rpms/selinux-policy/devel policy-20070703.patch, 1.1, 1.2 selinux-policy.spec, 1.467, 1.468
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Fri Jul 6 19:09:55 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1319
Modified Files:
policy-20070703.patch selinux-policy.spec
Log Message:
* Fri Jul 6 2007 Dan Walsh <dwalsh at redhat.com> 3.0.2-2
- Allow prelink to read kernel sysctls
policy-20070703.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.1 -r 1.2 policy-20070703.patch
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20070703.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- policy-20070703.patch 3 Jul 2007 19:20:47 -0000 1.1
+++ policy-20070703.patch 6 Jul 2007 19:09:19 -0000 1.2
@@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/guest_u_default_contexts serefpolicy-3.0.2/config/appconfig-strict-mls/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-strict-mls/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/config/appconfig-strict-mls/guest_u_default_contexts 2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/config/appconfig-strict-mls/guest_u_default_contexts 2007-07-03 14:38:10.000000000 -0400
@@ -0,0 +1,4 @@
+system_r:local_login_t:s0 guest_r:guest_t:s0
+system_r:remote_login_t:s0 guest_r:guest_t:s0
@@ -8,7 +8,7 @@
+system_r:crond_t:s0 guest_r:guest_crond_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/staff_u_default_contexts serefpolicy-3.0.2/config/appconfig-strict-mls/staff_u_default_contexts
--- nsaserefpolicy/config/appconfig-strict-mls/staff_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/config/appconfig-strict-mls/staff_u_default_contexts 2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/config/appconfig-strict-mls/staff_u_default_contexts 2007-07-03 14:38:10.000000000 -0400
@@ -0,0 +1,9 @@
+system_r:local_login_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+system_r:remote_login_t:s0 staff_r:staff_t:s0
@@ -21,7 +21,7 @@
+sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/user_u_default_contexts serefpolicy-3.0.2/config/appconfig-strict-mls/user_u_default_contexts
--- nsaserefpolicy/config/appconfig-strict-mls/user_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/config/appconfig-strict-mls/user_u_default_contexts 2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/config/appconfig-strict-mls/user_u_default_contexts 2007-07-03 14:38:10.000000000 -0400
@@ -0,0 +1,7 @@
+system_r:local_login_t:s0 user_r:user_t:s0
+system_r:remote_login_t:s0 user_r:user_t:s0
@@ -32,7 +32,7 @@
+user_r:user_sudo_t:s0 user_r:user_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mcs/default_type serefpolicy-3.0.2/config/appconfig-targeted-mcs/default_type
--- nsaserefpolicy/config/appconfig-targeted-mcs/default_type 2007-05-25 09:09:09.000000000 -0400
-+++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/default_type 2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/default_type 2007-07-03 14:38:10.000000000 -0400
@@ -1 +1,4 @@
system_r:unconfined_t
+sysadm_r:sysadm_t
@@ -40,7 +40,7 @@
+user_r:user_t
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mcs/guest_u_default_contexts serefpolicy-3.0.2/config/appconfig-targeted-mcs/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-targeted-mcs/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/guest_u_default_contexts 2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/guest_u_default_contexts 2007-07-03 14:38:10.000000000 -0400
@@ -0,0 +1,4 @@
+system_r:local_login_t:s0 guest_r:guest_t:s0
+system_r:remote_login_t:s0 guest_r:guest_t:s0
@@ -48,20 +48,20 @@
+system_r:crond_t:s0 guest_r:guest_crond_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mcs/initrc_context serefpolicy-3.0.2/config/appconfig-targeted-mcs/initrc_context
--- nsaserefpolicy/config/appconfig-targeted-mcs/initrc_context 2007-05-25 09:09:09.000000000 -0400
-+++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/initrc_context 2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/initrc_context 2007-07-03 14:38:10.000000000 -0400
@@ -1 +1 @@
-user_u:system_r:initrc_t:s0
+system_u:system_r:initrc_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mcs/seusers serefpolicy-3.0.2/config/appconfig-targeted-mcs/seusers
--- nsaserefpolicy/config/appconfig-targeted-mcs/seusers 2007-05-31 15:35:39.000000000 -0400
-+++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/seusers 2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/seusers 2007-07-03 14:38:10.000000000 -0400
@@ -1,2 +1,2 @@
root:root:s0-mcs_systemhigh
-__default__:user_u:s0
+__default__:system_u:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mcs/staff_u_default_contexts serefpolicy-3.0.2/config/appconfig-targeted-mcs/staff_u_default_contexts
--- nsaserefpolicy/config/appconfig-targeted-mcs/staff_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/staff_u_default_contexts 2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/staff_u_default_contexts 2007-07-03 14:38:10.000000000 -0400
@@ -0,0 +1,9 @@
+system_r:local_login_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+system_r:remote_login_t:s0 staff_r:staff_t:s0
@@ -74,7 +74,7 @@
+sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mcs/user_u_default_contexts serefpolicy-3.0.2/config/appconfig-targeted-mcs/user_u_default_contexts
--- nsaserefpolicy/config/appconfig-targeted-mcs/user_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/user_u_default_contexts 2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/config/appconfig-targeted-mcs/user_u_default_contexts 2007-07-03 14:38:10.000000000 -0400
@@ -0,0 +1,7 @@
+system_r:local_login_t:s0 system_r:unconfined_t:s0 user_r:user_t:s0
+system_r:remote_login_t:s0 system_r:unconfined_t:s0 user_r:user_t:s0
@@ -85,7 +85,7 @@
+user_r:user_sudo_t:s0 system_r:unconfined_t:s0 user_r:user_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.0.2/Makefile
--- nsaserefpolicy/Makefile 2007-05-29 13:53:56.000000000 -0400
-+++ serefpolicy-3.0.2/Makefile 2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/Makefile 2007-07-03 14:38:10.000000000 -0400
@@ -158,8 +158,18 @@
headerdir = $(modpkgdir)/include
docsdir = $(prefix)/share/doc/$(PKGNAME)
@@ -117,7 +117,7 @@
CHECKMODULE += -M
diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 serefpolicy-3.0.2/man/man8/ftpd_selinux.8
--- nsaserefpolicy/man/man8/ftpd_selinux.8 2007-05-25 09:09:10.000000000 -0400
-+++ serefpolicy-3.0.2/man/man8/ftpd_selinux.8 2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/man/man8/ftpd_selinux.8 2007-07-03 14:38:10.000000000 -0400
@@ -12,7 +12,7 @@
.TP
chcon -R -t public_content_t /var/ftp
@@ -129,7 +129,7 @@
.TP
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-3.0.2/policy/flask/access_vectors
--- nsaserefpolicy/policy/flask/access_vectors 2007-06-19 16:23:34.000000000 -0400
-+++ serefpolicy-3.0.2/policy/flask/access_vectors 2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/policy/flask/access_vectors 2007-07-03 14:38:10.000000000 -0400
@@ -598,6 +598,8 @@
shmempwd
shmemgrp
@@ -150,7 +150,7 @@
class key
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.0.2/policy/global_tunables
--- nsaserefpolicy/policy/global_tunables 2007-05-29 14:10:59.000000000 -0400
-+++ serefpolicy-3.0.2/policy/global_tunables 2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/policy/global_tunables 2007-07-03 14:38:10.000000000 -0400
@@ -133,3 +133,10 @@
## </desc>
gen_tunable(write_untrusted_content,false)
@@ -164,7 +164,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-3.0.2/policy/mls
--- nsaserefpolicy/policy/mls 2007-07-03 07:06:36.000000000 -0400
-+++ serefpolicy-3.0.2/policy/mls 2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/policy/mls 2007-07-03 14:38:10.000000000 -0400
@@ -89,12 +89,14 @@
mlsconstrain { file lnk_file fifo_file dir chr_file blk_file sock_file } { write create setattr relabelfrom append unlink link rename mounton }
(( l1 eq l2 ) or
@@ -249,7 +249,7 @@
mlsconstrain association { polmatch }
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te serefpolicy-3.0.2/policy/modules/admin/acct.te
--- nsaserefpolicy/policy/modules/admin/acct.te 2007-05-29 14:10:59.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/admin/acct.te 2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/admin/acct.te 2007-07-03 14:38:10.000000000 -0400
@@ -9,6 +9,7 @@
type acct_t;
type acct_exec_t;
@@ -260,7 +260,7 @@
logging_log_file(acct_data_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc serefpolicy-3.0.2/policy/modules/admin/alsa.fc
--- nsaserefpolicy/policy/modules/admin/alsa.fc 2007-05-29 14:10:59.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/admin/alsa.fc 2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/admin/alsa.fc 2007-07-03 14:38:10.000000000 -0400
@@ -1,4 +1,7 @@
/etc/alsa/pcm(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0)
@@ -271,7 +271,7 @@
+/sbin/alsactl -- gen_context(system_u:object_r:alsa_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-3.0.2/policy/modules/admin/alsa.te
--- nsaserefpolicy/policy/modules/admin/alsa.te 2007-05-29 14:10:59.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/admin/alsa.te 2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/admin/alsa.te 2007-07-03 14:38:10.000000000 -0400
@@ -20,20 +20,24 @@
# Local policy
#
@@ -317,7 +317,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-3.0.2/policy/modules/admin/anaconda.te
--- nsaserefpolicy/policy/modules/admin/anaconda.te 2007-05-29 14:10:59.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/admin/anaconda.te 2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/admin/anaconda.te 2007-07-03 14:38:10.000000000 -0400
@@ -37,10 +37,6 @@
userdom_generic_user_home_dir_filetrans_generic_user_home_content(anaconda_t,{ dir file lnk_file fifo_file sock_file })
@@ -331,7 +331,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-3.0.2/policy/modules/admin/bootloader.te
--- nsaserefpolicy/policy/modules/admin/bootloader.te 2007-05-29 14:10:59.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/admin/bootloader.te 2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/admin/bootloader.te 2007-07-03 14:38:10.000000000 -0400
@@ -182,6 +182,7 @@
optional_policy(`
@@ -342,7 +342,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-3.0.2/policy/modules/admin/consoletype.te
--- nsaserefpolicy/policy/modules/admin/consoletype.te 2007-05-29 14:10:59.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/admin/consoletype.te 2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/admin/consoletype.te 2007-07-03 14:38:10.000000000 -0400
@@ -8,12 +8,21 @@
type consoletype_t;
@@ -389,7 +389,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-3.0.2/policy/modules/admin/kudzu.te
--- nsaserefpolicy/policy/modules/admin/kudzu.te 2007-05-29 14:10:59.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/admin/kudzu.te 2007-07-03 13:08:19.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/admin/kudzu.te 2007-07-03 14:38:10.000000000 -0400
@@ -21,8 +21,8 @@
# Local policy
#
@@ -428,7 +428,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.0.2/policy/modules/admin/logrotate.te
--- nsaserefpolicy/policy/modules/admin/logrotate.te 2007-06-19 16:23:35.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/admin/logrotate.te 2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/admin/logrotate.te 2007-07-03 14:38:10.000000000 -0400
@@ -75,11 +75,13 @@
[...1845 lines suppressed...]
@@ -68,8 +68,9 @@
allow udev_t udev_tbl_t:file manage_file_perms;
dev_filetrans(udev_t,udev_tbl_t,file)
@@ -8948,7 +9048,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.0.2/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2007-06-15 14:54:34.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/system/unconfined.if 2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/system/unconfined.if 2007-07-06 11:59:26.000000000 -0400
@@ -12,14 +12,13 @@
#
interface(`unconfined_domain_noaudit',`
@@ -9000,13 +9100,33 @@
read_files_pattern($1,{ unconfined_home_dir_t unconfined_home_t },unconfined_home_t)
read_lnk_files_pattern($1,{ unconfined_home_dir_t unconfined_home_t },unconfined_home_t)
')
-@@ -601,3 +604,111 @@
+@@ -601,3 +604,131 @@
allow $1 unconfined_tmp_t:file { getattr write append };
')
+
+########################################
+## <summary>
++## manage unconfined users temporary files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`unconfined_manage_tmp_files',`
++ gen_require(`
++ type unconfined_tmp_t;
++ ')
++
++ files_search_tmp($1)
++ manage_files_pattern($1,unconfined_tmp_t,unconfined_tmp_t)
++ read_lnk_files_pattern($1,unconfined_tmp_t,unconfined_tmp_t)
++')
++
++########################################
++## <summary>
+## Allow ptrace of unconfined domain
+## </summary>
+## <param name="domain">
@@ -9114,7 +9234,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.0.2/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2007-06-15 14:54:34.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/system/unconfined.te 2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/system/unconfined.te 2007-07-03 14:38:10.000000000 -0400
@@ -5,30 +5,36 @@
#
# Declarations
@@ -9293,7 +9413,7 @@
+corecmd_exec_all_executables(unconfined_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.2/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-07-03 07:06:32.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/system/userdomain.if 2007-07-03 14:20:25.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/system/userdomain.if 2007-07-03 14:38:10.000000000 -0400
@@ -62,6 +62,10 @@
allow $1_t $1_tty_device_t:chr_file { setattr rw_chr_file_perms };
@@ -10029,7 +10149,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.0.2/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2007-07-03 07:06:32.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/system/userdomain.te 2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/system/userdomain.te 2007-07-03 14:38:10.000000000 -0400
@@ -74,6 +74,9 @@
# users home directory contents
attribute home_type;
@@ -10174,7 +10294,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.0.2/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2007-07-03 07:06:32.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/system/xen.te 2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/system/xen.te 2007-07-03 14:38:10.000000000 -0400
@@ -176,6 +176,7 @@
files_manage_etc_runtime_files(xend_t)
files_etc_filetrans_etc_runtime(xend_t,file)
@@ -10208,17 +10328,17 @@
+fs_read_nfs_symlinks(xend_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.fc serefpolicy-3.0.2/policy/modules/users/guest.fc
--- nsaserefpolicy/policy/modules/users/guest.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/guest.fc 2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/guest.fc 2007-07-03 14:38:10.000000000 -0400
@@ -0,0 +1 @@
+# No guest file contexts.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.if serefpolicy-3.0.2/policy/modules/users/guest.if
--- nsaserefpolicy/policy/modules/users/guest.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/guest.if 2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/guest.if 2007-07-03 14:38:10.000000000 -0400
@@ -0,0 +1 @@
+## <summary>Policy for guest user</summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.te serefpolicy-3.0.2/policy/modules/users/guest.te
--- nsaserefpolicy/policy/modules/users/guest.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/guest.te 2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/guest.te 2007-07-03 14:38:10.000000000 -0400
@@ -0,0 +1,127 @@
+policy_module(guest,1.0.0)
+
@@ -10349,17 +10469,17 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.fc serefpolicy-3.0.2/policy/modules/users/logadm.fc
--- nsaserefpolicy/policy/modules/users/logadm.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/logadm.fc 2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/logadm.fc 2007-07-03 14:38:10.000000000 -0400
@@ -0,0 +1 @@
+# No logadm file contexts.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.if serefpolicy-3.0.2/policy/modules/users/logadm.if
--- nsaserefpolicy/policy/modules/users/logadm.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/logadm.if 2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/logadm.if 2007-07-03 14:38:10.000000000 -0400
@@ -0,0 +1 @@
+## <summary>Policy for logadm user</summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.te serefpolicy-3.0.2/policy/modules/users/logadm.te
--- nsaserefpolicy/policy/modules/users/logadm.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/logadm.te 2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/logadm.te 2007-07-03 14:38:10.000000000 -0400
@@ -0,0 +1,33 @@
+policy_module(logadm,1.0.0)
+
@@ -10396,22 +10516,22 @@
+files_dontaudit_getattr_all_files(logadm_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/metadata.xml serefpolicy-3.0.2/policy/modules/users/metadata.xml
--- nsaserefpolicy/policy/modules/users/metadata.xml 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/metadata.xml 2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/metadata.xml 2007-07-03 14:38:10.000000000 -0400
@@ -0,0 +1 @@
+<summary>Policy modules for users</summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.fc serefpolicy-3.0.2/policy/modules/users/webadm.fc
--- nsaserefpolicy/policy/modules/users/webadm.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/webadm.fc 2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/webadm.fc 2007-07-03 14:38:10.000000000 -0400
@@ -0,0 +1 @@
+# No webadm file contexts.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.if serefpolicy-3.0.2/policy/modules/users/webadm.if
--- nsaserefpolicy/policy/modules/users/webadm.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/webadm.if 2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/webadm.if 2007-07-03 14:38:10.000000000 -0400
@@ -0,0 +1 @@
+## <summary>Policy for webadm user</summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.te serefpolicy-3.0.2/policy/modules/users/webadm.te
--- nsaserefpolicy/policy/modules/users/webadm.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.2/policy/modules/users/webadm.te 2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/users/webadm.te 2007-07-03 14:38:10.000000000 -0400
@@ -0,0 +1,70 @@
+policy_module(webadm,1.0.0)
+
@@ -10485,7 +10605,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.0.2/policy/support/obj_perm_sets.spt
--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2007-05-29 14:10:59.000000000 -0400
-+++ serefpolicy-3.0.2/policy/support/obj_perm_sets.spt 2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/support/obj_perm_sets.spt 2007-07-03 14:38:10.000000000 -0400
@@ -201,7 +201,7 @@
define(`search_dir_perms',`{ getattr search }')
define(`list_dir_perms',`{ getattr search read lock ioctl }')
@@ -10520,7 +10640,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.0.2/policy/users
--- nsaserefpolicy/policy/users 2007-05-31 15:36:08.000000000 -0400
-+++ serefpolicy-3.0.2/policy/users 2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/policy/users 2007-07-06 14:48:00.000000000 -0400
@@ -16,7 +16,7 @@
# and a user process should never be assigned the system user
# identity.
@@ -10539,9 +10659,19 @@
gen_user(staff_u, staff, staff_r sysadm_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
gen_user(sysadm_u, sysadm, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats)
+@@ -36,8 +36,4 @@
+ # role should use the staff_r role instead of the user_r role when
+ # not in the sysadm_r.
+ #
+-ifdef(`direct_sysadm_daemon',`
+- gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
+-',`
+- gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
+-')
++gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.0.2/Rules.modular
--- nsaserefpolicy/Rules.modular 2007-05-25 09:09:10.000000000 -0400
-+++ serefpolicy-3.0.2/Rules.modular 2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/Rules.modular 2007-07-03 14:38:10.000000000 -0400
@@ -167,7 +167,7 @@
# these have to run individually because order matters:
$(verbose) $(GREP) '^sid ' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
@@ -10570,7 +10700,7 @@
clean:
diff --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-3.0.2/support/Makefile.devel
--- nsaserefpolicy/support/Makefile.devel 2007-05-29 13:53:56.000000000 -0400
-+++ serefpolicy-3.0.2/support/Makefile.devel 2007-07-03 13:08:20.000000000 -0400
++++ serefpolicy-3.0.2/support/Makefile.devel 2007-07-03 14:38:10.000000000 -0400
@@ -24,7 +24,7 @@
XMLLINT := $(BINDIR)/xmllint
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.467
retrieving revision 1.468
diff -u -r1.467 -r1.468
--- selinux-policy.spec 3 Jul 2007 19:20:47 -0000 1.467
+++ selinux-policy.spec 6 Jul 2007 19:09:19 -0000 1.468
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.2
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -356,6 +356,9 @@
%endif
%changelog
+* Fri Jul 6 2007 Dan Walsh <dwalsh at redhat.com> 3.0.2-2
+- Allow prelink to read kernel sysctls
+
* Mon Jul 2 2007 Dan Walsh <dwalsh at redhat.com> 3.0.1-5
- Default to user_u:system_r:unconfined_t
More information about the scm-commits
mailing list