[selinux-policy: 3003/3172] Merge upstream
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 23:27:14 UTC 2010
commit 14ffaf836d9e8faf41d73cb102ffca1b871e4cb5
Merge: a55bb56 fee4864
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Sep 16 07:05:26 2010 -0400
Merge upstream
Changelog | 1 +
policy/modules/admin/certwatch.te | 2 +-
policy/modules/admin/firstboot.te | 2 +-
policy/modules/admin/smoltclient.te | 4 +-
policy/modules/apps/awstats.te | 2 +-
policy/modules/roles/staff.te | 107 ++++++++++++++++-----------------
policy/modules/roles/unprivuser.te | 20 +++---
policy/modules/services/amavis.if | 2 +-
policy/modules/services/amavis.te | 2 +-
policy/modules/services/arpwatch.te | 2 +-
policy/modules/services/canna.te | 2 +-
policy/modules/services/certmaster.if | 4 +-
policy/modules/services/certmaster.te | 2 +-
policy/modules/services/certmonger.te | 2 +-
policy/modules/services/courier.if | 1 +
policy/modules/services/courier.te | 2 +-
policy/modules/services/dcc.te | 4 +-
policy/modules/services/djbdns.te | 5 +-
policy/modules/services/fetchmail.te | 2 +-
policy/modules/services/icecast.te | 2 +-
policy/modules/services/nslcd.te | 2 +-
policy/modules/services/nut.te | 4 +-
policy/modules/services/openct.te | 4 +-
policy/modules/services/pcscd.te | 3 +-
policy/modules/services/postgresql.te | 5 +-
policy/modules/services/postgrey.te | 4 +-
policy/modules/services/prelude.te | 2 +-
policy/modules/services/radvd.te | 4 +-
policy/modules/services/snort.te | 2 +-
policy/modules/services/stunnel.te | 4 +-
policy/modules/services/zabbix.te | 4 +-
policy/modules/services/zebra.te | 4 +-
32 files changed, 104 insertions(+), 108 deletions(-)
---
diff --cc policy/modules/roles/staff.te
index 06b7974,1854002..b0d95d4
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@@ -61,22 -27,6 +61,35 @@@ optional_policy(
')
optional_policy(`
- dbadm_role_change(staff_r)
++ accountsd_dbus_chat(staff_t)
++ accountsd_read_lib_files(staff_t)
+')
+
+optional_policy(`
- logadm_role_change(staff_r)
++ gnomeclock_dbus_chat(staff_t)
+')
+
+optional_policy(`
- webadm_role_change(staff_r)
++ firewallgui_dbus_chat(staff_t)
++')
++
++optional_policy(`
++ lpd_list_spool(staff_t)
+')
+
+optional_policy(`
- kerneloops_manage_tmp_files(staff_t)
++ kerneloops_dbus_chat(staff_t)
++')
++
++optional_policy(`
++ logadm_role_change(staff_r)
++')
++
++optional_policy(`
++ mozilla_run_plugin(staff_t, staff_r)
+')
+
+optional_policy(`
oident_manage_user_content(staff_t)
oident_relabel_user_content(staff_t)
')
@@@ -86,15 -36,11 +99,19 @@@ optional_policy(
')
optional_policy(`
- secadm_role_change(staff_r)
++ rtkit_scheduled(staff_t)
+')
+
+optional_policy(`
- unconfined_role_change(staff_r)
++ rpm_dbus_chat(staff_usertype)
+')
+
+optional_policy(`
- rtkit_scheduled(staff_t)
+ secadm_role_change(staff_r)
+ ')
+
+ optional_policy(`
- ssh_role_template(staff, staff_r, staff_t)
++ sandbox_transition(staff_t, staff_r)
')
optional_policy(`
@@@ -102,21 -48,9 +119,42 @@@
')
optional_policy(`
+ sysadm_role_change(staff_r)
+ userdom_dontaudit_use_user_terminals(staff_t)
+ ')
++optional_policy(`
++ setroubleshoot_stream_connect(staff_t)
++ setroubleshoot_dbus_chat(staff_t)
++ setroubleshoot_dbus_chat_fixit(staff_t)
++')
++
++optional_policy(`
+ ssh_role_template(staff, staff_r, staff_t)
+')
+
+optional_policy(`
+ sudo_role_template(staff, staff_r, staff_t)
+')
+
+optional_policy(`
- sysadm_role_change(staff_r)
- userdom_dontaudit_use_user_terminals(staff_t)
++ telepathy_dbus_session_role(staff_r, staff_t)
+')
+
+optional_policy(`
- telepathy_dbus_session_role(staff_r, staff_t)
++ userhelper_console_role_template(staff, staff_r, staff_usertype)
++')
++
++optional_policy(`
++ unconfined_role_change(staff_r)
++')
++
++optional_policy(`
++ virt_stream_connect(staff_t)
++')
++
++optional_policy(`
++ webadm_role_change(staff_r)
+')
optional_policy(`
xserver_role(staff_r, staff_t)
diff --cc policy/modules/roles/unprivuser.te
index aac3fe1,9b55b00..2932c13
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@@ -19,34 -17,15 +19,39 @@@ optional_policy(
')
optional_policy(`
+ oident_manage_user_content(user_t)
+ oident_relabel_user_content(user_t)
+ ')
+
+ optional_policy(`
+ mozilla_run_plugin(user_t, user_r)
+')
+
+optional_policy(`
+ rpm_dontaudit_dbus_chat(user_t)
+')
+
+optional_policy(`
+ rtkit_scheduled(user_t)
+')
+
+optional_policy(`
+ sandbox_transition(user_t, user_r)
+')
+
+optional_policy(`
screen_role_template(user, user_r, user_t)
')
optional_policy(`
- telepathy_dbus_session_role(user_r, user_t)
++ setroubleshoot_dontaudit_stream_connect(user_t)
+')
+
+optional_policy(`
- setroubleshoot_dontaudit_stream_connect(user_t)
++ telepathy_dbus_session_role(user_r, user_t)
+')
+
+optional_policy(`
xserver_role(user_r, user_t)
')
More information about the scm-commits
mailing list