rpms/selinux-policy/F-9 policy-20071130.patch, 1.225, 1.226 selinux-policy.spec, 1.717, 1.718
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 9 11:45:34 UTC 2008
- Previous message: rpms/kernel/F-9 linux-2.6-x86-improve-up-kernel-when-cpu-hotplug-and-smp.patch, NONE, 1.1 config-generic, 1.117, 1.118 kernel.spec, 1.786, 1.787 linux-2.6-x86-cpu-hotplug-allow-setting-additional-cpus.patch, 1.1, NONE
- Next message: rpms/kernel/F-8 linux-2.6-x86-improve-up-kernel-when-cpu-hotplug-and-smp.patch, NONE, 1.1 kernel.spec, 1.545, 1.546
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv8311
Modified Files:
policy-20071130.patch selinux-policy.spec
Log Message:
* Thu Oct 8 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-101
- Add openconnect to vpn policy
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.225
retrieving revision 1.226
diff -u -r1.225 -r1.226
--- policy-20071130.patch 9 Oct 2008 03:10:15 -0000 1.225
+++ policy-20071130.patch 9 Oct 2008 11:45:34 -0000 1.226
@@ -3462,9 +3462,29 @@
+ xserver_exec_pid(vbetool_t)
+ xserver_write_pid(vbetool_t)
+')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.fc serefpolicy-3.3.1/policy/modules/admin/vpn.fc
+--- nsaserefpolicy/policy/modules/admin/vpn.fc 2008-06-12 23:38:01.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/admin/vpn.fc 2008-10-09 07:41:58.000000000 -0400
+@@ -6,6 +6,7 @@
+ #
+ # /usr
+ #
++/usr/bin/openconnect -- gen_context(system_u:object_r:vpnc_exec_t,s0)
+ /usr/sbin/vpnc -- gen_context(system_u:object_r:vpnc_exec_t,s0)
+
+ /var/run/vpnc(/.*)? gen_context(system_u:object_r:vpnc_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if serefpolicy-3.3.1/policy/modules/admin/vpn.if
--- nsaserefpolicy/policy/modules/admin/vpn.if 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/admin/vpn.if 2008-10-03 11:04:46.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/admin/vpn.if 2008-10-09 07:42:12.000000000 -0400
+@@ -15,7 +15,7 @@
+ type vpnc_t, vpnc_exec_t;
+ ')
+
+- domtrans_pattern($1, vpnc_exec_t,vpnc_t)
++ domtrans_pattern($1, vpnc_exec_t, vpnc_t)
+ ')
+
+ ########################################
@@ -48,6 +48,7 @@
vpn_domtrans($1)
role $2 types vpnc_t;
@@ -3475,17 +3495,37 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-3.3.1/policy/modules/admin/vpn.te
--- nsaserefpolicy/policy/modules/admin/vpn.te 2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/admin/vpn.te 2008-10-03 11:04:46.000000000 -0400
-@@ -24,7 +24,8 @@
++++ serefpolicy-3.3.1/policy/modules/admin/vpn.te 2008-10-09 07:44:15.000000000 -0400
+@@ -1,5 +1,5 @@
+
+-policy_module(vpn,1.7.1)
++policy_module(vpn, 1.8.1)
- allow vpnc_t self:capability { dac_override net_admin ipc_lock net_raw };
- allow vpnc_t self:process getsched;
+ ########################################
+ #
+@@ -22,9 +22,10 @@
+ # Local policy
+ #
+
+-allow vpnc_t self:capability { dac_override net_admin ipc_lock net_raw };
+-allow vpnc_t self:process getsched;
-allow vpnc_t self:fifo_file { getattr ioctl read write };
++allow vpnc_t self:capability { dac_read_search dac_override net_admin ipc_lock net_raw };
++allow vpnc_t self:process { getsched signal };
+allow vpnc_t self:fifo_file rw_fifo_file_perms;
+allow vpnc_t self:netlink_route_socket rw_netlink_socket_perms;
allow vpnc_t self:tcp_socket create_stream_socket_perms;
allow vpnc_t self:udp_socket create_socket_perms;
allow vpnc_t self:rawip_socket create_socket_perms;
+@@ -43,7 +44,7 @@
+
+ kernel_read_system_state(vpnc_t)
+ kernel_read_network_state(vpnc_t)
+-kernel_read_kernel_sysctls(vpnc_t)
++kernel_read_all_sysctls(vpnc_t)
+ kernel_rw_net_sysctls(vpnc_t)
+
+ corenet_all_recvfrom_unlabeled(vpnc_t)
@@ -102,7 +103,6 @@
seutil_dontaudit_search_config(vpnc_t)
seutil_use_newrole_fds(vpnc_t)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/selinux-policy.spec,v
retrieving revision 1.717
retrieving revision 1.718
diff -u -r1.717 -r1.718
--- selinux-policy.spec 9 Oct 2008 02:28:54 -0000 1.717
+++ selinux-policy.spec 9 Oct 2008 11:45:34 -0000 1.718
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.3.1
-Release: 100%{?dist}
+Release: 101%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -386,6 +386,9 @@
%endif
%changelog
+* Thu Oct 8 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-101
+- Add openconnect to vpn policy
+
* Mon Oct 6 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-100
- Allow rsync to fownee and fsetid
- Previous message: rpms/kernel/F-9 linux-2.6-x86-improve-up-kernel-when-cpu-hotplug-and-smp.patch, NONE, 1.1 config-generic, 1.117, 1.118 kernel.spec, 1.786, 1.787 linux-2.6-x86-cpu-hotplug-allow-setting-additional-cpus.patch, 1.1, NONE
- Next message: rpms/kernel/F-8 linux-2.6-x86-improve-up-kernel-when-cpu-hotplug-and-smp.patch, NONE, 1.1 kernel.spec, 1.545, 1.546
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list