_dev(xdm_t)
storage_dontaudit_rw_scsi_generic(xdm_t)
@@ -24658,7 +24713,7 @@ diff -b -B --ignore-all-space --exclude-
term_setattr_console(xdm_t)
term_use_unallocated_ttys(xdm_t)
-@@ -450,6 +522,7 @@
+@@ -450,6 +520,7 @@
auth_domtrans_pam_console(xdm_t)
auth_manage_pam_pid(xdm_t)
auth_manage_pam_console_data(xdm_t)
@@ -24666,7 +24721,7 @@ diff -b -B --ignore-all-space --exclude-
auth_rw_faillog(xdm_t)
auth_write_login_records(xdm_t)
-@@ -460,10 +533,11 @@
+@@ -460,10 +531,11 @@
logging_read_generic_logs(xdm_t)
@@ -24680,7 +24735,7 @@ diff -b -B --ignore-all-space --exclude-
userdom_dontaudit_use_unpriv_user_fds(xdm_t)
userdom_create_all_users_keys(xdm_t)
-@@ -472,6 +546,9 @@
+@@ -472,6 +544,9 @@
# Search /proc for any user domain processes.
userdom_read_all_users_state(xdm_t)
userdom_signal_all_users(xdm_t)
@@ -24690,7 +24745,7 @@ diff -b -B --ignore-all-space --exclude-
xserver_rw_session(xdm_t, xdm_tmpfs_t)
xserver_unconfined(xdm_t)
-@@ -504,10 +581,12 @@
+@@ -504,10 +579,12 @@
optional_policy(`
alsa_domtrans(xdm_t)
@@ -24703,7 +24758,7 @@ diff -b -B --ignore-all-space --exclude-
')
optional_policy(`
-@@ -515,12 +594,46 @@
+@@ -515,12 +592,46 @@
')
optional_policy(`
@@ -24750,7 +24805,7 @@ diff -b -B --ignore-all-space --exclude-
hostname_exec(xdm_t)
')
-@@ -542,6 +655,38 @@
+@@ -542,6 +653,38 @@
')
optional_policy(`
@@ -24789,7 +24844,7 @@ diff -b -B --ignore-all-space --exclude-
seutil_sigchld_newrole(xdm_t)
')
-@@ -550,8 +695,9 @@
+@@ -550,8 +693,9 @@
')
optional_policy(`
@@ -24801,7 +24856,7 @@ diff -b -B --ignore-all-space --exclude-
ifndef(`distro_redhat',`
allow xdm_t self:process { execheap execmem };
-@@ -560,7 +706,6 @@
+@@ -560,7 +704,6 @@
ifdef(`distro_rhel4',`
allow xdm_t self:process { execheap execmem };
')
@@ -24809,7 +24864,7 @@ diff -b -B --ignore-all-space --exclude-
optional_policy(`
userhelper_dontaudit_search_config(xdm_t)
-@@ -571,6 +716,10 @@
+@@ -571,6 +714,10 @@
')
optional_policy(`
@@ -24820,7 +24875,7 @@ diff -b -B --ignore-all-space --exclude-
xfs_stream_connect(xdm_t)
')
-@@ -587,10 +736,9 @@
+@@ -587,10 +734,9 @@
# execheap needed until the X module loader is fixed.
# NVIDIA Needs execstack
@@ -24832,7 +24887,7 @@ diff -b -B --ignore-all-space --exclude-
allow xserver_t self:fd use;
allow xserver_t self:fifo_file rw_fifo_file_perms;
allow xserver_t self:sock_file read_sock_file_perms;
-@@ -602,9 +750,12 @@
+@@ -602,9 +748,12 @@
allow xserver_t self:unix_stream_socket { create_stream_socket_perms connectto };
allow xserver_t self:tcp_socket create_stream_socket_perms;
allow xserver_t self:udp_socket create_socket_perms;
@@ -24845,7 +24900,7 @@ diff -b -B --ignore-all-space --exclude-
allow xserver_t { input_xevent_t input_xevent_type }:x_event send;
-@@ -616,13 +767,14 @@
+@@ -616,13 +765,14 @@
type_transition xserver_t xserver_t:{ x_drawable x_colormap } rootwindow_t;
allow xserver_t { rootwindow_t x_domain }:x_drawable send;
@@ -24861,7 +24916,7 @@ diff -b -B --ignore-all-space --exclude-
manage_dirs_pattern(xserver_t, xserver_tmpfs_t, xserver_tmpfs_t)
manage_files_pattern(xserver_t, xserver_tmpfs_t, xserver_tmpfs_t)
-@@ -635,9 +787,19 @@
+@@ -635,9 +785,19 @@
manage_lnk_files_pattern(xserver_t, xkb_var_lib_t, xkb_var_lib_t)
files_search_var_lib(xserver_t)
@@ -24881,7 +24936,7 @@ diff -b -B --ignore-all-space --exclude-
kernel_read_system_state(xserver_t)
kernel_read_device_sysctls(xserver_t)
-@@ -671,7 +833,6 @@
+@@ -671,7 +831,6 @@
dev_rw_agp(xserver_t)
dev_rw_framebuffer(xserver_t)
dev_manage_dri_dev(xserver_t)
@@ -24889,7 +24944,7 @@ diff -b -B --ignore-all-space --exclude-
dev_create_generic_dirs(xserver_t)
dev_setattr_generic_dirs(xserver_t)
# raw memory access is needed if not using the frame buffer
-@@ -681,9 +842,12 @@
+@@ -681,9 +840,12 @@
dev_rw_xserver_misc(xserver_t)
# read events - the synaptics touchpad driver reads raw events
dev_rw_input_dev(xserver_t)
@@ -24903,7 +24958,7 @@ diff -b -B --ignore-all-space --exclude-
files_read_etc_files(xserver_t)
files_read_etc_runtime_files(xserver_t)
-@@ -698,8 +862,12 @@
+@@ -698,8 +860,12 @@
fs_search_nfs(xserver_t)
fs_search_auto_mountpoints(xserver_t)
fs_search_ramfs(xserver_t)
@@ -24916,7 +24971,7 @@ diff -b -B --ignore-all-space --exclude-
selinux_validate_context(xserver_t)
selinux_compute_access_vector(xserver_t)
-@@ -721,6 +889,7 @@
+@@ -721,6 +887,7 @@
miscfiles_read_localization(xserver_t)
miscfiles_read_fonts(xserver_t)
@@ -24924,7 +24979,7 @@ diff -b -B --ignore-all-space --exclude-
modutils_domtrans_insmod(xserver_t)
-@@ -743,7 +912,7 @@
+@@ -743,7 +910,7 @@
')
ifdef(`enable_mls',`
@@ -24933,7 +24988,7 @@ diff -b -B --ignore-all-space --exclude-
range_transition xserver_t xserver_t:x_drawable s0 - mls_systemhigh;
')
-@@ -775,12 +944,20 @@
+@@ -775,12 +942,20 @@
')
optional_policy(`
@@ -24955,7 +25010,7 @@ diff -b -B --ignore-all-space --exclude-
unconfined_domtrans(xserver_t)
')
-@@ -807,12 +984,12 @@
+@@ -807,12 +982,12 @@
allow xserver_t xdm_var_lib_t:file { getattr read };
dontaudit xserver_t xdm_var_lib_t:dir search;
@@ -24972,7 +25027,7 @@ diff -b -B --ignore-all-space --exclude-
# Run xkbcomp.
allow xserver_t xkb_var_lib_t:lnk_file read;
-@@ -828,9 +1005,14 @@
+@@ -828,9 +1003,14 @@
# to read ROLE_home_t - examine this in more detail
# (xauth?)
userdom_read_user_home_content_files(xserver_t)
@@ -24987,7 +25042,7 @@ diff -b -B --ignore-all-space --exclude-
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs(xserver_t)
fs_manage_nfs_files(xserver_t)
-@@ -845,11 +1027,14 @@
+@@ -845,11 +1025,14 @@
optional_policy(`
dbus_system_bus_client(xserver_t)
@@ -25003,7 +25058,7 @@ diff -b -B --ignore-all-space --exclude-
')
optional_policy(`
-@@ -882,6 +1067,8 @@
+@@ -882,6 +1065,8 @@
# X Server
# can read server-owned resources
allow x_domain xserver_t:x_resource read;
@@ -25012,7 +25067,7 @@ diff -b -B --ignore-all-space --exclude-
# can mess with own clients
allow x_domain self:x_client { manage destroy };
-@@ -906,6 +1093,8 @@
+@@ -906,6 +1091,8 @@
# operations allowed on my windows
allow x_domain self:x_drawable { create destroy getattr setattr read write show hide list_child add_child remove_child manage send receive };
@@ -25021,7 +25076,7 @@ diff -b -B --ignore-all-space --exclude-
# X Colormaps
# can use the default colormap
allow x_domain rootwindow_t:x_colormap { read use add_color };
-@@ -973,17 +1162,49 @@
+@@ -973,17 +1160,49 @@
allow xserver_unconfined_type { x_domain xserver_t }:x_resource *;
allow xserver_unconfined_type xevent_type:{ x_event x_synthetic_event } *;
@@ -25512,13 +25567,21 @@ diff -b -B --ignore-all-space --exclude-
# PAM local policy
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-3.6.32/policy/modules/system/fstools.fc
--- nsaserefpolicy/policy/modules/system/fstools.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/system/fstools.fc 2009-09-30 16:12:48.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/system/fstools.fc 2009-11-02 15:59:17.000000000 -0500
@@ -1,4 +1,3 @@
-/sbin/badblocks -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/blkid -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/blockdev -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/cfdisk -- gen_context(system_u:object_r:fsadm_exec_t,s0)
-@@ -21,7 +20,6 @@
+@@ -6,6 +5,7 @@
+ /sbin/dump -- gen_context(system_u:object_r:fsadm_exec_t,s0)
+ /sbin/dumpe2fs -- gen_context(system_u:object_r:fsadm_exec_t,s0)
+ /sbin/e2fsck -- gen_context(system_u:object_r:fsadm_exec_t,s0)
++/sbin/e4fsck -- gen_context(system_u:object_r:fsadm_exec_t,s0)
+ /sbin/e2label -- gen_context(system_u:object_r:fsadm_exec_t,s0)
+ /sbin/fdisk -- gen_context(system_u:object_r:fsadm_exec_t,s0)
+ /sbin/findfs -- gen_context(system_u:object_r:fsadm_exec_t,s0)
+@@ -21,7 +21,6 @@
/sbin/mkfs.* -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/mkraid -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/mkreiserfs -- gen_context(system_u:object_r:fsadm_exec_t,s0)
@@ -28119,7 +28182,7 @@ diff -b -B --ignore-all-space --exclude-
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.6.32/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/system/mount.te 2009-09-30 16:12:48.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/system/mount.te 2009-11-03 08:56:35.000000000 -0500
@@ -18,8 +18,12 @@
init_system_domain(mount_t, mount_exec_t)
role system_r types mount_t;
@@ -28270,10 +28333,14 @@ diff -b -B --ignore-all-space --exclude-
')
optional_policy(`
-@@ -172,6 +212,21 @@
+@@ -172,6 +212,25 @@
')
optional_policy(`
++ cron_system_entry(mount_t, mount_exec_t)
++')
++
++optional_policy(`
+ dbus_system_bus_client(mount_t)
+
+ optional_policy(`
@@ -28292,7 +28359,7 @@ diff -b -B --ignore-all-space --exclude-
ifdef(`hide_broken_symptoms',`
# for a bug in the X server
rhgb_dontaudit_rw_stream_sockets(mount_t)
-@@ -179,6 +234,11 @@
+@@ -179,6 +238,11 @@
')
')
@@ -28304,7 +28371,7 @@ diff -b -B --ignore-all-space --exclude-
# for kernel package installation
optional_policy(`
rpm_rw_pipes(mount_t)
-@@ -186,6 +246,7 @@
+@@ -186,6 +250,7 @@
optional_policy(`
samba_domtrans_smbmount(mount_t)
@@ -28312,7 +28379,7 @@ diff -b -B --ignore-all-space --exclude-
')
########################################
-@@ -195,5 +256,8 @@
+@@ -195,5 +260,8 @@
optional_policy(`
files_etc_filetrans_etc_runtime(unconfined_mount_t, file)
@@ -30540,7 +30607,7 @@ diff -b -B --ignore-all-space --exclude-
+HOME_DIR/\.gvfs(/.*)? <<none>>
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.32/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2009-08-31 13:30:04.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/system/userdomain.if 2009-11-02 08:56:44.000000000 -0500
++++ serefpolicy-3.6.32/policy/modules/system/userdomain.if 2009-11-03 11:58:36.000000000 -0500
@@ -30,8 +30,9 @@
')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-12/selinux-policy.spec,v
retrieving revision 1.960
retrieving revision 1.961
diff -u -p -r1.960 -r1.961
--- selinux-policy.spec 2 Nov 2009 18:59:36 -0000 1.960
+++ selinux-policy.spec 3 Nov 2009 17:14:55 -0000 1.961
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.6.32
-Release: 39%{?dist}
+Release: 40%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -445,6 +445,10 @@ exit 0
%endif
%changelog
+* Tue Nov 3 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-40
+- Abrt creates lnk_files
+
+
* Mon Nov 2 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-39
- Allow setroubleshoot-fix to signull user domains
- Previous message (by thread): rpms/mingw32-qt/F-12 .cvsignore, 1.4, 1.5 mingw32-qt.spec, 1.13, 1.14 qt-win-configure.patch, 1.2, 1.3 sources, 1.4, 1.5
- Next message (by thread): rpms/cups/devel cups.spec,1.532,1.533
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list