rpms/selinux-policy/devel policy-20070703.patch,1.62,1.63
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Thu Sep 20 14:58:14 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13740
Modified Files:
policy-20070703.patch
Log Message:
* Wed Sep 19 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-4
- Fix to add xguest account when inititial install
policy-20070703.patch:
Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20070703.patch,v
retrieving revision 1.62
retrieving revision 1.63
diff -u -r1.62 -r1.63
--- policy-20070703.patch 20 Sep 2007 14:39:14 -0000 1.62
+++ policy-20070703.patch 20 Sep 2007 14:58:12 -0000 1.63
@@ -1239,7 +1239,7 @@
/usr/libexec/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.0.8/policy/modules/apps/gnome.if
--- nsaserefpolicy/policy/modules/apps/gnome.if 2007-07-25 10:37:37.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/apps/gnome.if 2007-09-17 16:20:18.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/apps/gnome.if 2007-09-20 10:51:59.000000000 -0400
@@ -33,6 +33,51 @@
## </param>
#
@@ -7945,7 +7945,7 @@
manage_files_pattern(rpcbind_t,rpcbind_var_run_t,rpcbind_var_run_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.0.8/policy/modules/services/rpc.if
--- nsaserefpolicy/policy/modules/services/rpc.if 2007-07-03 07:06:27.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/rpc.if 2007-09-17 16:20:18.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/rpc.if 2007-09-20 10:47:23.000000000 -0400
@@ -89,8 +89,11 @@
# bind to arbitary unused ports
corenet_tcp_bind_generic_port($1_t)
@@ -7959,6 +7959,31 @@
fs_rw_rpc_named_pipes($1_t)
fs_search_auto_mountpoints($1_t)
+@@ -214,6 +217,24 @@
+
+ ########################################
+ ## <summary>
++## Execute domain in nfsd domain.
++## </summary>
++## <param name="domain">
++## <summary>
++## The type of the process performing this action.
++## </summary>
++## </param>
++#
++interface(`rpc_domtrans_rpcd',`
++ gen_require(`
++ type rpcd_t, rpcd_exec_t;
++ ')
++
++ domtrans_pattern($1,rpcd_exec_t,rpcd_t)
++')
++
++########################################
++## <summary>
+ ## Read NFS exported content.
+ ## </summary>
+ ## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.0.8/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2007-07-25 10:37:42.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/services/rpc.te 2007-09-17 16:20:18.000000000 -0400
@@ -9464,7 +9489,7 @@
/var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.0.8/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2007-07-03 07:06:27.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/xserver.if 2007-09-20 09:43:06.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/xserver.if 2007-09-20 10:52:36.000000000 -0400
@@ -126,6 +126,8 @@
# read events - the synaptics touchpad driver reads raw events
dev_rw_input_dev($1_xserver_t)
@@ -9534,7 +9559,7 @@
# for when /tmp/.X11-unix is created by the system
allow $2 xdm_t:fd use;
-@@ -555,25 +558,49 @@
+@@ -555,25 +558,52 @@
allow $2 xdm_tmp_t:sock_file { read write };
dontaudit $2 xdm_t:tcp_socket { read write };
@@ -9553,6 +9578,9 @@
+ userdom_user_home_dir_filetrans_user_home_content($1, xdm_t, { dir file })
+ userdom_manage_user_tmp_dirs($1, xdm_t)
+ userdom_manage_user_tmp_files($1, xdm_t)
++
++ # Handling of pam_keyring
++ gnome_manage_user_gnome_config($1, xdm_t)
xserver_ro_session_template(xdm,$2,$3)
- xserver_rw_session_template($1,$2,$3)
@@ -9592,7 +9620,7 @@
')
')
-@@ -626,6 +653,24 @@
+@@ -626,6 +656,24 @@
########################################
## <summary>
@@ -9617,7 +9645,7 @@
## Transition to a user Xauthority domain.
## </summary>
## <desc>
-@@ -659,6 +704,73 @@
+@@ -659,6 +707,73 @@
########################################
## <summary>
@@ -9691,7 +9719,7 @@
## Transition to a user Xauthority domain.
## </summary>
## <desc>
-@@ -927,6 +1039,7 @@
+@@ -927,6 +1042,7 @@
files_search_tmp($1)
allow $1 xdm_tmp_t:dir list_dir_perms;
create_sock_files_pattern($1,xdm_tmp_t,xdm_tmp_t)
@@ -9699,7 +9727,7 @@
')
########################################
-@@ -987,6 +1100,37 @@
+@@ -987,6 +1103,37 @@
########################################
## <summary>
@@ -9737,7 +9765,7 @@
## Make an X session script an entrypoint for the specified domain.
## </summary>
## <param name="domain">
-@@ -1136,7 +1280,7 @@
+@@ -1136,7 +1283,7 @@
type xdm_xserver_tmp_t;
')
@@ -9746,7 +9774,7 @@
')
########################################
-@@ -1325,3 +1469,62 @@
+@@ -1325,3 +1472,62 @@
files_search_tmp($1)
stream_connect_pattern($1,xdm_xserver_tmp_t,xdm_xserver_tmp_t,xdm_xserver_t)
')
@@ -9811,7 +9839,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.0.8/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2007-08-22 07:14:07.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/xserver.te 2007-09-19 11:59:42.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/xserver.te 2007-09-20 10:44:00.000000000 -0400
@@ -16,6 +16,13 @@
## <desc>
@@ -9882,16 +9910,19 @@
xserver_rw_session_template(xdm,xdm_t,xdm_tmpfs_t)
-@@ -306,6 +324,8 @@
+@@ -306,6 +324,11 @@
optional_policy(`
consolekit_dbus_chat(xdm_t)
+ dbus_system_bus_client_template(xdm, xdm_t)
+ dbus_send_system_bus(xdm_t)
++ optional_policy(`
++ hal_dbus_chat(xdm_t)
++ ')
')
optional_policy(`
-@@ -348,12 +368,8 @@
+@@ -348,12 +371,8 @@
')
optional_policy(`
@@ -9905,7 +9936,7 @@
ifdef(`distro_rhel4',`
allow xdm_t self:process { execheap execmem };
-@@ -385,7 +401,7 @@
+@@ -385,7 +404,7 @@
allow xdm_xserver_t xdm_var_lib_t:file { getattr read };
dontaudit xdm_xserver_t xdm_var_lib_t:dir search;
@@ -9914,7 +9945,7 @@
# Label pid and temporary files with derived types.
manage_files_pattern(xdm_xserver_t,xdm_tmp_t,xdm_tmp_t)
-@@ -425,6 +441,10 @@
+@@ -425,6 +444,10 @@
')
optional_policy(`
@@ -9925,7 +9956,7 @@
resmgr_stream_connect(xdm_t)
')
-@@ -434,47 +454,19 @@
+@@ -434,47 +457,19 @@
')
optional_policy(`
@@ -11922,7 +11953,7 @@
-/usr/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.0.8/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2007-08-22 07:14:13.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/mount.te 2007-09-17 16:20:18.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/mount.te 2007-09-20 10:47:39.000000000 -0400
@@ -8,6 +8,13 @@
## <desc>
@@ -12020,7 +12051,7 @@
')
optional_policy(`
-@@ -159,13 +176,8 @@
+@@ -159,13 +176,9 @@
fs_search_rpc(mount_t)
@@ -12031,10 +12062,11 @@
- optional_policy(`
- nis_use_ypbind(mount_t)
- ')
++ rpc_domtrans_rpcd(mount_t)
')
optional_policy(`
-@@ -189,10 +201,6 @@
+@@ -189,10 +202,6 @@
samba_domtrans_smbmount(mount_t)
')
@@ -12045,7 +12077,7 @@
########################################
#
# Unconfined mount local policy
-@@ -201,4 +209,29 @@
+@@ -201,4 +210,29 @@
optional_policy(`
files_etc_filetrans_etc_runtime(unconfined_mount_t,file)
unconfined_domain(unconfined_mount_t)
@@ -13131,7 +13163,7 @@
/tmp/gconfd-USER -d gen_context(system_u:object_r:ROLE_tmp_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.8/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-08-27 09:18:17.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2007-09-20 09:09:10.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2007-09-20 10:55:37.000000000 -0400
@@ -29,8 +29,9 @@
')
@@ -14124,7 +14156,7 @@
')
########################################
-@@ -5559,3 +5705,372 @@
+@@ -5559,3 +5705,375 @@
interface(`userdom_unconfined',`
refpolicywarn(`$0($*) has been deprecated.')
')
@@ -14493,8 +14525,11 @@
+template(`userdom_unpriv_usertype',`
+ gen_require(`
+ attribute unpriv_userdomain, userdomain;
++ attribute $1_usertype;
+ ')
-+ typeattribute $2 $1_usertype, unpriv_userdomain, userdomain;
++ typeattribute $2 $1_usertype;
++ typeattribute $2 unpriv_userdomain;
++ typeattribute $2 userdomain;
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.0.8/policy/modules/system/userdomain.te
More information about the scm-commits
mailing list