rpms/selinux-policy/devel policy-20080710.patch, 1.50, 1.51 selinux-policy.spec, 1.714, 1.715

Daniel J Walsh dwalsh at fedoraproject.org
Wed Oct 1 12:27:41 UTC 2008 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv20809

Modified Files:
	policy-20080710.patch selinux-policy.spec 
Log Message:
* Wed Oct 1 2008 Dan Walsh <dwalsh at redhat.com> 3.5.9-3
- Allow nsplugin to comminicate with xdm_tmp_t sock_file


policy-20080710.patch:

Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080710.patch,v
retrieving revision 1.50
retrieving revision 1.51
diff -u -r1.50 -r1.51
--- policy-20080710.patch	30 Sep 2008 14:39:16 -0000	1.50
+++ policy-20080710.patch	1 Oct 2008 12:27:10 -0000	1.51
@@ -4711,8 +4711,8 @@
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.5.9/policy/modules/apps/nsplugin.te
 --- nsaserefpolicy/policy/modules/apps/nsplugin.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.9/policy/modules/apps/nsplugin.te	2008-09-29 11:06:29.000000000 -0400
-@@ -0,0 +1,234 @@
++++ serefpolicy-3.5.9/policy/modules/apps/nsplugin.te	2008-10-01 07:36:31.000000000 -0400
+@@ -0,0 +1,235 @@
 +
 +policy_module(nsplugin, 1.0.0)
 +
@@ -4869,6 +4869,7 @@
 +')
 +
 +optional_policy(`
++	xserver_stream_connect_xdm(nsplugin_t)
 +	xserver_stream_connect_xdm_xserver(nsplugin_t)
 +	xserver_rw_xdm_xserver_shm(nsplugin_t)
 +	xserver_read_xdm_tmp_files(nsplugin_t)
@@ -10862,7 +10863,7 @@
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.5.9/policy/modules/services/apache.te
 --- nsaserefpolicy/policy/modules/services/apache.te	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.9/policy/modules/services/apache.te	2008-09-25 08:33:18.000000000 -0400
++++ serefpolicy-3.5.9/policy/modules/services/apache.te	2008-10-01 07:40:09.000000000 -0400
 @@ -20,6 +20,8 @@
  # Declarations
  #
@@ -13545,7 +13546,7 @@
 -') dnl end TODO
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.5.9/policy/modules/services/cups.fc
 --- nsaserefpolicy/policy/modules/services/cups.fc	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.9/policy/modules/services/cups.fc	2008-09-30 10:27:16.000000000 -0400
++++ serefpolicy-3.5.9/policy/modules/services/cups.fc	2008-10-01 07:43:49.000000000 -0400
 @@ -8,24 +8,33 @@
  /etc/cups/ppd/.*	--	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
  /etc/cups/ppds\.dat	--	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -13592,7 +13593,7 @@
  
  /var/cache/alchemist/printconf.* gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
  /var/cache/foomatic(/.*)? 	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-@@ -43,10 +52,20 @@
+@@ -43,10 +52,19 @@
  /var/lib/cups/certs/.*	--	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
  
  /var/log/cups(/.*)?		gen_context(system_u:object_r:cupsd_log_t,s0)
@@ -13606,9 +13607,8 @@
  /var/run/ptal-printd(/.*)?	gen_context(system_u:object_r:ptal_var_run_t,s0)
  /var/run/ptal-mlcd(/.*)?	gen_context(system_u:object_r:ptal_var_run_t,s0)
 +
-+/usr/local/Brother/inf(/.*)?	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-+/usr/local/Brother/[^/]*/inf(/.*)?      gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-+/usr/local/Printer/[^/]*/inf(/.*)?      gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
++/usr/local/Brother/(.*/)?inf(/.*)?      gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
++/usr/local/Printer/(.*/)?inf(/.*)?      gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
 +
 +
 +/usr/local/linuxprinter/ppd(/.*)?      gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -15344,7 +15344,7 @@
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.5.9/policy/modules/services/dnsmasq.te
 --- nsaserefpolicy/policy/modules/services/dnsmasq.te	2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.9/policy/modules/services/dnsmasq.te	2008-09-25 08:33:18.000000000 -0400
++++ serefpolicy-3.5.9/policy/modules/services/dnsmasq.te	2008-09-30 23:38:02.000000000 -0400
 @@ -10,6 +10,9 @@
  type dnsmasq_exec_t;
  init_daemon_domain(dnsmasq_t, dnsmasq_exec_t)
@@ -15373,16 +15373,17 @@
  files_var_lib_filetrans(dnsmasq_t,dnsmasq_lease_t,file)
  
  manage_files_pattern(dnsmasq_t, dnsmasq_var_run_t, dnsmasq_var_run_t)
-@@ -56,7 +59,7 @@
+@@ -55,8 +58,7 @@
+ corenet_tcp_bind_all_nodes(dnsmasq_t)
  corenet_udp_bind_all_nodes(dnsmasq_t)
  corenet_tcp_bind_dns_port(dnsmasq_t)
- corenet_udp_bind_dns_port(dnsmasq_t)
+-corenet_udp_bind_dns_port(dnsmasq_t)
 -corenet_udp_bind_dhcpd_port(dnsmasq_t)
 +corenet_udp_bind_all_ports(dnsmasq_t)
  corenet_sendrecv_dns_server_packets(dnsmasq_t)
  corenet_sendrecv_dhcpd_server_packets(dnsmasq_t)
  
-@@ -95,3 +98,7 @@
+@@ -95,3 +97,7 @@
  optional_policy(`
  	udev_read_db(dnsmasq_t)
  ')
@@ -25691,6 +25692,17 @@
  corenet_all_recvfrom_unlabeled(stunnel_t)
  corenet_all_recvfrom_netlabel(stunnel_t)
  corenet_tcp_sendrecv_all_if(stunnel_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sysstat.te serefpolicy-3.5.9/policy/modules/services/sysstat.te
+--- nsaserefpolicy/policy/modules/services/sysstat.te	2008-08-07 11:15:11.000000000 -0400
++++ serefpolicy-3.5.9/policy/modules/services/sysstat.te	2008-10-01 07:40:20.000000000 -0400
+@@ -47,6 +47,7 @@
+ files_read_etc_files(sysstat_t)
+ 
+ fs_getattr_xattr_fs(sysstat_t)
++fs_list_inotifyfs(sysstat_t)
+ 
+ term_use_console(sysstat_t)
+ term_use_all_terms(sysstat_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/telnet.te serefpolicy-3.5.9/policy/modules/services/telnet.te
 --- nsaserefpolicy/policy/modules/services/telnet.te	2008-08-07 11:15:11.000000000 -0400
 +++ serefpolicy-3.5.9/policy/modules/services/telnet.te	2008-09-25 08:33:18.000000000 -0400
@@ -26221,7 +26233,7 @@
  /var/lib/pam_devperm/:0	--	gen_context(system_u:object_r:xdm_var_lib_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.5.9/policy/modules/services/xserver.if
 --- nsaserefpolicy/policy/modules/services/xserver.if	2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.5.9/policy/modules/services/xserver.if	2008-09-26 13:06:46.000000000 -0400
++++ serefpolicy-3.5.9/policy/modules/services/xserver.if	2008-10-01 07:36:13.000000000 -0400
 @@ -16,6 +16,7 @@
  	gen_require(`
  		type xkb_var_lib_t, xserver_exec_t, xserver_log_t;


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.714
retrieving revision 1.715
diff -u -r1.714 -r1.715
--- selinux-policy.spec	30 Sep 2008 14:39:16 -0000	1.714
+++ selinux-policy.spec	1 Oct 2008 12:27:11 -0000	1.715
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.5.9
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -390,6 +390,9 @@
 %endif
 
 %changelog
+* Wed Oct 1 2008 Dan Walsh <dwalsh at redhat.com> 3.5.9-3
+- Allow nsplugin to comminicate with xdm_tmp_t sock_file
+
 * Mon Sep 29 2008 Dan Walsh <dwalsh at redhat.com> 3.5.9-2
 - Change all user tmpfs_t files to be labeled user_tmpfs_t
 - Allow radiusd to create sock_files

More information about the scm-commits mailing list