rpms/selinux-policy/F-10 policy-20080710.patch, 1.92, 1.93 selinux-policy.spec, 1.745, 1.746

Fri Nov 7 15:02:39 UTC 2008

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13046

Modified Files:
	policy-20080710.patch selinux-policy.spec 
Log Message:
* Fri Nov 5 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-19
- Fix labeling on /var/spool/rsyslog


policy-20080710.patch:

Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.92
retrieving revision 1.93
diff -u -r1.92 -r1.93

--- policy-20080710.patch	6 Nov 2008 17:47:54 -0000	1.92
+++ policy-20080710.patch	7 Nov 2008 15:02:08 -0000	1.93
@@ -19457,7 +19457,7 @@
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.5.13/policy/modules/services/postfix.te
 --- nsaserefpolicy/policy/modules/services/postfix.te	2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/postfix.te	2008-10-28 10:56:19.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/services/postfix.te	2008-11-06 13:11:09.000000000 -0500
 @@ -6,6 +6,14 @@
  # Declarations
  #
@@ -19666,11 +19666,12 @@
  optional_policy(`
  	procmail_domtrans(postfix_pipe_t)
  ')
-@@ -397,6 +454,14 @@
+@@ -397,6 +454,15 @@
  ')
  
  optional_policy(`
 +	mta_manage_spool(postfix_pipe_t)
++	mta_send_mail(postfix_pipe_t)
 +')
 +
 +optional_policy(`
@@ -19681,7 +19682,7 @@
  	uucp_domtrans_uux(postfix_pipe_t)
  ')
  
-@@ -433,8 +498,11 @@
+@@ -433,8 +499,11 @@
  ')
  
  optional_policy(`
@@ -19695,7 +19696,7 @@
  ')
  
  #######################################
-@@ -460,6 +528,15 @@
+@@ -460,6 +529,15 @@
  init_sigchld_script(postfix_postqueue_t)
  init_use_script_fds(postfix_postqueue_t)
  
@@ -19711,7 +19712,7 @@
  ########################################
  #
  # Postfix qmgr local policy
-@@ -543,6 +620,10 @@
+@@ -543,6 +621,10 @@
  mta_read_aliases(postfix_smtpd_t)
  
  optional_policy(`
@@ -19722,7 +19723,7 @@
  	mailman_read_data_files(postfix_smtpd_t)
  ')
  
-@@ -569,7 +650,7 @@
+@@ -569,7 +651,7 @@
  files_tmp_filetrans(postfix_virtual_t, postfix_virtual_tmp_t, { file dir })
  
  # connect to master process
@@ -20396,7 +20397,7 @@
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.5.13/policy/modules/services/prelude.te
 --- nsaserefpolicy/policy/modules/services/prelude.te	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/prelude.te	2008-10-28 10:56:19.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/services/prelude.te	2008-11-06 13:23:25.000000000 -0500
 @@ -13,25 +13,57 @@
  type prelude_spool_t;
  files_type(prelude_spool_t)
@@ -20507,13 +20508,14 @@
  
  dev_read_rand(prelude_audisp_t)
  dev_read_urand(prelude_audisp_t)
-@@ -117,15 +161,139 @@
+@@ -117,15 +161,140 @@
  # Init script handling
  domain_use_interactive_fds(prelude_audisp_t)
  
 +kernel_read_sysctl(prelude_audisp_t)
 +
  files_read_etc_files(prelude_audisp_t)
++files_read_etc_runtime_files(prelude_audisp_t)
  
  libs_use_ld_so(prelude_audisp_t)
  libs_use_shared_libs(prelude_audisp_t)
@@ -20647,7 +20649,7 @@
  ########################################
  #
  # prewikka_cgi Declarations
-@@ -134,6 +302,20 @@
+@@ -134,6 +303,20 @@
  optional_policy(`
  	apache_content_template(prewikka)
  	files_read_etc_files(httpd_prewikka_script_t)
@@ -28421,8 +28423,8 @@
 -')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.5.13/policy/modules/system/logging.fc
 --- nsaserefpolicy/policy/modules/system/logging.fc	2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/logging.fc	2008-10-28 10:56:19.000000000 -0400
-@@ -53,10 +53,10 @@
++++ serefpolicy-3.5.13/policy/modules/system/logging.fc	2008-11-07 08:13:03.000000000 -0500
+@@ -53,15 +53,18 @@
  /var/named/chroot/var/log -d	gen_context(system_u:object_r:var_log_t,s0)
  ')
  
@@ -28437,15 +28439,17 @@
  /var/run/klogd\.pid	--	gen_context(system_u:object_r:klogd_var_run_t,s0)
  /var/run/log		-s	gen_context(system_u:object_r:devlog_t,s0)
  /var/run/metalog\.pid	--	gen_context(system_u:object_r:syslogd_var_run_t,s0)
-@@ -65,3 +65,5 @@
+ /var/run/syslogd\.pid	--	gen_context(system_u:object_r:syslogd_var_run_t,s0)
+ 
  /var/spool/postfix/pid	-d	gen_context(system_u:object_r:var_run_t,s0)
++/var/spool/plymouth/boot.log	gen_context(system_u:object_r:var_log_t,s0)
++/var/spool/rsyslog(/.*)? 	gen_context(system_u:object_r:var_log_t,s0)
  
  /var/tinydns/log/main(/.*)?	gen_context(system_u:object_r:var_log_t,s0)
 +
-+/var/spool/plymouth/boot.log	gen_context(system_u:object_r:var_log_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.5.13/policy/modules/system/logging.if
 --- nsaserefpolicy/policy/modules/system/logging.if	2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/logging.if	2008-10-28 10:56:19.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/logging.if	2008-11-06 13:16:14.000000000 -0500
 @@ -451,7 +451,7 @@
  	')
  
@@ -28473,7 +28477,7 @@
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.5.13/policy/modules/system/logging.te
 --- nsaserefpolicy/policy/modules/system/logging.te	2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/logging.te	2008-10-28 10:56:19.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/logging.te	2008-11-06 13:13:09.000000000 -0500
 @@ -129,7 +129,7 @@
  allow auditd_t self:process { signal_perms setpgid setsched };
  allow auditd_t self:file rw_file_perms;
@@ -28495,7 +28499,20 @@
  allow audisp_t self:unix_stream_socket create_stream_socket_perms;
  allow audisp_t self:unix_dgram_socket create_socket_perms;
  
-@@ -352,7 +352,7 @@
+@@ -237,9 +237,12 @@
+ domain_use_interactive_fds(audisp_t)
+ 
+ files_read_etc_files(audisp_t)
++files_read_etc_runtime_files(audisp_t)
+ 
+ mls_file_write_all_levels(audisp_t)
+ 
++auth_use_nsswitch(audisp_t)
++
+ libs_use_ld_so(audisp_t)
+ libs_use_shared_libs(audisp_t)
+ 
+@@ -352,7 +355,7 @@
  allow syslogd_t self:unix_dgram_socket create_socket_perms;
  allow syslogd_t self:unix_stream_socket create_stream_socket_perms;
  allow syslogd_t self:unix_dgram_socket sendto;
@@ -30361,8 +30378,8 @@
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.5.13/policy/modules/system/unconfined.fc
 --- nsaserefpolicy/policy/modules/system/unconfined.fc	2008-09-11 16:42:49.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/unconfined.fc	2008-10-28 10:56:19.000000000 -0400
-@@ -2,15 +2,28 @@
++++ serefpolicy-3.5.13/policy/modules/system/unconfined.fc	2008-11-06 13:03:04.000000000 -0500
+@@ -2,15 +2,29 @@
  # e.g.:
  # /usr/local/bin/appsrv		--	gen_context(system_u:object_r:unconfined_exec_t,s0)
  # For the time being until someone writes a sane policy, we need initrc to transition to unconfined_t
@@ -30391,15 +30408,16 @@
 +/usr/lib64/erlang/erts-[^/]+/bin/beam.smp --	gen_context(system_u:object_r:execmem_exec_t,s0)
 +/usr/lib/erlang/erts-[^/]+/bin/beam.smp --	gen_context(system_u:object_r:execmem_exec_t,s0)
 +
-+/usr/bin/haddock.*  --	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
-+/usr/bin/hasktags  --	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
-+/usr/bin/runghc  --	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
-+/usr/bin/runhaskell  --	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
-+/usr/libexec/ghc-[^/]+/.*bin  --	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
-+/usr/libexec/ghc-[^/]+/ghc-.*  --	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
-+/usr/lib(64)?/ghc-[^/]+/ghc-.*  --	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
++/usr/bin/haddock.*  --	gen_context(system_u:object_r:execmem_exec_t,s0)
++/usr/bin/hasktags  --	gen_context(system_u:object_r:execmem_exec_t,s0)
++/usr/bin/runghc  --	gen_context(system_u:object_r:execmem_exec_t,s0)
++/usr/bin/runhaskell  --	gen_context(system_u:object_r:execmem_exec_t,s0)
++/usr/libexec/ghc-[^/]+/.*bin  --	gen_context(system_u:object_r:execmem_exec_t,s0)
++/usr/libexec/ghc-[^/]+/ghc-.*  --	gen_context(system_u:object_r:execmem_exec_t,s0)
++/usr/lib(64)?/ghc-[^/]+/ghc-.*  --	gen_context(system_u:object_r:execmem_exec_t,s0)
 +
-+/opt/real/(.*/)?realplay\.bin --	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
++/opt/real/(.*/)?realplay\.bin --	gen_context(system_u:object_r:execmem_exec_t,s0)
++/usr/bin/gcl 		       --	gen_context(system_u:object_r:execmem_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.5.13/policy/modules/system/unconfined.if
 --- nsaserefpolicy/policy/modules/system/unconfined.if	2008-09-11 16:42:49.000000000 -0400
 +++ serefpolicy-3.5.13/policy/modules/system/unconfined.if	2008-10-29 13:21:22.000000000 -0400


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/selinux-policy.spec,v
retrieving revision 1.745
retrieving revision 1.746
diff -u -r1.745 -r1.746
--- selinux-policy.spec	6 Nov 2008 17:47:54 -0000	1.745
+++ selinux-policy.spec	7 Nov 2008 15:02:09 -0000	1.746
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.5.13
-Release: 18%{?dist}
+Release: 19%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -457,6 +457,9 @@
 %endif
 
 %changelog
+* Fri Nov 5 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-19
+- Fix labeling on /var/spool/rsyslog
+
 * Thu Nov 5 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-18
 - Allow postgresl to bind to udp nodes
 


