rpms/selinux-policy/devel policy-20070703.patch, 1.4, 1.5 selinux-policy.spec, 1.470, 1.471
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Wed Jul 11 20:45:06 UTC 2007
- Previous message: rpms/selinux-policy/F-7 modules-targeted.conf, 1.60, 1.61 policy-20070501.patch, 1.33, 1.34 selinux-policy.spec, 1.476, 1.477
- Next message: rpms/hippo-canvas/F-7 .cvsignore, 1.5, 1.6 hippo-canvas.spec, 1.7, 1.8 sources, 1.5, 1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19639
Modified Files:
policy-20070703.patch selinux-policy.spec
Log Message:
* Wed Jul 11 2007 Dan Walsh <dwalsh at redhat.com> 3.0.2-5
- Add new devices
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20070703.patch,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- policy-20070703.patch 11 Jul 2007 19:44:56 -0000 1.4
+++ policy-20070703.patch 11 Jul 2007 20:45:02 -0000 1.5
@@ -1924,8 +1924,25 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.0.2/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2007-06-15 14:54:30.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/kernel/devices.fc 2007-07-11 10:06:28.000000000 -0400
-@@ -127,3 +127,7 @@
++++ serefpolicy-3.0.2/policy/modules/kernel/devices.fc 2007-07-11 16:42:08.000000000 -0400
+@@ -53,7 +53,7 @@
+ /dev/radio.* -c gen_context(system_u:object_r:v4l_device_t,s0)
+ /dev/random -c gen_context(system_u:object_r:random_device_t,s0)
+ /dev/raw1394.* -c gen_context(system_u:object_r:v4l_device_t,s0)
+-/dev/(misc/)?rtc -c gen_context(system_u:object_r:clock_device_t,s0)
++/dev/(misc/)?rtc[0-9]* -c gen_context(system_u:object_r:clock_device_t,s0)
+ /dev/sequencer -c gen_context(system_u:object_r:sound_device_t,s0)
+ /dev/sequencer2 -c gen_context(system_u:object_r:sound_device_t,s0)
+ /dev/smpte.* -c gen_context(system_u:object_r:sound_device_t,s0)
+@@ -65,6 +65,7 @@
+ /dev/tlk[0-3] -c gen_context(system_u:object_r:v4l_device_t,s0)
+ /dev/urandom -c gen_context(system_u:object_r:urandom_device_t,s0)
+ /dev/usbdev.* -c gen_context(system_u:object_r:usb_device_t,s0)
++/dev/usb[0-9]+ -c gen_context(system_u:object_r:usb_device_t,s0)
+ /dev/usblp.* -c gen_context(system_u:object_r:printer_device_t,s0)
+ ifdef(`distro_suse', `
+ /dev/usbscanner -c gen_context(system_u:object_r:scanner_device_t,s0)
+@@ -127,3 +128,7 @@
/var/named/chroot/dev/random -c gen_context(system_u:object_r:random_device_t,s0)
/var/named/chroot/dev/zero -c gen_context(system_u:object_r:zero_device_t,s0)
')
@@ -2436,6 +2453,17 @@
typeattribute $1 fixed_disk_raw_write;
')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.fc serefpolicy-3.0.2/policy/modules/kernel/terminal.fc
+--- nsaserefpolicy/policy/modules/kernel/terminal.fc 2007-05-29 14:10:48.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/kernel/terminal.fc 2007-07-11 16:39:30.000000000 -0400
+@@ -8,6 +8,7 @@
+ /dev/dcbri[0-9]+ -c gen_context(system_u:object_r:tty_device_t,s0)
+ /dev/hvc.* -c gen_context(system_u:object_r:tty_device_t,s0)
+ /dev/hvsi.* -c gen_context(system_u:object_r:tty_device_t,s0)
++/dev/i2c[^/]* -c gen_context(system_u:object_r:tty_device_t,s0)
+ /dev/ircomm[0-9]+ -c gen_context(system_u:object_r:tty_device_t,s0)
+ /dev/ip2[^/]* -c gen_context(system_u:object_r:tty_device_t,s0)
+ /dev/isdn.* -c gen_context(system_u:object_r:tty_device_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.te serefpolicy-3.0.2/policy/modules/kernel/terminal.te
--- nsaserefpolicy/policy/modules/kernel/terminal.te 2007-06-15 14:54:30.000000000 -0400
+++ serefpolicy-3.0.2/policy/modules/kernel/terminal.te 2007-07-11 10:06:28.000000000 -0400
@@ -3544,7 +3572,7 @@
+/var/lib/misc(/.*)? gen_context(system_u:object_r:system_crond_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.0.2/policy/modules/services/cron.if
--- nsaserefpolicy/policy/modules/services/cron.if 2007-07-03 07:06:27.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/services/cron.if 2007-07-11 10:06:28.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/services/cron.if 2007-07-11 15:52:10.000000000 -0400
@@ -35,6 +35,7 @@
#
template(`cron_per_role_template',`
@@ -3666,6 +3694,32 @@
tunable_policy(`fcron_crond',`
# fcron wants an instant update of a crontab change for the administrator
+@@ -439,6 +421,25 @@
+
+ ########################################
+ ## <summary>
++## Read temporary files from cron.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`cron_read_tmp_files',`
++ gen_require(`
++ type crond_tmp_t;
++ ')
++
++ files_search_tmp($1)
++ allow $1 crond_tmp_t:file read_file_perms;
++')
++
++########################################
++## <summary>
+ ## Read, and write cron daemon TCP sockets.
+ ## </summary>
+ ## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.0.2/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2007-07-03 07:06:27.000000000 -0400
+++ serefpolicy-3.0.2/policy/modules/services/cron.te 2007-07-11 10:06:28.000000000 -0400
@@ -4994,7 +5048,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.0.2/policy/modules/services/mta.te
--- nsaserefpolicy/policy/modules/services/mta.te 2007-07-03 07:06:27.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/services/mta.te 2007-07-11 10:06:28.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/services/mta.te 2007-07-11 15:52:32.000000000 -0400
@@ -27,6 +27,7 @@
type sendmail_exec_t;
@@ -5048,6 +5102,14 @@
')
optional_policy(`
+@@ -73,6 +103,7 @@
+
+ optional_policy(`
+ cron_read_system_job_tmp_files(system_mail_t)
++ cron_read_tmp_files(system_mail_t)
+ cron_dontaudit_write_pipes(system_mail_t)
+ ')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.0.2/policy/modules/services/networkmanager.fc
--- nsaserefpolicy/policy/modules/services/networkmanager.fc 2007-05-29 14:10:57.000000000 -0400
+++ serefpolicy-3.0.2/policy/modules/services/networkmanager.fc 2007-07-11 10:06:28.000000000 -0400
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.470
retrieving revision 1.471
diff -u -r1.470 -r1.471
--- selinux-policy.spec 11 Jul 2007 19:44:56 -0000 1.470
+++ selinux-policy.spec 11 Jul 2007 20:45:02 -0000 1.471
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.2
-Release: 4%{?dist}
+Release: 5%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -356,6 +356,9 @@
%endif
%changelog
+* Wed Jul 11 2007 Dan Walsh <dwalsh at redhat.com> 3.0.2-5
+- Add new devices
+
* Tue Jul 10 2007 Dan Walsh <dwalsh at redhat.com> 3.0.2-4
- Add brctl policy
- Previous message: rpms/selinux-policy/F-7 modules-targeted.conf, 1.60, 1.61 policy-20070501.patch, 1.33, 1.34 selinux-policy.spec, 1.476, 1.477
- Next message: rpms/hippo-canvas/F-7 .cvsignore, 1.5, 1.6 hippo-canvas.spec, 1.7, 1.8 sources, 1.5, 1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list