[selinux-policy/f17] * Tue Oct 9 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-15 - Allow groupadd to read SELinux file

Miroslav Grepl mgrepl at fedoraproject.org
Tue Oct 9 17:38:35 UTC 2012 

commit 206e8f156f863718a65821b348d0cfb62ad336c2
Author: Miroslav Grepl <mgrepl at redhat.com>
Date:   Tue Oct 9 19:38:16 2012 +0200

    * Tue Oct 9 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-15
    - Allow groupadd to read SELinux file context

 policy-F16.patch    |    8 ++++----
 selinux-policy.spec |    5 ++++-
 2 files changed, 8 insertions(+), 5 deletions(-)
---
diff --git a/policy-F16.patch b/policy-F16.patch
index d5e627e..dcbd6ef 100644
--- a/policy-F16.patch
+++ b/policy-F16.patch
@@ -67635,7 +67635,7 @@ index 81fb26f..66cf96c 100644
  ## </summary>
  ## <param name="domain">
 diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
-index 441cf22..39992a7 100644
+index 441cf22..388e1c5 100644
 --- a/policy/modules/admin/usermanage.te
 +++ b/policy/modules/admin/usermanage.te
 @@ -71,6 +71,7 @@ allow chfn_t self:unix_stream_socket connectto;
@@ -67715,7 +67715,7 @@ index 441cf22..39992a7 100644
  selinux_compute_create_context(groupadd_t)
  selinux_compute_relabel_context(groupadd_t)
  selinux_compute_user_contexts(groupadd_t)
-+seutil_search_default_contexts(groupadd_t)
++seutil_read_file_contexts(groupadd_t)
  
 -term_use_all_ttys(groupadd_t)
 -term_use_all_ptys(groupadd_t)
@@ -81920,7 +81920,7 @@ index fae1ab1..0a5271f 100644
 +
 +dontaudit domain domain:process { noatsecure siginh rlimitinh } ;
 diff --git a/policy/modules/kernel/files.fc b/policy/modules/kernel/files.fc
-index c19518a..1fae99a 100644
+index c19518a..145c899 100644
 --- a/policy/modules/kernel/files.fc
 +++ b/policy/modules/kernel/files.fc
 @@ -18,6 +18,7 @@ ifdef(`distro_redhat',`
@@ -82043,7 +82043,7 @@ index c19518a..1fae99a 100644
 +/var/lib/stickshift/.limits.d(/.*)?        gen_context(system_u:object_r:etc_t,s0)
 +
 +/var/lib/openshift/.stickshift-proxy.d(/.*)?   gen_context(system_u:object_r:etc_t,s0)
-+/var/lib/openshift/.openhift-proxy.d(/.*)?   gen_context(system_u:object_r:etc_t,s0)
++/var/lib/openshift/.openshift-proxy.d(/.*)?   gen_context(system_u:object_r:etc_t,s0)
 +/var/lib/openshift/.limits.d(/.*)?        gen_context(system_u:object_r:etc_t,s0)
 +
  /var/lock(/.*)?			gen_context(system_u:object_r:var_lock_t,s0)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 7e7262d..751fdfb 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.10.0
-Release: 153%{?dist}
+Release: 154%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -479,6 +479,9 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Tue Oct 9 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-154- fix opeshift labeling
+- Allow groupadd to read SELinux file context
+
 * Mon Oct 7 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-153
 - Add openshift policy
 - Add changes needed by openshift policy

More information about the scm-commits mailing list