[selinux-policy/f14/master] - Merge with upstream

Daniel J Walsh dwalsh at fedoraproject.org
Fri Aug 27 14:21:15 UTC 2010 

commit f8eb3a451ae210c48d52922321cbeafd694b0f1c
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Fri Aug 27 10:21:11 2010 -0400

    - Merge with upstream

 policy-F14.patch |   53 ++++++++++++++++++++++++++---------------------------
 1 files changed, 26 insertions(+), 27 deletions(-)
---
diff --git a/policy-F14.patch b/policy-F14.patch
index 03d29f6..11cdb34 100644
--- a/policy-F14.patch
+++ b/policy-F14.patch
@@ -9046,7 +9046,7 @@ index 252913b..a1bbe8f 100644
  	consoletype_exec(auditadm_t)
  ')
 diff --git a/policy/modules/roles/dbadm.te b/policy/modules/roles/dbadm.te
-index 1875064..a3ddd43 100644
+index 1875064..20d9333 100644
 --- a/policy/modules/roles/dbadm.te
 +++ b/policy/modules/roles/dbadm.te
 @@ -58,3 +58,7 @@ optional_policy(`
@@ -26162,7 +26162,7 @@ index 6f1e3c7..39c2bb3 100644
 +/var/lib/pqsql/\.Xauthority.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
 +
 diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
-index da2601a..8696a6e 100644
+index da2601a..6ff8f25 100644
 --- a/policy/modules/services/xserver.if
 +++ b/policy/modules/services/xserver.if
 @@ -19,9 +19,10 @@
@@ -26220,15 +26220,13 @@ index da2601a..8696a6e 100644
  
  	# Client read xserver shm
  	allow $2 xserver_t:fd use;
-@@ -89,14 +99,19 @@ interface(`xserver_restricted_role',`
+@@ -89,14 +99,17 @@ interface(`xserver_restricted_role',`
  	dev_write_misc($2)
  	# open office is looking for the following
  	dev_getattr_agp_dev($2)
 -	dev_dontaudit_rw_dri($2)
 +	tunable_policy(`user_direct_dri',`
 +		dev_rw_dri($2)
-+	',`
-+		dev_dontaudit_rw_dri($2)
 +	')
 +
  	# GNOME checks for usb and other devices:
@@ -26242,7 +26240,7 @@ index da2601a..8696a6e 100644
  	xserver_xsession_entry_type($2)
  	xserver_dontaudit_write_log($2)
  	xserver_stream_connect_xdm($2)
-@@ -148,6 +163,7 @@ interface(`xserver_role',`
+@@ -148,6 +161,7 @@ interface(`xserver_role',`
  	allow $2 xauth_home_t:file manage_file_perms;
  	allow $2 xauth_home_t:file { relabelfrom relabelto };
  
@@ -26250,7 +26248,7 @@ index da2601a..8696a6e 100644
  	manage_dirs_pattern($2, user_fonts_t, user_fonts_t)
  	manage_files_pattern($2, user_fonts_t, user_fonts_t)
  	relabel_dirs_pattern($2, user_fonts_t, user_fonts_t)
-@@ -197,7 +213,7 @@ interface(`xserver_ro_session',`
+@@ -197,7 +211,7 @@ interface(`xserver_ro_session',`
  	allow $1 xserver_t:process signal;
  
  	# Read /tmp/.X0-lock
@@ -26259,7 +26257,7 @@ index da2601a..8696a6e 100644
  
  	# Client read xserver shm
  	allow $1 xserver_t:fd use;
-@@ -291,12 +307,12 @@ interface(`xserver_user_client',`
+@@ -291,12 +305,12 @@ interface(`xserver_user_client',`
  	allow $1 self:unix_stream_socket { connectto create_stream_socket_perms };
  
  	# Read .Xauthority file
@@ -26275,7 +26273,7 @@ index da2601a..8696a6e 100644
  	allow $1 xdm_tmp_t:dir search;
  	allow $1 xdm_tmp_t:sock_file { read write };
  	dontaudit $1 xdm_t:tcp_socket { read write };
-@@ -355,6 +371,12 @@ template(`xserver_common_x_domain_template',`
+@@ -355,6 +369,12 @@ template(`xserver_common_x_domain_template',`
  		class x_property all_x_property_perms;
  		class x_event all_x_event_perms;
  		class x_synthetic_event all_x_synthetic_event_perms;
@@ -26288,7 +26286,7 @@ index da2601a..8696a6e 100644
  	')
  
  	##############################
-@@ -386,6 +408,15 @@ template(`xserver_common_x_domain_template',`
+@@ -386,6 +406,15 @@ template(`xserver_common_x_domain_template',`
  	allow $2 xevent_t:{ x_event x_synthetic_event } receive;
  	# dont audit send failures
  	dontaudit $2 input_xevent_type:x_event send;
@@ -26304,7 +26302,7 @@ index da2601a..8696a6e 100644
  ')
  
  #######################################
-@@ -476,6 +507,7 @@ template(`xserver_user_x_domain_template',`
+@@ -476,6 +505,7 @@ template(`xserver_user_x_domain_template',`
  	xserver_use_user_fonts($2)
  
  	xserver_read_xdm_tmp_files($2)
@@ -26312,7 +26310,7 @@ index da2601a..8696a6e 100644
  
  	# X object manager
  	xserver_object_types_template($1)
-@@ -545,6 +577,27 @@ interface(`xserver_domtrans_xauth',`
+@@ -545,6 +575,27 @@ interface(`xserver_domtrans_xauth',`
  	')
  
  	domtrans_pattern($1, xauth_exec_t, xauth_t)
@@ -26340,7 +26338,7 @@ index da2601a..8696a6e 100644
  ')
  
  ########################################
-@@ -598,6 +651,7 @@ interface(`xserver_read_user_xauth',`
+@@ -598,6 +649,7 @@ interface(`xserver_read_user_xauth',`
  
  	allow $1 xauth_home_t:file read_file_perms;
  	userdom_search_user_home_dirs($1)
@@ -26348,7 +26346,7 @@ index da2601a..8696a6e 100644
  ')
  
  ########################################
-@@ -725,10 +779,12 @@ interface(`xserver_dontaudit_rw_xdm_pipes',`
+@@ -725,10 +777,12 @@ interface(`xserver_dontaudit_rw_xdm_pipes',`
  interface(`xserver_stream_connect_xdm',`
  	gen_require(`
  		type xdm_t, xdm_tmp_t;
@@ -26361,7 +26359,7 @@ index da2601a..8696a6e 100644
  ')
  
  ########################################
-@@ -805,7 +861,7 @@ interface(`xserver_read_xdm_pid',`
+@@ -805,7 +859,7 @@ interface(`xserver_read_xdm_pid',`
  	')
  
  	files_search_pids($1)
@@ -26370,7 +26368,7 @@ index da2601a..8696a6e 100644
  ')
  
  ########################################
-@@ -916,7 +972,7 @@ interface(`xserver_dontaudit_write_log',`
+@@ -916,7 +970,7 @@ interface(`xserver_dontaudit_write_log',`
  		type xserver_log_t;
  	')
  
@@ -26379,7 +26377,7 @@ index da2601a..8696a6e 100644
  ')
  
  ########################################
-@@ -963,6 +1019,44 @@ interface(`xserver_read_xkb_libs',`
+@@ -963,6 +1017,44 @@ interface(`xserver_read_xkb_libs',`
  
  ########################################
  ## <summary>
@@ -26424,7 +26422,7 @@ index da2601a..8696a6e 100644
  ##	Read xdm temporary files.
  ## </summary>
  ## <param name="domain">
-@@ -1224,9 +1318,20 @@ interface(`xserver_manage_core_devices',`
+@@ -1224,9 +1316,20 @@ interface(`xserver_manage_core_devices',`
  		class x_device all_x_device_perms;
  		class x_pointer all_x_pointer_perms;
  		class x_keyboard all_x_keyboard_perms;
@@ -26445,7 +26443,7 @@ index da2601a..8696a6e 100644
  ')
  
  ########################################
-@@ -1250,3 +1355,329 @@ interface(`xserver_unconfined',`
+@@ -1250,3 +1353,329 @@ interface(`xserver_unconfined',`
  	typeattribute $1 x_domain;
  	typeattribute $1 xserver_unconfined_type;
  ')
@@ -28992,7 +28990,7 @@ index f6aafe7..7da8294 100644
 +	allow $1 init_t:unix_stream_socket rw_stream_socket_perms;
 +')
 diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
-index bd45076..a1b6d56 100644
+index bd45076..a100eb6 100644
 --- a/policy/modules/system/init.te
 +++ b/policy/modules/system/init.te
 @@ -16,6 +16,27 @@ gen_require(`
@@ -29106,7 +29104,7 @@ index bd45076..a1b6d56 100644
  	corecmd_shell_domtrans(init_t, initrc_t)
  ',`
  	# Run the shell in the sysadm role for single-user mode.
-@@ -185,15 +216,80 @@ tunable_policy(`init_upstart',`
+@@ -185,23 +216,92 @@ tunable_policy(`init_upstart',`
  	sysadm_shell_domtrans(init_t)
  ')
  
@@ -29155,11 +29153,6 @@ index bd45076..a1b6d56 100644
 +	init_read_script_state(init_t)
 +
 +	seutil_read_file_contexts(init_t)
-+
-+	optional_policy(`
-+		plymouthd_stream_connect(init_t)
-+		plymouthd_exec_plymouth(init_t)
-+	')
 +')
 +
  optional_policy(`
@@ -29187,7 +29180,13 @@ index bd45076..a1b6d56 100644
  	nscd_socket_use(init_t)
  ')
  
-@@ -202,6 +298,10 @@ optional_policy(`
+ optional_policy(`
++	plymouthd_stream_connect(init_t)
++	plymouthd_exec_plymouth(init_t)
++')
++
++optional_policy(`
+ 	sssd_stream_connect(init_t)
  ')
  
  optional_policy(`

More information about the scm-commits mailing list