rpms/selinux-policy/devel modules-targeted.conf, 1.60, 1.61 policy-20070518.patch, 1.2, 1.3 selinux-policy.spec, 1.458, 1.459
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Thu May 31 18:37:36 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29313
Modified Files:
modules-targeted.conf policy-20070518.patch
selinux-policy.spec
Log Message:
* Fri May 25 2007 Dan Walsh <dwalsh at redhat.com> 3.0.1-1
- Remove ifdef strict policy from upstream
Index: modules-targeted.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/modules-targeted.conf,v
retrieving revision 1.60
retrieving revision 1.61
diff -u -r1.60 -r1.61
--- modules-targeted.conf 21 May 2007 18:54:40 -0000 1.60
+++ modules-targeted.conf 31 May 2007 18:37:01 -0000 1.61
@@ -1229,7 +1229,7 @@
#
# The unconfined domain.
#
-unconfined = base
+unconfined = module
# Layer: apps
# Module: wine
@@ -1463,3 +1463,10 @@
#
rpcbind = module
+# Layer: apps
+# Module: vmware
+#
+# VMWare Workstation virtual machines
+#
+vmware = module
+
policy-20070518.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.2 -r 1.3 policy-20070518.patch
Index: policy-20070518.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20070518.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- policy-20070518.patch 23 May 2007 18:35:37 -0000 1.2
+++ policy-20070518.patch 31 May 2007 18:37:01 -0000 1.3
@@ -226,8 +226,17 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-2.6.5/policy/modules/admin/amanda.te
--- nsaserefpolicy/policy/modules/admin/amanda.te 2007-03-26 10:39:08.000000000 -0400
-+++ serefpolicy-2.6.5/policy/modules/admin/amanda.te 2007-05-23 11:17:15.000000000 -0400
-@@ -85,7 +85,7 @@
++++ serefpolicy-2.6.5/policy/modules/admin/amanda.te 2007-05-25 08:29:31.000000000 -0400
+@@ -70,7 +70,7 @@
+
+ allow amanda_t self:capability { chown dac_override setuid kill };
+ allow amanda_t self:process { setpgid signal };
+-allow amanda_t self:fifo_file { getattr read write ioctl lock };
++allow amanda_t self:fifo_file rw_fifo_file_perms;
+ allow amanda_t self:unix_stream_socket create_stream_socket_perms;
+ allow amanda_t self:unix_dgram_socket create_socket_perms;
+ allow amanda_t self:tcp_socket create_stream_socket_perms;
+@@ -85,18 +85,22 @@
# access to amandas data structure
allow amanda_t amanda_data_t:dir { read search write };
@@ -236,7 +245,12 @@
# access to amanda_dumpdates_t
allow amanda_t amanda_dumpdates_t:file { getattr lock read write };
-@@ -97,6 +97,9 @@
+
+ can_exec(amanda_t,amanda_exec_t)
++can_exec(amanda_t,amanda_inetd_exec_t)
+
+ # access to amanda_gnutarlists_t (/var/lib/amanda/gnutar-lists)
+ allow amanda_t amanda_gnutarlists_t:dir rw_dir_perms;
allow amanda_t amanda_gnutarlists_t:file manage_file_perms;
allow amanda_t amanda_gnutarlists_t:lnk_file manage_file_perms;
@@ -953,9 +967,28 @@
hal_rw_pid_files(vbetool_t)
+ hal_write_log(vbetool_t)
')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cdrecord.te serefpolicy-2.6.5/policy/modules/apps/cdrecord.te
+--- nsaserefpolicy/policy/modules/apps/cdrecord.te 2007-04-23 09:35:56.000000000 -0400
++++ serefpolicy-2.6.5/policy/modules/apps/cdrecord.te 2007-05-25 08:57:00.000000000 -0400
+@@ -6,7 +6,6 @@
+ # Declarations
+ #
+
+-ifdef(`strict_policy',`
+ ## <desc>
+ ## <p>
+ ## Allow cdrecord to read various content.
+@@ -15,7 +14,6 @@
+ ## </p>
+ ## </desc>
+ gen_tunable(cdrecord_read_content,false)
+-')
+
+ type cdrecord_exec_t;
+ corecmd_executable_file(cdrecord_exec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-2.6.5/policy/modules/apps/gnome.if
--- nsaserefpolicy/policy/modules/apps/gnome.if 2007-02-19 11:32:52.000000000 -0500
-+++ serefpolicy-2.6.5/policy/modules/apps/gnome.if 2007-05-22 14:41:13.000000000 -0400
++++ serefpolicy-2.6.5/policy/modules/apps/gnome.if 2007-05-24 15:02:17.000000000 -0400
@@ -35,6 +35,7 @@
template(`gnome_per_role_template',`
gen_require(`
@@ -964,18 +997,19 @@
attribute gnomedomain;
')
-@@ -105,6 +106,10 @@
- ')
+@@ -102,6 +103,11 @@
optional_policy(`
-+ ssh_dontaudit_use_user_ssh_agent_fds($1,$1_gconfd_t)
+ nscd_dontaudit_search_pid($1_gconfd_t)
++ nscd_socket_use($1_gconfd_t)
+ ')
+
+ optional_policy(`
- xserver_use_xdm_fds($1_gconfd_t)
- xserver_rw_xdm_pipes($1_gconfd_t)
++ ssh_dontaudit_use_user_ssh_agent_fds($1,$1_gconfd_t)
')
-@@ -136,13 +141,32 @@
+
+ optional_policy(`
+@@ -136,13 +142,32 @@
allow $2 $1_gconfd_t:unix_stream_socket connectto;
')
@@ -1138,6 +1172,19 @@
dev_write_sound($1_mozilla_t)
dev_read_sound($1_mozilla_t)
dev_dontaudit_rw_dri($1_mozilla_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.fc serefpolicy-2.6.5/policy/modules/apps/screen.fc
+--- nsaserefpolicy/policy/modules/apps/screen.fc 2006-11-16 17:15:07.000000000 -0500
++++ serefpolicy-2.6.5/policy/modules/apps/screen.fc 2007-05-25 08:59:03.000000000 -0400
+@@ -1,9 +1,7 @@
+ #
+ # /home
+ #
+-ifdef(`strict_policy',`
+ HOME_DIR/\.screenrc -- gen_context(system_u:object_r:ROLE_screen_ro_home_t,s0)
+-')
+
+ #
+ # /usr
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-2.6.5/policy/modules/apps/slocate.te
--- nsaserefpolicy/policy/modules/apps/slocate.te 2007-04-30 11:25:12.000000000 -0400
+++ serefpolicy-2.6.5/policy/modules/apps/slocate.te 2007-05-23 09:29:08.000000000 -0400
@@ -1156,6 +1203,27 @@
libs_use_shared_libs(locate_t)
libs_use_ld_so(locate_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/thunderbird.fc serefpolicy-2.6.5/policy/modules/apps/thunderbird.fc
+--- nsaserefpolicy/policy/modules/apps/thunderbird.fc 2006-11-16 17:15:07.000000000 -0500
++++ serefpolicy-2.6.5/policy/modules/apps/thunderbird.fc 2007-05-25 08:58:55.000000000 -0400
+@@ -3,6 +3,4 @@
+ #
+ /usr/bin/thunderbird.* -- gen_context(system_u:object_r:thunderbird_exec_t,s0)
+
+-ifdef(`strict_policy',`
+ HOME_DIR/\.thunderbird(/.*)? gen_context(system_u:object_r:ROLE_thunderbird_home_t,s0)
+-')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/uml.fc serefpolicy-2.6.5/policy/modules/apps/uml.fc
+--- nsaserefpolicy/policy/modules/apps/uml.fc 2006-11-16 17:15:07.000000000 -0500
++++ serefpolicy-2.6.5/policy/modules/apps/uml.fc 2007-05-25 08:58:48.000000000 -0400
+@@ -8,6 +8,4 @@
+ #
+ /var/run/uml-utilities(/.*)? gen_context(system_u:object_r:uml_switch_var_run_t,s0)
+
+-ifdef(`strict_policy',`
+- HOME_DIR/\.uml(/.*)? gen_context(system_u:object_r:ROLE_uml_rw_t,s0)
+-')
++HOME_DIR/\.uml(/.*)? gen_context(system_u:object_r:ROLE_uml_rw_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/uml.if serefpolicy-2.6.5/policy/modules/apps/uml.if
--- nsaserefpolicy/policy/modules/apps/uml.if 2007-03-26 10:38:58.000000000 -0400
+++ serefpolicy-2.6.5/policy/modules/apps/uml.if 2007-05-22 14:41:13.000000000 -0400
@@ -1193,6 +1261,40 @@
')
########################################
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/usernetctl.te serefpolicy-2.6.5/policy/modules/apps/usernetctl.te
+--- nsaserefpolicy/policy/modules/apps/usernetctl.te 2007-04-23 09:35:56.000000000 -0400
++++ serefpolicy-2.6.5/policy/modules/apps/usernetctl.te 2007-05-25 08:58:42.000000000 -0400
+@@ -6,7 +6,6 @@
+ # Declarations
+ #
+
+-ifdef(`strict_policy',`
+ ## <desc>
+ ## <p>
+ ## Allow users to control network interfaces
+@@ -14,7 +13,6 @@
+ ## </p>
+ ## </desc>
+ gen_tunable(user_net_control,false)
+-')
+
+ type usernetctl_t;
+ type usernetctl_exec_t;
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.fc serefpolicy-2.6.5/policy/modules/apps/vmware.fc
+--- nsaserefpolicy/policy/modules/apps/vmware.fc 2006-11-16 17:15:07.000000000 -0500
++++ serefpolicy-2.6.5/policy/modules/apps/vmware.fc 2007-05-25 08:58:36.000000000 -0400
+@@ -1,11 +1,9 @@
+ #
+ # HOME_DIR/
+ #
+-ifdef(`strict_policy',`
+ HOME_DIR/\.vmware(/.*)? gen_context(system_u:object_r:ROLE_vmware_file_t,s0)
+ HOME_DIR/vmware(/.*)? gen_context(system_u:object_r:ROLE_vmware_file_t,s0)
+ HOME_DIR/\.vmware[^/]*/.*\.cfg -- gen_context(system_u:object_r:ROLE_vmware_conf_t,s0)
+-')
+
+ #
+ # /etc
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.6.5/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2007-04-11 15:52:53.000000000 -0400
+++ serefpolicy-2.6.5/policy/modules/kernel/corecommands.fc 2007-05-22 14:41:13.000000000 -0400
@@ -1986,7 +2088,7 @@
attribute privrangetrans;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-2.6.5/policy/modules/kernel/selinux.if
--- nsaserefpolicy/policy/modules/kernel/selinux.if 2007-02-27 14:37:10.000000000 -0500
-+++ serefpolicy-2.6.5/policy/modules/kernel/selinux.if 2007-05-22 14:41:13.000000000 -0400
++++ serefpolicy-2.6.5/policy/modules/kernel/selinux.if 2007-05-24 15:28:25.000000000 -0400
@@ -51,6 +51,44 @@
########################################
@@ -2416,7 +2518,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.6.5/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2007-04-23 09:36:01.000000000 -0400
[...1709 lines suppressed...]
+- ')
++# ')
++ ', `
++ userdom_security_admin_template(sysadm_t,sysadm_r,admin_terminal)
+ ')
++')
+
+- optional_policy(`
+- sysnet_run_ifconfig(sysadm_t,sysadm_r,admin_terminal)
+- sysnet_run_dhcpc(sysadm_t,sysadm_r,admin_terminal)
+- ')
++optional_policy(`
++ sysnet_run_ifconfig(sysadm_t,sysadm_r,admin_terminal)
++ sysnet_run_dhcpc(sysadm_t,sysadm_r,admin_terminal)
++')
+
+- optional_policy(`
+- tripwire_run_siggen(sysadm_t,sysadm_r,admin_terminal)
+- tripwire_run_tripwire(sysadm_t,sysadm_r,admin_terminal)
+- tripwire_run_twadmin(sysadm_t,sysadm_r,admin_terminal)
+- tripwire_run_twprint(sysadm_t,sysadm_r,admin_terminal)
+- ')
++optional_policy(`
++ tripwire_run_siggen(sysadm_t,sysadm_r,admin_terminal)
++ tripwire_run_tripwire(sysadm_t,sysadm_r,admin_terminal)
++ tripwire_run_twadmin(sysadm_t,sysadm_r,admin_terminal)
++ tripwire_run_twprint(sysadm_t,sysadm_r,admin_terminal)
++')
+
+- optional_policy(`
+- unconfined_domtrans(sysadm_t,sysadm_r,admin_terminal)
+- ')
++optional_policy(`
++ unconfined_domtrans(sysadm_t,sysadm_r,admin_terminal)
++')
+
+- optional_policy(`
+- usbmodules_run(sysadm_t,sysadm_r,admin_terminal)
+- ')
++optional_policy(`
++ usbmodules_run(sysadm_t,sysadm_r,admin_terminal)
++')
+
+- optional_policy(`
+- usermanage_run_admin_passwd(sysadm_t,sysadm_r,admin_terminal)
+- usermanage_run_groupadd(sysadm_t,sysadm_r,admin_terminal)
+- usermanage_run_useradd(sysadm_t,sysadm_r,admin_terminal)
+- ')
++optional_policy(`
++ usermanage_run_admin_passwd(sysadm_t,sysadm_r,admin_terminal)
++ usermanage_run_groupadd(sysadm_t,sysadm_r,admin_terminal)
++ usermanage_run_useradd(sysadm_t,sysadm_r,admin_terminal)
++')
+
+- optional_policy(`
+- vpn_run(sysadm_t,sysadm_r,admin_terminal)
+- ')
++optional_policy(`
++ vpn_run(sysadm_t,sysadm_r,admin_terminal)
++')
+
+- optional_policy(`
+- webalizer_run(sysadm_t,sysadm_r,admin_terminal)
+- ')
++optional_policy(`
++ webalizer_run(sysadm_t,sysadm_r,admin_terminal)
++')
+
+- optional_policy(`
+- yam_run(sysadm_t,sysadm_r,admin_terminal)
+- ')
++optional_policy(`
++ yam_run(sysadm_t,sysadm_r,admin_terminal)
+ ')
- # User home directory type.
+ ifdef(`targeted_policy',`
+- # Define some type aliases to help with compatibility with
+- # strict policy.
+- unconfined_alias_domain(secadm_t)
+- unconfined_alias_domain(auditadm_t)
+- unconfined_alias_domain(sysadm_t)
+-
+- # User home directory type.
- type user_home_t alias { staff_home_t sysadm_home_t }, home_type, user_home_type;
- files_type(user_home_t)
- files_associate_tmp(user_home_t)
@@ -8453,27 +9560,38 @@
- files_type(user_home_dir_t)
- files_associate_tmp(user_home_dir_t)
- fs_associate_tmpfs(user_home_dir_t)
-+ typealias user_home_t alias { staff_home_t sysadm_home_t };
-+# files_type(user_home_t)
-+# files_associate_tmp(user_home_t)
-+# fs_associate_tmpfs(user_home_t)
-+
-+ typealias user_home_dir_t alias { staff_home_dir_t sysadm_home_dir_t };
-+# files_type(user_home_dir_t)
-+# files_associate_tmp(user_home_dir_t)
-+# fs_associate_tmpfs(user_home_dir_t)
-
- # compatibility for switching from strict
- # dominance { role secadm_r { role system_r; }}
-@@ -548,4 +564,13 @@
- optional_policy(`
- samba_per_role_template(user)
+-
+- # compatibility for switching from strict
+-# dominance { role secadm_r { role system_r; }}
+-# dominance { role auditadm_r { role system_r; }}
+-# dominance { role sysadm_r { role system_r; }}
+-# dominance { role user_r { role system_r; }}
+-# dominance { role staff_r { role system_r; }}
+-
+ # dont need to use the full role_change()
+ allow sysadm_r system_r;
+ allow sysadm_r user_r;
+- allow user_r system_r;
+- allow user_r sysadm_r;
+ allow system_r sysadm_r;
+ allow system_r sysadm_r;
+
+- manage_dirs_pattern(privhome,{ user_home_dir_t user_home_t },user_home_t)
+- manage_files_pattern(privhome,{ user_home_dir_t user_home_t },user_home_t)
+- manage_lnk_files_pattern(privhome,{ user_home_dir_t user_home_t },user_home_t)
+- manage_sock_files_pattern(privhome,{ user_home_dir_t user_home_t },user_home_t)
+- manage_fifo_files_pattern(privhome,{ user_home_dir_t user_home_t },user_home_t)
+- filetrans_pattern(privhome,user_home_dir_t,user_home_t,{ dir file lnk_file sock_file fifo_file })
+ files_search_home(privhome)
+
+ ifdef(`enable_mls',`
+@@ -545,7 +527,8 @@
+ allow staff_r auditadm_r;
')
-+
-+ optional_policy(`
-+ gnome_per_role_template(user, user_t, user_r)
-+ ')
-+
+
+- optional_policy(`
+- samba_per_role_template(user)
+- ')
+')
+
+tunable_policy(`allow_console_login', `
@@ -8650,6 +9768,29 @@
+fs_read_nfs_files(xend_t)
+fs_getattr_all_fs(xend_t)
+fs_read_dos_files(xend_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/rolemap serefpolicy-2.6.5/policy/rolemap
+--- nsaserefpolicy/policy/rolemap 2006-11-16 17:15:26.000000000 -0500
++++ serefpolicy-2.6.5/policy/rolemap 2007-05-24 15:51:16.000000000 -0400
+@@ -8,13 +8,11 @@
+ # syntax: role prefix user_domain
+ #
+
+-ifdef(`strict_policy',`
+- user_r user user_t
+- staff_r staff staff_t
+- sysadm_r sysadm sysadm_t
++user_r user user_t
++staff_r staff staff_t
++sysadm_r sysadm sysadm_t
+
+- ifdef(`enable_mls',`
+- secadm_r secadm secadm_t
+- auditadm_r auditadm auditadm_t
+- ')
++ifdef(`enable_mls',`
++ secadm_r secadm secadm_t
++ auditadm_r auditadm auditadm_t
+ ')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/misc_patterns.spt serefpolicy-2.6.5/policy/support/misc_patterns.spt
--- nsaserefpolicy/policy/support/misc_patterns.spt 2007-01-02 12:57:51.000000000 -0500
+++ serefpolicy-2.6.5/policy/support/misc_patterns.spt 2007-05-22 14:41:13.000000000 -0400
@@ -8699,6 +9840,23 @@
+define(`all_association', `{ sendto recvfrom setcontext polmatch } ')
+
+
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-2.6.5/policy/users
+--- nsaserefpolicy/policy/users 2006-11-16 17:15:26.000000000 -0500
++++ serefpolicy-2.6.5/policy/users 2007-05-24 15:42:41.000000000 -0400
+@@ -25,13 +25,9 @@
+ # SELinux user identity for a Linux user. If you do not want to
+ # permit any access to such users, then remove this entry.
+ #
+-ifdef(`targeted_policy',`
+-gen_user(user_u, user, user_r sysadm_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
+-',`
+ gen_user(user_u, user, user_r, s0, s0)
+ gen_user(staff_u, staff, staff_r sysadm_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
+ gen_user(sysadm_u, sysadm, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats)
+-')
+
+ #
+ # The following users correspond to Unix identities.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.6.5/Rules.modular
--- nsaserefpolicy/Rules.modular 2007-03-22 14:30:10.000000000 -0400
+++ serefpolicy-2.6.5/Rules.modular 2007-05-22 14:41:13.000000000 -0400
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.458
retrieving revision 1.459
diff -u -r1.458 -r1.459
--- selinux-policy.spec 23 May 2007 18:35:37 -0000 1.458
+++ selinux-policy.spec 31 May 2007 18:37:01 -0000 1.459
@@ -1,9 +1,6 @@
%define distro redhat
%define polyinstatiate n
%define monolithic n
-%if %{?BUILD_STRICT:0}%{!?BUILD_STRICT:1}
-%define BUILD_STRICT 1
-%endif
%if %{?BUILD_TARGETED:0}%{!?BUILD_TARGETED:1}
%define BUILD_TARGETED 1
%endif
@@ -16,12 +13,12 @@
%define CHECKPOLICYVER 2.0.1-2
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 2.6.5
-Release: 2%{?dist}
+Version: 3.0.1
+Release: 1%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
-patch: policy-20070518.patch
+patch: policy-20070525.patch
Source1: modules-targeted.conf
Source2: booleans-targeted.conf
Source3: Makefile.devel
@@ -29,13 +26,9 @@
Source5: modules-mls.conf
Source6: booleans-mls.conf
Source8: setrans-mls.conf
-Source9: modules-strict.conf
-Source10: booleans-strict.conf
-Source12: setrans-strict.conf
Source13: policygentool
Source14: securetty_types-targeted
Source15: securetty_types-mls
-Source16: securetty_types-strict
Url: http://serefpolicy.sourceforge.net
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -168,7 +161,7 @@
%description
SELinux Reference Policy - modular.
-Based off of reference policy: Checked out revision 2300.
+Based off of reference policy: Checked out revision 2312.
%prep
%setup -q -n serefpolicy-%{version}
@@ -185,7 +178,7 @@
touch %{buildroot}%{_sysconfdir}/sysconfig/selinux
# Always create policy module package directories
-mkdir -p %{buildroot}%{_usr}/share/selinux/{targeted,strict,mls}/
+mkdir -p %{buildroot}%{_usr}/share/selinux/{targeted,mls}/
# Install devel
make clean
@@ -196,15 +189,6 @@
%installCmds targeted targeted-mcs y y
%endif
-%if %{BUILD_STRICT}
-# Build strict policy
-# Commented out because only targeted ref policy currently builds
-make NAME=strict TYPE=strict-mcs DISTRO=%{distro} DIRECT_INITRC=y MONOLITHIC=%{monolithic} POLY=n MLS_CATS=1024 MCS_CATS=1024 bare
-make NAME=strict TYPE=strict-mcs DISTRO=%{distro} DIRECT_INITRC=y MONOLITHIC=%{monolithic} POLY=n MLS_CATS=1024 MCS_CATS=1024 conf
-cp -f ${RPM_SOURCE_DIR}/modules-strict.conf ./policy/modules.conf
-%installCmds strict strict-mcs y n
-%endif
-
%if %{BUILD_MLS}
# Build mls policy
%setupCmds mls strict-mls y y
@@ -237,8 +221,7 @@
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
-# targeted - Only targeted network daemons are protected.
-# strict - Full SELinux protection.
+# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
# SETLOCALDEFS= Check local definition changes
@@ -323,42 +306,13 @@
%endif
-%if %{BUILD_STRICT}
-
-%package strict
-Summary: SELinux strict base policy
-Group: System Environment/Base
-Provides: selinux-policy-base
-Obsoletes: selinux-policy-strict-sources
-Prereq: policycoreutils >= %{POLICYCOREUTILSVER}
-Prereq: coreutils
-Prereq: selinux-policy = %{version}-%{release}
-Requires: policycoreutils-newrole >= %{POLICYCOREUTILSVER}
-
-%description strict
-SELinux Reference policy strict base module.
-
-%pre strict
-%saveFileContext strict
-
-%post strict
-%rebuildpolicy strict
-%relabel strict
-
-%triggerpostun strict -- selinux-policy-strict <= 2.2.35-2
-cd /usr/share/selinux/strict
-x=`ls *.pp | grep -v -e base.pp -e enableaudit.pp | awk '{ print "-i " $1 }'`
-semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init -r libraries -r locallogin -r logging -r lvm -r miscfiles -r modutils -r mount -r mta -r netutils -r selinuxutil -r storage -r sysnetwork -r udev -r userdomain -r vpnc -r xend $x -s strict
-
-%triggerpostun strict -- strict <= 2.0.7
-%rebuildpolicy strict
-
-%files strict
-%fileList strict
+%changelog
+* Fri May 25 2007 Dan Walsh <dwalsh at redhat.com> 3.0.1-1
+- Remove ifdef strict policy from upstream
-%endif
+* Fri May 18 2007 Dan Walsh <dwalsh at redhat.com> 2.6.5-3
+- Remove ifdef strict to allow user_u to login
-%changelog
* Fri May 18 2007 Dan Walsh <dwalsh at redhat.com> 2.6.5-2
- Fix for amands
- Allow semanage to read pp files
More information about the scm-commits
mailing list