rpms/selinux-policy/F-7 policy-20070501.patch, 1.27, 1.28 selinux-policy.spec, 1.472, 1.473
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Tue Jun 26 10:17:48 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17991
Modified Files:
policy-20070501.patch selinux-policy.spec
Log Message:
* Tue Jun 26 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-23
- Fix libXComp location
policy-20070501.patch:
Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- policy-20070501.patch 22 Jun 2007 19:15:52 -0000 1.27
+++ policy-20070501.patch 26 Jun 2007 10:17:42 -0000 1.28
@@ -3003,7 +3003,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.te serefpolicy-2.6.4/policy/modules/services/apcupsd.te
--- nsaserefpolicy/policy/modules/services/apcupsd.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/apcupsd.te 2007-06-19 09:29:01.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/apcupsd.te 2007-06-25 06:31:10.000000000 -0400
@@ -16,6 +16,9 @@
type apcupsd_log_t;
logging_log_file(apcupsd_log_t)
@@ -3673,7 +3673,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-2.6.4/policy/modules/services/cups.fc
--- nsaserefpolicy/policy/modules/services/cups.fc 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/cups.fc 2007-06-18 10:18:55.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/cups.fc 2007-06-25 06:30:05.000000000 -0400
@@ -8,6 +8,7 @@
/etc/cups/ppd/.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
/etc/cups/ppds\.dat -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -3682,9 +3682,14 @@
/etc/cups/certs -d gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
/etc/cups/certs/.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
+@@ -52,3 +53,4 @@
+ /var/run/ptal-mlcd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
+
+ /var/spool/cups(/.*)? gen_context(system_u:object_r:print_spool_t,mls_systemhigh)
++/usr/local/Brother/inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,mls_systemhigh)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.6.4/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/cups.te 2007-06-19 09:01:44.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/cups.te 2007-06-25 06:32:44.000000000 -0400
@@ -93,8 +93,6 @@
# generic socket here until appletalk socket is available in kernels
allow cupsd_t self:socket create_socket_perms;
@@ -3714,7 +3719,15 @@
auth_dontaudit_read_pam_pid(cupsd_t)
# Filter scripts may be shell scripts, and may invoke progs like /bin/mktemp
-@@ -214,6 +215,7 @@
+@@ -207,6 +208,7 @@
+ selinux_compute_access_vector(cupsd_t)
+
+ init_exec_script_files(cupsd_t)
++init_dontaudit_rw_utmp(cupsd_t)
+
+ libs_use_ld_so(cupsd_t)
+ libs_use_shared_libs(cupsd_t)
+@@ -214,6 +216,7 @@
libs_read_lib_files(cupsd_t)
logging_send_syslog_msg(cupsd_t)
@@ -3722,7 +3735,7 @@
miscfiles_read_localization(cupsd_t)
# invoking ghostscript needs to read fonts
-@@ -223,6 +225,7 @@
+@@ -223,6 +226,7 @@
sysnet_read_config(cupsd_t)
@@ -3730,7 +3743,7 @@
userdom_dontaudit_use_unpriv_user_fds(cupsd_t)
userdom_dontaudit_search_all_users_home_content(cupsd_t)
-@@ -284,6 +287,10 @@
+@@ -284,6 +288,10 @@
')
optional_policy(`
@@ -3741,7 +3754,7 @@
nscd_socket_use(cupsd_t)
')
-@@ -294,6 +301,10 @@
+@@ -294,6 +302,10 @@
')
optional_policy(`
@@ -5825,6 +5838,18 @@
+optional_policy(`
+ samba_read_var_files(radiusd_t)
+')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.te serefpolicy-2.6.4/policy/modules/services/radvd.te
+--- nsaserefpolicy/policy/modules/services/radvd.te 2007-05-07 14:50:57.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/radvd.te 2007-06-25 05:49:58.000000000 -0400
+@@ -34,7 +34,7 @@
+ files_pid_filetrans(radvd_t,radvd_var_run_t,file)
+
+ kernel_read_kernel_sysctls(radvd_t)
+-kernel_read_net_sysctls(radvd_t)
++kernel_rw_net_sysctls(radvd_t)
+ kernel_read_network_state(radvd_t)
+ kernel_read_system_state(radvd_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb.te serefpolicy-2.6.4/policy/modules/services/rhgb.te
--- nsaserefpolicy/policy/modules/services/rhgb.te 2007-05-07 14:51:01.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/services/rhgb.te 2007-06-18 10:18:55.000000000 -0400
@@ -8113,8 +8138,8 @@
manage_files_pattern(racoon_t,ipsec_var_run_t,ipsec_var_run_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-2.6.4/policy/modules/system/iptables.te
--- nsaserefpolicy/policy/modules/system/iptables.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/iptables.te 2007-06-18 10:18:55.000000000 -0400
-@@ -56,6 +56,7 @@
++++ serefpolicy-2.6.4/policy/modules/system/iptables.te 2007-06-25 06:53:48.000000000 -0400
+@@ -56,11 +56,13 @@
domain_use_interactive_fds(iptables_t)
files_read_etc_files(iptables_t)
@@ -8122,7 +8147,13 @@
init_use_fds(iptables_t)
init_use_script_ptys(iptables_t)
-@@ -112,3 +113,7 @@
+ # to allow rules to be saved on reboot:
+ init_rw_script_tmp_files(iptables_t)
++init_rw_script_stream_sockets(iptables_t)
+
+ libs_use_ld_so(iptables_t)
+ libs_use_shared_libs(iptables_t)
+@@ -112,3 +114,7 @@
optional_policy(`
udev_read_db(iptables_t)
')
@@ -8132,7 +8163,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.6.4/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/libraries.fc 2007-06-22 09:06:18.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/libraries.fc 2007-06-26 06:05:01.000000000 -0400
@@ -81,8 +81,8 @@
/opt/cisco-vpnclient/lib/libvpnapi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/opt/netbeans(.*/)?jdk.*/linux/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -8165,8 +8196,8 @@
/usr/(local/)?lib(64)?/(sse2/)?libfame-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/NX/lib/libXcomp\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/NX/lib/libjpeg\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/usr/lib/NX/libXcomp\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/usr/lib/NX/libjpeg\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib/nx/libXcomp\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib/nx/libjpeg\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/X11R6/lib/libGL\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/X11R6/lib/libXvMCNVIDIA\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/selinux-policy.spec,v
retrieving revision 1.472
retrieving revision 1.473
diff -u -r1.472 -r1.473
--- selinux-policy.spec 22 Jun 2007 19:15:52 -0000 1.472
+++ selinux-policy.spec 26 Jun 2007 10:17:42 -0000 1.473
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.6.4
-Release: 22%{?dist}
+Release: 23%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -360,7 +360,8 @@
%endif
%changelog
-* Thu Jun 21 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-22
+* Tue Jun 26 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-23
+- Fix libXComp location
* Wed Jun 20 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-21
- Still fixing cron
More information about the scm-commits
mailing list