rpms/selinux-policy/devel policy-20080710.patch, 1.50, 1.51 selinux-policy.spec, 1.714, 1.715
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Oct 1 12:27:41 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv20809
Modified Files:
policy-20080710.patch selinux-policy.spec
Log Message:
* Wed Oct 1 2008 Dan Walsh <dwalsh at redhat.com> 3.5.9-3
- Allow nsplugin to comminicate with xdm_tmp_t sock_file
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080710.patch,v
retrieving revision 1.50
retrieving revision 1.51
diff -u -r1.50 -r1.51
--- policy-20080710.patch 30 Sep 2008 14:39:16 -0000 1.50
+++ policy-20080710.patch 1 Oct 2008 12:27:10 -0000 1.51
@@ -4711,8 +4711,8 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.5.9/policy/modules/apps/nsplugin.te
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.9/policy/modules/apps/nsplugin.te 2008-09-29 11:06:29.000000000 -0400
-@@ -0,0 +1,234 @@
++++ serefpolicy-3.5.9/policy/modules/apps/nsplugin.te 2008-10-01 07:36:31.000000000 -0400
+@@ -0,0 +1,235 @@
+
+policy_module(nsplugin, 1.0.0)
+
@@ -4869,6 +4869,7 @@
+')
+
+optional_policy(`
++ xserver_stream_connect_xdm(nsplugin_t)
+ xserver_stream_connect_xdm_xserver(nsplugin_t)
+ xserver_rw_xdm_xserver_shm(nsplugin_t)
+ xserver_read_xdm_tmp_files(nsplugin_t)
@@ -10862,7 +10863,7 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.5.9/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.9/policy/modules/services/apache.te 2008-09-25 08:33:18.000000000 -0400
++++ serefpolicy-3.5.9/policy/modules/services/apache.te 2008-10-01 07:40:09.000000000 -0400
@@ -20,6 +20,8 @@
# Declarations
#
@@ -13545,7 +13546,7 @@
-') dnl end TODO
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.5.9/policy/modules/services/cups.fc
--- nsaserefpolicy/policy/modules/services/cups.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.9/policy/modules/services/cups.fc 2008-09-30 10:27:16.000000000 -0400
++++ serefpolicy-3.5.9/policy/modules/services/cups.fc 2008-10-01 07:43:49.000000000 -0400
@@ -8,24 +8,33 @@
/etc/cups/ppd/.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
/etc/cups/ppds\.dat -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -13592,7 +13593,7 @@
/var/cache/alchemist/printconf.* gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
/var/cache/foomatic(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-@@ -43,10 +52,20 @@
+@@ -43,10 +52,19 @@
/var/lib/cups/certs/.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
/var/log/cups(/.*)? gen_context(system_u:object_r:cupsd_log_t,s0)
@@ -13606,9 +13607,8 @@
/var/run/ptal-printd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
/var/run/ptal-mlcd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
+
-+/usr/local/Brother/inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-+/usr/local/Brother/[^/]*/inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-+/usr/local/Printer/[^/]*/inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
++/usr/local/Brother/(.*/)?inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
++/usr/local/Printer/(.*/)?inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
+
+
+/usr/local/linuxprinter/ppd(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -15344,7 +15344,7 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.5.9/policy/modules/services/dnsmasq.te
--- nsaserefpolicy/policy/modules/services/dnsmasq.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.9/policy/modules/services/dnsmasq.te 2008-09-25 08:33:18.000000000 -0400
++++ serefpolicy-3.5.9/policy/modules/services/dnsmasq.te 2008-09-30 23:38:02.000000000 -0400
@@ -10,6 +10,9 @@
type dnsmasq_exec_t;
init_daemon_domain(dnsmasq_t, dnsmasq_exec_t)
@@ -15373,16 +15373,17 @@
files_var_lib_filetrans(dnsmasq_t,dnsmasq_lease_t,file)
manage_files_pattern(dnsmasq_t, dnsmasq_var_run_t, dnsmasq_var_run_t)
-@@ -56,7 +59,7 @@
+@@ -55,8 +58,7 @@
+ corenet_tcp_bind_all_nodes(dnsmasq_t)
corenet_udp_bind_all_nodes(dnsmasq_t)
corenet_tcp_bind_dns_port(dnsmasq_t)
- corenet_udp_bind_dns_port(dnsmasq_t)
+-corenet_udp_bind_dns_port(dnsmasq_t)
-corenet_udp_bind_dhcpd_port(dnsmasq_t)
+corenet_udp_bind_all_ports(dnsmasq_t)
corenet_sendrecv_dns_server_packets(dnsmasq_t)
corenet_sendrecv_dhcpd_server_packets(dnsmasq_t)
-@@ -95,3 +98,7 @@
+@@ -95,3 +97,7 @@
optional_policy(`
udev_read_db(dnsmasq_t)
')
@@ -25691,6 +25692,17 @@
corenet_all_recvfrom_unlabeled(stunnel_t)
corenet_all_recvfrom_netlabel(stunnel_t)
corenet_tcp_sendrecv_all_if(stunnel_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sysstat.te serefpolicy-3.5.9/policy/modules/services/sysstat.te
+--- nsaserefpolicy/policy/modules/services/sysstat.te 2008-08-07 11:15:11.000000000 -0400
++++ serefpolicy-3.5.9/policy/modules/services/sysstat.te 2008-10-01 07:40:20.000000000 -0400
+@@ -47,6 +47,7 @@
+ files_read_etc_files(sysstat_t)
+
+ fs_getattr_xattr_fs(sysstat_t)
++fs_list_inotifyfs(sysstat_t)
+
+ term_use_console(sysstat_t)
+ term_use_all_terms(sysstat_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/telnet.te serefpolicy-3.5.9/policy/modules/services/telnet.te
--- nsaserefpolicy/policy/modules/services/telnet.te 2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.9/policy/modules/services/telnet.te 2008-09-25 08:33:18.000000000 -0400
@@ -26221,7 +26233,7 @@
/var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.5.9/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.5.9/policy/modules/services/xserver.if 2008-09-26 13:06:46.000000000 -0400
++++ serefpolicy-3.5.9/policy/modules/services/xserver.if 2008-10-01 07:36:13.000000000 -0400
@@ -16,6 +16,7 @@
gen_require(`
type xkb_var_lib_t, xserver_exec_t, xserver_log_t;
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.714
retrieving revision 1.715
diff -u -r1.714 -r1.715
--- selinux-policy.spec 30 Sep 2008 14:39:16 -0000 1.714
+++ selinux-policy.spec 1 Oct 2008 12:27:11 -0000 1.715
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.5.9
-Release: 2%{?dist}
+Release: 3%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -390,6 +390,9 @@
%endif
%changelog
+* Wed Oct 1 2008 Dan Walsh <dwalsh at redhat.com> 3.5.9-3
+- Allow nsplugin to comminicate with xdm_tmp_t sock_file
+
* Mon Sep 29 2008 Dan Walsh <dwalsh at redhat.com> 3.5.9-2
- Change all user tmpfs_t files to be labeled user_tmpfs_t
- Allow radiusd to create sock_files
More information about the scm-commits
mailing list