rpms/selinux-policy/devel policy-20070703.patch,1.8,1.9

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Mon Jul 16 15:54:23 UTC 2007 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2254

Modified Files:
	policy-20070703.patch 
Log Message:
* Sat Jul 14 2007 Dan Walsh <dwalsh at redhat.com> 3.0.2-8
- Fix moilscanner update problem


policy-20070703.patch:

Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20070703.patch,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- policy-20070703.patch	14 Jul 2007 12:56:45 -0000	1.8
+++ policy-20070703.patch	16 Jul 2007 15:54:21 -0000	1.9
@@ -1297,7 +1297,7 @@
  ##	This is a templated interface, and should only
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.0.2/policy/modules/apps/java.if
 --- nsaserefpolicy/policy/modules/apps/java.if	2007-07-03 07:05:43.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/apps/java.if	2007-07-13 14:03:39.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/apps/java.if	2007-07-16 11:47:57.000000000 -0400
 @@ -32,7 +32,7 @@
  ##	</summary>
  ## </param>
@@ -1317,7 +1317,7 @@
  	allow $1_javaplugin_t $2:fd use;
  	# Unrestricted inheritance from the caller.
  	allow $2 $1_javaplugin_t:process { noatsecure siginh rlimitinh };
-@@ -168,6 +167,50 @@
+@@ -168,6 +167,51 @@
  	optional_policy(`
  		xserver_user_client_template($1,$1_javaplugin_t,$1_javaplugin_tmpfs_t)
  	')
@@ -1354,6 +1354,7 @@
 +template(`java_per_role_template',`
 +	gen_require(`
 +		type java_exec_t;
++		attribute $1_usertype;
 +	')
 +
 +	type $1_java_t;
@@ -1368,7 +1369,7 @@
  ')
  
  ########################################
-@@ -221,3 +264,66 @@
+@@ -221,3 +265,66 @@
  	corecmd_search_bin($1)
  	domtrans_pattern($1, java_exec_t, java_t)
  ')
@@ -1449,8 +1450,8 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.0.2/policy/modules/apps/mono.if
 --- nsaserefpolicy/policy/modules/apps/mono.if	2007-05-29 14:10:48.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/apps/mono.if	2007-07-13 09:58:46.000000000 -0400
-@@ -18,3 +18,95 @@
++++ serefpolicy-3.0.2/policy/modules/apps/mono.if	2007-07-16 11:48:24.000000000 -0400
+@@ -18,3 +18,96 @@
  	corecmd_search_bin($1)
  	domtrans_pattern($1, mono_exec_t, mono_t)
  ')
@@ -1534,6 +1535,7 @@
 +template(`mono_per_role_template',`
 +	gen_require(`
 +		type mono_exec_t;
++		attribute $1_usertype;
 +	')
 +
 +	type $1_mono_t;
@@ -5579,16 +5581,16 @@
  /usr/lib/postfix/cleanup --	gen_context(system_u:object_r:postfix_cleanup_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.0.2/policy/modules/services/postfix.if
 --- nsaserefpolicy/policy/modules/services/postfix.if	2007-07-03 07:06:27.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/services/postfix.if	2007-07-13 08:07:53.000000000 -0400
-@@ -118,6 +118,8 @@
- 	allow postfix_$1_t self:udp_socket create_socket_perms;
++++ serefpolicy-3.0.2/policy/modules/services/postfix.if	2007-07-16 09:34:02.000000000 -0400
+@@ -41,6 +41,8 @@
+ 	allow postfix_$1_t self:unix_stream_socket connectto;
  
- 	domtrans_pattern(postfix_master_t, postfix_$1_exec_t, postfix_$1_t)
+ 	allow postfix_master_t postfix_$1_t:process signal;
 +	#https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244456
 +	allow postfix_$1_t postfix_master_t:file read;
  
- 	corenet_all_recvfrom_unlabeled(postfix_$1_t)
- 	corenet_all_recvfrom_netlabel(postfix_$1_t)
+ 	allow postfix_$1_t postfix_etc_t:dir list_dir_perms;
+ 	read_files_pattern(postfix_$1_t,postfix_etc_t,postfix_etc_t)
 @@ -132,10 +134,8 @@
  	corenet_tcp_connect_all_ports(postfix_$1_t)
  	corenet_sendrecv_all_client_packets(postfix_$1_t)
@@ -6013,8 +6015,17 @@
  	fs_search_auto_mountpoints($1_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.0.2/policy/modules/services/rpc.te
 --- nsaserefpolicy/policy/modules/services/rpc.te	2007-07-03 07:06:27.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/services/rpc.te	2007-07-13 08:07:53.000000000 -0400
-@@ -76,9 +76,11 @@
++++ serefpolicy-3.0.2/policy/modules/services/rpc.te	2007-07-16 11:49:47.000000000 -0400
+@@ -59,6 +59,8 @@
+ manage_files_pattern(rpcd_t,rpcd_var_run_t,rpcd_var_run_t)
+ files_pid_filetrans(rpcd_t,rpcd_var_run_t,file)
+ 
++corecmd_exec_bin(rpcd_t)
++
+ kernel_read_system_state(rpcd_t) 
+ kernel_search_network_state(rpcd_t) 
+ # for rpc.rquotad
+@@ -76,9 +78,11 @@
  miscfiles_read_certs(rpcd_t)
  
  seutil_dontaudit_search_config(rpcd_t)
@@ -6026,7 +6037,7 @@
  ')
  
  ########################################
-@@ -91,9 +93,13 @@
+@@ -91,9 +95,13 @@
  allow nfsd_t exports_t:file { getattr read };
  allow nfsd_t { nfsd_rw_t nfsd_ro_t }:dir list_dir_perms;
  
@@ -6040,7 +6051,7 @@
  
  corenet_tcp_bind_all_rpc_ports(nfsd_t)
  corenet_udp_bind_all_rpc_ports(nfsd_t)
-@@ -123,6 +129,7 @@
+@@ -123,6 +131,7 @@
  tunable_policy(`nfs_export_all_rw',`
  	fs_read_noxattr_fs_files(nfsd_t) 
  	auth_manage_all_files_except_shadow(nfsd_t)
@@ -6048,7 +6059,7 @@
  ')
  
  tunable_policy(`nfs_export_all_ro',`
-@@ -143,6 +150,8 @@
+@@ -143,6 +152,8 @@
  manage_files_pattern(gssd_t,gssd_tmp_t,gssd_tmp_t)
  files_tmp_filetrans(gssd_t, gssd_tmp_t, { file dir })
  
@@ -6057,7 +6068,7 @@
  kernel_read_network_state(gssd_t)
  kernel_read_network_state_symlinks(gssd_t)	
  kernel_search_network_sysctl(gssd_t)	
-@@ -158,6 +167,11 @@
+@@ -158,6 +169,11 @@
  
  miscfiles_read_certs(gssd_t)
  
@@ -9756,7 +9767,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.0.2/policy/modules/system/unconfined.te
 --- nsaserefpolicy/policy/modules/system/unconfined.te	2007-06-15 14:54:34.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/system/unconfined.te	2007-07-13 08:07:54.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/system/unconfined.te	2007-07-16 11:53:43.000000000 -0400
 @@ -5,30 +5,36 @@
  #
  # Declarations
@@ -9882,7 +9893,7 @@
  ')
  
  optional_policy(`
-@@ -157,18 +145,6 @@
+@@ -157,22 +145,12 @@
  
  optional_policy(`
  	postfix_run_map(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
@@ -9901,7 +9912,13 @@
  ')
  
  optional_policy(`
-@@ -182,10 +158,6 @@
+ 	rpm_run(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
++	# Allow SELinux aware applications to request rpm_script execution
++	rpm_transition_script(unconfined_t)
+ ')
+ 
+ optional_policy(`
+@@ -182,10 +160,6 @@
  ')
  
  optional_policy(`
@@ -9912,7 +9929,7 @@
  	sysnet_run_dhcpc(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
  	sysnet_dbus_chat_dhcpc(unconfined_t)
  ')
-@@ -207,7 +179,7 @@
+@@ -207,7 +181,7 @@
  ')
  
  optional_policy(`
@@ -9921,7 +9938,7 @@
  ')
  
  optional_policy(`
-@@ -229,6 +201,12 @@
+@@ -229,6 +203,12 @@
  	unconfined_dbus_chat(unconfined_execmem_t)
  
  	optional_policy(`

More information about the scm-commits mailing list