rpms/selinux-policy/devel policy-20070525.patch,1.2,1.3
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Tue Jun 26 10:17:00 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17749
Modified Files:
policy-20070525.patch
Log Message:
* Fri May 25 2007 Dan Walsh <dwalsh at redhat.com> 3.0.1-1
- Remove ifdef strict policy from upstream
policy-20070525.patch:
Index: policy-20070525.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20070525.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- policy-20070525.patch 22 Jun 2007 19:21:00 -0000 1.2
+++ policy-20070525.patch 26 Jun 2007 10:16:54 -0000 1.3
@@ -2747,8 +2747,6 @@
#
# usbtty_device_t is the type of /dev/usr/tty*
#
-Binary files nsaserefpolicy/policy/modules/services/afs.pp and serefpolicy-3.0.1/policy/modules/services/afs.pp differ
-Binary files nsaserefpolicy/policy/modules/services/aide.pp and serefpolicy-3.0.1/policy/modules/services/aide.pp differ
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.if serefpolicy-3.0.1/policy/modules/services/amavis.if
--- nsaserefpolicy/policy/modules/services/amavis.if 2007-05-29 14:10:57.000000000 -0400
+++ serefpolicy-3.0.1/policy/modules/services/amavis.if 2007-06-21 05:35:11.000000000 -0400
@@ -2775,7 +2773,6 @@
+ allow $1 amavis_var_run_t:file create_file_perms;
+ files_search_pids($1)
+')
-Binary files nsaserefpolicy/policy/modules/services/amavis.pp and serefpolicy-3.0.1/policy/modules/services/amavis.pp differ
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-3.0.1/policy/modules/services/amavis.te
--- nsaserefpolicy/policy/modules/services/amavis.te 2007-05-29 14:10:57.000000000 -0400
+++ serefpolicy-3.0.1/policy/modules/services/amavis.te 2007-06-21 05:35:33.000000000 -0400
@@ -3089,7 +3086,6 @@
+ allow $1 httpd_bugzilla_content_t:dir search_dir_perms;
+')
+
-Binary files nsaserefpolicy/policy/modules/services/apache.pp and serefpolicy-3.0.1/policy/modules/services/apache.pp differ
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.0.1/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2007-06-11 16:05:30.000000000 -0400
+++ serefpolicy-3.0.1/policy/modules/services/apache.te 2007-06-19 17:06:27.000000000 -0400
@@ -3461,7 +3457,6 @@
+ allow httpd_apcupsd_cgi_script_t $1:fifo_file rw_file_perms;
+ allow httpd_apcupsd_cgi_script_t $1:process sigchld;
+')
-Binary files nsaserefpolicy/policy/modules/services/apcupsd.pp and serefpolicy-3.0.1/policy/modules/services/apcupsd.pp differ
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.te serefpolicy-3.0.1/policy/modules/services/apcupsd.te
--- nsaserefpolicy/policy/modules/services/apcupsd.te 2007-05-30 11:47:29.000000000 -0400
+++ serefpolicy-3.0.1/policy/modules/services/apcupsd.te 2007-06-19 17:06:27.000000000 -0400
@@ -3732,7 +3727,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.0.1/policy/modules/services/consolekit.te
--- nsaserefpolicy/policy/modules/services/consolekit.te 2007-05-29 14:10:57.000000000 -0400
-+++ serefpolicy-3.0.1/policy/modules/services/consolekit.te 2007-06-21 10:49:23.000000000 -0400
++++ serefpolicy-3.0.1/policy/modules/services/consolekit.te 2007-06-23 06:03:21.000000000 -0400
@@ -10,7 +10,6 @@
type consolekit_exec_t;
init_daemon_domain(consolekit_t, consolekit_exec_t)
@@ -3749,7 +3744,15 @@
manage_files_pattern(consolekit_t,consolekit_var_run_t,consolekit_var_run_t)
files_pid_filetrans(consolekit_t,consolekit_var_run_t, file)
-@@ -50,8 +48,15 @@
+@@ -38,6 +36,7 @@
+
+ domain_read_all_domains_state(consolekit_t)
+ domain_use_interactive_fds(consolekit_t)
++domain_dontaudit_ptrace_all_domains(consolekit_t)
+
+ files_read_etc_files(consolekit_t)
+ # needs to read /var/lib/dbus/machine-id
+@@ -50,8 +49,15 @@
libs_use_ld_so(consolekit_t)
libs_use_shared_libs(consolekit_t)
@@ -3765,7 +3768,7 @@
optional_policy(`
dbus_system_bus_client_template(consolekit, consolekit_t)
dbus_send_system_bus(consolekit_t)
-@@ -62,9 +67,17 @@
+@@ -62,9 +68,17 @@
optional_policy(`
unconfined_dbus_chat(consolekit_t)
')
@@ -8128,9 +8131,20 @@
# manage pid file
manage_files_pattern(racoon_t,ipsec_var_run_t,ipsec_var_run_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.0.1/policy/modules/system/iptables.te
+--- nsaserefpolicy/policy/modules/system/iptables.te 2007-06-15 14:54:34.000000000 -0400
++++ serefpolicy-3.0.1/policy/modules/system/iptables.te 2007-06-25 06:54:25.000000000 -0400
+@@ -62,6 +62,7 @@
+ init_use_script_ptys(iptables_t)
+ # to allow rules to be saved on reboot:
+ init_rw_script_tmp_files(iptables_t)
++init_rw_script_stream_sockets(iptables_t)
+
+ libs_use_ld_so(iptables_t)
+ libs_use_shared_libs(iptables_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.0.1/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2007-06-15 14:54:34.000000000 -0400
-+++ serefpolicy-3.0.1/policy/modules/system/libraries.fc 2007-06-22 09:05:47.000000000 -0400
++++ serefpolicy-3.0.1/policy/modules/system/libraries.fc 2007-06-26 06:05:08.000000000 -0400
@@ -158,8 +158,11 @@
/usr/(local/)?.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
/usr/(local/)?lib(64)?/wine/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -8138,8 +8152,8 @@
+
/usr/NX/lib/libXcomp\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/NX/lib/libjpeg\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/usr/lib/NX/libXcomp\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/usr/lib/NX/libjpeg\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib/nx/libXcomp\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib/nx/libjpeg\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/X11R6/lib/libGL\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/X11R6/lib/libXvMCNVIDIA\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
More information about the scm-commits
mailing list