[selinux-policy/f17] * Tue Oct 9 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-15 - Allow groupadd to read SELinux file
Miroslav Grepl
mgrepl at fedoraproject.org
Tue Oct 9 17:38:35 UTC 2012
commit 206e8f156f863718a65821b348d0cfb62ad336c2
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Tue Oct 9 19:38:16 2012 +0200
* Tue Oct 9 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-15
- Allow groupadd to read SELinux file context
policy-F16.patch | 8 ++++----
selinux-policy.spec | 5 ++++-
2 files changed, 8 insertions(+), 5 deletions(-)
---
diff --git a/policy-F16.patch b/policy-F16.patch
index d5e627e..dcbd6ef 100644
--- a/policy-F16.patch
+++ b/policy-F16.patch
@@ -67635,7 +67635,7 @@ index 81fb26f..66cf96c 100644
## </summary>
## <param name="domain">
diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
-index 441cf22..39992a7 100644
+index 441cf22..388e1c5 100644
--- a/policy/modules/admin/usermanage.te
+++ b/policy/modules/admin/usermanage.te
@@ -71,6 +71,7 @@ allow chfn_t self:unix_stream_socket connectto;
@@ -67715,7 +67715,7 @@ index 441cf22..39992a7 100644
selinux_compute_create_context(groupadd_t)
selinux_compute_relabel_context(groupadd_t)
selinux_compute_user_contexts(groupadd_t)
-+seutil_search_default_contexts(groupadd_t)
++seutil_read_file_contexts(groupadd_t)
-term_use_all_ttys(groupadd_t)
-term_use_all_ptys(groupadd_t)
@@ -81920,7 +81920,7 @@ index fae1ab1..0a5271f 100644
+
+dontaudit domain domain:process { noatsecure siginh rlimitinh } ;
diff --git a/policy/modules/kernel/files.fc b/policy/modules/kernel/files.fc
-index c19518a..1fae99a 100644
+index c19518a..145c899 100644
--- a/policy/modules/kernel/files.fc
+++ b/policy/modules/kernel/files.fc
@@ -18,6 +18,7 @@ ifdef(`distro_redhat',`
@@ -82043,7 +82043,7 @@ index c19518a..1fae99a 100644
+/var/lib/stickshift/.limits.d(/.*)? gen_context(system_u:object_r:etc_t,s0)
+
+/var/lib/openshift/.stickshift-proxy.d(/.*)? gen_context(system_u:object_r:etc_t,s0)
-+/var/lib/openshift/.openhift-proxy.d(/.*)? gen_context(system_u:object_r:etc_t,s0)
++/var/lib/openshift/.openshift-proxy.d(/.*)? gen_context(system_u:object_r:etc_t,s0)
+/var/lib/openshift/.limits.d(/.*)? gen_context(system_u:object_r:etc_t,s0)
+
/var/lock(/.*)? gen_context(system_u:object_r:var_lock_t,s0)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 7e7262d..751fdfb 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.10.0
-Release: 153%{?dist}
+Release: 154%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -479,6 +479,9 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Tue Oct 9 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-154- fix opeshift labeling
+- Allow groupadd to read SELinux file context
+
* Mon Oct 7 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-153
- Add openshift policy
- Add changes needed by openshift policy
More information about the scm-commits
mailing list