rpms/kernel/F-9 linux-2.6-selinux-recognise-addrlabel.patch, NONE, 1.1 kernel.spec, 1.859, 1.860

Dave Jones davej at fedoraproject.org
Wed Nov 19 21:04:30 UTC 2008 

Author: davej

Update of /cvs/pkgs/rpms/kernel/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10859

Modified Files:
	kernel.spec 
Added Files:
	linux-2.6-selinux-recognise-addrlabel.patch 
Log Message:
selinux: recognize netlink messages for 'ip addrlabel' (#469423)

linux-2.6-selinux-recognise-addrlabel.patch:

--- NEW FILE linux-2.6-selinux-recognise-addrlabel.patch ---
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index ff59c0c..4ed7bab 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -63,6 +63,9 @@ static struct nlmsg_perm nlmsg_route_perms[] =
 	{ RTM_GETANYCAST,	NETLINK_ROUTE_SOCKET__NLMSG_READ  },
 	{ RTM_GETNEIGHTBL,	NETLINK_ROUTE_SOCKET__NLMSG_READ  },
 	{ RTM_SETNEIGHTBL,	NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
+	{ RTM_NEWADDRLABEL,	NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
+	{ RTM_DELADDRLABEL,	NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
+	{ RTM_GETADDRLABEL,	NETLINK_ROUTE_SOCKET__NLMSG_READ  },
 };
 
 static struct nlmsg_perm nlmsg_firewall_perms[] =
-- 
1.6.0.3



Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-9/kernel.spec,v
retrieving revision 1.859
retrieving revision 1.860
diff -u -r1.859 -r1.860
--- kernel.spec	19 Nov 2008 18:20:02 -0000	1.859
+++ kernel.spec	19 Nov 2008 21:03:59 -0000	1.860
@@ -654,6 +654,7 @@
 
 Patch570: linux-2.6-selinux-mprotect-checks.patch
 Patch580: linux-2.6-sparc-selinux-mprotect-checks.patch
+Patch590: linux-2.6-selinux-recognise-addrlabel.patch
 
 # libata
 Patch670: linux-2.6-ata-quirk.patch
@@ -1215,6 +1216,8 @@
 ApplyPatch linux-2.6-selinux-mprotect-checks.patch
 # Fix SELinux for sparc
 ApplyPatch linux-2.6-sparc-selinux-mprotect-checks.patch
+# selinux: recognize netlink messages for 'ip addrlabel'
+ApplyPatch linux-2.6-selinux-recognise-addrlabel.patch
 
 # Changes to upstream defaults.
 
@@ -1894,6 +1897,9 @@
 %kernel_variant_files -a /%{image_install_path}/xen*-%{KVERREL}.xen -e /etc/ld.so.conf.d/kernelcap-%{KVERREL}.xen.conf %{with_xen} xen
 
 %changelog
+* Wed Nov 19 2008 Dave Jones <davej at redhat.com>
+- selinux: recognize netlink messages for 'ip addrlabel' (#469423)
+
 * Wed Nov 19 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.27.5-46
 - Change loop driver back to modular. (#472056)

More information about the scm-commits mailing list