rpms/selinux-policy/F-10 policy-20080710.patch, 1.93, 1.94 selinux-policy.spec, 1.746, 1.747
Daniel J Walsh
dwalsh at fedoraproject.org
Mon Nov 10 21:51:38 UTC 2008
- Previous message: comps comps-f10.xml.in, 1.169, 1.170 comps-f11.xml.in, 1.4, 1.5 comps-f9.xml.in, 1.411, 1.412
- Next message: rpms/appliance-tools/F-10 appliance-tools.spec, 1.6, 1.7 import.log, 1.2, 1.3 sources, 1.6, 1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv8435
Modified Files:
policy-20080710.patch selinux-policy.spec
Log Message:
* Mon Nov 10 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-20
- Change default boolean settings for xguest
- Allow mount to r/w image files
- Fix labes for several libraries that need textrel_shlib_t
- portreserve needs to be able to sendrecv unlabeled_t
- Fix Kerberos labeling
- Fix cups printing on hp printers
- Allow relabeling on blk devices on the homedir
- Allow nslpugin to r/w inodefs
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.93
retrieving revision 1.94
diff -u -r1.93 -r1.94
--- policy-20080710.patch 7 Nov 2008 15:02:08 -0000 1.93
+++ policy-20080710.patch 10 Nov 2008 21:51:06 -0000 1.94
@@ -4424,8 +4424,8 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.5.13/policy/modules/apps/nsplugin.te
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/policy/modules/apps/nsplugin.te 2008-11-06 12:46:21.000000000 -0500
-@@ -0,0 +1,272 @@
++++ serefpolicy-3.5.13/policy/modules/apps/nsplugin.te 2008-11-10 10:40:02.000000000 -0500
+@@ -0,0 +1,274 @@
+
+policy_module(nsplugin, 1.0.0)
+
@@ -4535,6 +4535,7 @@
+fs_getattr_tmpfs(nsplugin_t)
+fs_getattr_xattr_fs(nsplugin_t)
+fs_search_auto_mountpoints(nsplugin_t)
++fs_rw_anon_inodefs_files(nsplugin_t)
+
+storage_dontaudit_getattr_fixed_disk_dev(nsplugin_t)
+
@@ -4657,6 +4658,7 @@
+miscfiles_read_fonts(nsplugin_config_t)
+
+userdom_search_all_users_home_content(nsplugin_config_t)
++unprivuser_read_home_content_files(nsplugin_config_t)
+
+tunable_policy(`use_nfs_home_dirs',`
+ fs_manage_nfs_dirs(nsplugin_t)
@@ -5327,7 +5329,7 @@
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.5.13/policy/modules/apps/qemu.te
--- nsaserefpolicy/policy/modules/apps/qemu.te 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/apps/qemu.te 2008-10-28 10:56:19.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/apps/qemu.te 2008-11-10 09:31:53.000000000 -0500
@@ -6,6 +6,8 @@
# Declarations
#
@@ -7263,7 +7265,7 @@
/etc/localtime -l gen_context(system_u:object_r:etc_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.5.13/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/kernel/files.if 2008-10-29 12:09:50.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/kernel/files.if 2008-11-10 15:37:12.000000000 -0500
@@ -110,6 +110,11 @@
## </param>
#
@@ -7276,7 +7278,51 @@
files_type($1)
')
-@@ -1060,6 +1065,24 @@
+@@ -928,8 +933,8 @@
+ relabel_lnk_files_pattern($1, { file_type $2 }, { file_type $2 })
+ relabel_fifo_files_pattern($1, { file_type $2 }, { file_type $2 })
+ relabel_sock_files_pattern($1, { file_type $2 }, { file_type $2 })
+- relabelfrom_blk_files_pattern($1, { file_type $2 }, { file_type $2 })
+- relabelfrom_chr_files_pattern($1, { file_type $2 }, { file_type $2 })
++ relabel_blk_files_pattern($1, { file_type $2 }, { file_type $2 })
++ relabel_chr_files_pattern($1, { file_type $2 }, { file_type $2 })
+
+ # satisfy the assertions:
+ seutil_relabelto_bin_policy($1)
+@@ -953,6 +958,32 @@
+ ## </param>
+ ## <rolecap/>
+ #
++interface(`files_rw_all_files',`
++ gen_require(`
++ attribute file_type;
++ ')
++
++ rw_files_pattern($1, { file_type $2 }, { file_type $2 })
++')
++
++########################################
++## <summary>
++## Manage all files on the filesystem, except
++## the listed exceptions.
++## </summary>
++## <param name="domain">
++## <summary>
++## The type of the domain perfoming this action.
++## </summary>
++## </param>
++## <param name="exception_types" optional="true">
++## <summary>
++## The types to be excluded. Each type or attribute
++## must be negated by the caller.
++## </summary>
++## </param>
++## <rolecap/>
++#
+ interface(`files_manage_all_files',`
+ gen_require(`
+ attribute file_type;
+@@ -1060,6 +1091,24 @@
## </summary>
## </param>
#
@@ -7301,7 +7347,7 @@
interface(`files_relabelto_all_file_type_fs',`
gen_require(`
attribute file_type;
-@@ -1303,6 +1326,24 @@
+@@ -1303,6 +1352,24 @@
########################################
## <summary>
@@ -7326,7 +7372,7 @@
## Unmount a rootfs filesystem.
## </summary>
## <param name="domain">
-@@ -1889,6 +1930,26 @@
+@@ -1889,6 +1956,26 @@
########################################
## <summary>
@@ -7353,7 +7399,7 @@
## Do not audit attempts to write generic files in /etc.
## </summary>
## <param name="domain">
-@@ -2224,6 +2285,49 @@
+@@ -2224,6 +2311,49 @@
########################################
## <summary>
@@ -7403,7 +7449,7 @@
## Do not audit attempts to search directories on new filesystems
## that have not yet been labeled.
## </summary>
-@@ -2744,6 +2848,24 @@
+@@ -2744,6 +2874,24 @@
########################################
## <summary>
@@ -7428,7 +7474,7 @@
## Create, read, write, and delete symbolic links in /mnt.
## </summary>
## <param name="domain">
-@@ -3394,6 +3516,8 @@
+@@ -3394,6 +3542,8 @@
delete_lnk_files_pattern($1, tmpfile, tmpfile)
delete_fifo_files_pattern($1, tmpfile, tmpfile)
delete_sock_files_pattern($1, tmpfile, tmpfile)
@@ -7437,7 +7483,7 @@
')
########################################
-@@ -3471,6 +3595,47 @@
+@@ -3471,6 +3621,47 @@
########################################
## <summary>
@@ -7485,7 +7531,7 @@
## Get the attributes of files in /usr.
## </summary>
## <param name="domain">
-@@ -3547,6 +3712,24 @@
+@@ -3547,6 +3738,24 @@
########################################
## <summary>
@@ -7510,7 +7556,7 @@
## Relabel a file to the type used in /usr.
## </summary>
## <param name="domain">
-@@ -4433,6 +4616,25 @@
+@@ -4433,6 +4642,25 @@
########################################
## <summary>
@@ -7536,7 +7582,7 @@
## Read and write generic process ID files.
## </summary>
## <param name="domain">
-@@ -4761,12 +4963,14 @@
+@@ -4761,12 +4989,14 @@
allow $1 poly_t:dir { create mounton };
fs_unmount_xattr_fs($1)
@@ -7552,7 +7598,7 @@
')
')
-@@ -4787,3 +4991,71 @@
+@@ -4787,3 +5017,71 @@
typeattribute $1 files_unconfined_type;
')
@@ -9996,8 +10042,8 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.te serefpolicy-3.5.13/policy/modules/roles/xguest.te
--- nsaserefpolicy/policy/modules/roles/xguest.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/policy/modules/roles/xguest.te 2008-10-28 11:05:26.000000000 -0400
-@@ -0,0 +1,83 @@
++++ serefpolicy-3.5.13/policy/modules/roles/xguest.te 2008-11-10 11:13:37.000000000 -0500
+@@ -0,0 +1,87 @@
+
+policy_module(xguest, 1.0.0)
+
@@ -10006,21 +10052,21 @@
+## Allow xguest users to mount removable media
+## </p>
+## </desc>
-+gen_tunable(xguest_mount_media, false)
++gen_tunable(xguest_mount_media, true)
+
+## <desc>
+## <p>
+## Allow xguest to configure Network Manager
+## </p>
+## </desc>
-+gen_tunable(xguest_connect_network, false)
++gen_tunable(xguest_connect_network, true)
+
+## <desc>
+## <p>
+## Allow xguest to use blue tooth devices
+## </p>
+## </desc>
-+gen_tunable(xguest_use_bluetooth, false)
++gen_tunable(xguest_use_bluetooth, true)
+
+########################################
+#
@@ -10048,6 +10094,10 @@
+ mono_per_role_template(xguest, xguest_t, xguest_r)
+')
+
++optional_policy(`
++ nsplugin_per_role_template($1, $1_usertype, $1_r)
++')
++
+# Allow mounting of file systems
+optional_policy(`
+ tunable_policy(`xguest_mount_media',`
@@ -13770,7 +13820,7 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.5.13/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/cups.te 2008-10-29 13:51:55.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/services/cups.te 2008-11-10 14:07:38.000000000 -0500
@@ -20,6 +20,12 @@
type cupsd_etc_t;
files_config_file(cupsd_etc_t)
@@ -13870,7 +13920,7 @@
-read_files_pattern(cupsd_t, hplip_etc_t, hplip_etc_t)
-
-+allow cupsd_t hplip_t:process sigkill;
++allow cupsd_t hplip_t:process {signal sigkill };
allow cupsd_t hplip_var_run_t:file read_file_perms;
stream_connect_pattern(cupsd_t, ptal_var_run_t, ptal_var_run_t, ptal_t)
@@ -14073,16 +14123,17 @@
')
optional_policy(`
-@@ -500,7 +558,7 @@
+@@ -500,7 +558,8 @@
allow hplip_t self:udp_socket create_socket_perms;
allow hplip_t self:rawip_socket create_socket_perms;
-allow hplip_t cupsd_etc_t:dir search;
+allow hplip_t cupsd_etc_t:dir search_dir_perms;
++allow hplip_t cupsd_tmp_t:file rw_file_perms;
cups_stream_connect(hplip_t)
-@@ -509,6 +567,8 @@
+@@ -509,6 +568,8 @@
read_lnk_files_pattern(hplip_t, hplip_etc_t, hplip_etc_t)
files_search_etc(hplip_t)
@@ -14091,7 +14142,7 @@
manage_files_pattern(hplip_t, hplip_var_run_t, hplip_var_run_t)
files_pid_filetrans(hplip_t, hplip_var_run_t, file)
-@@ -538,7 +598,8 @@
+@@ -538,7 +599,8 @@
dev_read_urand(hplip_t)
dev_read_rand(hplip_t)
dev_rw_generic_usb_dev(hplip_t)
@@ -14101,7 +14152,7 @@
fs_getattr_all_fs(hplip_t)
fs_search_auto_mountpoints(hplip_t)
-@@ -564,12 +625,14 @@
+@@ -564,12 +626,14 @@
userdom_dontaudit_use_unpriv_user_fds(hplip_t)
userdom_dontaudit_search_all_users_home_content(hplip_t)
@@ -14117,7 +14168,7 @@
')
optional_policy(`
-@@ -651,3 +714,44 @@
+@@ -651,3 +715,44 @@
optional_policy(`
udev_read_db(ptal_t)
')
@@ -15206,7 +15257,7 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.5.13/policy/modules/services/dnsmasq.te
--- nsaserefpolicy/policy/modules/services/dnsmasq.te 2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/services/dnsmasq.te 2008-10-28 10:56:19.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/services/dnsmasq.te 2008-11-10 10:52:53.000000000 -0500
@@ -10,6 +10,9 @@
type dnsmasq_exec_t;
init_daemon_domain(dnsmasq_t, dnsmasq_exec_t)
@@ -16371,6 +16422,18 @@
auth_use_nsswitch(inetd_child_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.fc serefpolicy-3.5.13/policy/modules/services/kerberos.fc
+--- nsaserefpolicy/policy/modules/services/kerberos.fc 2008-10-10 15:53:03.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/services/kerberos.fc 2008-11-10 14:48:44.000000000 -0500
+@@ -20,7 +20,7 @@
+ /var/kerberos/krb5kdc(/.*)? gen_context(system_u:object_r:krb5kdc_conf_t,s0)
+ /var/kerberos/krb5kdc/from_master.* gen_context(system_u:object_r:krb5kdc_lock_t,s0)
+ /var/kerberos/krb5kdc/principal.* gen_context(system_u:object_r:krb5kdc_principal_t,s0)
+-/var/kerberos/krb5kdc/principal\.ok gen_context(system_u:object_r:krb5kdc_lock_t,s0)
++/var/kerberos/krb5kdc/kadm5\.keytab -- gen_context(system_u:object_r:krb5_keytab_t,s0)
+
+ /var/log/krb5kdc\.log gen_context(system_u:object_r:krb5kdc_log_t,s0)
+ /var/log/kadmin(d)?\.log gen_context(system_u:object_r:kadmind_log_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.5.13/policy/modules/services/kerberos.te
--- nsaserefpolicy/policy/modules/services/kerberos.te 2008-10-14 11:58:09.000000000 -0400
+++ serefpolicy-3.5.13/policy/modules/services/kerberos.te 2008-10-28 10:56:19.000000000 -0400
@@ -19284,8 +19347,8 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.te serefpolicy-3.5.13/policy/modules/services/portreserve.te
--- nsaserefpolicy/policy/modules/services/portreserve.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/policy/modules/services/portreserve.te 2008-10-28 11:20:02.000000000 -0400
-@@ -0,0 +1,53 @@
++++ serefpolicy-3.5.13/policy/modules/services/portreserve.te 2008-11-10 11:16:45.000000000 -0500
+@@ -0,0 +1,55 @@
+policy_module(portreserve,1.0.0)
+
+########################################
@@ -19323,6 +19386,8 @@
+manage_sock_files_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t)
+files_pid_filetrans(portreserve_t,portreserve_var_run_t, { file sock_file })
+
++corenet_sendrecv_unlabeled_packets(portreserve_t)
++corenet_all_recvfrom_netlabel(portreserve_t)
+corenet_tcp_bind_all_ports(portreserve_t)
+corenet_tcp_bind_all_ports(portreserve_t)
+corenet_udp_bind_all_nodes(portreserve_t)
@@ -28166,7 +28231,7 @@
allow iscsid_t iscsi_tmp_t:dir manage_dir_perms;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.5.13/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2008-08-13 15:24:56.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/libraries.fc 2008-11-05 11:29:07.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/system/libraries.fc 2008-11-10 09:54:43.000000000 -0500
@@ -60,12 +60,15 @@
#
# /opt
@@ -28211,7 +28276,14 @@
/usr/(.*/)?lib(64)?(/.*)?/nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?(/.*)?/nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libsipphoneapi\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -133,6 +145,7 @@
+@@ -127,12 +139,14 @@
+ /usr/lib(64)?/libGLU\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libjs\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libx264\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib(64)?/sse2/libx264\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?(/.*)?/libnvidia.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?(/.*)?/nvidia_drv.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/nvidia-graphics(-[^/]*/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/nvidia-graphics(-[^/]*/)?libnvidia.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/nvidia-graphics(-[^/]*/)?libXvMCNVIDIA\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/xorg/libGL\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -28219,7 +28291,7 @@
/usr/lib(64)?/xulrunner-[^/]*/libgtkembedmoz\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/xulrunner-[^/]*/libxul\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -168,7 +181,8 @@
+@@ -168,7 +182,8 @@
# Fedora Core packages: gstreamer-plugins, compat-libstdc++, Glide3, libdv
# HelixPlayer, SDL, xorg-x11, xorg-x11-libs, Hermes, valgrind, openoffice.org-libs, httpd - php
/usr/lib(64)?/gstreamer-.*/[^/]*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -28229,7 +28301,7 @@
/usr/lib/firefox-[^/]*/plugins/nppdf.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/libFLAC\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -187,6 +201,7 @@
+@@ -187,6 +202,7 @@
/usr/lib(64)?/libdv\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/helix/plugins/[^/]*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/helix/codecs/[^/]*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -28237,7 +28309,7 @@
/usr/lib(64)?/libSDL-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/xorg/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/X11R6/lib/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -246,7 +261,7 @@
+@@ -246,7 +262,7 @@
# Flash plugin, Macromedia
HOME_DIR/\.mozilla(/.*)?/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -28246,7 +28318,7 @@
/usr/lib(64)?/.*/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/local/(.*/)?libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
HOME_DIR/.*/plugins/nprhapengine\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -267,6 +282,8 @@
+@@ -267,6 +283,8 @@
/usr/lib(64)?/vmware/lib(/.*)?/HConfig\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/vmware/(.*/)?VmPerl\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -28255,7 +28327,7 @@
# Java, Sun Microsystems (JPackage SRPM)
/usr/(.*/)?jre.*/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/local/(.*/)?jre.*/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -291,6 +308,8 @@
+@@ -291,6 +309,8 @@
/usr/lib/acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/acroread/.+\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/acroread/(.*/)?ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -28264,7 +28336,7 @@
') dnl end distro_redhat
#
-@@ -310,3 +329,18 @@
+@@ -310,3 +330,18 @@
/var/spool/postfix/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
/var/spool/postfix/usr(/.*)? gen_context(system_u:object_r:lib_t,s0)
/var/spool/postfix/lib(64)?/ld.*\.so.* -- gen_context(system_u:object_r:ld_so_t,s0)
@@ -28423,7 +28495,7 @@
-')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.5.13/policy/modules/system/logging.fc
--- nsaserefpolicy/policy/modules/system/logging.fc 2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/logging.fc 2008-11-07 08:13:03.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/system/logging.fc 2008-11-07 08:13:26.000000000 -0500
@@ -53,15 +53,18 @@
/var/named/chroot/var/log -d gen_context(system_u:object_r:var_log_t,s0)
')
@@ -28941,7 +29013,7 @@
samba_run_smbmount($1, $2, $3)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.5.13/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/mount.te 2008-10-28 10:56:19.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/mount.te 2008-11-10 15:37:25.000000000 -0500
@@ -18,17 +18,18 @@
init_system_domain(mount_t,mount_exec_t)
role system_r types mount_t;
@@ -29050,7 +29122,15 @@
ifdef(`distro_redhat',`
optional_policy(`
-@@ -167,6 +182,8 @@
+@@ -138,6 +153,7 @@
+ auth_read_all_dirs_except_shadow(mount_t)
+ auth_read_all_files_except_shadow(mount_t)
+ files_mounton_non_security(mount_t)
++ files_rw_all_files(mount_t)
+ ')
+
+ optional_policy(`
+@@ -167,6 +183,8 @@
fs_search_rpc(mount_t)
rpc_stub(mount_t)
@@ -29059,7 +29139,7 @@
')
optional_policy(`
-@@ -181,6 +198,11 @@
+@@ -181,6 +199,11 @@
')
')
@@ -29071,7 +29151,7 @@
# for kernel package installation
optional_policy(`
rpm_rw_pipes(mount_t)
-@@ -188,6 +210,7 @@
+@@ -188,6 +211,7 @@
optional_policy(`
samba_domtrans_smbmount(mount_t)
@@ -29079,7 +29159,7 @@
')
########################################
-@@ -198,4 +221,26 @@
+@@ -198,4 +222,26 @@
optional_policy(`
files_etc_filetrans_etc_runtime(unconfined_mount_t,file)
unconfined_domain(unconfined_mount_t)
@@ -29577,7 +29657,7 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.5.13/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/selinuxutil.te 2008-10-28 10:56:19.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/system/selinuxutil.te 2008-11-10 12:22:40.000000000 -0500
@@ -23,6 +23,9 @@
type selinux_config_t;
files_type(selinux_config_t)
@@ -31124,7 +31204,7 @@
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.5.13/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/system/userdomain.if 2008-11-03 17:15:19.000000000 -0500
++++ serefpolicy-3.5.13/policy/modules/system/userdomain.if 2008-11-10 11:10:03.000000000 -0500
@@ -28,10 +28,14 @@
class context contains;
')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/selinux-policy.spec,v
retrieving revision 1.746
retrieving revision 1.747
diff -u -r1.746 -r1.747
--- selinux-policy.spec 7 Nov 2008 15:02:09 -0000 1.746
+++ selinux-policy.spec 10 Nov 2008 21:51:07 -0000 1.747
@@ -457,6 +457,16 @@
%endif
%changelog
+* Mon Nov 10 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-20
+- Change default boolean settings for xguest
+- Allow mount to r/w image files
+- Fix labes for several libraries that need textrel_shlib_t
+- portreserve needs to be able to sendrecv unlabeled_t
+- Fix Kerberos labeling
+- Fix cups printing on hp printers
+- Allow relabeling on blk devices on the homedir
+- Allow nslpugin to r/w inodefs
+
* Fri Nov 5 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-19
- Fix labeling on /var/spool/rsyslog
- Previous message: comps comps-f10.xml.in, 1.169, 1.170 comps-f11.xml.in, 1.4, 1.5 comps-f9.xml.in, 1.411, 1.412
- Next message: rpms/appliance-tools/F-10 appliance-tools.spec, 1.6, 1.7 import.log, 1.2, 1.3 sources, 1.6, 1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list