rpms/selinux-policy/devel policy-20070703.patch,1.8,1.9
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Mon Jul 16 15:54:23 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2254
Modified Files:
policy-20070703.patch
Log Message:
* Sat Jul 14 2007 Dan Walsh <dwalsh at redhat.com> 3.0.2-8
- Fix moilscanner update problem
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20070703.patch,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- policy-20070703.patch 14 Jul 2007 12:56:45 -0000 1.8
+++ policy-20070703.patch 16 Jul 2007 15:54:21 -0000 1.9
@@ -1297,7 +1297,7 @@
## This is a templated interface, and should only
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.0.2/policy/modules/apps/java.if
--- nsaserefpolicy/policy/modules/apps/java.if 2007-07-03 07:05:43.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/apps/java.if 2007-07-13 14:03:39.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/apps/java.if 2007-07-16 11:47:57.000000000 -0400
@@ -32,7 +32,7 @@
## </summary>
## </param>
@@ -1317,7 +1317,7 @@
allow $1_javaplugin_t $2:fd use;
# Unrestricted inheritance from the caller.
allow $2 $1_javaplugin_t:process { noatsecure siginh rlimitinh };
-@@ -168,6 +167,50 @@
+@@ -168,6 +167,51 @@
optional_policy(`
xserver_user_client_template($1,$1_javaplugin_t,$1_javaplugin_tmpfs_t)
')
@@ -1354,6 +1354,7 @@
+template(`java_per_role_template',`
+ gen_require(`
+ type java_exec_t;
++ attribute $1_usertype;
+ ')
+
+ type $1_java_t;
@@ -1368,7 +1369,7 @@
')
########################################
-@@ -221,3 +264,66 @@
+@@ -221,3 +265,66 @@
corecmd_search_bin($1)
domtrans_pattern($1, java_exec_t, java_t)
')
@@ -1449,8 +1450,8 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.0.2/policy/modules/apps/mono.if
--- nsaserefpolicy/policy/modules/apps/mono.if 2007-05-29 14:10:48.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/apps/mono.if 2007-07-13 09:58:46.000000000 -0400
-@@ -18,3 +18,95 @@
++++ serefpolicy-3.0.2/policy/modules/apps/mono.if 2007-07-16 11:48:24.000000000 -0400
+@@ -18,3 +18,96 @@
corecmd_search_bin($1)
domtrans_pattern($1, mono_exec_t, mono_t)
')
@@ -1534,6 +1535,7 @@
+template(`mono_per_role_template',`
+ gen_require(`
+ type mono_exec_t;
++ attribute $1_usertype;
+ ')
+
+ type $1_mono_t;
@@ -5579,16 +5581,16 @@
/usr/lib/postfix/cleanup -- gen_context(system_u:object_r:postfix_cleanup_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.0.2/policy/modules/services/postfix.if
--- nsaserefpolicy/policy/modules/services/postfix.if 2007-07-03 07:06:27.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/services/postfix.if 2007-07-13 08:07:53.000000000 -0400
-@@ -118,6 +118,8 @@
- allow postfix_$1_t self:udp_socket create_socket_perms;
++++ serefpolicy-3.0.2/policy/modules/services/postfix.if 2007-07-16 09:34:02.000000000 -0400
+@@ -41,6 +41,8 @@
+ allow postfix_$1_t self:unix_stream_socket connectto;
- domtrans_pattern(postfix_master_t, postfix_$1_exec_t, postfix_$1_t)
+ allow postfix_master_t postfix_$1_t:process signal;
+ #https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244456
+ allow postfix_$1_t postfix_master_t:file read;
- corenet_all_recvfrom_unlabeled(postfix_$1_t)
- corenet_all_recvfrom_netlabel(postfix_$1_t)
+ allow postfix_$1_t postfix_etc_t:dir list_dir_perms;
+ read_files_pattern(postfix_$1_t,postfix_etc_t,postfix_etc_t)
@@ -132,10 +134,8 @@
corenet_tcp_connect_all_ports(postfix_$1_t)
corenet_sendrecv_all_client_packets(postfix_$1_t)
@@ -6013,8 +6015,17 @@
fs_search_auto_mountpoints($1_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.0.2/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2007-07-03 07:06:27.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/services/rpc.te 2007-07-13 08:07:53.000000000 -0400
-@@ -76,9 +76,11 @@
++++ serefpolicy-3.0.2/policy/modules/services/rpc.te 2007-07-16 11:49:47.000000000 -0400
+@@ -59,6 +59,8 @@
+ manage_files_pattern(rpcd_t,rpcd_var_run_t,rpcd_var_run_t)
+ files_pid_filetrans(rpcd_t,rpcd_var_run_t,file)
+
++corecmd_exec_bin(rpcd_t)
++
+ kernel_read_system_state(rpcd_t)
+ kernel_search_network_state(rpcd_t)
+ # for rpc.rquotad
+@@ -76,9 +78,11 @@
miscfiles_read_certs(rpcd_t)
seutil_dontaudit_search_config(rpcd_t)
@@ -6026,7 +6037,7 @@
')
########################################
-@@ -91,9 +93,13 @@
+@@ -91,9 +95,13 @@
allow nfsd_t exports_t:file { getattr read };
allow nfsd_t { nfsd_rw_t nfsd_ro_t }:dir list_dir_perms;
@@ -6040,7 +6051,7 @@
corenet_tcp_bind_all_rpc_ports(nfsd_t)
corenet_udp_bind_all_rpc_ports(nfsd_t)
-@@ -123,6 +129,7 @@
+@@ -123,6 +131,7 @@
tunable_policy(`nfs_export_all_rw',`
fs_read_noxattr_fs_files(nfsd_t)
auth_manage_all_files_except_shadow(nfsd_t)
@@ -6048,7 +6059,7 @@
')
tunable_policy(`nfs_export_all_ro',`
-@@ -143,6 +150,8 @@
+@@ -143,6 +152,8 @@
manage_files_pattern(gssd_t,gssd_tmp_t,gssd_tmp_t)
files_tmp_filetrans(gssd_t, gssd_tmp_t, { file dir })
@@ -6057,7 +6068,7 @@
kernel_read_network_state(gssd_t)
kernel_read_network_state_symlinks(gssd_t)
kernel_search_network_sysctl(gssd_t)
-@@ -158,6 +167,11 @@
+@@ -158,6 +169,11 @@
miscfiles_read_certs(gssd_t)
@@ -9756,7 +9767,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.0.2/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2007-06-15 14:54:34.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/system/unconfined.te 2007-07-13 08:07:54.000000000 -0400
++++ serefpolicy-3.0.2/policy/modules/system/unconfined.te 2007-07-16 11:53:43.000000000 -0400
@@ -5,30 +5,36 @@
#
# Declarations
@@ -9882,7 +9893,7 @@
')
optional_policy(`
-@@ -157,18 +145,6 @@
+@@ -157,22 +145,12 @@
optional_policy(`
postfix_run_map(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
@@ -9901,7 +9912,13 @@
')
optional_policy(`
-@@ -182,10 +158,6 @@
+ rpm_run(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
++ # Allow SELinux aware applications to request rpm_script execution
++ rpm_transition_script(unconfined_t)
+ ')
+
+ optional_policy(`
+@@ -182,10 +160,6 @@
')
optional_policy(`
@@ -9912,7 +9929,7 @@
sysnet_run_dhcpc(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
sysnet_dbus_chat_dhcpc(unconfined_t)
')
-@@ -207,7 +179,7 @@
+@@ -207,7 +181,7 @@
')
optional_policy(`
@@ -9921,7 +9938,7 @@
')
optional_policy(`
-@@ -229,6 +201,12 @@
+@@ -229,6 +203,12 @@
unconfined_dbus_chat(unconfined_execmem_t)
optional_policy(`
More information about the scm-commits
mailing list