rpms/selinux-policy/devel policy-20080710.patch, 1.16, 1.17 selinux-policy.spec, 1.697, 1.698
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Wed Aug 13 18:39:37 UTC 2008
- Previous message: rpms/gedit/devel .cvsignore, 1.75, 1.76 gedit.spec, 1.159, 1.160 sources, 1.77, 1.78
- Next message: rpms/hal-info/devel .cvsignore, 1.14, 1.15 hal-info.spec, 1.25, 1.26 sources, 1.15, 1.16
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20515
Modified Files:
policy-20080710.patch selinux-policy.spec
Log Message:
* Tue Aug 12 2008 Dan Walsh <dwalsh at redhat.com> 3.5.4-2
- Allow ifconfig_t to read dhcpc_state_t
policy-20080710.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.16 -r 1.17 policy-20080710.patch
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080710.patch,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- policy-20080710.patch 12 Aug 2008 14:28:00 -0000 1.16
+++ policy-20080710.patch 13 Aug 2008 18:39:06 -0000 1.17
@@ -79,16 +79,23 @@
$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(tmpdir)/rolemap.conf
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.5.4/config/appconfig-mcs/default_contexts
--- nsaserefpolicy/config/appconfig-mcs/default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.4/config/appconfig-mcs/default_contexts 2008-08-11 16:39:48.000000000 -0400
-@@ -2,7 +2,7 @@
- system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
- system_r:remote_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 unconfined_r:unconfined_t:s0
- system_r:sshd_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
++++ serefpolicy-3.5.4/config/appconfig-mcs/default_contexts 2008-08-13 13:51:31.000000000 -0400
+@@ -1,15 +0,0 @@
+-system_r:crond_t:s0 user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 unconfined_r:unconfined_crond_t:s0
+-system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
+-system_r:remote_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 unconfined_r:unconfined_t:s0
+-system_r:sshd_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
-system_r:sulogin_t:s0 sysadm_r:sysadm_t:s0
-+system_r:sulogin_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0
- system_r:xdm_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
-
- staff_r:staff_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+-system_r:xdm_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
+-
+-staff_r:staff_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+-staff_r:staff_sudo_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
+-
+-sysadm_r:sysadm_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+-sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0
+-
+-user_r:user_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+-user_r:user_sudo_t:s0 sysadm_r:sysadm_t:s0 user_r:user_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.5.4/config/appconfig-mcs/failsafe_context
--- nsaserefpolicy/config/appconfig-mcs/failsafe_context 2008-08-07 11:15:14.000000000 -0400
+++ serefpolicy-3.5.4/config/appconfig-mcs/failsafe_context 2008-08-11 16:39:48.000000000 -0400
@@ -97,12 +104,14 @@
+system_r:unconfined_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts serefpolicy-3.5.4/config/appconfig-mcs/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.4/config/appconfig-mcs/guest_u_default_contexts 2008-08-11 16:39:48.000000000 -0400
-@@ -0,0 +1,4 @@
++++ serefpolicy-3.5.4/config/appconfig-mcs/guest_u_default_contexts 2008-08-13 13:52:31.000000000 -0400
+@@ -0,0 +1,6 @@
+system_r:local_login_t:s0 guest_r:guest_t:s0
+system_r:remote_login_t:s0 guest_r:guest_t:s0
+system_r:sshd_t:s0 guest_r:guest_t:s0
+system_r:crond_t:s0 guest_r:guest_crond_t:s0
++system_r:initrc_su_t:s0 guest_r:guest_t:s0
++guest_r:guest_t:s0 guest_r:guest_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.5.4/config/appconfig-mcs/root_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/root_default_contexts 2008-08-07 11:15:14.000000000 -0400
+++ serefpolicy-3.5.4/config/appconfig-mcs/root_default_contexts 2008-08-11 16:39:48.000000000 -0400
@@ -119,6 +128,47 @@
#
-#system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/seusers serefpolicy-3.5.4/config/appconfig-mcs/seusers
+--- nsaserefpolicy/config/appconfig-mcs/seusers 2008-08-07 11:15:14.000000000 -0400
++++ serefpolicy-3.5.4/config/appconfig-mcs/seusers 2008-08-13 13:53:52.000000000 -0400
+@@ -1,3 +1,3 @@
+ system_u:system_u:s0-mcs_systemhigh
+-root:root:s0-mcs_systemhigh
+-__default__:user_u:s0
++root:unconfined_u:s0-mcs_systemhigh
++__default__:unconfined_u:s0
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts serefpolicy-3.5.4/config/appconfig-mcs/staff_u_default_contexts
+--- nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
++++ serefpolicy-3.5.4/config/appconfig-mcs/staff_u_default_contexts 2008-08-13 13:52:19.000000000 -0400
+@@ -5,6 +5,8 @@
+ system_r:xdm_t:s0 staff_r:staff_t:s0
+ staff_r:staff_su_t:s0 staff_r:staff_t:s0
+ staff_r:staff_sudo_t:s0 staff_r:staff_t:s0
++system_r:initrc_su_t:s0 staff_r:staff_t:s0
++staff_r:staff_t:s0 staff_r:staff_t:s0
+ sysadm_r:sysadm_su_t:s0 sysadm_r:sysadm_t:s0
+ sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0
+
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts serefpolicy-3.5.4/config/appconfig-mcs/unconfined_u_default_contexts
+--- nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
++++ serefpolicy-3.5.4/config/appconfig-mcs/unconfined_u_default_contexts 2008-08-13 13:52:08.000000000 -0400
+@@ -6,4 +6,6 @@
+ system_r:sshd_t:s0 unconfined_r:unconfined_t:s0
+ system_r:sysadm_su_t:s0 unconfined_r:unconfined_t:s0
+ system_r:unconfined_t:s0 unconfined_r:unconfined_t:s0
++system_r:initrc_su_t:s0 unconfined_r:unconfined_t:s0
++unconfined_r:unconfined_t:s0 unconfined_r:unconfined_t:s0
+ system_r:xdm_t:s0 unconfined_r:unconfined_t:s0
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts serefpolicy-3.5.4/config/appconfig-mcs/user_u_default_contexts
+--- nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
++++ serefpolicy-3.5.4/config/appconfig-mcs/user_u_default_contexts 2008-08-13 13:53:05.000000000 -0400
+@@ -5,4 +5,5 @@
+ system_r:xdm_t:s0 user_r:user_t:s0
+ user_r:user_su_t:s0 user_r:user_t:s0
+ user_r:user_sudo_t:s0 user_r:user_t:s0
+-
++system_r:initrc_su_t:s0 user_r:user_t:s0
++user_r:user_t:s0 user_r:user_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.5.4/config/appconfig-mcs/userhelper_context
--- nsaserefpolicy/config/appconfig-mcs/userhelper_context 2008-08-07 11:15:14.000000000 -0400
+++ serefpolicy-3.5.4/config/appconfig-mcs/userhelper_context 2008-08-11 16:39:48.000000000 -0400
@@ -127,13 +177,15 @@
+system_u:system_r:unconfined_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.5.4/config/appconfig-mcs/xguest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.4/config/appconfig-mcs/xguest_u_default_contexts 2008-08-11 16:39:48.000000000 -0400
-@@ -0,0 +1,5 @@
++++ serefpolicy-3.5.4/config/appconfig-mcs/xguest_u_default_contexts 2008-08-13 13:52:27.000000000 -0400
+@@ -0,0 +1,7 @@
+system_r:local_login_t xguest_r:xguest_t:s0
+system_r:remote_login_t xguest_r:xguest_t:s0
+system_r:sshd_t xguest_r:xguest_t:s0
+system_r:crond_t xguest_r:xguest_crond_t:s0
+system_r:xdm_t xguest_r:xguest_t:s0
++system_r:initrc_su_t:s0 xguest_r:xguest_t:s0
++xguest_r:xguest_t:s0 xguest_r:xguest_t:s0
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts serefpolicy-3.5.4/config/appconfig-mls/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.5.4/config/appconfig-mls/guest_u_default_contexts 2008-08-11 16:39:48.000000000 -0400
@@ -1421,7 +1473,7 @@
usermanage_domtrans_useradd(rpm_script_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-3.5.4/policy/modules/admin/su.if
--- nsaserefpolicy/policy/modules/admin/su.if 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.4/policy/modules/admin/su.if 2008-08-11 16:39:48.000000000 -0400
++++ serefpolicy-3.5.4/policy/modules/admin/su.if 2008-08-12 17:04:57.000000000 -0400
@@ -41,15 +41,13 @@
allow $2 $1_su_t:process signal;
@@ -1440,7 +1492,7 @@
domtrans_pattern($2, su_exec_t, $1_su_t)
# By default, revert to the calling domain when a shell is executed.
-@@ -89,6 +87,7 @@
+@@ -89,28 +87,24 @@
libs_use_ld_so($1_su_t)
libs_use_shared_libs($1_su_t)
@@ -1448,30 +1500,58 @@
logging_send_syslog_msg($1_su_t)
miscfiles_read_localization($1_su_t)
-@@ -112,6 +111,10 @@
- userdom_spec_domtrans_unpriv_users($1_su_t)
- ')
+- ifdef(`distro_rhel4',`
+- domain_role_change_exemption($1_su_t)
+- domain_subj_id_change_exemption($1_su_t)
+- domain_obj_id_change_exemption($1_su_t)
+-
+- selinux_get_fs_mount($1_su_t)
+- selinux_validate_context($1_su_t)
+- selinux_compute_access_vector($1_su_t)
+- selinux_compute_create_context($1_su_t)
+- selinux_compute_relabel_context($1_su_t)
+- selinux_compute_user_contexts($1_su_t)
++ auth_login_pgm_domain($1_su_t)
+
+ seutil_read_config($1_su_t)
+ seutil_read_default_contexts($1_su_t)
+
+ # Only allow transitions to unprivileged user domains.
+ userdom_spec_domtrans_unpriv_users($1_su_t)
+- ')
++
+ # Deal with unconfined_terminals.
+ term_use_all_user_ttys($1_su_t)
+ term_use_all_user_ptys($1_su_t)
-+
++ term_relabel_all_user_ttys($1_su_t)
++ term_relabel_all_user_ptys($1_su_t)
+
optional_policy(`
cron_read_pipes($1_su_t)
- ')
-@@ -119,11 +122,6 @@
- optional_policy(`
+@@ -120,10 +114,17 @@
kerberos_use($1_su_t)
')
--
+
- ifdef(`TODO',`
- # Caused by su - init scripts
- dontaudit $1_su_t initrc_devpts_t:chr_file { getattr ioctl };
- ') dnl end TODO
++ optional_policy(`
++ xserver_domtrans_user_xauth($1, $1_su_t)
++ ')
++
++ tunable_policy(`use_nfs_home_dirs',`
++ fs_search_nfs($1_su_t)
++ ')
++
++ tunable_policy(`use_samba_home_dirs',`
[...2107 lines suppressed...]
template(`userdom_dontaudit_append_user_tmp_files',`
gen_require(`
@@ -34643,7 +34877,7 @@
')
########################################
-@@ -2832,12 +2872,12 @@
+@@ -2832,12 +2873,12 @@
#
template(`userdom_rw_user_tmp_files',`
gen_require(`
@@ -34659,7 +34893,7 @@
')
########################################
-@@ -2869,10 +2909,10 @@
+@@ -2869,10 +2910,10 @@
#
template(`userdom_dontaudit_manage_user_tmp_files',`
gen_require(`
@@ -34672,7 +34906,7 @@
')
########################################
-@@ -2904,12 +2944,12 @@
+@@ -2904,12 +2945,12 @@
#
template(`userdom_read_user_tmp_symlinks',`
gen_require(`
@@ -34688,7 +34922,7 @@
')
########################################
-@@ -2941,11 +2981,11 @@
+@@ -2941,11 +2982,11 @@
#
template(`userdom_manage_user_tmp_dirs',`
gen_require(`
@@ -34702,7 +34936,7 @@
')
########################################
-@@ -2977,11 +3017,11 @@
+@@ -2977,11 +3018,11 @@
#
template(`userdom_manage_user_tmp_files',`
gen_require(`
@@ -34716,7 +34950,7 @@
')
########################################
-@@ -3013,11 +3053,11 @@
+@@ -3013,11 +3054,11 @@
#
template(`userdom_manage_user_tmp_symlinks',`
gen_require(`
@@ -34730,7 +34964,7 @@
')
########################################
-@@ -3049,11 +3089,11 @@
+@@ -3049,11 +3090,11 @@
#
template(`userdom_manage_user_tmp_pipes',`
gen_require(`
@@ -34744,7 +34978,7 @@
')
########################################
-@@ -3085,11 +3125,11 @@
+@@ -3085,11 +3126,11 @@
#
template(`userdom_manage_user_tmp_sockets',`
gen_require(`
@@ -34758,7 +34992,7 @@
')
########################################
-@@ -3134,10 +3174,10 @@
+@@ -3134,10 +3175,10 @@
#
template(`userdom_user_tmp_filetrans',`
gen_require(`
@@ -34771,7 +35005,7 @@
files_search_tmp($2)
')
-@@ -3178,19 +3218,19 @@
+@@ -3178,19 +3219,19 @@
#
template(`userdom_tmp_filetrans_user_tmp',`
gen_require(`
@@ -34795,7 +35029,7 @@
## </p>
## <p>
## This is a templated interface, and should only
-@@ -4616,11 +4656,11 @@
+@@ -4616,11 +4657,11 @@
#
interface(`userdom_search_all_users_home_dirs',`
gen_require(`
@@ -34809,7 +35043,7 @@
')
########################################
-@@ -4640,6 +4680,14 @@
+@@ -4640,6 +4681,14 @@
files_list_home($1)
allow $1 home_dir_type:dir list_dir_perms;
@@ -34824,7 +35058,7 @@
')
########################################
-@@ -4677,6 +4725,8 @@
+@@ -4677,6 +4726,8 @@
')
dontaudit $1 { home_dir_type home_type }:dir search_dir_perms;
@@ -34833,7 +35067,7 @@
')
########################################
-@@ -4721,6 +4771,25 @@
+@@ -4721,6 +4772,25 @@
########################################
## <summary>
@@ -34859,7 +35093,7 @@
## Create, read, write, and delete all files
## in all users home directories.
## </summary>
-@@ -4946,7 +5015,7 @@
+@@ -4946,7 +5016,7 @@
########################################
## <summary>
@@ -34868,7 +35102,7 @@
## </summary>
## <param name="domain">
## <summary>
-@@ -5318,6 +5387,42 @@
+@@ -5318,6 +5388,42 @@
########################################
## <summary>
@@ -34911,7 +35145,7 @@
## Read and write unprivileged user ttys.
## </summary>
## <param name="domain">
-@@ -5368,7 +5473,7 @@
+@@ -5368,7 +5474,7 @@
attribute userdomain;
')
@@ -34920,7 +35154,7 @@
kernel_search_proc($1)
')
-@@ -5483,7 +5588,7 @@
+@@ -5483,7 +5589,7 @@
########################################
## <summary>
@@ -34929,7 +35163,7 @@
## </summary>
## <param name="domain">
## <summary>
-@@ -5491,10 +5596,46 @@
+@@ -5491,10 +5597,46 @@
## </summary>
## </param>
#
@@ -34978,7 +35212,7 @@
')
allow $1 userdomain:dbus send_msg;
-@@ -5513,3 +5654,525 @@
+@@ -5513,3 +5655,525 @@
interface(`userdom_unconfined',`
refpolicywarn(`$0($*) has been deprecated.')
')
@@ -35400,7 +35634,7 @@
+#
+interface(`userdom_relabel_all_home_dirs',`
+ gen_require(`
-+ type user_home_type;
++ attribute user_home_type;
+ ')
+
+ files_search_home($1)
@@ -35419,7 +35653,7 @@
+#
+interface(`userdom_relabel_all_home_files',`
+ gen_require(`
-+ type user_home_type;
++ attribute user_home_type;
+ ')
+
+ files_search_home($1)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.697
retrieving revision 1.698
diff -u -r1.697 -r1.698
--- selinux-policy.spec 12 Aug 2008 15:06:36 -0000 1.697
+++ selinux-policy.spec 13 Aug 2008 18:39:07 -0000 1.698
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.5.4
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -380,6 +380,9 @@
%endif
%changelog
+* Tue Aug 12 2008 Dan Walsh <dwalsh at redhat.com> 3.5.4-2
+- Allow ifconfig_t to read dhcpc_state_t
+
* Mon Aug 11 2008 Dan Walsh <dwalsh at redhat.com> 3.5.4-1
- Update to upstream
- Previous message: rpms/gedit/devel .cvsignore, 1.75, 1.76 gedit.spec, 1.159, 1.160 sources, 1.77, 1.78
- Next message: rpms/hal-info/devel .cvsignore, 1.14, 1.15 hal-info.spec, 1.25, 1.26 sources, 1.15, 1.16
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list