[selinux-policy: 1851/3172] trunk: 8 patches from dan.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:45:06 UTC 2010
commit 6c91189762d1e1db1377afecceca119eeb567200
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Thu Nov 15 16:54:18 2007 +0000
trunk: 8 patches from dan.
policy/modules/admin/vbetool.te | 3 ++-
policy/modules/services/asterisk.te | 3 ++-
policy/modules/services/cpucontrol.te | 6 +++++-
policy/modules/services/cvs.te | 4 +++-
policy/modules/services/fetchmail.te | 6 +++++-
policy/modules/services/munin.if | 19 +++++++++++++++++++
policy/modules/services/munin.te | 2 +-
policy/modules/services/portmap.te | 4 ++--
policy/modules/system/udev.te | 12 +++++++++++-
9 files changed, 50 insertions(+), 9 deletions(-)
---
diff --git a/policy/modules/admin/vbetool.te b/policy/modules/admin/vbetool.te
index 8a83908..6fdd7ae 100644
--- a/policy/modules/admin/vbetool.te
+++ b/policy/modules/admin/vbetool.te
@@ -1,5 +1,5 @@
-policy_module(vbetool,1.2.0)
+policy_module(vbetool,1.2.1)
########################################
#
@@ -33,4 +33,5 @@ miscfiles_read_localization(vbetool_t)
optional_policy(`
hal_rw_pid_files(vbetool_t)
hal_write_log(vbetool_t)
+ hal_dontaudit_append_lib_files(vbetool_t)
')
diff --git a/policy/modules/services/asterisk.te b/policy/modules/services/asterisk.te
index 888d0c5..9709025 100644
--- a/policy/modules/services/asterisk.te
+++ b/policy/modules/services/asterisk.te
@@ -1,5 +1,5 @@
-policy_module(asterisk,1.3.1)
+policy_module(asterisk,1.3.2)
########################################
#
@@ -98,6 +98,7 @@ corenet_sendrecv_asterisk_server_packets(asterisk_t)
# for VOIP voice channels.
corenet_tcp_bind_generic_port(asterisk_t)
corenet_udp_bind_generic_port(asterisk_t)
+corenet_dontaudit_udp_bind_all_ports(asterisk_t)
corenet_sendrecv_generic_server_packets(asterisk_t)
dev_read_sysfs(asterisk_t)
diff --git a/policy/modules/services/cpucontrol.te b/policy/modules/services/cpucontrol.te
index d9762bf..5387955 100644
--- a/policy/modules/services/cpucontrol.te
+++ b/policy/modules/services/cpucontrol.te
@@ -1,5 +1,5 @@
-policy_module(cpucontrol,1.2.1)
+policy_module(cpucontrol,1.2.2)
########################################
#
@@ -63,6 +63,10 @@ optional_policy(`
')
optional_policy(`
+ rhgb_use_ptys(cpucontrol_t)
+')
+
+optional_policy(`
seutil_sigchld_newrole(cpucontrol_t)
')
diff --git a/policy/modules/services/cvs.te b/policy/modules/services/cvs.te
index 099c435..9405d17 100644
--- a/policy/modules/services/cvs.te
+++ b/policy/modules/services/cvs.te
@@ -1,5 +1,5 @@
-policy_module(cvs,1.5.0)
+policy_module(cvs,1.5.1)
########################################
#
@@ -16,6 +16,7 @@ gen_tunable(allow_cvs_read_shadow,false)
type cvs_t;
type cvs_exec_t;
inetd_tcp_service_domain(cvs_t,cvs_exec_t)
+application_executable_file(cvs_exec_t)
role system_r types cvs_t;
type cvs_data_t; # customizable
@@ -81,6 +82,7 @@ libs_use_ld_so(cvs_t)
libs_use_shared_libs(cvs_t)
logging_send_syslog_msg(cvs_t)
+logging_send_audit_msgs(cvs_t)
miscfiles_read_localization(cvs_t)
diff --git a/policy/modules/services/fetchmail.te b/policy/modules/services/fetchmail.te
index e56328d..c85f4ef 100644
--- a/policy/modules/services/fetchmail.te
+++ b/policy/modules/services/fetchmail.te
@@ -1,5 +1,5 @@
-policy_module(fetchmail,1.4.1)
+policy_module(fetchmail,1.4.2)
########################################
#
@@ -86,6 +86,10 @@ userdom_dontaudit_use_unpriv_user_fds(fetchmail_t)
userdom_dontaudit_search_sysadm_home_dirs(fetchmail_t)
optional_policy(`
+ procmail_domtrans(fetchmail_t)
+')
+
+optional_policy(`
seutil_sigchld_newrole(fetchmail_t)
')
diff --git a/policy/modules/services/munin.if b/policy/modules/services/munin.if
index 80e2098..19848bb 100644
--- a/policy/modules/services/munin.if
+++ b/policy/modules/services/munin.if
@@ -61,3 +61,22 @@ interface(`munin_search_lib',`
allow $1 munin_var_lib_t:dir search_dir_perms;
files_search_var_lib($1)
')
+
+#######################################
+## <summary>
+## Do not audit attempts to search
+## munin library directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`munin_dontaudit_search_lib',`
+ gen_require(`
+ type munin_var_lib_t;
+ ')
+
+ dontaudit $1 munin_var_lib_t:dir search_dir_perms;
+')
diff --git a/policy/modules/services/munin.te b/policy/modules/services/munin.te
index c6bb997..713e9df 100644
--- a/policy/modules/services/munin.te
+++ b/policy/modules/services/munin.te
@@ -1,5 +1,5 @@
-policy_module(munin,1.3.1)
+policy_module(munin,1.3.2)
########################################
#
diff --git a/policy/modules/services/portmap.te b/policy/modules/services/portmap.te
index 01c76d5..6f0d50a 100644
--- a/policy/modules/services/portmap.te
+++ b/policy/modules/services/portmap.te
@@ -1,5 +1,5 @@
-policy_module(portmap,1.5.1)
+policy_module(portmap,1.5.2)
########################################
#
@@ -66,7 +66,7 @@ corenet_udp_bind_generic_port(portmap_t)
corenet_tcp_bind_reserved_port(portmap_t)
corenet_udp_bind_reserved_port(portmap_t)
corenet_dontaudit_tcp_bind_all_reserved_ports(portmap_t)
-corenet_dontaudit_udp_bind_all_reserved_ports(portmap_t)
+corenet_dontaudit_udp_bind_all_ports(portmap_t)
dev_read_sysfs(portmap_t)
diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index afe1f3a..b4cb86d 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -1,5 +1,5 @@
-policy_module(udev,1.8.1)
+policy_module(udev,1.8.2)
########################################
#
@@ -132,6 +132,7 @@ auth_use_nsswitch(udev_t)
init_read_utmp(udev_t)
init_dontaudit_write_utmp(udev_t)
+init_getattr_initctl(udev_t)
libs_use_ld_so(udev_t)
libs_use_shared_libs(udev_t)
@@ -184,6 +185,11 @@ ifdef(`distro_redhat',`
')
optional_policy(`
+ alsa_domtrans(udev_t)
+ alsa_read_rw_config(udev_t)
+')
+
+optional_policy(`
brctl_domtrans(udev_t)
')
@@ -220,6 +226,10 @@ optional_policy(`
')
optional_policy(`
+ raid_domtrans_mdadm(udev_t)
+')
+
+optional_policy(`
kernel_write_xen_state(udev_t)
kernel_read_xen_state(udev_t)
xen_manage_log(udev_t)
More information about the scm-commits
mailing list