rpms/selinux-policy/F-10 policy-20080710.patch, 1.92, 1.93 selinux-policy.spec, 1.745, 1.746
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Nov 7 15:02:39 UTC 2008
- Previous message: rpms/policycoreutils/devel policycoreutils-rhat.patch, 1.400, 1.401 policycoreutils.spec, 1.570, 1.571
- Next message: rpms/moodle/devel .cvsignore, 1.14, 1.15 moodle.spec, 1.32, 1.33 sources, 1.17, 1.18
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13046
Modified Files:
policy-20080710.patch selinux-policy.spec
Log Message:
* Fri Nov 5 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-19
- Fix labeling on /var/spool/rsyslog
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.92
retrieving revision 1.93
diff -u -r1.92 -r1.93
--- policy-20080710.patch 6 Nov 2008 17:47:54 -0000 1.92
+++ policy-20080710.patch 7 Nov 2008 15:02:08 -0000 1.93
@@ -19457,7 +19457,7 @@
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.5.13/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/postfix.te 2008-10-28 10:56:19.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/services/postfix.te 2008-11-06 13:11:09.000000000 -0500
@@ -6,6 +6,14 @@
# Declarations
#
@@ -19666,11 +19666,12 @@
optional_policy(`
procmail_domtrans(postfix_pipe_t)
')
-@@ -397,6 +454,14 @@
+@@ -397,6 +454,15 @@
')
optional_policy(`
+ mta_manage_spool(postfix_pipe_t)
++ mta_send_mail(postfix_pipe_t)
+')
+
+optional_policy(`
@@ -19681,7 +19682,7 @@
uucp_domtrans_uux(postfix_pipe_t)
')
-@@ -433,8 +498,11 @@
+@@ -433,8 +499,11 @@
')
optional_policy(`
@@ -19695,7 +19696,7 @@
')
#######################################
-@@ -460,6 +528,15 @@
+@@ -460,6 +529,15 @@
init_sigchld_script(postfix_postqueue_t)
init_use_script_fds(postfix_postqueue_t)
@@ -19711,7 +19712,7 @@
########################################
#
# Postfix qmgr local policy
-@@ -543,6 +620,10 @@
+@@ -543,6 +621,10 @@
mta_read_aliases(postfix_smtpd_t)
optional_policy(`
@@ -19722,7 +19723,7 @@
mailman_read_data_files(postfix_smtpd_t)
')
-@@ -569,7 +650,7 @@
+@@ -569,7 +651,7 @@
files_tmp_filetrans(postfix_virtual_t, postfix_virtual_tmp_t, { file dir })
# connect to master process
@@ -20396,7 +20397,7 @@
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.5.13/policy/modules/services/prelude.te
--- nsaserefpolicy/policy/modules/services/prelude.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/prelude.te 2008-10-28 10:56:19.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/services/prelude.te 2008-11-06 13:23:25.000000000 -0500
@@ -13,25 +13,57 @@
type prelude_spool_t;
files_type(prelude_spool_t)
@@ -20507,13 +20508,14 @@
dev_read_rand(prelude_audisp_t)
dev_read_urand(prelude_audisp_t)
-@@ -117,15 +161,139 @@
+@@ -117,15 +161,140 @@
# Init script handling
domain_use_interactive_fds(prelude_audisp_t)
+kernel_read_sysctl(prelude_audisp_t)
+
files_read_etc_files(prelude_audisp_t)
++files_read_etc_runtime_files(prelude_audisp_t)
libs_use_ld_so(prelude_audisp_t)
libs_use_shared_libs(prelude_audisp_t)
@@ -20647,7 +20649,7 @@
########################################
#
# prewikka_cgi Declarations
-@@ -134,6 +302,20 @@
+@@ -134,6 +303,20 @@
optional_policy(`
apache_content_template(prewikka)
files_read_etc_files(httpd_prewikka_script_t)
@@ -28421,8 +28423,8 @@
-')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.5.13/policy/modules/system/logging.fc
--- nsaserefpolicy/policy/modules/system/logging.fc 2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/logging.fc 2008-10-28 10:56:19.000000000 -0400
-@@ -53,10 +53,10 @@
++++ serefpolicy-3.5.13/policy/modules/system/logging.fc 2008-11-07 08:13:03.000000000 -0500
+@@ -53,15 +53,18 @@
/var/named/chroot/var/log -d gen_context(system_u:object_r:var_log_t,s0)
')
@@ -28437,15 +28439,17 @@
/var/run/klogd\.pid -- gen_context(system_u:object_r:klogd_var_run_t,s0)
/var/run/log -s gen_context(system_u:object_r:devlog_t,s0)
/var/run/metalog\.pid -- gen_context(system_u:object_r:syslogd_var_run_t,s0)
-@@ -65,3 +65,5 @@
+ /var/run/syslogd\.pid -- gen_context(system_u:object_r:syslogd_var_run_t,s0)
+
/var/spool/postfix/pid -d gen_context(system_u:object_r:var_run_t,s0)
++/var/spool/plymouth/boot.log gen_context(system_u:object_r:var_log_t,s0)
++/var/spool/rsyslog(/.*)? gen_context(system_u:object_r:var_log_t,s0)
/var/tinydns/log/main(/.*)? gen_context(system_u:object_r:var_log_t,s0)
+
-+/var/spool/plymouth/boot.log gen_context(system_u:object_r:var_log_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.5.13/policy/modules/system/logging.if
--- nsaserefpolicy/policy/modules/system/logging.if 2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/logging.if 2008-10-28 10:56:19.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/logging.if 2008-11-06 13:16:14.000000000 -0500
@@ -451,7 +451,7 @@
')
@@ -28473,7 +28477,7 @@
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.5.13/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/logging.te 2008-10-28 10:56:19.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/logging.te 2008-11-06 13:13:09.000000000 -0500
@@ -129,7 +129,7 @@
allow auditd_t self:process { signal_perms setpgid setsched };
allow auditd_t self:file rw_file_perms;
@@ -28495,7 +28499,20 @@
allow audisp_t self:unix_stream_socket create_stream_socket_perms;
allow audisp_t self:unix_dgram_socket create_socket_perms;
-@@ -352,7 +352,7 @@
+@@ -237,9 +237,12 @@
+ domain_use_interactive_fds(audisp_t)
+
+ files_read_etc_files(audisp_t)
++files_read_etc_runtime_files(audisp_t)
+
+ mls_file_write_all_levels(audisp_t)
+
++auth_use_nsswitch(audisp_t)
++
+ libs_use_ld_so(audisp_t)
+ libs_use_shared_libs(audisp_t)
+
+@@ -352,7 +355,7 @@
allow syslogd_t self:unix_dgram_socket create_socket_perms;
allow syslogd_t self:unix_stream_socket create_stream_socket_perms;
allow syslogd_t self:unix_dgram_socket sendto;
@@ -30361,8 +30378,8 @@
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.5.13/policy/modules/system/unconfined.fc
--- nsaserefpolicy/policy/modules/system/unconfined.fc 2008-09-11 16:42:49.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/unconfined.fc 2008-10-28 10:56:19.000000000 -0400
-@@ -2,15 +2,28 @@
++++ serefpolicy-3.5.13/policy/modules/system/unconfined.fc 2008-11-06 13:03:04.000000000 -0500
+@@ -2,15 +2,29 @@
# e.g.:
# /usr/local/bin/appsrv -- gen_context(system_u:object_r:unconfined_exec_t,s0)
# For the time being until someone writes a sane policy, we need initrc to transition to unconfined_t
@@ -30391,15 +30408,16 @@
+/usr/lib64/erlang/erts-[^/]+/bin/beam.smp -- gen_context(system_u:object_r:execmem_exec_t,s0)
+/usr/lib/erlang/erts-[^/]+/bin/beam.smp -- gen_context(system_u:object_r:execmem_exec_t,s0)
+
-+/usr/bin/haddock.* -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
-+/usr/bin/hasktags -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
-+/usr/bin/runghc -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
-+/usr/bin/runhaskell -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
-+/usr/libexec/ghc-[^/]+/.*bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
-+/usr/libexec/ghc-[^/]+/ghc-.* -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
-+/usr/lib(64)?/ghc-[^/]+/ghc-.* -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
++/usr/bin/haddock.* -- gen_context(system_u:object_r:execmem_exec_t,s0)
++/usr/bin/hasktags -- gen_context(system_u:object_r:execmem_exec_t,s0)
++/usr/bin/runghc -- gen_context(system_u:object_r:execmem_exec_t,s0)
++/usr/bin/runhaskell -- gen_context(system_u:object_r:execmem_exec_t,s0)
++/usr/libexec/ghc-[^/]+/.*bin -- gen_context(system_u:object_r:execmem_exec_t,s0)
++/usr/libexec/ghc-[^/]+/ghc-.* -- gen_context(system_u:object_r:execmem_exec_t,s0)
++/usr/lib(64)?/ghc-[^/]+/ghc-.* -- gen_context(system_u:object_r:execmem_exec_t,s0)
+
-+/opt/real/(.*/)?realplay\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
++/opt/real/(.*/)?realplay\.bin -- gen_context(system_u:object_r:execmem_exec_t,s0)
++/usr/bin/gcl -- gen_context(system_u:object_r:execmem_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.5.13/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2008-09-11 16:42:49.000000000 -0400
+++ serefpolicy-3.5.13/policy/modules/system/unconfined.if 2008-10-29 13:21:22.000000000 -0400
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/selinux-policy.spec,v
retrieving revision 1.745
retrieving revision 1.746
diff -u -r1.745 -r1.746
--- selinux-policy.spec 6 Nov 2008 17:47:54 -0000 1.745
+++ selinux-policy.spec 7 Nov 2008 15:02:09 -0000 1.746
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.5.13
-Release: 18%{?dist}
+Release: 19%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -457,6 +457,9 @@
%endif
%changelog
+* Fri Nov 5 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-19
+- Fix labeling on /var/spool/rsyslog
+
* Thu Nov 5 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-18
- Allow postgresl to bind to udp nodes
- Previous message: rpms/policycoreutils/devel policycoreutils-rhat.patch, 1.400, 1.401 policycoreutils.spec, 1.570, 1.571
- Next message: rpms/moodle/devel .cvsignore, 1.14, 1.15 moodle.spec, 1.32, 1.33 sources, 1.17, 1.18
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list