rpms/selinux-policy/devel booleans-mls.conf, 1.7, 1.8 modules-targeted.conf, 1.71, 1.72 policy-20071023.patch, 1.7, 1.8 selinux-policy.spec, 1.555, 1.556
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Mon Nov 19 20:10:06 UTC 2007
- Previous message: rpms/kernel/F-8 linux-2.6-libata-dont-fail-revalidation-for-bad-gtf-methods.patch, NONE, 1.1 linux-2.6-libata-pata_serverworks-fix-drive-combinations.patch, NONE, 1.1 kernel.spec, 1.268, 1.269
- Next message: rpms/kernel/F-8 linux-2.6-netfilter-fix-null-deref-nf_nat_move_storage.patch, NONE, 1.1 kernel.spec, 1.269, 1.270
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26179
Modified Files:
booleans-mls.conf modules-targeted.conf policy-20071023.patch
selinux-policy.spec
Log Message:
* Sat Nov 10 2007 Dan Walsh <dwalsh at redhat.com> 3.1.1-1
- Update to upstream
Index: booleans-mls.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/booleans-mls.conf,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- booleans-mls.conf 23 Feb 2007 15:35:01 -0000 1.7
+++ booleans-mls.conf 19 Nov 2007 20:09:32 -0000 1.8
@@ -1,4 +1,4 @@
-# Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack.
+d# Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack.
#
allow_execmem = false
Index: modules-targeted.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/modules-targeted.conf,v
retrieving revision 1.71
retrieving revision 1.72
diff -u -r1.71 -r1.72
--- modules-targeted.conf 10 Nov 2007 13:20:34 -0000 1.71
+++ modules-targeted.conf 19 Nov 2007 20:09:32 -0000 1.72
@@ -816,6 +816,14 @@
ntp = base
# Layer: services
+# Module: nx
+#
+# NX Remote Desktop
+#
+nx = module
+
+
+# Layer: services
# Module: oddjob
#
# policy for oddjob
policy-20071023.patch:
Index: policy-20071023.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071023.patch,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- policy-20071023.patch 12 Nov 2007 22:47:17 -0000 1.7
+++ policy-20071023.patch 19 Nov 2007 20:09:32 -0000 1.8
@@ -532,6 +532,15 @@
+
+ allow $1 brctl_exec_t:file getattr;
+')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/brctl.te serefpolicy-3.1.0/policy/modules/admin/brctl.te
+--- nsaserefpolicy/policy/modules/admin/brctl.te 2007-10-23 07:37:52.000000000 -0400
++++ serefpolicy-3.1.0/policy/modules/admin/brctl.te 2007-11-12 18:12:28.000000000 -0500
+@@ -40,4 +40,5 @@
+
+ optional_policy(`
+ xen_append_log(brctl_t)
++ xen_dontaudit_rw_unix_stream_sockets(brctl_t)
+ ')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-3.1.0/policy/modules/admin/consoletype.te
--- nsaserefpolicy/policy/modules/admin/consoletype.te 2007-10-12 08:56:09.000000000 -0400
+++ serefpolicy-3.1.0/policy/modules/admin/consoletype.te 2007-11-06 09:28:35.000000000 -0500
@@ -3163,7 +3172,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.1.0/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2007-10-29 18:02:31.000000000 -0400
-+++ serefpolicy-3.1.0/policy/modules/kernel/files.if 2007-11-09 14:39:44.000000000 -0500
++++ serefpolicy-3.1.0/policy/modules/kernel/files.if 2007-11-12 18:07:03.000000000 -0500
@@ -3054,6 +3054,24 @@
########################################
@@ -3189,7 +3198,15 @@
## Search the tmp directory (/tmp).
## </summary>
## <param name="domain">
-@@ -4756,3 +4774,54 @@
+@@ -4717,7 +4735,6 @@
+ files_search_home($1)
+ corecmd_exec_bin($1)
+ seutil_domtrans_setfiles($1)
+- mount_domtrans($1)
+ ')
+ ')
+
+@@ -4756,3 +4773,54 @@
allow $1 { file_type -security_file_type }:dir manage_dir_perms;
')
@@ -10565,7 +10582,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.1.0/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2007-10-15 16:11:05.000000000 -0400
-+++ serefpolicy-3.1.0/policy/modules/services/xserver.te 2007-11-12 11:58:29.000000000 -0500
++++ serefpolicy-3.1.0/policy/modules/services/xserver.te 2007-11-12 18:26:06.000000000 -0500
@@ -16,6 +16,13 @@
## <desc>
@@ -10584,12 +10601,12 @@
type xdm_var_run_t;
files_pid_file(xdm_var_run_t)
++type xserver_var_lib_t;
++files_type(xserver_var_lib_t)
++
+type xserver_var_run_t;
+files_pid_file(xserver_var_run_t)
+
-+type xdm_var_run_t;
-+files_pid_file(xdm_var_run_t)
-+
type xdm_tmp_t;
files_tmp_file(xdm_tmp_t)
typealias xdm_tmp_t alias ice_tmp_t;
@@ -10753,11 +10770,6 @@
+ # xserver signals unconfined user on startx
+ unconfined_signal(xdm_xserver_t)
+ unconfined_getpgid(xdm_xserver_t)
-+')
-+
-+
-+tunable_policy(`allow_xserver_execmem', `
-+ allow xdm_xserver_t self:process { execheap execmem execstack };
')
-ifdef(`TODO',`
@@ -10781,6 +10793,11 @@
-allow xdm_t polymember:lnk_file { create unlink };
-# xdm needs access for copying .Xauthority into new home
-allow xdm_t polymember:file { create getattr write };
++
++tunable_policy(`allow_xserver_execmem', `
++ allow xdm_xserver_t self:process { execheap execmem execstack };
++')
++
+ifndef(`distro_redhat',`
+ allow xdm_xserver_t self:process { execheap execmem };
+')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.555
retrieving revision 1.556
diff -u -r1.555 -r1.556
--- selinux-policy.spec 10 Nov 2007 13:20:34 -0000 1.555
+++ selinux-policy.spec 19 Nov 2007 20:09:32 -0000 1.556
@@ -16,12 +16,12 @@
%define CHECKPOLICYVER 2.0.3-1
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 3.1.1
+Version: 3.1.2
Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
-patch: policy-20071023.patch
+patch: policy-20071114.patch
Source1: modules-targeted.conf
Source2: booleans-targeted.conf
Source3: Makefile.devel
- Previous message: rpms/kernel/F-8 linux-2.6-libata-dont-fail-revalidation-for-bad-gtf-methods.patch, NONE, 1.1 linux-2.6-libata-pata_serverworks-fix-drive-combinations.patch, NONE, 1.1 kernel.spec, 1.268, 1.269
- Next message: rpms/kernel/F-8 linux-2.6-netfilter-fix-null-deref-nf_nat_move_storage.patch, NONE, 1.1 kernel.spec, 1.269, 1.270
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list