[selinux-policy: 1918/3172] trunk: 4 patches from dan.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 21:50:48 UTC 2010 

commit e828954c637f8ed3c4ab180f1716510013a12273
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Thu Mar 27 15:20:16 2008 +0000

    trunk: 4 patches from dan.

 policy/modules/apps/slocate.te      |    3 ++-
 policy/modules/services/lpd.if      |    6 ++----
 policy/modules/services/lpd.te      |    2 +-
 policy/modules/services/nx.fc       |    2 ++
 policy/modules/services/nx.te       |    2 +-
 policy/modules/services/pcscd.te    |    3 ++-
 policy/modules/system/hotplug.te    |    3 ++-
 policy/modules/system/sysnetwork.if |   19 +++++++++++++++++++
 policy/modules/system/sysnetwork.te |    2 +-
 9 files changed, 32 insertions(+), 10 deletions(-)
---
diff --git a/policy/modules/apps/slocate.te b/policy/modules/apps/slocate.te
index 7bf34d1..b9d58ec 100644
--- a/policy/modules/apps/slocate.te
+++ b/policy/modules/apps/slocate.te
@@ -1,5 +1,5 @@
 
-policy_module(slocate,1.6.0)
+policy_module(slocate,1.6.1)
 
 #################################
 #
@@ -39,6 +39,7 @@ dev_getattr_all_chr_files(locate_t)
 
 files_list_all(locate_t)
 files_getattr_all_files(locate_t)
+files_getattr_all_pipes(locate_t)
 files_getattr_all_sockets(locate_t)
 files_read_etc_runtime_files(locate_t)
 files_read_etc_files(locate_t)
diff --git a/policy/modules/services/lpd.if b/policy/modules/services/lpd.if
index 9517dd6..1d91026 100644
--- a/policy/modules/services/lpd.if
+++ b/policy/modules/services/lpd.if
@@ -336,10 +336,8 @@ interface(`lpd_manage_spool',`
 	')
 
 	files_search_spool($1)
-	manage_files_pattern($1,print_spool_t,print_spool_t)
-
-	# cjp: cups wants setattr
-	allow $1 print_spool_t:dir setattr;
+	manage_dirs_pattern($1, print_spool_t, print_spool_t)
+	manage_files_pattern($1, print_spool_t, print_spool_t)
 ')
 
 ########################################
diff --git a/policy/modules/services/lpd.te b/policy/modules/services/lpd.te
index 243c2fd..9e9e7c1 100644
--- a/policy/modules/services/lpd.te
+++ b/policy/modules/services/lpd.te
@@ -1,5 +1,5 @@
 
-policy_module(lpd,1.8.0)
+policy_module(lpd,1.8.1)
 
 ########################################
 #
diff --git a/policy/modules/services/nx.fc b/policy/modules/services/nx.fc
index 3a294f3..21c47c6 100644
--- a/policy/modules/services/nx.fc
+++ b/policy/modules/services/nx.fc
@@ -3,3 +3,5 @@
 /opt/NX/home/nx/\.ssh(/.*)?		gen_context(system_u:object_r:nx_server_home_ssh_t,s0)
 
 /opt/NX/var(/.*)?			gen_context(system_u:object_r:nx_server_var_run_t,s0)
+
+/usr/libexec/nx/nxserver	--	gen_context(system_u:object_r:nx_server_exec_t,s0)
diff --git a/policy/modules/services/nx.te b/policy/modules/services/nx.te
index e1b0bfb..77506de 100644
--- a/policy/modules/services/nx.te
+++ b/policy/modules/services/nx.te
@@ -1,5 +1,5 @@
 
-policy_module(nx,1.2.0)
+policy_module(nx,1.2.1)
 
 ########################################
 #
diff --git a/policy/modules/services/pcscd.te b/policy/modules/services/pcscd.te
index 5ac702f..75108a4 100644
--- a/policy/modules/services/pcscd.te
+++ b/policy/modules/services/pcscd.te
@@ -1,5 +1,5 @@
 
-policy_module(pcscd,1.3.0)
+policy_module(pcscd,1.3.1)
 
 ########################################
 #
@@ -45,6 +45,7 @@ dev_search_sysfs(pcscd_t)
 files_read_etc_files(pcscd_t)
 files_read_etc_runtime_files(pcscd_t)
 
+term_use_unallocated_ttys(pcscd_t)
 term_dontaudit_getattr_pty_dirs(pcscd_t)
 
 libs_use_ld_so(pcscd_t)
diff --git a/policy/modules/system/hotplug.te b/policy/modules/system/hotplug.te
index e64bd24..fee617a 100644
--- a/policy/modules/system/hotplug.te
+++ b/policy/modules/system/hotplug.te
@@ -1,5 +1,5 @@
 
-policy_module(hotplug,1.7.0)
+policy_module(hotplug,1.7.1)
 
 ########################################
 #
@@ -179,6 +179,7 @@ optional_policy(`
 	sysnet_read_dhcpc_pid(hotplug_t)
 	sysnet_rw_dhcp_config(hotplug_t)
 	sysnet_domtrans_ifconfig(hotplug_t)
+	sysnet_signal_ifconfig(hotplug_t)
 ')
 
 optional_policy(`
diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
index 2e36272..e8bd0c7 100644
--- a/policy/modules/system/sysnetwork.if
+++ b/policy/modules/system/sysnetwork.if
@@ -443,6 +443,25 @@ interface(`sysnet_exec_ifconfig',`
 
 ########################################
 ## <summary>
+##	Send a generic signal to ifconfig.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`sysnet_signal_ifconfig',`
+	gen_require(`
+		type ifconfig_t;
+	')
+
+	allow $1 ifconfig_t:process signal;
+')
+
+########################################
+## <summary>
 ##	Read the DHCP configuration files.
 ## </summary>
 ## <param name="domain">
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
index 592b280..adb68d0 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -1,5 +1,5 @@
 
-policy_module(sysnetwork,1.5.1)
+policy_module(sysnetwork,1.5.2)
 
 ########################################
 #

More information about the scm-commits mailing list