rpms/selinux-policy/F-9 policy-20071130.patch,1.236,1.237

Daniel J Walsh dwalsh at fedoraproject.org
Thu Nov 13 22:50:40 UTC 2008 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7289

Modified Files:
	policy-20071130.patch 
Log Message:
* Thu Nov 13 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-109
- Allow openvpn to create /etc/openvpn/ipp.txt


policy-20071130.patch:

Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.236
retrieving revision 1.237
diff -u -r1.236 -r1.237
--- policy-20071130.patch	13 Nov 2008 19:31:41 -0000	1.236
+++ policy-20071130.patch	13 Nov 2008 22:50:08 -0000	1.237
@@ -7695,7 +7695,7 @@
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in	2008-11-13 14:23:30.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in	2008-11-13 17:48:50.000000000 -0500
 @@ -1,5 +1,5 @@
  
 -policy_module(corenetwork,1.2.15)
@@ -7720,17 +7720,15 @@
  network_port(cvs, tcp,2401,s0, udp,2401,s0)
  network_port(dcc, udp,6276,s0, udp,6277,s0)
  network_port(dbskkd, tcp,1178,s0)
-@@ -90,7 +93,9 @@
- network_port(dict, tcp,2628,s0)
+@@ -91,6 +94,7 @@
  network_port(distccd, tcp,3632,s0)
  network_port(dns, udp,53,s0, tcp,53,s0)
-+network_port(dogtag, tcp,9443,s0)
  network_port(fingerd, tcp,79,s0)
 +network_port(flash, tcp,1935,s0, udp,1935,s0)
  network_port(ftp_data, tcp,20,s0)
  network_port(ftp, tcp,21,s0)
  network_port(gatekeeper, udp,1718,s0, udp,1719,s0, tcp,1721,s0, tcp,7000,s0)
-@@ -109,11 +114,14 @@
+@@ -109,11 +113,14 @@
  network_port(ircd, tcp,6667,s0)
  network_port(isakmp, udp,500,s0)
  network_port(iscsi, tcp,3260,s0)
@@ -7745,7 +7743,7 @@
  network_port(ktalkd, udp,517,s0, udp,518,s0)
  network_port(ldap, tcp,389,s0, udp,389,s0, tcp,636,s0, udp,636,s0, tcp,3268,s0)
  type lrrd_port_t, port_type; dnl network_port(lrrd_port_t) # no defined portcon
-@@ -122,6 +130,8 @@
+@@ -122,6 +129,8 @@
  network_port(mmcc, tcp,5050,s0, udp,5050,s0)
  network_port(monopd, tcp,1234,s0)
  network_port(msnp, tcp,1863,s0, udp,1863,s0)
@@ -7754,7 +7752,7 @@
  network_port(mysqld, tcp,1186,s0, tcp,3306,s0)
  portcon tcp 63132-63163 gen_context(system_u:object_r:mysqld_port_t, s0)
  network_port(nessus, tcp,1241,s0)
-@@ -132,11 +142,20 @@
+@@ -132,11 +141,20 @@
  network_port(openvpn, tcp,1194,s0, udp,1194,s0)
  network_port(pegasus_http, tcp,5988,s0)
  network_port(pegasus_https, tcp,5989,s0)
@@ -7775,7 +7773,7 @@
  network_port(printer, tcp,515,s0)
  network_port(ptal, tcp,5703,s0)
  network_port(pxe, udp,4011,s0)
-@@ -148,11 +167,11 @@
+@@ -148,11 +166,11 @@
  network_port(ricci_modcluster, tcp,16851,s0, udp,16851,s0)
  network_port(rlogind, tcp,513,s0)
  network_port(rndc, tcp,953,s0)
@@ -7789,7 +7787,7 @@
  network_port(smtp, tcp,25,s0, tcp,465,s0, tcp,587,s0)
  network_port(snmp, udp,161,s0, udp,162,s0, tcp,199,s0)
  network_port(spamd, tcp,783,s0)
-@@ -165,12 +184,18 @@
+@@ -165,12 +183,18 @@
  network_port(syslogd, udp,514,s0)
  network_port(telnetd, tcp,23,s0)
  network_port(tftp, udp,69,s0)
@@ -11392,7 +11390,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.3.1/policy/modules/services/apache.te
 --- nsaserefpolicy/policy/modules/services/apache.te	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/apache.te	2008-11-13 14:29:46.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/services/apache.te	2008-11-13 14:41:53.000000000 -0500
 @@ -20,6 +20,8 @@
  # Declarations
  #
@@ -11909,7 +11907,7 @@
 +')
 +
 +tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs', `
-+	fs_read_nfs_dirs(httpd_sys_script_t)
++	fs_list_nfs(httpd_sys_script_t)
  	fs_read_nfs_files(httpd_sys_script_t)
  	fs_read_nfs_symlinks(httpd_sys_script_t)
  ')
@@ -38145,7 +38143,7 @@
 +/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.3.1/policy/modules/system/sysnetwork.if
 --- nsaserefpolicy/policy/modules/system/sysnetwork.if	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.if	2008-11-03 16:14:39.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.if	2008-11-13 17:42:19.000000000 -0500
 @@ -145,6 +145,25 @@
  
  ########################################
@@ -38180,7 +38178,7 @@
  	allow $1 self:tcp_socket create_socket_perms;
  	allow $1 self:udp_socket create_socket_perms;
  
-@@ -493,6 +513,10 @@
+@@ -493,6 +513,14 @@
  
  	files_search_etc($1)
  	allow $1 net_conf_t:file read_file_perms;
@@ -38188,10 +38186,14 @@
 +	optional_policy(`
 +		avahi_stream_connect($1)
 +	')
++
++	optional_policy(`
++		nscd_socket_use($1)
++	')
  ')
  
  ########################################
-@@ -522,6 +546,8 @@
+@@ -522,6 +550,8 @@
  
  	files_search_etc($1)
  	allow $1 net_conf_t:file read_file_perms;
@@ -38200,7 +38202,7 @@
  ')
  
  ########################################
-@@ -556,3 +582,49 @@
+@@ -556,3 +586,49 @@
  	files_search_etc($1)
  	allow $1 net_conf_t:file read_file_perms;
  ')
@@ -38252,7 +38254,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.3.1/policy/modules/system/sysnetwork.te
 --- nsaserefpolicy/policy/modules/system/sysnetwork.te	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.te	2008-11-03 16:14:39.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.te	2008-11-13 17:42:43.000000000 -0500
 @@ -20,6 +20,10 @@
  init_daemon_domain(dhcpc_t,dhcpc_exec_t)
  role system_r types dhcpc_t;
@@ -38414,8 +38416,12 @@
  
  domain_use_interactive_fds(ifconfig_t)
  
-@@ -303,12 +335,16 @@
+@@ -301,14 +333,20 @@
  
+ seutil_use_runinit_fds(ifconfig_t)
+ 
++sysnet_dns_name_resolve(ifconfig_t)
++
  userdom_use_all_users_fds(ifconfig_t)
  
 +optional_policy(`
@@ -38432,7 +38438,7 @@
  ifdef(`hide_broken_symptoms',`
  	optional_policy(`
  		dev_dontaudit_rw_cardmgr(ifconfig_t)
-@@ -332,6 +368,14 @@
+@@ -332,6 +370,14 @@
  ')
  
  optional_policy(`
@@ -42774,8 +42780,8 @@
 +/etc/libvirt/.*/.*		gen_context(system_u:object_r:virt_etc_rw_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.if serefpolicy-3.3.1/policy/modules/system/virt.if
 --- nsaserefpolicy/policy/modules/system/virt.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/system/virt.if	2008-11-03 16:14:39.000000000 -0500
-@@ -0,0 +1,324 @@
++++ serefpolicy-3.3.1/policy/modules/system/virt.if	2008-11-13 14:47:53.000000000 -0500
+@@ -0,0 +1,343 @@
 +
 +## <summary>policy for virt</summary>
 +
@@ -43099,6 +43105,25 @@
 +	')
 +')
 +
++#######################################
++## <summary>
++##	Connect to virt over an unix domain stream socket.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`virt_stream_connect',`
++	gen_require(`
++		type virt_t, virt_var_run_t;
++	')
++
++	files_search_pids($1)
++	stream_connect_pattern($1,virt_var_run_t,virt_var_run_t,virt_t)
++')
++
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.te serefpolicy-3.3.1/policy/modules/system/virt.te
 --- nsaserefpolicy/policy/modules/system/virt.te	1969-12-31 19:00:00.000000000 -0500

More information about the scm-commits mailing list