rpms/selinux-policy/F-9 policy-20071130.patch, 1.225, 1.226 selinux-policy.spec, 1.717, 1.718

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 9 11:45:34 UTC 2008 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv8311

Modified Files:
	policy-20071130.patch selinux-policy.spec 
Log Message:
* Thu Oct 8 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-101
- Add openconnect to vpn policy


policy-20071130.patch:

Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.225
retrieving revision 1.226
diff -u -r1.225 -r1.226
--- policy-20071130.patch	9 Oct 2008 03:10:15 -0000	1.225
+++ policy-20071130.patch	9 Oct 2008 11:45:34 -0000	1.226
@@ -3462,9 +3462,29 @@
 +	xserver_exec_pid(vbetool_t)
 +	xserver_write_pid(vbetool_t)
 +')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.fc serefpolicy-3.3.1/policy/modules/admin/vpn.fc
+--- nsaserefpolicy/policy/modules/admin/vpn.fc	2008-06-12 23:38:01.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/admin/vpn.fc	2008-10-09 07:41:58.000000000 -0400
+@@ -6,6 +6,7 @@
+ #
+ # /usr
+ #
++/usr/bin/openconnect	--	gen_context(system_u:object_r:vpnc_exec_t,s0)
+ /usr/sbin/vpnc		--	gen_context(system_u:object_r:vpnc_exec_t,s0)
+ 
+ /var/run/vpnc(/.*)?		gen_context(system_u:object_r:vpnc_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if serefpolicy-3.3.1/policy/modules/admin/vpn.if
 --- nsaserefpolicy/policy/modules/admin/vpn.if	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/admin/vpn.if	2008-10-03 11:04:46.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/admin/vpn.if	2008-10-09 07:42:12.000000000 -0400
+@@ -15,7 +15,7 @@
+ 		type vpnc_t, vpnc_exec_t;
+ 	')
+ 
+-	domtrans_pattern($1, vpnc_exec_t,vpnc_t)
++	domtrans_pattern($1, vpnc_exec_t, vpnc_t)
+ ')
+ 
+ ########################################
 @@ -48,6 +48,7 @@
  	vpn_domtrans($1)
  	role $2 types vpnc_t;
@@ -3475,17 +3495,37 @@
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-3.3.1/policy/modules/admin/vpn.te
 --- nsaserefpolicy/policy/modules/admin/vpn.te	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/admin/vpn.te	2008-10-03 11:04:46.000000000 -0400
-@@ -24,7 +24,8 @@
++++ serefpolicy-3.3.1/policy/modules/admin/vpn.te	2008-10-09 07:44:15.000000000 -0400
+@@ -1,5 +1,5 @@
+ 
+-policy_module(vpn,1.7.1)
++policy_module(vpn, 1.8.1)
  
- allow vpnc_t self:capability { dac_override net_admin ipc_lock net_raw };
- allow vpnc_t self:process getsched;
+ ########################################
+ #
+@@ -22,9 +22,10 @@
+ # Local policy
+ #
+ 
+-allow vpnc_t self:capability { dac_override net_admin ipc_lock net_raw };
+-allow vpnc_t self:process getsched;
 -allow vpnc_t self:fifo_file { getattr ioctl read write };
++allow vpnc_t self:capability { dac_read_search dac_override net_admin ipc_lock net_raw };
++allow vpnc_t self:process { getsched signal };
 +allow vpnc_t self:fifo_file rw_fifo_file_perms;
 +allow vpnc_t self:netlink_route_socket rw_netlink_socket_perms;
  allow vpnc_t self:tcp_socket create_stream_socket_perms;
  allow vpnc_t self:udp_socket create_socket_perms;
  allow vpnc_t self:rawip_socket create_socket_perms;
+@@ -43,7 +44,7 @@
+ 
+ kernel_read_system_state(vpnc_t)
+ kernel_read_network_state(vpnc_t)
+-kernel_read_kernel_sysctls(vpnc_t)
++kernel_read_all_sysctls(vpnc_t)
+ kernel_rw_net_sysctls(vpnc_t)
+ 
+ corenet_all_recvfrom_unlabeled(vpnc_t)
 @@ -102,7 +103,6 @@
  seutil_dontaudit_search_config(vpnc_t)
  seutil_use_newrole_fds(vpnc_t)


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/selinux-policy.spec,v
retrieving revision 1.717
retrieving revision 1.718
diff -u -r1.717 -r1.718
--- selinux-policy.spec	9 Oct 2008 02:28:54 -0000	1.717
+++ selinux-policy.spec	9 Oct 2008 11:45:34 -0000	1.718
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.3.1
-Release: 100%{?dist}
+Release: 101%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -386,6 +386,9 @@
 %endif
 
 %changelog
+* Thu Oct 8 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-101
+- Add openconnect to vpn policy
+
 * Mon Oct 6 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-100
 - Allow rsync to fownee and fsetid

More information about the scm-commits mailing list