rpms/selinux-policy/F-7 policy-20070501.patch, 1.24, 1.25 selinux-policy.spec, 1.468, 1.469
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Tue Jun 19 19:55:25 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31450
Modified Files:
policy-20070501.patch selinux-policy.spec
Log Message:
* Tue Jun 19 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-20
- Allow crond to domtrans to uncofined_t
policy-20070501.patch:
Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- policy-20070501.patch 19 Jun 2007 17:59:44 -0000 1.24
+++ policy-20070501.patch 19 Jun 2007 19:55:19 -0000 1.25
@@ -3373,7 +3373,7 @@
# fcron wants an instant update of a crontab change for the administrator
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.6.4/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/cron.te 2007-06-19 13:37:21.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/cron.te 2007-06-19 14:42:30.000000000 -0400
@@ -42,6 +42,9 @@
type cron_log_t;
logging_log_file(cron_log_t)
@@ -3564,13 +3564,14 @@
mrtg_append_create_logs(system_crond_t)
')
-@@ -471,6 +479,13 @@
+@@ -471,6 +479,14 @@
sysstat_manage_log(system_crond_t)
')
+ optional_policy(`
+ unconfined_dbus_send(crond_t)
+ unconfined_domain(crond_t)
++ unconfined_shell_domtrans(crond_t)
+ unconfined_domain(system_crond_t)
+ userdom_priveleged_home_dir_manager(system_crond_t)
+ ')
@@ -5347,7 +5348,7 @@
/usr/libexec/postfix/(n)?qmgr -- gen_context(system_u:object_r:postfix_qmgr_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-2.6.4/policy/modules/services/postfix.if
--- nsaserefpolicy/policy/modules/services/postfix.if 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/postfix.if 2007-06-18 10:20:10.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/postfix.if 2007-06-19 15:11:24.000000000 -0400
@@ -124,6 +124,7 @@
allow postfix_$1_t self:udp_socket create_socket_perms;
@@ -5368,7 +5369,7 @@
')
')
-@@ -274,6 +273,24 @@
+@@ -274,6 +273,42 @@
########################################
## <summary>
@@ -5390,10 +5391,28 @@
+
+########################################
+## <summary>
++## Allow domain to read postfix master process state
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain to not audit.
++## </summary>
++## </param>
++#
++interface(`postfix_read_master_state',`
++ gen_require(`
++ type postfix_master_t;
++ ')
++
++ read_files_pattern($1,postfix_master_t,postfix_master_t)
++')
++
++########################################
++## <summary>
## Do not audit attempts to use
## postfix master process file
## file descriptors.
-@@ -439,6 +456,25 @@
+@@ -439,6 +474,25 @@
########################################
## <summary>
@@ -5419,7 +5438,7 @@
## Execute postfix user mail programs
## in their respective domains.
## </summary>
-@@ -455,3 +491,22 @@
+@@ -455,3 +509,22 @@
typeattribute $1 postfix_user_domtrans;
')
@@ -5588,7 +5607,7 @@
# for scripts
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.6.4/policy/modules/services/procmail.te
--- nsaserefpolicy/policy/modules/services/procmail.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/procmail.te 2007-06-18 10:18:55.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/procmail.te 2007-06-19 15:11:05.000000000 -0400
@@ -10,6 +10,7 @@
type procmail_exec_t;
domain_type(procmail_t)
@@ -5606,7 +5625,7 @@
kernel_read_system_state(procmail_t)
kernel_read_kernel_sysctls(procmail_t)
-@@ -101,9 +104,15 @@
+@@ -101,9 +104,16 @@
')
optional_policy(`
@@ -5619,10 +5638,11 @@
postfix_dontaudit_use_fds(procmail_t)
+ postfix_read_spool_files(procmail_t)
+ postfix_read_local_state(procmail_t)
++ postfix_read_master_state(procmail_t)
')
optional_policy(`
-@@ -119,8 +128,13 @@
+@@ -119,8 +129,13 @@
optional_policy(`
corenet_udp_bind_generic_port(procmail_t)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/selinux-policy.spec,v
retrieving revision 1.468
retrieving revision 1.469
diff -u -r1.468 -r1.469
--- selinux-policy.spec 19 Jun 2007 17:59:44 -0000 1.468
+++ selinux-policy.spec 19 Jun 2007 19:55:20 -0000 1.469
@@ -360,7 +360,7 @@
%endif
%changelog
-* Tue Jun 19 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-19
+* Tue Jun 19 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-20
- Allow crond to domtrans to uncofined_t
* Tue Jun 19 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-18
More information about the scm-commits
mailing list