rpms/selinux-policy/F-9 policy-20071130.patch,1.201,1.202

Fri Aug 29 20:55:33 UTC 2008

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv17655

Modified Files:
	policy-20071130.patch 
Log Message:
* Tue Aug 26 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-87
- Allow crontab to work for unconfined users
- Allow courier_authdaemon_t to create sock_file in courier_spool directories


policy-20071130.patch:

Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.201
retrieving revision 1.202
diff -u -r1.201 -r1.202

--- policy-20071130.patch	29 Aug 2008 20:40:27 -0000	1.201
+++ policy-20071130.patch	29 Aug 2008 20:55:32 -0000	1.202
@@ -7396,7 +7396,7 @@
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in	2008-08-15 15:31:02.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in	2008-08-29 16:52:50.000000000 -0400
 @@ -1,5 +1,5 @@
  
 -policy_module(corenetwork,1.2.15)
@@ -7424,7 +7424,7 @@
  network_port(dict, tcp,2628,s0)
  network_port(distccd, tcp,3632,s0)
  network_port(dns, udp,53,s0, tcp,53,s0)
-+network_port(dogtag, tcp,9080,s0, tcp,9443,s0)
++network_port(dogtag, tcp,9443,s0)
  network_port(fingerd, tcp,79,s0)
 +network_port(flash, tcp,1935,s0, udp,1935,s0)
  network_port(ftp_data, tcp,20,s0)
@@ -9076,7 +9076,7 @@
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.3.1/policy/modules/kernel/kernel.if
 --- nsaserefpolicy/policy/modules/kernel/kernel.if	2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/kernel/kernel.if	2008-07-15 14:02:51.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/kernel/kernel.if	2008-08-29 16:50:55.000000000 -0400
 @@ -851,9 +851,8 @@
  		type proc_t, proc_afs_t;
  	')
@@ -9104,6 +9104,40 @@
  ')
  
  ########################################
+@@ -2508,3 +2509,33 @@
+ 
+ 	typeattribute $1 kern_unconfined;
+ ')
++
++########################################
++## <summary>
++##      Relabel from unlabeled database objects.
++## </summary>
++## <param name="domain">
++##      <summary>
++##      Domain allowed access.
++##      </summary>
++## </param>
++#
++interface(`kernel_relabelfrom_unlabeled_database',`
++	gen_require(`
++		type unlabeled_t;
++		class db_database { setattr relabelfrom };
++		class db_table { setattr relabelfrom };
++		class db_procedure { setattr relabelfrom };
++		class db_column { setattr relabelfrom };
++		class db_tuple { update relabelfrom };
++		class db_blob { setattr relabelfrom };
++	')
++
++	allow $1 unlabeled_t:db_database { setattr relabelfrom };
++	allow $1 unlabeled_t:db_table { setattr relabelfrom };
++	allow $1 unlabeled_t:db_procedure { setattr relabelfrom };
++	allow $1 unlabeled_t:db_column { setattr relabelfrom };
++	allow $1 unlabeled_t:db_tuple { update relabelfrom };
++	allow $1 unlabeled_t:db_blob { setattr relabelfrom };
++')
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.3.1/policy/modules/kernel/kernel.te
 --- nsaserefpolicy/policy/modules/kernel/kernel.te	2008-06-12 23:38:02.000000000 -0400
 +++ serefpolicy-3.3.1/policy/modules/kernel/kernel.te	2008-07-15 14:02:51.000000000 -0400
@@ -32351,7 +32385,7 @@
 +/var/cfengine/outputs(/.*)?	gen_context(system_u:object_r:var_log_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.3.1/policy/modules/system/logging.if
 --- nsaserefpolicy/policy/modules/system/logging.if	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/logging.if	2008-08-29 16:21:41.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/logging.if	2008-08-29 16:47:43.000000000 -0400
 @@ -213,12 +213,7 @@
  ## </param>
  #
@@ -32553,7 +32587,7 @@
 +	role system_r types $1;
 +
 +	domtrans_pattern(audisp_t,$2,$1)
-+	allow audisp_t $1:process { sigkill sigstop signull signal }
++	allow audisp_t $1:process { sigkill sigstop signull signal };
 +	allow audisp_t $2:file getattr;
 +	allow $1 audisp_t:unix_stream_socket rw_socket_perms;
 +')


