rpms/gcl/F-11 gcl-2.6.8-selinux.patch,1.2,1.3 gcl.spec,1.37,1.38

Tue Oct 20 22:11:47 UTC 2009

Author: jjames

Update of /cvs/pkgs/rpms/gcl/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv6958/F-11

Modified Files:
	gcl-2.6.8-selinux.patch gcl.spec 
Log Message:
* Tue Oct 20 2009 Jerry James <loganjerry at gmail.com> - 2.6.8-0.6.20090701cvs
- Update SELinux policy for confined users (bz 529757)


gcl-2.6.8-selinux.patch:
 clcs/makefile     |    6 ++
 makefile          |    3 +
 selinux/gcl.fc    |    5 +
 selinux/gcl.if    |  146 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 selinux/gcl.te    |   45 ++++++++++++++++
 unixport/makefile |    6 ++
 6 files changed, 211 insertions(+)

Index: gcl-2.6.8-selinux.patch
===================================================================
RCS file: /cvs/pkgs/rpms/gcl/F-11/gcl-2.6.8-selinux.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -p -r1.2 -r1.3

--- gcl-2.6.8-selinux.patch	13 Oct 2009 15:37:48 -0000	1.2
+++ gcl-2.6.8-selinux.patch	20 Oct 2009 22:11:46 -0000	1.3
@@ -1,6 +1,6 @@
 diff -durN gcl-2.6.8.ORIG/clcs/makefile gcl-2.6.8/clcs/makefile
 --- gcl-2.6.8.ORIG/clcs/makefile	2005-05-06 15:56:55.000000000 -0600
-+++ gcl-2.6.8/clcs/makefile	2009-10-13 09:12:33.455633583 -0600
++++ gcl-2.6.8/clcs/makefile	2009-10-20 16:00:21.608387999 -0600
 @@ -9,6 +9,9 @@
  
  saved_clcs_gcl: ../unixport/saved_pcl_gcl
@@ -23,7 +23,7 @@ diff -durN gcl-2.6.8.ORIG/clcs/makefile 
  	rm -f *.o *.fn saved_full_gcl$(EXE) saved_full_gcl cmpinclude.h *.c *.h *.data saved_clcs_gcl
 diff -durN gcl-2.6.8.ORIG/makefile gcl-2.6.8/makefile
 --- gcl-2.6.8.ORIG/makefile	2007-11-30 09:59:33.000000000 -0700
-+++ gcl-2.6.8/makefile	2009-10-13 09:12:33.456633051 -0600
++++ gcl-2.6.8/makefile	2009-10-20 16:00:21.609347326 -0600
 @@ -187,6 +187,9 @@
  	if gcc --version | grep -i mingw >/dev/null 2>&1 ; then if grep -i oncrpc makedefs >/dev/null 2>&1 ; then cp /mingw/bin/oncrpc.dll $(DESTDIR)$(INSTALL_LIB_DIR)/$(PORTDIR); fi ; fi
  	cd $(DESTDIR)$(INSTALL_LIB_DIR)/$(PORTDIR) && \
@@ -36,16 +36,16 @@ diff -durN gcl-2.6.8.ORIG/makefile gcl-2
  	if [ -e "unixport/rsym$(EXE)" ] ; then cp unixport/rsym$(EXE) $(DESTDIR)$(INSTALL_LIB_DIR)/unixport/ ; fi
 diff -durN gcl-2.6.8.ORIG/selinux/gcl.fc gcl-2.6.8/selinux/gcl.fc
 --- gcl-2.6.8.ORIG/selinux/gcl.fc	1969-12-31 17:00:00.000000000 -0700
-+++ gcl-2.6.8/selinux/gcl.fc	2009-10-13 09:12:33.462625115 -0600
++++ gcl-2.6.8/selinux/gcl.fc	2009-10-20 16:00:52.173119081 -0600
 @@ -0,0 +1,5 @@
 +/usr/lib64/gcl-[^/]+/unixport/saved_.*	--	gen_context(system_u:object_r:gcl_exec_t,s0)
 +/usr/lib/gcl-[^/]+/unixport/saved_.*	--	gen_context(system_u:object_r:gcl_exec_t,s0)
-+/usr/lib/maxima/[^/]+/binary-gcl	--	gen_context(system_u:object:r:gcl_exec_t,s0)
-+/usr/lib64/maxima/[^/]+/binary-gcl	--	gen_context(system_u:object:r:gcl_exec_t,s0)
++/usr/lib/maxima/[^/]+/binary-gcl	--	gen_context(system_u:object_r:gcl_exec_t,s0)
++/usr/lib64/maxima/[^/]+/binary-gcl	--	gen_context(system_u:object_r:gcl_exec_t,s0)
 +
 diff -durN gcl-2.6.8.ORIG/selinux/gcl.if gcl-2.6.8/selinux/gcl.if
 --- gcl-2.6.8.ORIG/selinux/gcl.if	1969-12-31 17:00:00.000000000 -0700
-+++ gcl-2.6.8/selinux/gcl.if	2009-10-13 09:12:33.463716289 -0600
++++ gcl-2.6.8/selinux/gcl.if	2009-10-20 16:00:21.622010253 -0600
 @@ -0,0 +1,146 @@
 +
 +## <summary>policy for gcl</summary>
@@ -195,9 +195,9 @@ diff -durN gcl-2.6.8.ORIG/selinux/gcl.if
 +')
 diff -durN gcl-2.6.8.ORIG/selinux/gcl.te gcl-2.6.8/selinux/gcl.te
 --- gcl-2.6.8.ORIG/selinux/gcl.te	1969-12-31 17:00:00.000000000 -0700
-+++ gcl-2.6.8/selinux/gcl.te	2009-10-13 09:14:37.562683865 -0600
-@@ -0,0 +1,50 @@
-+policy_module(gcl,1.0.0)
++++ gcl-2.6.8/selinux/gcl.te	2009-10-20 15:52:31.702057692 -0600
+@@ -0,0 +1,45 @@
++policy_module(gcl,1.0.1)
 +
 +########################################
 +#
@@ -225,31 +225,26 @@ diff -durN gcl-2.6.8.ORIG/selinux/gcl.te
 +
 +## The GCL memory management and executable dumping routines manipulate memory
 +## in various (usually forbidden) ways.
-+allow gcl_t self:memprotect mmap_zero;
 +allow gcl_t self:process { execmem execheap };
 +
-+unconfined_domain(gcl_t)
++optional_policy(`
++	unconfined_domain(gcl_t)
++')
 +
 +optional_policy(`
 +	gen_require(`
 +		type unconfined_t;
 +		type unconfined_devpts_t;
-+		type unconfined_execmem_t;  # Remove this later; see below
 +		type unconfined_tty_device_t;
 +		role unconfined_r;
 +	')
 +
 +	gcl_run(unconfined_t, unconfined_r, { unconfined_tty_device_t unconfined_devpts_t })
 +	allow gcl_t gcl_exec_t:file execmod;
-+
-+	# Some versions of selinux-policy-targeted, released between November
-+	# 2008 and early January 2009, give /usr/bin/gcl type execmem_exec_t.
-+	# Remove this once those versions are dead and buried.
-+	allow unconfined_execmem_t gcl_exec_t:file execmod;
 +')
 diff -durN gcl-2.6.8.ORIG/unixport/makefile gcl-2.6.8/unixport/makefile
 --- gcl-2.6.8.ORIG/unixport/makefile	2006-08-23 12:14:22.000000000 -0600
-+++ gcl-2.6.8/unixport/makefile	2009-10-13 09:12:33.465652023 -0600
++++ gcl-2.6.8/unixport/makefile	2009-10-20 16:00:21.622998021 -0600
 @@ -118,6 +118,9 @@
  	cp init_$*.lsp foo
  	echo " (in-package \"USER\")(system:save-system \"$@\")" >>foo


Index: gcl.spec
===================================================================
RCS file: /cvs/pkgs/rpms/gcl/F-11/gcl.spec,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -p -r1.37 -r1.38
--- gcl.spec	13 Oct 2009 15:37:48 -0000	1.37
+++ gcl.spec	20 Oct 2009 22:11:46 -0000	1.38
@@ -28,7 +28,7 @@
 
 Name:           gcl
 Version:        2.6.8
-Release:        0.3.%{alphatag}%{?dist}
+Release:        0.4.%{alphatag}%{?dist}
 Summary:        GNU Common Lisp
 
 Group:          Development/Languages
@@ -364,6 +364,9 @@ fi
 
 
 %changelog
+* Tue Oct 20 2009 Jerry James <loganjerry at gmail.com> - 2.6.8-0.6.20090701cvs
+- Update SELinux policy for confined users (bz 529757)
+
 * Tue Oct 13 2009 Jerry James <loganjerry at gmail.com> - 2.6.8-0.3.20090701cvs
 - Update SELinux files to give compiled maxima files the right context
 - Update to 20090701 CVS snapshot, fixes bz 511483


