rpms/selinux-policy/F-7 policy-20070501.patch,1.32,1.33

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Tue Jul 3 18:37:08 UTC 2007


Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13071

Modified Files:
	policy-20070501.patch 
Log Message:
* Wed Jun 27 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-25
- Rebuild


policy-20070501.patch:

Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -r1.32 -r1.33
--- policy-20070501.patch	3 Jul 2007 17:51:11 -0000	1.32
+++ policy-20070501.patch	3 Jul 2007 18:37:01 -0000	1.33
@@ -365,7 +365,7 @@
 +libs_use_ld_so(amtu_t)
 +libs_use_shared_libs(amtu_t)
 +
-+logging_send_audit_msg(amtu_t)
++logging_send_audit_msgs(amtu_t)
 +
 +optional_policy(`
 +    seutil_use_newrole_fds(amtu_t)
@@ -838,7 +838,7 @@
  	libs_use_shared_libs($1_sudo_t)
  
  	logging_send_syslog_msg($1_sudo_t)
-+	logging_send_audit_msg($1_sudo_t)
++	logging_send_audit_msgs($1_sudo_t)
  
  	miscfiles_read_localization($1_sudo_t)
  
@@ -882,7 +882,7 @@
  	libs_use_ld_so($1_su_t)
  	libs_use_shared_libs($1_su_t)
  
-+	logging_send_audit_msg($1_su_t)
++	logging_send_audit_msgs($1_su_t)
  	logging_send_syslog_msg($1_su_t)
  
  	miscfiles_read_localization($1_su_t)
@@ -916,7 +916,7 @@
  	libs_use_shared_libs($1_su_t)
  
  	logging_send_syslog_msg($1_su_t)
-+	logging_send_audit_msg($1_su_t)
++	logging_send_audit_msgs($1_su_t)
  
  	miscfiles_read_localization($1_su_t)
  
@@ -971,7 +971,7 @@
  corecmd_exec_bin(groupadd_t)
  
  logging_send_syslog_msg(groupadd_t)
-+logging_send_audit_msg(groupadd_t)
++logging_send_audit_msgs(groupadd_t)
  
  miscfiles_read_localization(groupadd_t)
  
@@ -1010,7 +1010,7 @@
  libs_use_shared_libs(passwd_t)
  
  logging_send_syslog_msg(passwd_t)
-+logging_send_audit_msg(passwd_t)
++logging_send_audit_msgs(passwd_t)
  
  miscfiles_read_localization(passwd_t)
  
@@ -1068,7 +1068,7 @@
  libs_use_shared_libs(useradd_t)
  
  logging_send_syslog_msg(useradd_t)
-+logging_send_audit_msg(useradd_t)
++logging_send_audit_msgs(useradd_t)
  
  miscfiles_read_localization(useradd_t)
  
@@ -2463,7 +2463,7 @@
  allow aide_t self:capability { dac_override fowner };
  
 -send_audit_msgs_pattern(aide_t)
-+logging_send_audit_msg(aide_t)
++logging_send_audit_msgs(aide_t)
  
  # database actions
  manage_files_pattern(aide_t,aide_db_t,aide_db_t)
@@ -3559,7 +3559,7 @@
  libs_use_shared_libs(crond_t)
  
  logging_send_syslog_msg(crond_t)
-+logging_send_audit_msg(crond_t)
++logging_send_audit_msgs(crond_t)
 +logging_set_loginuid(crond_t)
  
  seutil_read_config(crond_t)
@@ -3758,7 +3758,7 @@
  libs_read_lib_files(cupsd_t)
  
  logging_send_syslog_msg(cupsd_t)
-+logging_send_audit_msg(cupsd_t)
++logging_send_audit_msgs(cupsd_t)
  
  miscfiles_read_localization(cupsd_t)
  # invoking ghostscript needs to read fonts
@@ -3893,7 +3893,7 @@
  	libs_use_shared_libs($1_dbusd_t)
  
  	logging_send_syslog_msg($1_dbusd_t)
-+	logging_send_audit_msg($1_dbusd_t)
++	logging_send_audit_msgs($1_dbusd_t)
  
  	miscfiles_read_localization($1_dbusd_t)
  
@@ -3985,7 +3985,7 @@
  libs_use_shared_libs(system_dbusd_t)
  
  logging_send_syslog_msg(system_dbusd_t)
-+logging_send_audit_msg(system_dbusd_t)
++logging_send_audit_msgs(system_dbusd_t)
  
  miscfiles_read_localization(system_dbusd_t)
  miscfiles_read_certs(system_dbusd_t)
@@ -4169,7 +4169,7 @@
  kernel_read_system_state(dovecot_auth_t)
  
 +logging_send_syslog_msg(dovecot_auth_t)
-+logging_send_audit_msg(dovecot_auth_t)
++logging_send_audit_msgs(dovecot_auth_t)
 +
  dev_read_urand(dovecot_auth_t)
  
@@ -4257,7 +4257,7 @@
  libs_use_ld_so(ftpd_t)
  libs_use_shared_libs(ftpd_t)
  
-+logging_send_audit_msg(ftpd_t)
++logging_send_audit_msgs(ftpd_t)
 +logging_set_loginuid(ftpd_t)
  logging_send_syslog_msg(ftpd_t)
  
@@ -4443,7 +4443,7 @@
  libs_exec_ld_so(hald_t)
  libs_exec_lib_files(hald_t)
  
-+logging_send_audit_msg(hald_t)
++logging_send_audit_msgs(hald_t)
  logging_send_syslog_msg(hald_t)
  logging_search_logs(hald_t)
  
@@ -5562,7 +5562,7 @@
  
  optional_policy(`
  	logging_send_syslog_msg(pegasus_t)
-+	logging_send_audit_msg(pegasus_t)
++	logging_send_audit_msgs(pegasus_t)
  ')
  
  optional_policy(`
@@ -6900,7 +6900,7 @@
  
  logging_send_syslog_msg(saslauthd_t)
 -
-+logging_send_audit_msg(saslauthd_t)
++logging_send_audit_msgs(saslauthd_t)
  miscfiles_read_localization(saslauthd_t)
  miscfiles_read_certs(saslauthd_t)
  
@@ -7513,7 +7513,7 @@
  	libs_use_shared_libs($1_chkpwd_t)
  
  	logging_send_syslog_msg($1_chkpwd_t)
-+	logging_send_audit_msg($1_chkpwd_t)
++	logging_send_audit_msgs($1_chkpwd_t)
  
  	miscfiles_read_localization($1_chkpwd_t)
  
@@ -7527,7 +7527,7 @@
  
  	# cjp: is this really needed?
 -	allow $2 self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
-+	logging_send_audit_msg($2)
++	logging_send_audit_msgs($2)
 +	logging_set_loginuid($2)
  
  	dontaudit $2 shadow_t:file { getattr read };
@@ -7576,7 +7576,7 @@
 +	auth_keyring_domain($1)
 +	allow $1 keyring_type:key { search link };
 +
-+	logging_send_audit_msg($1)
++	logging_send_audit_msgs($1)
 +
  	# for SSP/ProPolice
  	dev_read_urand($1)
@@ -7810,7 +7810,7 @@
  # System check password local policy
  #
  
-+logging_send_audit_msg(system_chkpwd_t)
++logging_send_audit_msgs(system_chkpwd_t)
 +
  allow system_chkpwd_t shadow_t:file { getattr read };
  
@@ -7879,7 +7879,7 @@
  libs_use_shared_libs(hwclock_t)
  
  logging_send_syslog_msg(hwclock_t)
-+logging_send_audit_msg(hwclock_t)
++logging_send_audit_msgs(hwclock_t)
  
  miscfiles_read_localization(hwclock_t)
  
@@ -8307,7 +8307,7 @@
  allow racoon_t self:netlink_selinux_socket { bind create read };
  allow racoon_t self:udp_socket create_socket_perms;
  allow racoon_t self:key_socket { create read setopt write };
-+logging_send_audit_msg(racoon_t)
++logging_send_audit_msgs(racoon_t)
  
  # manage pid file
  manage_files_pattern(racoon_t,ipsec_var_run_t,ipsec_var_run_t)
@@ -8555,12 +8555,12 @@
 +##	</summary>
 +## </param>
 +#
-+interface(`logging_send_audit_msg',`
++interface(`logging_send_audit_msgs',`
 +	gen_require(`
-+		attribute can_send_audit_msg;
++		attribute can_send_audit_msgs;
 +	')
 +
-+	typeattribute $1 can_send_audit_msg;
++	typeattribute $1 can_send_audit_msgs;
 +	allow $1 self:capability audit_write;
 +	allow $1 self:netlink_audit_socket { create_socket_perms nlmsg_read nlmsg_relay };
 +')
@@ -8578,10 +8578,10 @@
 +interface(`logging_set_loginuid',`
 +	gen_require(`
 +		attribute can_set_loginuid;
-+		attribute can_send_audit_msg;
++		attribute can_send_audit_msgs;
 +	')
 +
-+	typeattribute $1 can_set_loginuid, can_send_audit_msg;
++	typeattribute $1 can_set_loginuid, can_send_audit_msgs;
 +
 +	allow $1 self:capability audit_control;
 +	allow $1 self:netlink_audit_socket { create_socket_perms nlmsg_read nlmsg_relay };
@@ -8600,10 +8600,10 @@
 +interface(`logging_set_audit',`
 +	gen_require(`
 +		attribute can_set_audit;
-+		attribute can_send_audit_msg;
++		attribute can_send_audit_msgs;
 +	')
 +
-+	typeattribute $1  can_set_audit, can_send_audit_msg;
++	typeattribute $1  can_set_audit, can_send_audit_msgs;
 +	allow $1 self:capability { audit_write audit_control };
 +	allow $1 self:netlink_audit_socket { create_socket_perms nlmsg_read nlmsg_write nlmsg_relay };
 +')
@@ -8652,14 +8652,14 @@
 +	gen_require(`
 +		attribute can_set_audit;
 +		attribute can_set_auditctl;
-+		attribute can_send_audit_msg;
++		attribute can_send_audit_msgs;
 +		attribute can_set_loginuid;
 +	')
 +
 +	typeattribute $1 can_set_loginuid;
 +	typeattribute $1 can_set_audit;
 +	typeattribute $1 can_set_auditctl;
-+	typeattribute $1 can_send_audit_msg;
++	typeattribute $1 can_send_audit_msgs;
 +')
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.6.4/policy/modules/system/logging.te
@@ -8672,7 +8672,7 @@
 +attribute can_set_audit;
 +attribute can_set_auditctl;
 +attribute can_set_loginuid;
-+attribute can_send_audit_msg;
++attribute can_send_audit_msgs;
  
  type auditctl_t;
  type auditctl_exec_t;
@@ -8698,8 +8698,8 @@
 +neverallow ~{ can_set_loginuid can_set_audit } self:capability audit_control;
 +neverallow ~can_set_audit self:netlink_audit_socket nlmsg_write;
 +neverallow ~can_set_auditctl self:netlink_audit_socket nlmsg_readpriv;
-+neverallow ~can_send_audit_msg self:capability audit_write;
-+neverallow ~can_send_audit_msg  self:netlink_audit_socket nlmsg_relay;
++neverallow ~can_send_audit_msgs self:capability audit_write;
++neverallow ~can_send_audit_msgs  self:netlink_audit_socket nlmsg_relay;
 +
  ########################################
  #
@@ -9272,7 +9272,7 @@
  allow newrole_t self:unix_dgram_socket sendto;
  allow newrole_t self:unix_stream_socket { create_stream_socket_perms connectto };
 -allow newrole_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
-+logging_send_audit_msg(newrole_t)
++logging_send_audit_msgs(newrole_t)
  
  read_files_pattern(newrole_t,selinux_config_t,selinux_config_t)
  read_lnk_files_pattern(newrole_t,selinux_config_t,selinux_config_t)
@@ -9338,7 +9338,7 @@
  allow run_init_t self:capability setuid;
  allow run_init_t self:fifo_file rw_file_perms;
 -allow run_init_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
-+logging_send_audit_msg(run_init_t)
++logging_send_audit_msgs(run_init_t)
  
  # often the administrator runs such programs from a directory that is owned
  # by a different user or has restrictive SE permissions, do not want to audit
@@ -9355,7 +9355,7 @@
  allow semanage_t self:unix_stream_socket create_stream_socket_perms;
  allow semanage_t self:unix_dgram_socket create_socket_perms;
 -allow semanage_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
-+logging_send_audit_msg(semanage_t)
++logging_send_audit_msgs(semanage_t)
  
  allow semanage_t policy_config_t:file { read write };
  




More information about the scm-commits mailing list