rpms/selinux-policy/F-7 policy-20070501.patch, 1.72, 1.73 selinux-policy.spec, 1.502, 1.503
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Thu Nov 1 18:15:49 UTC 2007
- Previous message: rpms/kdevelop/F-7 kdevelop-3.5.0-autosave.patch, NONE, 1.1 kdevelop-3.5.0-svn.patch, NONE, 1.1 .cvsignore, 1.31, 1.32 kdevelop.spec, 1.58, 1.59 sources, 1.34, 1.35
- Next message: rpms/stix-fonts/devel stix-fonts-fontconfig.conf, 1.1, 1.2 stix-fonts-integrals-fontconfig.conf, 1.1, 1.2 stix-fonts-pua-fontconfig.conf, 1.1, 1.2 stix-fonts-sizes-fontconfig.conf, 1.1, 1.2 stix-fonts-variants-fontconfig.conf, 1.1, 1.2 stix-fonts.spec, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22753
Modified Files:
policy-20070501.patch selinux-policy.spec
Log Message:
* Thu Nov 1 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-53
- Allow spamd to create nfs/cifs files
policy-20070501.patch:
Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.72
retrieving revision 1.73
diff -u -r1.72 -r1.73
--- policy-20070501.patch 31 Oct 2007 00:03:45 -0000 1.72
+++ policy-20070501.patch 1 Nov 2007 18:15:45 -0000 1.73
@@ -2181,7 +2181,16 @@
/lib/udev/devices -d gen_context(system_u:object_r:device_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.6.4/policy/modules/kernel/devices.if
--- nsaserefpolicy/policy/modules/kernel/devices.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/devices.if 2007-09-22 08:13:07.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/devices.if 2007-11-01 14:04:31.000000000 -0400
+@@ -65,7 +65,7 @@
+
+ relabelfrom_dirs_pattern($1,device_t,device_node)
+ relabelfrom_files_pattern($1,device_t,device_node)
+- relabelfrom_lnk_files_pattern($1,device_t,device_node)
++ relabelfrom_lnk_files_pattern($1,device_t,{ device_t device_node })
+ relabelfrom_fifo_files_pattern($1,device_t,device_node)
+ relabelfrom_sock_files_pattern($1,device_t,device_node)
+ relabel_blk_files_pattern($1,device_t,{ device_t device_node })
@@ -1306,6 +1306,44 @@
########################################
@@ -6881,7 +6890,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-2.6.4/policy/modules/services/mta.if
--- nsaserefpolicy/policy/modules/services/mta.if 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/mta.if 2007-09-13 13:07:23.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/mta.if 2007-10-31 07:39:32.000000000 -0400
@@ -226,6 +226,15 @@
tunable_policy(`use_samba_home_dirs',`
fs_manage_cifs_files($1_mail_t)
@@ -6898,7 +6907,7 @@
')
optional_policy(`
-@@ -316,6 +325,25 @@
+@@ -316,6 +325,42 @@
########################################
## <summary>
@@ -6918,13 +6927,30 @@
+ typeattribute $1 mailclient_exec_type;
+')
+
++########################################
++## <summary>
++## Make the specified type readable for a system_mail_t
++## </summary>
++## <param name="type">
++## <summary>
++## Type to be used as a mail client.
++## </summary>
++## </param>
++#
++interface(`mta_mailcontent',`
++ gen_require(`
++ attribute mailcontent_type;
++ ')
++
++ typeattribute $1 mailcontent_type;
++')
+
+########################################
+## <summary>
## Modified mailserver interface for
## sendmail daemon use.
## </summary>
-@@ -394,6 +422,7 @@
+@@ -394,6 +439,7 @@
allow $1 mail_spool_t:dir list_dir_perms;
create_files_pattern($1,mail_spool_t,mail_spool_t)
read_files_pattern($1,mail_spool_t,mail_spool_t)
@@ -6932,7 +6958,7 @@
create_lnk_files_pattern($1,mail_spool_t,mail_spool_t)
read_lnk_files_pattern($1,mail_spool_t,mail_spool_t)
-@@ -449,11 +478,12 @@
+@@ -449,11 +495,12 @@
interface(`mta_send_mail',`
gen_require(`
attribute mta_user_agent;
@@ -6948,7 +6974,7 @@
allow $1 system_mail_t:fd use;
allow system_mail_t $1:fd use;
-@@ -847,6 +877,25 @@
+@@ -847,6 +894,25 @@
manage_files_pattern($1,mqueue_spool_t,mqueue_spool_t)
')
@@ -6976,16 +7002,17 @@
## Read sendmail binary.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-2.6.4/policy/modules/services/mta.te
--- nsaserefpolicy/policy/modules/services/mta.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/mta.te 2007-10-22 11:09:41.000000000 -0400
-@@ -6,6 +6,7 @@
++++ serefpolicy-2.6.4/policy/modules/services/mta.te 2007-10-31 07:38:22.000000000 -0400
+@@ -6,6 +6,8 @@
# Declarations
#
++attribute mailcontent_type;
+attribute mailclient_exec_type;
attribute mta_user_agent;
attribute mailserver_delivery;
attribute mailserver_domain;
-@@ -26,7 +27,8 @@
+@@ -26,7 +28,8 @@
files_type(mail_spool_t)
type sendmail_exec_t;
@@ -6995,7 +7022,12 @@
mta_base_mail_template(system)
role system_r types system_mail_t;
-@@ -52,9 +54,12 @@
+@@ -48,13 +51,17 @@
+ allow system_mail_t self:capability { dac_override };
+
+ read_files_pattern(system_mail_t,etc_mail_t,etc_mail_t)
++read_files_pattern(system_mail_t,mailcontent_type,mailcontent_type)
+
kernel_read_system_state(system_mail_t)
kernel_read_network_state(system_mail_t)
@@ -7008,7 +7040,7 @@
init_use_script_ptys(system_mail_t)
userdom_use_sysadm_terms(system_mail_t)
-@@ -89,14 +94,20 @@
+@@ -89,14 +96,20 @@
')
optional_policy(`
@@ -7029,7 +7061,7 @@
')
optional_policy(`
-@@ -109,6 +120,7 @@
+@@ -109,6 +122,7 @@
optional_policy(`
cron_read_system_job_tmp_files(system_mail_t)
@@ -7037,7 +7069,7 @@
cron_dontaudit_write_pipes(system_mail_t)
')
-@@ -117,6 +129,10 @@
+@@ -117,6 +131,10 @@
')
optional_policy(`
@@ -8363,7 +8395,7 @@
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-2.6.4/policy/modules/services/ppp.te
--- nsaserefpolicy/policy/modules/services/ppp.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/ppp.te 2007-08-07 09:42:35.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/ppp.te 2007-10-31 07:37:19.000000000 -0400
@@ -155,7 +155,7 @@
files_exec_etc_files(pppd_t)
@@ -8373,6 +8405,15 @@
files_dontaudit_write_etc_files(pppd_t)
# for scripts
+@@ -202,6 +202,8 @@
+
+ optional_policy(`
+ mta_send_mail(pppd_t)
++ mta_mailcontent(pppd_etc_t)
++ mta_mailcontent(pppd_etc_rw_t)
+ ')
+
+ optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.6.4/policy/modules/services/procmail.te
--- nsaserefpolicy/policy/modules/services/procmail.te 2007-05-07 14:51:01.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/services/procmail.te 2007-08-07 09:42:35.000000000 -0400
@@ -8793,7 +8834,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-2.6.4/policy/modules/services/rpc.if
--- nsaserefpolicy/policy/modules/services/rpc.if 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/rpc.if 2007-10-30 19:57:49.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/rpc.if 2007-10-30 20:54:04.000000000 -0400
@@ -89,8 +89,11 @@
# bind to arbitary unused ports
corenet_tcp_bind_generic_port($1_t)
@@ -10217,7 +10258,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-2.6.4/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/spamassassin.te 2007-08-07 09:42:35.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/spamassassin.te 2007-11-01 13:43:45.000000000 -0400
@@ -6,14 +6,12 @@
# Declarations
#
@@ -10251,9 +10292,12 @@
########################################
#
-@@ -87,8 +85,9 @@
+@@ -85,10 +83,11 @@
+
+ # var/lib files for spamd
allow spamd_t spamd_var_lib_t:dir list_dir_perms;
- read_files_pattern(spamd_t,spamd_var_lib_t,spamd_var_lib_t)
+-read_files_pattern(spamd_t,spamd_var_lib_t,spamd_var_lib_t)
++manage_files_pattern(spamd_t,spamd_var_lib_t,spamd_var_lib_t)
+manage_dirs_pattern(spamd_t,spamd_var_run_t,spamd_var_run_t)
manage_files_pattern(spamd_t,spamd_var_run_t,spamd_var_run_t)
@@ -10270,7 +10314,20 @@
corenet_sendrecv_razor_client_packets(spamd_t)
corenet_sendrecv_spamd_server_packets(spamd_t)
# spamassassin 3.1 needs this for its
-@@ -192,6 +192,11 @@
+@@ -167,10 +167,12 @@
+ ')
+
+ tunable_policy(`use_nfs_home_dirs',`
++ fs_manage_nfs_dirs(spamd_t)
+ fs_manage_nfs_files(spamd_t)
+ ')
+
+ tunable_policy(`use_samba_home_dirs',`
++ fs_manage_cifs_dirs(spamd_t)
+ fs_manage_cifs_files(spamd_t)
+ ')
+
+@@ -192,6 +194,11 @@
')
optional_policy(`
@@ -13352,7 +13409,7 @@
allow ifconfig_t self:udp_socket create_socket_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-2.6.4/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/udev.te 2007-10-18 17:22:16.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/udev.te 2007-11-01 14:06:28.000000000 -0400
@@ -18,11 +18,6 @@
type udev_etc_t alias etc_udev_t;
files_config_file(udev_etc_t)
@@ -13453,7 +13510,7 @@
hal_dgram_send(udev_t)
')
-@@ -194,5 +219,28 @@
+@@ -194,5 +219,32 @@
')
optional_policy(`
@@ -13478,6 +13535,10 @@
+')
+
+optional_policy(`
++ unconfined_domain(udev_t)
++')
++
++optional_policy(`
xserver_read_xdm_pid(udev_t)
')
+
@@ -13597,7 +13658,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.6.4/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/unconfined.te 2007-10-19 16:20:02.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/unconfined.te 2007-11-01 13:55:00.000000000 -0400
@@ -6,6 +6,15 @@
# Declarations
#
@@ -13675,7 +13736,7 @@
')
########################################
-@@ -200,10 +215,22 @@
+@@ -200,8 +215,21 @@
#
ifdef(`targeted_policy',`
@@ -13685,19 +13746,18 @@
+
allow unconfined_execmem_t self:process { execstack execmem };
unconfined_domain_noaudit(unconfined_execmem_t)
-
- optional_policy(`
++ allow unconfined_execmem_t unconfined_t:process transition;
++
++ optional_policy(`
+ avahi_dbus_chat(unconfined_execmem_t)
+ ')
+
+ optional_policy(`
+ hal_dbus_chat(unconfined_execmem_t)
+ ')
-+
-+ optional_policy(`
- dbus_stub(unconfined_execmem_t)
- init_dbus_chat_script(unconfined_execmem_t)
+ optional_policy(`
+ dbus_stub(unconfined_execmem_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.6.4/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-05-07 14:51:02.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/system/userdomain.if 2007-10-09 17:05:07.000000000 -0400
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/selinux-policy.spec,v
retrieving revision 1.502
retrieving revision 1.503
diff -u -r1.502 -r1.503
--- selinux-policy.spec 30 Oct 2007 21:02:59 -0000 1.502
+++ selinux-policy.spec 1 Nov 2007 18:15:45 -0000 1.503
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.6.4
-Release: 51%{?dist}
+Release: 53%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -361,6 +361,13 @@
%endif
%changelog
+* Thu Nov 1 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-53
+- Allow spamd to create nfs/cifs files
+
+* Wed Oct 31 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-52
+- Allow sendmail to read ppp config files
+- Allow spamd to write to spamd_var_lib_t
+
* Tue Oct 30 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-51
- Allow fd passing
- dontaudit rpm_rw_pipes
- Previous message: rpms/kdevelop/F-7 kdevelop-3.5.0-autosave.patch, NONE, 1.1 kdevelop-3.5.0-svn.patch, NONE, 1.1 .cvsignore, 1.31, 1.32 kdevelop.spec, 1.58, 1.59 sources, 1.34, 1.35
- Next message: rpms/stix-fonts/devel stix-fonts-fontconfig.conf, 1.1, 1.2 stix-fonts-integrals-fontconfig.conf, 1.1, 1.2 stix-fonts-pua-fontconfig.conf, 1.1, 1.2 stix-fonts-sizes-fontconfig.conf, 1.1, 1.2 stix-fonts-variants-fontconfig.conf, 1.1, 1.2 stix-fonts.spec, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list