rpms/selinux-policy/F-7 policy-20070501.patch,1.32,1.33
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Tue Jul 3 18:37:08 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13071
Modified Files:
policy-20070501.patch
Log Message:
* Wed Jun 27 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-25
- Rebuild
policy-20070501.patch:
Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -r1.32 -r1.33
--- policy-20070501.patch 3 Jul 2007 17:51:11 -0000 1.32
+++ policy-20070501.patch 3 Jul 2007 18:37:01 -0000 1.33
@@ -365,7 +365,7 @@
+libs_use_ld_so(amtu_t)
+libs_use_shared_libs(amtu_t)
+
-+logging_send_audit_msg(amtu_t)
++logging_send_audit_msgs(amtu_t)
+
+optional_policy(`
+ seutil_use_newrole_fds(amtu_t)
@@ -838,7 +838,7 @@
libs_use_shared_libs($1_sudo_t)
logging_send_syslog_msg($1_sudo_t)
-+ logging_send_audit_msg($1_sudo_t)
++ logging_send_audit_msgs($1_sudo_t)
miscfiles_read_localization($1_sudo_t)
@@ -882,7 +882,7 @@
libs_use_ld_so($1_su_t)
libs_use_shared_libs($1_su_t)
-+ logging_send_audit_msg($1_su_t)
++ logging_send_audit_msgs($1_su_t)
logging_send_syslog_msg($1_su_t)
miscfiles_read_localization($1_su_t)
@@ -916,7 +916,7 @@
libs_use_shared_libs($1_su_t)
logging_send_syslog_msg($1_su_t)
-+ logging_send_audit_msg($1_su_t)
++ logging_send_audit_msgs($1_su_t)
miscfiles_read_localization($1_su_t)
@@ -971,7 +971,7 @@
corecmd_exec_bin(groupadd_t)
logging_send_syslog_msg(groupadd_t)
-+logging_send_audit_msg(groupadd_t)
++logging_send_audit_msgs(groupadd_t)
miscfiles_read_localization(groupadd_t)
@@ -1010,7 +1010,7 @@
libs_use_shared_libs(passwd_t)
logging_send_syslog_msg(passwd_t)
-+logging_send_audit_msg(passwd_t)
++logging_send_audit_msgs(passwd_t)
miscfiles_read_localization(passwd_t)
@@ -1068,7 +1068,7 @@
libs_use_shared_libs(useradd_t)
logging_send_syslog_msg(useradd_t)
-+logging_send_audit_msg(useradd_t)
++logging_send_audit_msgs(useradd_t)
miscfiles_read_localization(useradd_t)
@@ -2463,7 +2463,7 @@
allow aide_t self:capability { dac_override fowner };
-send_audit_msgs_pattern(aide_t)
-+logging_send_audit_msg(aide_t)
++logging_send_audit_msgs(aide_t)
# database actions
manage_files_pattern(aide_t,aide_db_t,aide_db_t)
@@ -3559,7 +3559,7 @@
libs_use_shared_libs(crond_t)
logging_send_syslog_msg(crond_t)
-+logging_send_audit_msg(crond_t)
++logging_send_audit_msgs(crond_t)
+logging_set_loginuid(crond_t)
seutil_read_config(crond_t)
@@ -3758,7 +3758,7 @@
libs_read_lib_files(cupsd_t)
logging_send_syslog_msg(cupsd_t)
-+logging_send_audit_msg(cupsd_t)
++logging_send_audit_msgs(cupsd_t)
miscfiles_read_localization(cupsd_t)
# invoking ghostscript needs to read fonts
@@ -3893,7 +3893,7 @@
libs_use_shared_libs($1_dbusd_t)
logging_send_syslog_msg($1_dbusd_t)
-+ logging_send_audit_msg($1_dbusd_t)
++ logging_send_audit_msgs($1_dbusd_t)
miscfiles_read_localization($1_dbusd_t)
@@ -3985,7 +3985,7 @@
libs_use_shared_libs(system_dbusd_t)
logging_send_syslog_msg(system_dbusd_t)
-+logging_send_audit_msg(system_dbusd_t)
++logging_send_audit_msgs(system_dbusd_t)
miscfiles_read_localization(system_dbusd_t)
miscfiles_read_certs(system_dbusd_t)
@@ -4169,7 +4169,7 @@
kernel_read_system_state(dovecot_auth_t)
+logging_send_syslog_msg(dovecot_auth_t)
-+logging_send_audit_msg(dovecot_auth_t)
++logging_send_audit_msgs(dovecot_auth_t)
+
dev_read_urand(dovecot_auth_t)
@@ -4257,7 +4257,7 @@
libs_use_ld_so(ftpd_t)
libs_use_shared_libs(ftpd_t)
-+logging_send_audit_msg(ftpd_t)
++logging_send_audit_msgs(ftpd_t)
+logging_set_loginuid(ftpd_t)
logging_send_syslog_msg(ftpd_t)
@@ -4443,7 +4443,7 @@
libs_exec_ld_so(hald_t)
libs_exec_lib_files(hald_t)
-+logging_send_audit_msg(hald_t)
++logging_send_audit_msgs(hald_t)
logging_send_syslog_msg(hald_t)
logging_search_logs(hald_t)
@@ -5562,7 +5562,7 @@
optional_policy(`
logging_send_syslog_msg(pegasus_t)
-+ logging_send_audit_msg(pegasus_t)
++ logging_send_audit_msgs(pegasus_t)
')
optional_policy(`
@@ -6900,7 +6900,7 @@
logging_send_syslog_msg(saslauthd_t)
-
-+logging_send_audit_msg(saslauthd_t)
++logging_send_audit_msgs(saslauthd_t)
miscfiles_read_localization(saslauthd_t)
miscfiles_read_certs(saslauthd_t)
@@ -7513,7 +7513,7 @@
libs_use_shared_libs($1_chkpwd_t)
logging_send_syslog_msg($1_chkpwd_t)
-+ logging_send_audit_msg($1_chkpwd_t)
++ logging_send_audit_msgs($1_chkpwd_t)
miscfiles_read_localization($1_chkpwd_t)
@@ -7527,7 +7527,7 @@
# cjp: is this really needed?
- allow $2 self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
-+ logging_send_audit_msg($2)
++ logging_send_audit_msgs($2)
+ logging_set_loginuid($2)
dontaudit $2 shadow_t:file { getattr read };
@@ -7576,7 +7576,7 @@
+ auth_keyring_domain($1)
+ allow $1 keyring_type:key { search link };
+
-+ logging_send_audit_msg($1)
++ logging_send_audit_msgs($1)
+
# for SSP/ProPolice
dev_read_urand($1)
@@ -7810,7 +7810,7 @@
# System check password local policy
#
-+logging_send_audit_msg(system_chkpwd_t)
++logging_send_audit_msgs(system_chkpwd_t)
+
allow system_chkpwd_t shadow_t:file { getattr read };
@@ -7879,7 +7879,7 @@
libs_use_shared_libs(hwclock_t)
logging_send_syslog_msg(hwclock_t)
-+logging_send_audit_msg(hwclock_t)
++logging_send_audit_msgs(hwclock_t)
miscfiles_read_localization(hwclock_t)
@@ -8307,7 +8307,7 @@
allow racoon_t self:netlink_selinux_socket { bind create read };
allow racoon_t self:udp_socket create_socket_perms;
allow racoon_t self:key_socket { create read setopt write };
-+logging_send_audit_msg(racoon_t)
++logging_send_audit_msgs(racoon_t)
# manage pid file
manage_files_pattern(racoon_t,ipsec_var_run_t,ipsec_var_run_t)
@@ -8555,12 +8555,12 @@
+## </summary>
+## </param>
+#
-+interface(`logging_send_audit_msg',`
++interface(`logging_send_audit_msgs',`
+ gen_require(`
-+ attribute can_send_audit_msg;
++ attribute can_send_audit_msgs;
+ ')
+
-+ typeattribute $1 can_send_audit_msg;
++ typeattribute $1 can_send_audit_msgs;
+ allow $1 self:capability audit_write;
+ allow $1 self:netlink_audit_socket { create_socket_perms nlmsg_read nlmsg_relay };
+')
@@ -8578,10 +8578,10 @@
+interface(`logging_set_loginuid',`
+ gen_require(`
+ attribute can_set_loginuid;
-+ attribute can_send_audit_msg;
++ attribute can_send_audit_msgs;
+ ')
+
-+ typeattribute $1 can_set_loginuid, can_send_audit_msg;
++ typeattribute $1 can_set_loginuid, can_send_audit_msgs;
+
+ allow $1 self:capability audit_control;
+ allow $1 self:netlink_audit_socket { create_socket_perms nlmsg_read nlmsg_relay };
@@ -8600,10 +8600,10 @@
+interface(`logging_set_audit',`
+ gen_require(`
+ attribute can_set_audit;
-+ attribute can_send_audit_msg;
++ attribute can_send_audit_msgs;
+ ')
+
-+ typeattribute $1 can_set_audit, can_send_audit_msg;
++ typeattribute $1 can_set_audit, can_send_audit_msgs;
+ allow $1 self:capability { audit_write audit_control };
+ allow $1 self:netlink_audit_socket { create_socket_perms nlmsg_read nlmsg_write nlmsg_relay };
+')
@@ -8652,14 +8652,14 @@
+ gen_require(`
+ attribute can_set_audit;
+ attribute can_set_auditctl;
-+ attribute can_send_audit_msg;
++ attribute can_send_audit_msgs;
+ attribute can_set_loginuid;
+ ')
+
+ typeattribute $1 can_set_loginuid;
+ typeattribute $1 can_set_audit;
+ typeattribute $1 can_set_auditctl;
-+ typeattribute $1 can_send_audit_msg;
++ typeattribute $1 can_send_audit_msgs;
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.6.4/policy/modules/system/logging.te
@@ -8672,7 +8672,7 @@
+attribute can_set_audit;
+attribute can_set_auditctl;
+attribute can_set_loginuid;
-+attribute can_send_audit_msg;
++attribute can_send_audit_msgs;
type auditctl_t;
type auditctl_exec_t;
@@ -8698,8 +8698,8 @@
+neverallow ~{ can_set_loginuid can_set_audit } self:capability audit_control;
+neverallow ~can_set_audit self:netlink_audit_socket nlmsg_write;
+neverallow ~can_set_auditctl self:netlink_audit_socket nlmsg_readpriv;
-+neverallow ~can_send_audit_msg self:capability audit_write;
-+neverallow ~can_send_audit_msg self:netlink_audit_socket nlmsg_relay;
++neverallow ~can_send_audit_msgs self:capability audit_write;
++neverallow ~can_send_audit_msgs self:netlink_audit_socket nlmsg_relay;
+
########################################
#
@@ -9272,7 +9272,7 @@
allow newrole_t self:unix_dgram_socket sendto;
allow newrole_t self:unix_stream_socket { create_stream_socket_perms connectto };
-allow newrole_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
-+logging_send_audit_msg(newrole_t)
++logging_send_audit_msgs(newrole_t)
read_files_pattern(newrole_t,selinux_config_t,selinux_config_t)
read_lnk_files_pattern(newrole_t,selinux_config_t,selinux_config_t)
@@ -9338,7 +9338,7 @@
allow run_init_t self:capability setuid;
allow run_init_t self:fifo_file rw_file_perms;
-allow run_init_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
-+logging_send_audit_msg(run_init_t)
++logging_send_audit_msgs(run_init_t)
# often the administrator runs such programs from a directory that is owned
# by a different user or has restrictive SE permissions, do not want to audit
@@ -9355,7 +9355,7 @@
allow semanage_t self:unix_stream_socket create_stream_socket_perms;
allow semanage_t self:unix_dgram_socket create_socket_perms;
-allow semanage_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
-+logging_send_audit_msg(semanage_t)
++logging_send_audit_msgs(semanage_t)
allow semanage_t policy_config_t:file { read write };
More information about the scm-commits
mailing list