rpms/selinux-policy/devel policy-20080509.patch, 1.13, 1.14 selinux-policy.spec, 1.671, 1.672
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Thu Jun 12 19:58:03 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5057
Modified Files:
policy-20080509.patch selinux-policy.spec
Log Message:
* Thu Jun 12 2008 Dan Walsh <dwalsh at redhat.com> 3.4.2-3
- Prevent applications from reading x_device
policy-20080509.patch:
Index: policy-20080509.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080509.patch,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- policy-20080509.patch 12 Jun 2008 18:26:59 -0000 1.13
+++ policy-20080509.patch 12 Jun 2008 19:57:12 -0000 1.14
@@ -25914,7 +25914,7 @@
/var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.4.2/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2008-05-19 10:26:38.000000000 -0400
-+++ serefpolicy-3.4.2/policy/modules/services/xserver.if 2008-06-12 12:10:32.884486000 -0400
++++ serefpolicy-3.4.2/policy/modules/services/xserver.if 2008-06-12 14:55:38.413681000 -0400
@@ -16,7 +16,8 @@
gen_require(`
type xkb_var_lib_t, xserver_exec_t, xserver_log_t;
@@ -26151,8 +26151,12 @@
fs_search_auto_mountpoints($1_iceauth_t)
-@@ -470,31 +472,9 @@
- allow $1_x_domain $1_xserver_t:x_device { read getattr use setattr setfocus grab bell };
+@@ -467,34 +469,12 @@
+ #
+
+ # Device rules
+- allow $1_x_domain $1_xserver_t:x_device { read getattr use setattr setfocus grab bell };
++ allow $1_x_domain $1_xserver_t:x_device { getattr use setattr setfocus grab bell };
allow $1_xserver_t { input_xevent_t $1_input_xevent_type }:x_event send;
+ allow $2 $1_input_xevent_type:x_event send;
@@ -26266,7 +26270,7 @@
+ # manage: xhost X11:ChangeHosts
+ # freeze: metacity X11:GrabKey
+ # force_cursor: metacity X11:GrabPointer
-+ allow $3 $1_xserver_t:x_device { read manage freeze force_cursor };
++ allow $3 $1_xserver_t:x_device { manage freeze force_cursor };
+ allow $3 $1_xserver_t:x_device { getfocus setfocus grab use getattr setattr bell };
+
+ # gnome-settings-daemon XKEYBOARD:SetControls
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.671
retrieving revision 1.672
diff -u -r1.671 -r1.672
--- selinux-policy.spec 12 Jun 2008 18:44:52 -0000 1.671
+++ selinux-policy.spec 12 Jun 2008 19:57:12 -0000 1.672
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.4.2
-Release: 2%{?dist}
+Release: 3%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -375,6 +375,9 @@
%endif
%changelog
+* Thu Jun 12 2008 Dan Walsh <dwalsh at redhat.com> 3.4.2-3
+- Prevent applications from reading x_device
+
* Thu Jun 12 2008 Dan Walsh <dwalsh at redhat.com> 3.4.2-2
- Add /var/lib/selinux context
More information about the scm-commits
mailing list