rpms/selinux-policy/devel policy-20070703.patch, 1.1, 1.2 selinux-policy.spec, 1.467, 1.468

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Fri Jul 6 19:09:55 UTC 2007 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1319

Modified Files:
	policy-20070703.patch selinux-policy.spec 
Log Message:
* Fri Jul 6 2007 Dan Walsh <dwalsh at redhat.com> 3.0.2-2
- Allow prelink to read kernel sysctls


policy-20070703.patch:

View full diff with command:
/usr/bin/cvs -f diff  -kk -u -N -r 1.1 -r 1.2 policy-20070703.patch
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20070703.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- policy-20070703.patch	3 Jul 2007 19:20:47 -0000	1.1
+++ policy-20070703.patch	6 Jul 2007 19:09:19 -0000	1.2
@@ -1,6 +1,6 @@
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/guest_u_default_contexts serefpolicy-3.0.2/config/appconfig-strict-mls/guest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-strict-mls/guest_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/config/appconfig-strict-mls/guest_u_default_contexts	2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/config/appconfig-strict-mls/guest_u_default_contexts	2007-07-03 14:38:10.000000000 -0400
 @@ -0,0 +1,4 @@
 +system_r:local_login_t:s0	guest_r:guest_t:s0
 +system_r:remote_login_t:s0	guest_r:guest_t:s0
@@ -8,7 +8,7 @@
 +system_r:crond_t:s0		guest_r:guest_crond_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/staff_u_default_contexts serefpolicy-3.0.2/config/appconfig-strict-mls/staff_u_default_contexts
 --- nsaserefpolicy/config/appconfig-strict-mls/staff_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/config/appconfig-strict-mls/staff_u_default_contexts	2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/config/appconfig-strict-mls/staff_u_default_contexts	2007-07-03 14:38:10.000000000 -0400
 @@ -0,0 +1,9 @@
 +system_r:local_login_t:s0	staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
 +system_r:remote_login_t:s0	staff_r:staff_t:s0
@@ -21,7 +21,7 @@
 +sysadm_r:sysadm_sudo_t:s0	sysadm_r:sysadm_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/user_u_default_contexts serefpolicy-3.0.2/config/appconfig-strict-mls/user_u_default_contexts
 --- nsaserefpolicy/config/appconfig-strict-mls/user_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/config/appconfig-strict-mls/user_u_default_contexts	2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/config/appconfig-strict-mls/user_u_default_contexts	2007-07-03 14:38:10.000000000 -0400
 @@ -0,0 +1,7 @@
 +system_r:local_login_t:s0	user_r:user_t:s0
 +system_r:remote_login_t:s0	user_r:user_t:s0
@@ -32,7 +32,7 @@
 +user_r:user_sudo_t:s0		user_r:user_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mcs/default_type serefpolicy-3.0.2/config/appconfig-targeted-mcs/default_type
 --- nsaserefpolicy/config/appconfig-targeted-mcs/default_type	2007-05-25 09:09:09.000000000 -0400
-+++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/default_type	2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/default_type	2007-07-03 14:38:10.000000000 -0400
 @@ -1 +1,4 @@
  system_r:unconfined_t
 +sysadm_r:sysadm_t
@@ -40,7 +40,7 @@
 +user_r:user_t
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mcs/guest_u_default_contexts serefpolicy-3.0.2/config/appconfig-targeted-mcs/guest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-targeted-mcs/guest_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/guest_u_default_contexts	2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/guest_u_default_contexts	2007-07-03 14:38:10.000000000 -0400
 @@ -0,0 +1,4 @@
 +system_r:local_login_t:s0	guest_r:guest_t:s0
 +system_r:remote_login_t:s0	guest_r:guest_t:s0
@@ -48,20 +48,20 @@
 +system_r:crond_t:s0		guest_r:guest_crond_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mcs/initrc_context serefpolicy-3.0.2/config/appconfig-targeted-mcs/initrc_context
 --- nsaserefpolicy/config/appconfig-targeted-mcs/initrc_context	2007-05-25 09:09:09.000000000 -0400
-+++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/initrc_context	2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/initrc_context	2007-07-03 14:38:10.000000000 -0400
 @@ -1 +1 @@
 -user_u:system_r:initrc_t:s0
 +system_u:system_r:initrc_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mcs/seusers serefpolicy-3.0.2/config/appconfig-targeted-mcs/seusers
 --- nsaserefpolicy/config/appconfig-targeted-mcs/seusers	2007-05-31 15:35:39.000000000 -0400
-+++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/seusers	2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/seusers	2007-07-03 14:38:10.000000000 -0400
 @@ -1,2 +1,2 @@
  root:root:s0-mcs_systemhigh
 -__default__:user_u:s0
 +__default__:system_u:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mcs/staff_u_default_contexts serefpolicy-3.0.2/config/appconfig-targeted-mcs/staff_u_default_contexts
 --- nsaserefpolicy/config/appconfig-targeted-mcs/staff_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/staff_u_default_contexts	2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/staff_u_default_contexts	2007-07-03 14:38:10.000000000 -0400
 @@ -0,0 +1,9 @@
 +system_r:local_login_t:s0	staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
 +system_r:remote_login_t:s0	staff_r:staff_t:s0
@@ -74,7 +74,7 @@
 +sysadm_r:sysadm_sudo_t:s0	sysadm_r:sysadm_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mcs/user_u_default_contexts serefpolicy-3.0.2/config/appconfig-targeted-mcs/user_u_default_contexts
 --- nsaserefpolicy/config/appconfig-targeted-mcs/user_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/user_u_default_contexts	2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/user_u_default_contexts	2007-07-03 14:38:10.000000000 -0400
 @@ -0,0 +1,7 @@
 +system_r:local_login_t:s0	system_r:unconfined_t:s0 user_r:user_t:s0
 +system_r:remote_login_t:s0	system_r:unconfined_t:s0 user_r:user_t:s0
@@ -85,7 +85,7 @@
 +user_r:user_sudo_t:s0		system_r:unconfined_t:s0 user_r:user_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.0.2/Makefile
 --- nsaserefpolicy/Makefile	2007-05-29 13:53:56.000000000 -0400
-+++ serefpolicy-3.0.2/Makefile	2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/Makefile	2007-07-03 14:38:10.000000000 -0400
 @@ -158,8 +158,18 @@
  headerdir = $(modpkgdir)/include
  docsdir = $(prefix)/share/doc/$(PKGNAME)
@@ -117,7 +117,7 @@
  	CHECKMODULE += -M
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 serefpolicy-3.0.2/man/man8/ftpd_selinux.8
 --- nsaserefpolicy/man/man8/ftpd_selinux.8	2007-05-25 09:09:10.000000000 -0400
-+++ serefpolicy-3.0.2/man/man8/ftpd_selinux.8	2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/man/man8/ftpd_selinux.8	2007-07-03 14:38:10.000000000 -0400
 @@ -12,7 +12,7 @@
  .TP
  chcon -R -t public_content_t /var/ftp
@@ -129,7 +129,7 @@
  .TP
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-3.0.2/policy/flask/access_vectors
 --- nsaserefpolicy/policy/flask/access_vectors	2007-06-19 16:23:34.000000000 -0400
-+++ serefpolicy-3.0.2/policy/flask/access_vectors	2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/policy/flask/access_vectors	2007-07-03 14:38:10.000000000 -0400
 @@ -598,6 +598,8 @@
  	shmempwd
  	shmemgrp
@@ -150,7 +150,7 @@
  class key
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.0.2/policy/global_tunables
 --- nsaserefpolicy/policy/global_tunables	2007-05-29 14:10:59.000000000 -0400
-+++ serefpolicy-3.0.2/policy/global_tunables	2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/policy/global_tunables	2007-07-03 14:38:10.000000000 -0400
 @@ -133,3 +133,10 @@
  ## </desc>
  gen_tunable(write_untrusted_content,false)
@@ -164,7 +164,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-3.0.2/policy/mls
 --- nsaserefpolicy/policy/mls	2007-07-03 07:06:36.000000000 -0400
-+++ serefpolicy-3.0.2/policy/mls	2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/policy/mls	2007-07-03 14:38:10.000000000 -0400
 @@ -89,12 +89,14 @@
  mlsconstrain { file lnk_file fifo_file dir chr_file blk_file sock_file } { write create setattr relabelfrom append unlink link rename mounton }
  	(( l1 eq l2 ) or
@@ -249,7 +249,7 @@
  mlsconstrain association { polmatch }
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te serefpolicy-3.0.2/policy/modules/admin/acct.te
 --- nsaserefpolicy/policy/modules/admin/acct.te	2007-05-29 14:10:59.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/admin/acct.te	2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/admin/acct.te	2007-07-03 14:38:10.000000000 -0400
 @@ -9,6 +9,7 @@
  type acct_t;
  type acct_exec_t;
@@ -260,7 +260,7 @@
  logging_log_file(acct_data_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc serefpolicy-3.0.2/policy/modules/admin/alsa.fc
 --- nsaserefpolicy/policy/modules/admin/alsa.fc	2007-05-29 14:10:59.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/admin/alsa.fc	2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/admin/alsa.fc	2007-07-03 14:38:10.000000000 -0400
 @@ -1,4 +1,7 @@
  
  /etc/alsa/pcm(/.*)?		gen_context(system_u:object_r:alsa_etc_rw_t,s0)
@@ -271,7 +271,7 @@
 +/sbin/alsactl 		--	gen_context(system_u:object_r:alsa_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-3.0.2/policy/modules/admin/alsa.te
 --- nsaserefpolicy/policy/modules/admin/alsa.te	2007-05-29 14:10:59.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/admin/alsa.te	2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/admin/alsa.te	2007-07-03 14:38:10.000000000 -0400
 @@ -20,20 +20,24 @@
  # Local policy
  #
@@ -317,7 +317,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-3.0.2/policy/modules/admin/anaconda.te
 --- nsaserefpolicy/policy/modules/admin/anaconda.te	2007-05-29 14:10:59.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/admin/anaconda.te	2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/admin/anaconda.te	2007-07-03 14:38:10.000000000 -0400
 @@ -37,10 +37,6 @@
  userdom_generic_user_home_dir_filetrans_generic_user_home_content(anaconda_t,{ dir file lnk_file fifo_file sock_file })
  
@@ -331,7 +331,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-3.0.2/policy/modules/admin/bootloader.te
 --- nsaserefpolicy/policy/modules/admin/bootloader.te	2007-05-29 14:10:59.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/admin/bootloader.te	2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/admin/bootloader.te	2007-07-03 14:38:10.000000000 -0400
 @@ -182,6 +182,7 @@
  
  optional_policy(`
@@ -342,7 +342,7 @@
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-3.0.2/policy/modules/admin/consoletype.te
 --- nsaserefpolicy/policy/modules/admin/consoletype.te	2007-05-29 14:10:59.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/admin/consoletype.te	2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/admin/consoletype.te	2007-07-03 14:38:10.000000000 -0400
 @@ -8,12 +8,21 @@
  
  type consoletype_t;
@@ -389,7 +389,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-3.0.2/policy/modules/admin/kudzu.te
 --- nsaserefpolicy/policy/modules/admin/kudzu.te	2007-05-29 14:10:59.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/admin/kudzu.te	2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/admin/kudzu.te	2007-07-03 14:38:10.000000000 -0400
 @@ -21,8 +21,8 @@
  # Local policy
  #
@@ -428,7 +428,7 @@
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.0.2/policy/modules/admin/logrotate.te
 --- nsaserefpolicy/policy/modules/admin/logrotate.te	2007-06-19 16:23:35.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/admin/logrotate.te	2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/admin/logrotate.te	2007-07-03 14:38:10.000000000 -0400
 @@ -75,11 +75,13 @@
[...1845 lines suppressed...]
 @@ -68,8 +68,9 @@
  allow udev_t udev_tbl_t:file manage_file_perms;
  dev_filetrans(udev_t,udev_tbl_t,file)
@@ -8948,7 +9048,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.0.2/policy/modules/system/unconfined.if
 --- nsaserefpolicy/policy/modules/system/unconfined.if	2007-06-15 14:54:34.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/system/unconfined.if	2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/system/unconfined.if	2007-07-06 11:59:26.000000000 -0400
 @@ -12,14 +12,13 @@
  #
  interface(`unconfined_domain_noaudit',`
@@ -9000,13 +9100,33 @@
  	read_files_pattern($1,{ unconfined_home_dir_t unconfined_home_t },unconfined_home_t)
  	read_lnk_files_pattern($1,{ unconfined_home_dir_t unconfined_home_t },unconfined_home_t)
  ')
-@@ -601,3 +604,111 @@
+@@ -601,3 +604,131 @@
  
  	allow $1 unconfined_tmp_t:file { getattr write append };
  ')
 +
 +########################################
 +## <summary>
++##	manage unconfined users temporary files.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`unconfined_manage_tmp_files',`
++	gen_require(`
++		type unconfined_tmp_t;
++	')
++
++	files_search_tmp($1)
++	manage_files_pattern($1,unconfined_tmp_t,unconfined_tmp_t)
++	read_lnk_files_pattern($1,unconfined_tmp_t,unconfined_tmp_t)
++')
++
++########################################
++## <summary>
 +##	Allow ptrace of unconfined domain
 +## </summary>
 +## <param name="domain">
@@ -9114,7 +9234,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.0.2/policy/modules/system/unconfined.te
 --- nsaserefpolicy/policy/modules/system/unconfined.te	2007-06-15 14:54:34.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/system/unconfined.te	2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/system/unconfined.te	2007-07-03 14:38:10.000000000 -0400
 @@ -5,30 +5,36 @@
  #
  # Declarations
@@ -9293,7 +9413,7 @@
 +corecmd_exec_all_executables(unconfined_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.2/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2007-07-03 07:06:32.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/system/userdomain.if	2007-07-03 14:20:25.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/system/userdomain.if	2007-07-03 14:38:10.000000000 -0400
 @@ -62,6 +62,10 @@
  
  	allow $1_t $1_tty_device_t:chr_file { setattr rw_chr_file_perms };
@@ -10029,7 +10149,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.0.2/policy/modules/system/userdomain.te
 --- nsaserefpolicy/policy/modules/system/userdomain.te	2007-07-03 07:06:32.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/system/userdomain.te	2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/system/userdomain.te	2007-07-03 14:38:10.000000000 -0400
 @@ -74,6 +74,9 @@
  # users home directory contents
  attribute home_type;
@@ -10174,7 +10294,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.0.2/policy/modules/system/xen.te
 --- nsaserefpolicy/policy/modules/system/xen.te	2007-07-03 07:06:32.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/system/xen.te	2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/system/xen.te	2007-07-03 14:38:10.000000000 -0400
 @@ -176,6 +176,7 @@
  files_manage_etc_runtime_files(xend_t)
  files_etc_filetrans_etc_runtime(xend_t,file)
@@ -10208,17 +10328,17 @@
 +fs_read_nfs_symlinks(xend_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.fc serefpolicy-3.0.2/policy/modules/users/guest.fc
 --- nsaserefpolicy/policy/modules/users/guest.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/guest.fc	2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/guest.fc	2007-07-03 14:38:10.000000000 -0400
 @@ -0,0 +1 @@
 +# No guest file contexts.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.if serefpolicy-3.0.2/policy/modules/users/guest.if
 --- nsaserefpolicy/policy/modules/users/guest.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/guest.if	2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/guest.if	2007-07-03 14:38:10.000000000 -0400
 @@ -0,0 +1 @@
 +## <summary>Policy for guest user</summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.te serefpolicy-3.0.2/policy/modules/users/guest.te
 --- nsaserefpolicy/policy/modules/users/guest.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/guest.te	2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/guest.te	2007-07-03 14:38:10.000000000 -0400
 @@ -0,0 +1,127 @@
 +policy_module(guest,1.0.0)
 +
@@ -10349,17 +10469,17 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.fc serefpolicy-3.0.2/policy/modules/users/logadm.fc
 --- nsaserefpolicy/policy/modules/users/logadm.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/logadm.fc	2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/logadm.fc	2007-07-03 14:38:10.000000000 -0400
 @@ -0,0 +1 @@
 +# No logadm file contexts.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.if serefpolicy-3.0.2/policy/modules/users/logadm.if
 --- nsaserefpolicy/policy/modules/users/logadm.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/logadm.if	2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/logadm.if	2007-07-03 14:38:10.000000000 -0400
 @@ -0,0 +1 @@
 +## <summary>Policy for logadm user</summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.te serefpolicy-3.0.2/policy/modules/users/logadm.te
 --- nsaserefpolicy/policy/modules/users/logadm.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/logadm.te	2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/logadm.te	2007-07-03 14:38:10.000000000 -0400
 @@ -0,0 +1,33 @@
 +policy_module(logadm,1.0.0)
 +
@@ -10396,22 +10516,22 @@
 +files_dontaudit_getattr_all_files(logadm_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/metadata.xml serefpolicy-3.0.2/policy/modules/users/metadata.xml
 --- nsaserefpolicy/policy/modules/users/metadata.xml	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/metadata.xml	2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/metadata.xml	2007-07-03 14:38:10.000000000 -0400
 @@ -0,0 +1 @@
 +<summary>Policy modules for users</summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.fc serefpolicy-3.0.2/policy/modules/users/webadm.fc
 --- nsaserefpolicy/policy/modules/users/webadm.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/webadm.fc	2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/webadm.fc	2007-07-03 14:38:10.000000000 -0400
 @@ -0,0 +1 @@
 +# No webadm file contexts.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.if serefpolicy-3.0.2/policy/modules/users/webadm.if
 --- nsaserefpolicy/policy/modules/users/webadm.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/webadm.if	2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/webadm.if	2007-07-03 14:38:10.000000000 -0400
 @@ -0,0 +1 @@
 +## <summary>Policy for webadm user</summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.te serefpolicy-3.0.2/policy/modules/users/webadm.te
 --- nsaserefpolicy/policy/modules/users/webadm.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/webadm.te	2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/webadm.te	2007-07-03 14:38:10.000000000 -0400
 @@ -0,0 +1,70 @@
 +policy_module(webadm,1.0.0)
 +
@@ -10485,7 +10605,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.0.2/policy/support/obj_perm_sets.spt
 --- nsaserefpolicy/policy/support/obj_perm_sets.spt	2007-05-29 14:10:59.000000000 -0400
-+++ serefpolicy-3.0.2/policy/support/obj_perm_sets.spt	2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/support/obj_perm_sets.spt	2007-07-03 14:38:10.000000000 -0400
 @@ -201,7 +201,7 @@
  define(`search_dir_perms',`{ getattr search }')
  define(`list_dir_perms',`{ getattr search read lock ioctl }')
@@ -10520,7 +10640,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.0.2/policy/users
 --- nsaserefpolicy/policy/users	2007-05-31 15:36:08.000000000 -0400
-+++ serefpolicy-3.0.2/policy/users	2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/users	2007-07-06 14:48:00.000000000 -0400
 @@ -16,7 +16,7 @@
  # and a user process should never be assigned the system user
  # identity.
@@ -10539,9 +10659,19 @@
  gen_user(staff_u, staff, staff_r sysadm_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
  gen_user(sysadm_u, sysadm, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats)
  
+@@ -36,8 +36,4 @@
+ # role should use the staff_r role instead of the user_r role when
+ # not in the sysadm_r.
+ #
+-ifdef(`direct_sysadm_daemon',`
+-	gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
+-',`
+-	gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
+-')
++gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.0.2/Rules.modular
 --- nsaserefpolicy/Rules.modular	2007-05-25 09:09:10.000000000 -0400
-+++ serefpolicy-3.0.2/Rules.modular	2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/Rules.modular	2007-07-03 14:38:10.000000000 -0400
 @@ -167,7 +167,7 @@
  # these have to run individually because order matters:
  	$(verbose) $(GREP) '^sid ' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
@@ -10570,7 +10700,7 @@
  clean:
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-3.0.2/support/Makefile.devel
 --- nsaserefpolicy/support/Makefile.devel	2007-05-29 13:53:56.000000000 -0400
-+++ serefpolicy-3.0.2/support/Makefile.devel	2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/support/Makefile.devel	2007-07-03 14:38:10.000000000 -0400
 @@ -24,7 +24,7 @@
  XMLLINT := $(BINDIR)/xmllint
  


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.467
retrieving revision 1.468
diff -u -r1.467 -r1.468
--- selinux-policy.spec	3 Jul 2007 19:20:47 -0000	1.467
+++ selinux-policy.spec	6 Jul 2007 19:09:19 -0000	1.468
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.0.2
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -356,6 +356,9 @@
 %endif
 
 %changelog
+* Fri Jul 6 2007 Dan Walsh <dwalsh at redhat.com> 3.0.2-2
+- Allow prelink to read kernel sysctls
+
 * Mon Jul 2 2007 Dan Walsh <dwalsh at redhat.com> 3.0.1-5
 - Default to user_u:system_r:unconfined_t

More information about the scm-commits mailing list