rpms/selinux-policy/devel booleans-targeted.conf, 1.53, 1.54 policy-F12.patch, 1.92, 1.93 policygentool, 1.11, 1.12 selinux-policy.spec, 1.929, 1.930
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Sep 25 18:47:07 UTC 2009
- Previous message (by thread): rpms/php-doctrine-Doctrine/devel import.log, NONE, 1.1 php-doctrine-Doctrine.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/xfce4-xfswitch-plugin/devel import.log, NONE, 1.1 xfce4-xfswitch-plugin.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv300
Modified Files:
booleans-targeted.conf policy-F12.patch policygentool
selinux-policy.spec
Log Message:
* Thu Sep 24 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-11
- Allow users to exec restorecond
Index: booleans-targeted.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/booleans-targeted.conf,v
retrieving revision 1.53
retrieving revision 1.54
diff -u -p -r1.53 -r1.54
--- booleans-targeted.conf 7 Sep 2009 01:18:05 -0000 1.53
+++ booleans-targeted.conf 25 Sep 2009 18:47:06 -0000 1.54
@@ -245,7 +245,7 @@ allow_nsplugin_execmem=true
# Allow unconfined domain to transition to confined domain
#
-allow_unconfined_nsplugin_transition=true
+allow_unconfined_nsplugin_transition=false
# System uses init upstart program
#
policy-F12.patch:
Makefile | 2
policy/flask/access_vectors | 1
policy/global_tunables | 24
policy/mcs | 10
policy/modules/admin/anaconda.te | 3
policy/modules/admin/brctl.te | 2
policy/modules/admin/certwatch.te | 2
policy/modules/admin/dmesg.fc | 2
policy/modules/admin/dmesg.te | 7
policy/modules/admin/firstboot.te | 6
policy/modules/admin/logrotate.te | 13
policy/modules/admin/logwatch.te | 1
policy/modules/admin/mrtg.te | 1
policy/modules/admin/netutils.te | 1
policy/modules/admin/portage.te | 2
policy/modules/admin/prelink.if | 4
policy/modules/admin/prelink.te | 1
policy/modules/admin/readahead.te | 1
policy/modules/admin/rpm.fc | 18
policy/modules/admin/rpm.if | 242 +++++
policy/modules/admin/rpm.te | 75 +
policy/modules/admin/shorewall.if | 40
policy/modules/admin/shorewall.te | 2
policy/modules/admin/smoltclient.fc | 4
policy/modules/admin/smoltclient.if | 1
policy/modules/admin/smoltclient.te | 67 +
policy/modules/admin/sudo.if | 13
policy/modules/admin/tmpreaper.te | 4
policy/modules/admin/tzdata.te | 2
policy/modules/admin/usermanage.if | 5
policy/modules/admin/usermanage.te | 31
policy/modules/admin/vbetool.te | 16
policy/modules/apps/calamaris.te | 7
policy/modules/apps/cpufreqselector.te | 2
policy/modules/apps/firewallgui.fc | 3
policy/modules/apps/firewallgui.if | 3
policy/modules/apps/firewallgui.te | 63 +
policy/modules/apps/gitosis.if | 45
policy/modules/apps/gnome.fc | 12
policy/modules/apps/gnome.if | 170 +++
policy/modules/apps/gnome.te | 99 ++
policy/modules/apps/gpg.te | 20
policy/modules/apps/java.fc | 17
policy/modules/apps/java.if | 111 ++
policy/modules/apps/java.te | 14
policy/modules/apps/kdumpgui.fc | 2
policy/modules/apps/kdumpgui.if | 2
policy/modules/apps/kdumpgui.te | 65 +
policy/modules/apps/livecd.fc | 2
policy/modules/apps/livecd.if | 50 +
policy/modules/apps/livecd.te | 26
policy/modules/apps/mono.if | 101 ++
policy/modules/apps/mono.te | 9
policy/modules/apps/mozilla.fc | 1
policy/modules/apps/mozilla.if | 32
policy/modules/apps/mozilla.te | 21
policy/modules/apps/nsplugin.fc | 12
policy/modules/apps/nsplugin.if | 320 ++++++
policy/modules/apps/nsplugin.te | 294 ++++++
policy/modules/apps/openoffice.fc | 3
policy/modules/apps/openoffice.if | 93 +
policy/modules/apps/openoffice.te | 11
policy/modules/apps/pulseaudio.te | 6
policy/modules/apps/qemu.fc | 4
policy/modules/apps/qemu.if | 190 ++++
policy/modules/apps/qemu.te | 82 +
policy/modules/apps/sambagui.fc | 1
policy/modules/apps/sambagui.if | 2
policy/modules/apps/sambagui.te | 56 +
policy/modules/apps/sandbox.fc | 1
policy/modules/apps/sandbox.if | 182 +++
policy/modules/apps/sandbox.te | 328 +++++++
policy/modules/apps/screen.if | 5
policy/modules/apps/seunshare.fc | 2
policy/modules/apps/seunshare.if | 81 +
policy/modules/apps/seunshare.te | 45
policy/modules/apps/vmware.te | 1
policy/modules/apps/wine.fc | 24
policy/modules/apps/wine.if | 59 +
policy/modules/apps/wine.te | 34
policy/modules/kernel/corecommands.fc | 28
policy/modules/kernel/corecommands.if | 21
policy/modules/kernel/corenetwork.te.in | 31
policy/modules/kernel/devices.fc | 7
policy/modules/kernel/devices.if | 164 +++
policy/modules/kernel/devices.te | 19
policy/modules/kernel/domain.if | 151 ++-
policy/modules/kernel/domain.te | 84 +
policy/modules/kernel/files.fc | 3
policy/modules/kernel/files.if | 298 ++++++
policy/modules/kernel/files.te | 6
policy/modules/kernel/filesystem.fc | 2
policy/modules/kernel/filesystem.if | 211 ++++
policy/modules/kernel/filesystem.te | 8
policy/modules/kernel/kernel.if | 58 +
policy/modules/kernel/kernel.te | 29
policy/modules/kernel/selinux.if | 25
policy/modules/kernel/storage.fc | 1
policy/modules/kernel/storage.if | 3
policy/modules/kernel/terminal.fc | 1
policy/modules/kernel/terminal.if | 40
policy/modules/kernel/terminal.te | 1
policy/modules/roles/guest.te | 8
policy/modules/roles/staff.te | 123 --
policy/modules/roles/sysadm.te | 124 --
policy/modules/roles/unconfineduser.fc | 36
policy/modules/roles/unconfineduser.if | 638 +++++++++++++
policy/modules/roles/unconfineduser.te | 402 ++++++++
policy/modules/roles/unprivuser.te | 131 --
policy/modules/roles/xguest.te | 18
policy/modules/services/abrt.fc | 2
policy/modules/services/abrt.if | 21
policy/modules/services/abrt.te | 12
policy/modules/services/afs.fc | 1
policy/modules/services/afs.te | 1
policy/modules/services/amavis.te | 2
policy/modules/services/apache.fc | 37
policy/modules/services/apache.if | 391 +++++---
policy/modules/services/apache.te | 438 +++++++--
policy/modules/services/apm.te | 2
policy/modules/services/automount.te | 1
policy/modules/services/bind.if | 40
policy/modules/services/bluetooth.te | 9
policy/modules/services/certmaster.te | 2
policy/modules/services/chronyd.fc | 11
policy/modules/services/chronyd.if | 105 ++
policy/modules/services/chronyd.te | 67 +
policy/modules/services/clamav.te | 16
policy/modules/services/consolekit.if | 39
policy/modules/services/consolekit.te | 18
policy/modules/services/corosync.fc | 13
policy/modules/services/corosync.if | 108 ++
policy/modules/services/corosync.te | 109 ++
policy/modules/services/courier.if | 18
policy/modules/services/courier.te | 1
policy/modules/services/cron.fc | 4
policy/modules/services/cron.if | 72 +
policy/modules/services/cron.te | 82 +
policy/modules/services/cups.fc | 13
policy/modules/services/cups.te | 29
policy/modules/services/cvs.te | 1
policy/modules/services/cyrus.te | 1
policy/modules/services/dbus.if | 49 -
policy/modules/services/dbus.te | 25
policy/modules/services/dcc.te | 8
policy/modules/services/ddclient.if | 25
policy/modules/services/devicekit.fc | 2
policy/modules/services/devicekit.if | 22
policy/modules/services/devicekit.te | 54 +
policy/modules/services/dnsmasq.te | 8
policy/modules/services/dovecot.te | 7
policy/modules/services/exim.te | 5
policy/modules/services/fail2ban.te | 1
policy/modules/services/fetchmail.te | 2
policy/modules/services/fprintd.te | 4
policy/modules/services/ftp.te | 58 +
policy/modules/services/gpm.te | 3
policy/modules/services/gpsd.fc | 5
policy/modules/services/gpsd.if | 27
policy/modules/services/gpsd.te | 14
policy/modules/services/hal.fc | 1
policy/modules/services/hal.if | 18
policy/modules/services/hal.te | 48 -
policy/modules/services/howl.te | 2
policy/modules/services/inetd.te | 2
policy/modules/services/irqbalance.te | 4
policy/modules/services/kerberos.te | 13
policy/modules/services/kerneloops.te | 2
policy/modules/services/ktalk.te | 1
policy/modules/services/lircd.te | 11
policy/modules/services/mailman.te | 4
policy/modules/services/memcached.te | 2
policy/modules/services/mta.fc | 2
policy/modules/services/mta.if | 5
policy/modules/services/mta.te | 35
policy/modules/services/munin.fc | 3
policy/modules/services/munin.te | 3
policy/modules/services/mysql.te | 7
policy/modules/services/nagios.fc | 11
policy/modules/services/nagios.if | 70 +
policy/modules/services/nagios.te | 55 -
policy/modules/services/networkmanager.fc | 13
policy/modules/services/networkmanager.if | 45
policy/modules/services/networkmanager.te | 115 ++
policy/modules/services/nis.fc | 5
policy/modules/services/nis.if | 87 +
policy/modules/services/nis.te | 13
policy/modules/services/nscd.te | 10
policy/modules/services/nslcd.if | 8
policy/modules/services/ntp.if | 46
policy/modules/services/ntp.te | 8
policy/modules/services/nx.fc | 1
policy/modules/services/nx.if | 19
policy/modules/services/nx.te | 6
policy/modules/services/oddjob.if | 1
policy/modules/services/openvpn.te | 2
policy/modules/services/pcscd.te | 3
policy/modules/services/pegasus.te | 28
policy/modules/services/policykit.fc | 5
policy/modules/services/policykit.if | 48 +
policy/modules/services/policykit.te | 63 +
policy/modules/services/postfix.fc | 2
policy/modules/services/postfix.if | 150 ++-
policy/modules/services/postfix.te | 136 ++
policy/modules/services/postgresql.fc | 1
policy/modules/services/postgresql.if | 43
policy/modules/services/postgresql.te | 9
policy/modules/services/ppp.if | 6
policy/modules/services/ppp.te | 16
policy/modules/services/prelude.te | 1
policy/modules/services/privoxy.te | 3
policy/modules/services/procmail.te | 12
policy/modules/services/pyzor.fc | 4
policy/modules/services/pyzor.if | 47 +
policy/modules/services/pyzor.te | 37
policy/modules/services/radvd.te | 1
policy/modules/services/razor.fc | 1
policy/modules/services/razor.if | 42
policy/modules/services/razor.te | 32
policy/modules/services/rgmanager.fc | 6
policy/modules/services/rgmanager.if | 40
policy/modules/services/rgmanager.te | 54 +
policy/modules/services/rhcs.fc | 22
policy/modules/services/rhcs.if | 214 ++++
policy/modules/services/rhcs.te | 336 +++++++
policy/modules/services/ricci.te | 5
policy/modules/services/rpc.if | 7
policy/modules/services/rpc.te | 16
policy/modules/services/rpcbind.if | 20
policy/modules/services/rsync.te | 23
policy/modules/services/rtkit.if | 20
policy/modules/services/rtkit.te | 2
policy/modules/services/samba.fc | 4
policy/modules/services/samba.if | 104 ++
policy/modules/services/samba.te | 89 +
policy/modules/services/sasl.te | 15
policy/modules/services/sendmail.if | 137 ++
policy/modules/services/sendmail.te | 87 +
policy/modules/services/setroubleshoot.fc | 2
policy/modules/services/setroubleshoot.if | 102 ++
policy/modules/services/setroubleshoot.te | 78 +
policy/modules/services/smartmon.te | 15
policy/modules/services/snmp.if | 38
policy/modules/services/snmp.te | 2
policy/modules/services/spamassassin.fc | 15
policy/modules/services/spamassassin.if | 89 +
policy/modules/services/spamassassin.te | 137 ++
policy/modules/services/squid.te | 9
policy/modules/services/ssh.fc | 2
policy/modules/services/ssh.if | 183 +++
policy/modules/services/ssh.te | 77 +
policy/modules/services/sssd.fc | 2
policy/modules/services/sssd.if | 43
policy/modules/services/sssd.te | 6
policy/modules/services/sysstat.te | 2
policy/modules/services/uucp.te | 7
policy/modules/services/virt.fc | 12
policy/modules/services/virt.if | 127 ++
policy/modules/services/virt.te | 281 +++++-
policy/modules/services/w3c.te | 7
policy/modules/services/xserver.fc | 30
policy/modules/services/xserver.if | 534 ++++++++++-
policy/modules/services/xserver.te | 310 +++++-
policy/modules/system/application.if | 20
policy/modules/system/application.te | 11
policy/modules/system/authlogin.fc | 9
policy/modules/system/authlogin.if | 204 +++-
policy/modules/system/authlogin.te | 9
policy/modules/system/fstools.fc | 2
policy/modules/system/fstools.te | 7
policy/modules/system/init.fc | 7
policy/modules/system/init.if | 158 +++
policy/modules/system/init.te | 277 ++++-
policy/modules/system/ipsec.fc | 3
policy/modules/system/ipsec.if | 25
policy/modules/system/ipsec.te | 55 +
policy/modules/system/iptables.fc | 17
policy/modules/system/iptables.if | 97 ++
policy/modules/system/iptables.te | 15
policy/modules/system/iscsi.if | 40
policy/modules/system/iscsi.te | 6
policy/modules/system/libraries.fc | 158 ++-
policy/modules/system/libraries.if | 4
policy/modules/system/libraries.te | 17
policy/modules/system/locallogin.te | 28
policy/modules/system/logging.fc | 11
policy/modules/system/logging.if | 4
policy/modules/system/logging.te | 34
policy/modules/system/lvm.te | 17
policy/modules/system/miscfiles.if | 19
policy/modules/system/modutils.fc | 1
policy/modules/system/modutils.if | 46
policy/modules/system/modutils.te | 46
policy/modules/system/mount.fc | 7
policy/modules/system/mount.if | 2
policy/modules/system/mount.te | 76 +
policy/modules/system/raid.fc | 2
policy/modules/system/raid.te | 8
policy/modules/system/selinuxutil.fc | 17
policy/modules/system/selinuxutil.if | 309 ++++++
policy/modules/system/selinuxutil.te | 226 +---
policy/modules/system/setrans.if | 20
policy/modules/system/sysnetwork.fc | 9
policy/modules/system/sysnetwork.if | 117 ++
policy/modules/system/sysnetwork.te | 74 +
policy/modules/system/udev.fc | 3
policy/modules/system/udev.if | 21
policy/modules/system/udev.te | 38
policy/modules/system/unconfined.fc | 15
policy/modules/system/unconfined.if | 443 ---------
policy/modules/system/unconfined.te | 224 ----
policy/modules/system/userdomain.fc | 6
policy/modules/system/userdomain.if | 1403 ++++++++++++++++++++++--------
policy/modules/system/userdomain.te | 50 -
policy/modules/system/xen.fc | 6
policy/modules/system/xen.if | 28
policy/modules/system/xen.te | 137 ++
policy/support/obj_perm_sets.spt | 14
policy/users | 13
319 files changed, 14680 insertions(+), 2586 deletions(-)
Index: policy-F12.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-F12.patch,v
retrieving revision 1.92
retrieving revision 1.93
diff -u -p -r1.92 -r1.93
--- policy-F12.patch 24 Sep 2009 23:30:15 -0000 1.92
+++ policy-F12.patch 25 Sep 2009 18:47:06 -0000 1.93
@@ -12909,7 +12909,7 @@ diff -b -B --ignore-all-space --exclude-
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.6.32/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2009-08-14 13:14:31.000000000 -0700
-+++ serefpolicy-3.6.32/policy/modules/services/networkmanager.te 2009-09-21 19:37:35.000000000 -0700
++++ serefpolicy-3.6.32/policy/modules/services/networkmanager.te 2009-09-24 17:38:43.000000000 -0700
@@ -19,6 +19,9 @@
type NetworkManager_tmp_t;
files_tmp_file(NetworkManager_tmp_t)
@@ -12951,16 +12951,17 @@ diff -b -B --ignore-all-space --exclude-
manage_dirs_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
manage_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
-@@ -63,6 +70,8 @@
+@@ -63,6 +70,9 @@
kernel_read_network_state(NetworkManager_t)
kernel_read_kernel_sysctls(NetworkManager_t)
kernel_load_module(NetworkManager_t)
++kernel_request_load_module(NetworkManager_t)
+kernel_read_debugfs(NetworkManager_t)
+kernel_rw_net_sysctls(NetworkManager_t)
corenet_all_recvfrom_unlabeled(NetworkManager_t)
corenet_all_recvfrom_netlabel(NetworkManager_t)
-@@ -81,13 +90,18 @@
+@@ -81,13 +91,18 @@
corenet_sendrecv_isakmp_server_packets(NetworkManager_t)
corenet_sendrecv_dhcpc_server_packets(NetworkManager_t)
corenet_sendrecv_all_client_packets(NetworkManager_t)
@@ -12979,7 +12980,7 @@ diff -b -B --ignore-all-space --exclude-
mls_file_read_all_levels(NetworkManager_t)
-@@ -98,15 +112,20 @@
+@@ -98,15 +113,20 @@
domain_use_interactive_fds(NetworkManager_t)
domain_read_confined_domains_state(NetworkManager_t)
@@ -13001,7 +13002,7 @@ diff -b -B --ignore-all-space --exclude-
logging_send_syslog_msg(NetworkManager_t)
miscfiles_read_localization(NetworkManager_t)
-@@ -116,25 +135,40 @@
+@@ -116,25 +136,40 @@
seutil_read_config(NetworkManager_t)
@@ -13049,7 +13050,7 @@ diff -b -B --ignore-all-space --exclude-
')
optional_policy(`
-@@ -146,8 +180,25 @@
+@@ -146,8 +181,25 @@
')
optional_policy(`
@@ -13077,7 +13078,7 @@ diff -b -B --ignore-all-space --exclude-
')
optional_policy(`
-@@ -155,23 +206,51 @@
+@@ -155,23 +207,51 @@
')
optional_policy(`
@@ -13131,7 +13132,7 @@ diff -b -B --ignore-all-space --exclude-
')
optional_policy(`
-@@ -179,12 +258,15 @@
+@@ -179,12 +259,15 @@
')
optional_policy(`
@@ -15843,7 +15844,7 @@ diff -b -B --ignore-all-space --exclude-
## </summary>
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.6.32/policy/modules/services/rpc.if
--- nsaserefpolicy/policy/modules/services/rpc.if 2009-07-14 11:19:57.000000000 -0700
-+++ serefpolicy-3.6.32/policy/modules/services/rpc.if 2009-09-16 07:03:09.000000000 -0700
++++ serefpolicy-3.6.32/policy/modules/services/rpc.if 2009-09-25 07:42:34.000000000 -0700
@@ -54,7 +54,7 @@
allow $1_t self:unix_dgram_socket create_socket_perms;
allow $1_t self:unix_stream_socket create_stream_socket_perms;
@@ -15853,7 +15854,15 @@ diff -b -B --ignore-all-space --exclude-
manage_dirs_pattern($1_t, var_lib_nfs_t, var_lib_nfs_t)
manage_files_pattern($1_t, var_lib_nfs_t, var_lib_nfs_t)
-@@ -109,6 +109,10 @@
+@@ -99,6 +99,7 @@
+ files_read_etc_runtime_files($1_t)
+ files_search_var($1_t)
+ files_search_var_lib($1_t)
++ files_list_home($1_t)
+
+ auth_use_nsswitch($1_t)
+
+@@ -109,6 +110,10 @@
userdom_dontaudit_use_unpriv_user_fds($1_t)
optional_policy(`
@@ -15866,7 +15875,16 @@ diff -b -B --ignore-all-space --exclude-
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.6.32/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2009-08-14 13:14:31.000000000 -0700
-+++ serefpolicy-3.6.32/policy/modules/services/rpc.te 2009-09-16 07:03:09.000000000 -0700
++++ serefpolicy-3.6.32/policy/modules/services/rpc.te 2009-09-25 07:42:43.000000000 -0700
+@@ -53,7 +53,7 @@
+ # RPC local policy
+ #
+
+-allow rpcd_t self:capability { chown dac_override setgid setuid };
++allow rpcd_t self:capability { sys_admin chown dac_override setgid setuid };
+ allow rpcd_t self:fifo_file rw_fifo_file_perms;
+
+ allow rpcd_t rpcd_var_run_t:dir setattr;
@@ -91,6 +91,8 @@
seutil_dontaudit_search_config(rpcd_t)
@@ -19016,7 +19034,7 @@ diff -b -B --ignore-all-space --exclude-
corenet_tcp_connect_http_port(httpd_w3c_validator_script_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.6.32/policy/modules/services/xserver.fc
--- nsaserefpolicy/policy/modules/services/xserver.fc 2009-07-14 11:19:57.000000000 -0700
-+++ serefpolicy-3.6.32/policy/modules/services/xserver.fc 2009-09-16 07:03:09.000000000 -0700
++++ serefpolicy-3.6.32/policy/modules/services/xserver.fc 2009-09-25 07:58:35.000000000 -0700
@@ -3,12 +3,17 @@
#
HOME_DIR/\.fonts\.conf -- gen_context(system_u:object_r:user_fonts_config_t,s0)
@@ -19028,7 +19046,7 @@ diff -b -B --ignore-all-space --exclude-
HOME_DIR/\.xauth.* -- gen_context(system_u:object_r:xauth_home_t,s0)
HOME_DIR/\.Xauthority.* -- gen_context(system_u:object_r:xauth_home_t,s0)
+HOME_DIR/\.xsession-errors.* -- gen_context(system_u:object_r:xdm_home_t,s0)
-+HOME_DIR/\.dmrc -- gen_context(system_u:object_r:xdm_home_t,s0)
++HOME_DIR/\.dmrc.* -- gen_context(system_u:object_r:xdm_home_t,s0)
+/root/\.Xauth.* -- gen_context(system_u:object_r:xauth_home_t,s0)
+/root/\.xauth.* -- gen_context(system_u:object_r:xauth_home_t,s0)
@@ -23546,8 +23564,36 @@ diff -b -B --ignore-all-space --exclude-
+/etc/share/selinux/mls(/.*)? gen_context(system_u:object_r:semanage_store_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.6.32/policy/modules/system/selinuxutil.if
--- nsaserefpolicy/policy/modules/system/selinuxutil.if 2009-07-14 11:19:57.000000000 -0700
-+++ serefpolicy-3.6.32/policy/modules/system/selinuxutil.if 2009-09-16 07:03:09.000000000 -0700
-@@ -535,6 +535,53 @@
++++ serefpolicy-3.6.32/policy/modules/system/selinuxutil.if 2009-09-24 20:11:24.000000000 -0700
+@@ -351,6 +351,27 @@
+
+ ########################################
+ ## <summary>
++## Execute restorecond in the caller domain.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <rolecap/>
++#
++interface(`seutil_exec_restorecond',`
++ gen_require(`
++ type restorecond_exec_t;
++ ')
++
++ files_search_usr($1)
++ corecmd_search_bin($1)
++ can_exec($1, restorecond_exec_t)
++')
++
++########################################
++## <summary>
+ ## Execute run_init in the run_init domain.
+ ## </summary>
+ ## <param name="domain">
+@@ -535,6 +556,53 @@
########################################
## <summary>
@@ -23601,7 +23647,7 @@ diff -b -B --ignore-all-space --exclude-
## Execute setfiles in the caller domain.
## </summary>
## <param name="domain">
-@@ -680,6 +727,7 @@
+@@ -680,6 +748,7 @@
')
files_search_etc($1)
@@ -23609,7 +23655,7 @@ diff -b -B --ignore-all-space --exclude-
manage_files_pattern($1, selinux_config_t, selinux_config_t)
read_lnk_files_pattern($1, selinux_config_t, selinux_config_t)
')
-@@ -999,6 +1047,26 @@
+@@ -999,6 +1068,26 @@
########################################
## <summary>
@@ -23636,7 +23682,7 @@ diff -b -B --ignore-all-space --exclude-
## Execute semanage in the semanage domain, and
## allow the specified role the semanage domain,
## and use the caller's terminal.
-@@ -1010,7 +1078,7 @@
+@@ -1010,7 +1099,7 @@
## </param>
## <param name="role">
## <summary>
@@ -23645,7 +23691,7 @@ diff -b -B --ignore-all-space --exclude-
## </summary>
## </param>
## <rolecap/>
-@@ -1028,6 +1096,33 @@
+@@ -1028,6 +1117,33 @@
########################################
## <summary>
@@ -23679,7 +23725,7 @@ diff -b -B --ignore-all-space --exclude-
## Full management of the semanage
## module store.
## </summary>
-@@ -1139,3 +1234,194 @@
+@@ -1139,3 +1255,194 @@
selinux_dontaudit_get_fs_mount($1)
seutil_dontaudit_read_config($1)
')
@@ -25608,7 +25654,7 @@ diff -b -B --ignore-all-space --exclude-
+HOME_DIR/\.gvfs(/.*)? <<none>>
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.32/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2009-08-31 10:30:04.000000000 -0700
-+++ serefpolicy-3.6.32/policy/modules/system/userdomain.if 2009-09-21 05:24:59.000000000 -0700
++++ serefpolicy-3.6.32/policy/modules/system/userdomain.if 2009-09-24 20:12:04.000000000 -0700
@@ -30,8 +30,9 @@
')
@@ -26055,7 +26101,7 @@ diff -b -B --ignore-all-space --exclude-
##############################
#
-@@ -508,182 +515,208 @@
+@@ -508,182 +515,209 @@
# evolution and gnome-session try to create a netlink socket
dontaudit $1_t self:netlink_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
@@ -26160,6 +26206,7 @@ diff -b -B --ignore-all-space --exclude-
seutil_exec_checkpolicy($1_t)
- seutil_exec_setfiles($1_t)
+ seutil_exec_setfiles($1_usertype)
++ seutil_exec_restorecond($1_usertype)
# for when the network connection is killed
# this is needed when a login role can change
# to this one.
@@ -26337,7 +26384,7 @@ diff -b -B --ignore-all-space --exclude-
')
#######################################
-@@ -711,13 +744,26 @@
+@@ -711,13 +745,26 @@
userdom_base_user_template($1)
@@ -26369,7 +26416,7 @@ diff -b -B --ignore-all-space --exclude-
userdom_change_password_template($1)
-@@ -735,70 +781,71 @@
+@@ -735,70 +782,71 @@
allow $1_t self:context contains;
@@ -26474,7 +26521,7 @@ diff -b -B --ignore-all-space --exclude-
')
')
-@@ -835,6 +882,32 @@
+@@ -835,6 +883,32 @@
# Local policy
#
@@ -26507,7 +26554,7 @@ diff -b -B --ignore-all-space --exclude-
optional_policy(`
loadkeys_run($1_t,$1_r)
')
-@@ -865,51 +938,81 @@
+@@ -865,51 +939,81 @@
userdom_restricted_user_template($1)
@@ -26602,7 +26649,7 @@ diff -b -B --ignore-all-space --exclude-
')
')
-@@ -943,8 +1046,8 @@
+@@ -943,8 +1047,8 @@
# Declarations
#
@@ -26612,7 +26659,7 @@ diff -b -B --ignore-all-space --exclude-
userdom_common_user_template($1)
##############################
-@@ -953,11 +1056,12 @@
+@@ -953,11 +1057,12 @@
#
# port access is audited even if dac would not have allowed it, so dontaudit it here
@@ -26627,7 +26674,7 @@ diff -b -B --ignore-all-space --exclude-
# cjp: why?
files_read_kernel_symbol_table($1_t)
-@@ -975,36 +1079,53 @@
+@@ -975,36 +1080,53 @@
')
')
@@ -26695,7 +26742,7 @@ diff -b -B --ignore-all-space --exclude-
')
')
-@@ -1040,7 +1161,7 @@
+@@ -1040,7 +1162,7 @@
template(`userdom_admin_user_template',`
gen_require(`
attribute admindomain;
@@ -26704,7 +26751,7 @@ diff -b -B --ignore-all-space --exclude-
')
##############################
-@@ -1049,8 +1170,7 @@
+@@ -1049,8 +1171,7 @@
#
# Inherit rules for ordinary users.
@@ -26714,7 +26761,7 @@ diff -b -B --ignore-all-space --exclude-
domain_obj_id_change_exemption($1_t)
role system_r types $1_t;
-@@ -1075,6 +1195,9 @@
+@@ -1075,6 +1196,9 @@
# Skip authentication when pam_rootok is specified.
allow $1_t self:passwd rootok;
@@ -26724,7 +26771,7 @@ diff -b -B --ignore-all-space --exclude-
kernel_read_software_raid_state($1_t)
kernel_getattr_core_if($1_t)
kernel_getattr_message_if($1_t)
-@@ -1089,6 +1212,7 @@
+@@ -1089,6 +1213,7 @@
kernel_sigstop_unlabeled($1_t)
kernel_signull_unlabeled($1_t)
kernel_sigchld_unlabeled($1_t)
@@ -26732,7 +26779,7 @@ diff -b -B --ignore-all-space --exclude-
corenet_tcp_bind_generic_port($1_t)
# allow setting up tunnels
-@@ -1096,8 +1220,6 @@
+@@ -1096,8 +1221,6 @@
dev_getattr_generic_blk_files($1_t)
dev_getattr_generic_chr_files($1_t)
@@ -26741,7 +26788,7 @@ diff -b -B --ignore-all-space --exclude-
# Allow MAKEDEV to work
dev_create_all_blk_files($1_t)
dev_create_all_chr_files($1_t)
-@@ -1124,6 +1246,8 @@
+@@ -1124,6 +1247,8 @@
files_exec_usr_src_files($1_t)
fs_getattr_all_fs($1_t)
@@ -26750,7 +26797,7 @@ diff -b -B --ignore-all-space --exclude-
fs_set_all_quotas($1_t)
fs_exec_noxattr($1_t)
-@@ -1152,20 +1276,6 @@
+@@ -1152,20 +1277,6 @@
# But presently necessary for installing the file_contexts file.
seutil_manage_bin_policy($1_t)
@@ -26771,7 +26818,7 @@ diff -b -B --ignore-all-space --exclude-
optional_policy(`
postgresql_unconfined($1_t)
')
-@@ -1211,6 +1321,7 @@
+@@ -1211,6 +1322,7 @@
dev_relabel_all_dev_nodes($1)
files_create_boot_flag($1)
@@ -26779,7 +26826,7 @@ diff -b -B --ignore-all-space --exclude-
# Necessary for managing /boot/efi
fs_manage_dos_files($1)
-@@ -1276,11 +1387,15 @@
+@@ -1276,11 +1388,15 @@
interface(`userdom_user_home_content',`
gen_require(`
type user_home_t;
@@ -26795,7 +26842,7 @@ diff -b -B --ignore-all-space --exclude-
')
########################################
-@@ -1391,12 +1506,13 @@
+@@ -1391,12 +1507,13 @@
')
allow $1 user_home_dir_t:dir search_dir_perms;
@@ -26810,7 +26857,7 @@ diff -b -B --ignore-all-space --exclude-
## </summary>
## <param name="domain">
## <summary>
-@@ -1429,6 +1545,14 @@
+@@ -1429,6 +1546,14 @@
allow $1 user_home_dir_t:dir list_dir_perms;
files_search_home($1)
@@ -26825,7 +26872,7 @@ diff -b -B --ignore-all-space --exclude-
')
########################################
-@@ -1444,9 +1568,11 @@
+@@ -1444,9 +1569,11 @@
interface(`userdom_dontaudit_list_user_home_dirs',`
gen_require(`
type user_home_dir_t;
@@ -26837,7 +26884,7 @@ diff -b -B --ignore-all-space --exclude-
')
########################################
-@@ -1503,6 +1629,25 @@
+@@ -1503,6 +1630,25 @@
allow $1 user_home_dir_t:dir relabelto;
')
@@ -26863,7 +26910,7 @@ diff -b -B --ignore-all-space --exclude-
########################################
## <summary>
## Create directories in the home dir root with
-@@ -1577,6 +1722,8 @@
+@@ -1577,6 +1723,8 @@
')
dontaudit $1 user_home_t:dir search_dir_perms;
@@ -26872,7 +26919,7 @@ diff -b -B --ignore-all-space --exclude-
')
########################################
-@@ -1670,6 +1817,7 @@
+@@ -1670,6 +1818,7 @@
type user_home_dir_t, user_home_t;
')
@@ -26880,7 +26927,7 @@ diff -b -B --ignore-all-space --exclude-
read_files_pattern($1, { user_home_dir_t user_home_t }, user_home_t)
files_search_home($1)
')
-@@ -1797,19 +1945,32 @@
+@@ -1797,19 +1946,32 @@
#
interface(`userdom_exec_user_home_content_files',`
gen_require(`
@@ -26920,7 +26967,7 @@ diff -b -B --ignore-all-space --exclude-
')
########################################
-@@ -1844,6 +2005,7 @@
+@@ -1844,6 +2006,7 @@
interface(`userdom_manage_user_home_content_files',`
gen_require(`
type user_home_dir_t, user_home_t;
@@ -26928,7 +26975,7 @@ diff -b -B --ignore-all-space --exclude-
')
manage_files_pattern($1, user_home_t, user_home_t)
-@@ -2391,27 +2553,7 @@
+@@ -2391,27 +2554,7 @@
########################################
## <summary>
@@ -26957,7 +27004,7 @@ diff -b -B --ignore-all-space --exclude-
## </summary>
## <param name="domain">
## <summary>
-@@ -2765,11 +2907,32 @@
+@@ -2765,11 +2908,32 @@
#
interface(`userdom_search_user_home_content',`
gen_require(`
@@ -26992,7 +27039,7 @@ diff -b -B --ignore-all-space --exclude-
')
########################################
-@@ -2897,7 +3060,25 @@
+@@ -2897,7 +3061,25 @@
type user_tmp_t;
')
@@ -27019,7 +27066,7 @@ diff -b -B --ignore-all-space --exclude-
')
########################################
-@@ -2934,6 +3115,7 @@
+@@ -2934,6 +3116,7 @@
')
read_files_pattern($1, userdomain, userdomain)
@@ -27027,7 +27074,7 @@ diff -b -B --ignore-all-space --exclude-
kernel_search_proc($1)
')
-@@ -3064,3 +3246,559 @@
+@@ -3064,3 +3247,559 @@
allow $1 userdomain:dbus send_msg;
')
Index: policygentool
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policygentool,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -p -r1.11 -r1.12
--- policygentool 8 Apr 2008 03:17:46 -0000 1.11
+++ policygentool 25 Sep 2009 18:47:07 -0000 1.12
@@ -1,297 +1,3 @@
-#! /usr/bin/env python
-# Copyright (C) 2006 Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# policygentool is a tool for the initial generation of SELinux policy
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; either version 2 of
-# the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
-# 02111-1307 USA
-#
-#
-import os, sys, getopt
-import re
-
-########################### Interface File #############################
-interface="""\
-## <summary>policy for TEMPLATETYPE</summary>
-
-########################################
-## <summary>
-## Execute a domain transition to run TEMPLATETYPE.
-## </summary>
-## <param name=\"domain\">
-## <summary>
-## Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`TEMPLATETYPE_domtrans',`
- gen_require(`
- type TEMPLATETYPE_t, TEMPLATETYPE_exec_t;
- ')
-
- domain_auto_trans($1,TEMPLATETYPE_exec_t,TEMPLATETYPE_t)
-
- allow TEMPLATETYPE_t $1:fd use;
- allow TEMPLATETYPE_t $1:fifo_file rw_file_perms;
- allow TEMPLATETYPE_t $1:process sigchld;
-')
-"""
-
-########################### Type Enforcement File #############################
-te="""\
-policy_module(TEMPLATETYPE,1.0.0)
-
-########################################
-#
-# Declarations
-#
-
-type TEMPLATETYPE_t;
-type TEMPLATETYPE_exec_t;
-domain_type(TEMPLATETYPE_t)
-init_daemon_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t)
-"""
-te_logfile="""
-# log files
-type TEMPLATETYPE_var_log_t;
-logging_log_file(TEMPLATETYPE_var_log_t)
-"""
-te_pidfile="""
-# pid files
-type TEMPLATETYPE_var_run_t;
-files_pid_file(TEMPLATETYPE_var_run_t)
-"""
-te_libfile="""
-# var/lib files
-type TEMPLATETYPE_var_lib_t;
-files_type(TEMPLATETYPE_var_lib_t)
-"""
-te_sep="""
-########################################
-#
-# TEMPLATETYPE local policy
-#
-# Check in /etc/selinux/refpolicy/include for macros to use instead of allow rules.
-
-# Some common macros (you might be able to remove some)
-files_read_etc_files(TEMPLATETYPE_t)
-libs_use_ld_so(TEMPLATETYPE_t)
-libs_use_shared_libs(TEMPLATETYPE_t)
-miscfiles_read_localization(TEMPLATETYPE_t)
-## internal communication is often done using fifo and unix sockets.
-allow TEMPLATETYPE_t self:fifo_file { read write };
-allow TEMPLATETYPE_t self:unix_stream_socket create_stream_socket_perms;
-"""
-te_pidfile2="""
-# pid file
-allow TEMPLATETYPE_t TEMPLATETYPE_var_run_t:file manage_file_perms;
-allow TEMPLATETYPE_t TEMPLATETYPE_var_run_t:sock_file manage_file_perms;
-allow TEMPLATETYPE_t TEMPLATETYPE_var_run_t:dir rw_dir_perms;
-files_pid_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_var_run_t, { file sock_file })
-"""
-te_logfile2="""
-# log files
-allow TEMPLATETYPE_t TEMPLATETYPE_var_log_t:file create_file_perms;
-allow TEMPLATETYPE_t TEMPLATETYPE_var_log_t:sock_file create_file_perms;
-allow TEMPLATETYPE_t TEMPLATETYPE_var_log_t:dir { rw_dir_perms setattr };
-logging_log_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_var_log_t,{ sock_file file dir })
-"""
-te_libfile2="""
-# var/lib files for TEMPLATETYPE
-allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:file create_file_perms;
-allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:sock_file create_file_perms;
-allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:dir create_dir_perms;
-files_var_lib_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_var_lib_t, { file dir sock_file })
-"""
-te_network2="""
-## Networking basics (adjust to your needs!)
-sysnet_dns_name_resolve(TEMPLATETYPE_t)
-corenet_tcp_sendrecv_all_if(TEMPLATETYPE_t)
-corenet_tcp_sendrecv_all_nodes(TEMPLATETYPE_t)
-corenet_tcp_sendrecv_all_ports(TEMPLATETYPE_t)
-corenet_non_ipsec_sendrecv(TEMPLATETYPE_t)
-corenet_tcp_connect_http_port(TEMPLATETYPE_t)
-#corenet_tcp_connect_all_ports(TEMPLATETYPE_t)
-## if it is a network daemon, consider these:
-#corenet_tcp_bind_all_ports(TEMPLATETYPE_t)
-#corenet_tcp_bind_all_nodes(TEMPLATETYPE_t)
-allow TEMPLATETYPE_t self:tcp_socket { listen accept };
-"""
-te_initsc2="""
-# Init script handling
-init_use_fds(TEMPLATETYPE_t)
-init_use_script_ptys(TEMPLATETYPE_t)
-domain_use_interactive_fds(TEMPLATETYPE_t)
-"""
-
-########################### File Context ##################################
-fc="""\
-# TEMPLATETYPE executable will have:
-# label: system_u:object_r:TEMPLATETYPE_exec_t
-# MLS sensitivity: s0
-# MCS categories: <none>
-
-EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_exec_t,s0)
-"""
-fc_pidfile="""\
-FILENAME gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
-"""
-fc_logfile="""\
-FILENAME gen_context(system_u:object_r:TEMPLATETYPE_var_log_t,s0)
-"""
-fc_libfile="""\
-FILENAME gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
-"""
-def errorExit(error):
- sys.stderr.write("%s: " % sys.argv[0])
- sys.stderr.write("%s\n" % error)
- sys.stderr.flush()
- sys.exit(1)
-
-
-def write_te_file(module, pidfile, logfile, libfile, network, initsc):
- file="%s.te" % module
- newte=re.sub("TEMPLATETYPE", module, te)
- if libfile:
- newte= newte + re.sub("TEMPLATETYPE", module, te_libfile)
- if logfile:
- newte= newte + re.sub("TEMPLATETYPE", module, te_logfile)
- if pidfile:
- newte= newte + re.sub("TEMPLATETYPE", module, te_pidfile)
- newte= newte + re.sub("TEMPLATETYPE", module, te_sep)
- if libfile:
- newte= newte + re.sub("TEMPLATETYPE", module, te_libfile2)
- if logfile:
- newte= newte + re.sub("TEMPLATETYPE", module, te_logfile2)
- if pidfile:
- newte= newte + re.sub("TEMPLATETYPE", module, te_pidfile2)
- if network:
- newte= newte + re.sub("TEMPLATETYPE", module, te_network2)
- if initsc:
- newte= newte + re.sub("TEMPLATETYPE", module, te_initsc2)
- if os.path.exists(file):
- errorExit("%s already exists" % file)
- fd = open(file, 'w')
- fd.write(newte)
- fd.close()
-
-def write_if_file(module):
- file="%s.if" % module
- newif=re.sub("TEMPLATETYPE", module, interface)
- if os.path.exists(file):
- errorExit("%s already exists" % file)
- fd = open(file, 'w')
- fd.write(newif)
- fd.close()
-
-def write_fc_file(module, executable, pidfile, logfile, libfile):
- file="%s.fc" % module
- temp=re.sub("TEMPLATETYPE", module, fc)
- newfc=re.sub("EXECUTABLE", executable, temp)
- if pidfile:
- temp=re.sub("TEMPLATETYPE", module, fc_pidfile)
- newfc=newfc + re.sub("FILENAME", pidfile, temp)
- if logfile:
- temp=re.sub("TEMPLATETYPE", module, fc_logfile)
- newfc=newfc + re.sub("FILENAME", logfile, temp)
- if libfile:
- temp=re.sub("TEMPLATETYPE", module, fc_libfile)
- newfc=newfc + re.sub("FILENAME", libfile, temp)
- if os.path.exists(file):
- errorExit("%s already exists" % file)
- fd = open(file, 'w')
- fd.write(newfc)
- fd.close()
-
-def gen_policy(module, executable, pidfile, logfile, libfile, initsc, network):
- write_te_file(module, pidfile, logfile, libfile, initsc, network)
- write_if_file(module)
- write_fc_file(module, executable, pidfile, logfile, libfile)
-
-if __name__ == '__main__':
- def usage(message = ""):
- print '%s ModuleName Executable' % sys.argv[0]
- sys.exit(1)
-
- if len(sys.argv) != 3:
- usage()
-
- print """\n
-This tool generate three files for policy development, A Type Enforcement (te)
-file, a File Context (fc), and a Interface File(if). Most of the policy rules
-will be written in the te file. Use the File Context file to associate file
-paths with security context. Use the interface rules to allow other protected
-domains to interact with the newly defined domains.
-
-After generating these files use the /usr/share/selinux/devel/Makefile to
-compile your policy package. Then use the semodule tool to load it.
-
-# /usr/share/selinux/devel/policygentool myapp /usr/bin/myapp
-# make -f /usr/share/selinux/devel/Makefile
-# semodule -i myapp.pp
-# restorecon -R -v /usr/bin/myapp "all files defined in myapp.fc"
-
-Now you can turn on permissive mode, start your application and avc messages
-will be generated. You can use audit2allow to help translate the avc messages
-into policy.
-
-# setenforce 0
-# service myapp start
-# audit2allow -R -i /var/log/audit/audit.log
-
-Return to continue:"""
- sys.stdin.readline().rstrip()
-
- print 'If the module uses pidfiles, what is the pidfile called?'
- pidfile = sys.stdin.readline().rstrip()
- if pidfile == "":
- pidfile = None
- print 'If the module uses logfiles, where are they stored?'
- logfile = sys.stdin.readline().rstrip()
- if logfile == "":
- logfile = None
- print 'If the module has var/lib files, where are they stored?'
- libfile = sys.stdin.readline().rstrip()
- if libfile == "":
- libfile = None
- print 'Does the module have a init script? [yN]'
- initsc = sys.stdin.readline().rstrip()
- if initsc == "" or initsc == "n" or initsc == "N":
- initsc = False
- elif initsc == "y" or initsc == "Y":
- initsc = True
- else:
- raise "Please answer with 'y' or 'n'!"
- print 'Does the module use the network? [yN]'
- network = sys.stdin.readline().rstrip()
- if network == "" or network == "n" or network == "N":
- network = False
- elif network == "y" or network == "Y":
- network = True
- else:
- raise "Please answer with 'y' or 'n'!"
-
- gen_policy(
- module=sys.argv[1],
- executable=sys.argv[2],
- pidfile=pidfile,
- logfile=logfile,
- libfile=libfile,
- initsc=initsc,
- network=network
- )
-
-
+#!/bin/sh
+echo "$0 is no longer supported, better tools exist for creating policy"
+echo "Please use /usr/bin/sepolgen, slide or polgengui to generate policy"
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.929
retrieving revision 1.930
diff -u -p -r1.929 -r1.930
--- selinux-policy.spec 24 Sep 2009 23:30:16 -0000 1.929
+++ selinux-policy.spec 25 Sep 2009 18:47:07 -0000 1.930
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.6.32
-Release: 10%{?dist}
+Release: 11%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -448,6 +448,9 @@ exit 0
%endif
%changelog
+* Thu Sep 24 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-11
+- Allow users to exec restorecond
+
* Tue Sep 21 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-10
- Allow sendmail to request kernel modules load
- Previous message (by thread): rpms/php-doctrine-Doctrine/devel import.log, NONE, 1.1 php-doctrine-Doctrine.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/xfce4-xfswitch-plugin/devel import.log, NONE, 1.1 xfce4-xfswitch-plugin.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list