rpms/selinux-policy/devel .cvsignore, 1.151, 1.152 policy-20080710.patch, 1.60, 1.61 selinux-policy.spec, 1.721, 1.722 sources, 1.167, 1.168
Daniel J Walsh
dwalsh at fedoraproject.org
Sat Oct 11 23:58:14 UTC 2008
- Previous message: rpms/python-peak-rules/devel .cvsignore, 1.2, 1.3 python-peak-rules.spec, 1.1, 1.2 sources, 1.2, 1.3
- Next message: rpms/xdvik/devel xdvik-22.84.14-pxdvi.patch, 1.1, 1.2 xdvik.spec, 1.24, 1.25
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv17751
Modified Files:
.cvsignore policy-20080710.patch selinux-policy.spec sources
Log Message:
* Fri Oct 10 2008 Dan Walsh <dwalsh at redhat.com> 3.5.12-1
- Update to upstream
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/.cvsignore,v
retrieving revision 1.151
retrieving revision 1.152
diff -u -r1.151 -r1.152
--- .cvsignore 9 Oct 2008 10:48:56 -0000 1.151
+++ .cvsignore 11 Oct 2008 23:57:43 -0000 1.152
@@ -153,3 +153,4 @@
serefpolicy-3.5.9.tgz
serefpolicy-3.5.10.tgz
serefpolicy-3.5.11.tgz
+serefpolicy-3.5.12.tgz
policy-20080710.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.60 -r 1.61 policy-20080710.patch
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080710.patch,v
retrieving revision 1.60
retrieving revision 1.61
diff -u -r1.60 -r1.61
--- policy-20080710.patch 9 Oct 2008 11:58:31 -0000 1.60
+++ policy-20080710.patch 11 Oct 2008 23:57:43 -0000 1.61
@@ -1,6 +1,6 @@
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.5.11/Makefile
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.5.12/Makefile
--- nsaserefpolicy/Makefile 2008-08-07 11:15:00.000000000 -0400
-+++ serefpolicy-3.5.11/Makefile 2008-10-08 20:36:17.000000000 -0400
++++ serefpolicy-3.5.12/Makefile 2008-10-10 16:08:15.000000000 -0400
@@ -311,20 +311,22 @@
# parse-rolemap modulename,outputfile
@@ -45,9 +45,9 @@
$(appdir)/%: $(appconf)/%
@mkdir -p $(appdir)
$(verbose) $(INSTALL) -m 644 $< $@
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.5.11/Rules.modular
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.5.12/Rules.modular
--- nsaserefpolicy/Rules.modular 2008-08-07 11:15:00.000000000 -0400
-+++ serefpolicy-3.5.11/Rules.modular 2008-10-08 20:36:17.000000000 -0400
++++ serefpolicy-3.5.12/Rules.modular 2008-10-10 16:08:15.000000000 -0400
@@ -73,8 +73,8 @@
$(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
@echo "Compliling $(NAME) $(@F) module"
@@ -77,9 +77,9 @@
$(tmpdir)/all_te_files.conf: M4PARAM += -D self_contained_policy
$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(tmpdir)/rolemap.conf
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.5.11/config/appconfig-mcs/default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.5.12/config/appconfig-mcs/default_contexts
--- nsaserefpolicy/config/appconfig-mcs/default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.11/config/appconfig-mcs/default_contexts 2008-10-08 20:36:17.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mcs/default_contexts 2008-10-10 16:08:15.000000000 -0400
@@ -1,15 +1,6 @@
-system_r:crond_t:s0 user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 unconfined_r:unconfined_crond_t:s0
-system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
@@ -101,15 +101,15 @@
-user_r:user_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
-user_r:user_sudo_t:s0 sysadm_r:sysadm_t:s0 user_r:user_t:s0
+system_r:xdm_t:s0 user_r:user_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.5.11/config/appconfig-mcs/failsafe_context
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.5.12/config/appconfig-mcs/failsafe_context
--- nsaserefpolicy/config/appconfig-mcs/failsafe_context 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.11/config/appconfig-mcs/failsafe_context 2008-10-08 20:36:17.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mcs/failsafe_context 2008-10-10 16:08:15.000000000 -0400
@@ -1 +1 @@
-sysadm_r:sysadm_t:s0
+system_r:unconfined_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts serefpolicy-3.5.11/config/appconfig-mcs/guest_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts serefpolicy-3.5.12/config/appconfig-mcs/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.11/config/appconfig-mcs/guest_u_default_contexts 2008-10-08 20:36:17.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mcs/guest_u_default_contexts 2008-10-10 16:08:15.000000000 -0400
@@ -0,0 +1,6 @@
+system_r:local_login_t:s0 guest_r:guest_t:s0
+system_r:remote_login_t:s0 guest_r:guest_t:s0
@@ -117,9 +117,9 @@
+system_r:crond_t:s0 guest_r:guest_t:s0
+system_r:initrc_su_t:s0 guest_r:guest_t:s0
+guest_r:guest_t:s0 guest_r:guest_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.5.11/config/appconfig-mcs/root_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.5.12/config/appconfig-mcs/root_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/root_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.11/config/appconfig-mcs/root_default_contexts 2008-10-08 20:36:17.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mcs/root_default_contexts 2008-10-10 16:08:15.000000000 -0400
@@ -1,11 +1,7 @@
-system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
+system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -134,9 +134,9 @@
#
-#system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts serefpolicy-3.5.11/config/appconfig-mcs/staff_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts serefpolicy-3.5.12/config/appconfig-mcs/staff_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.11/config/appconfig-mcs/staff_u_default_contexts 2008-10-08 20:36:17.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mcs/staff_u_default_contexts 2008-10-10 16:08:15.000000000 -0400
@@ -1,10 +1,12 @@
system_r:local_login_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
system_r:remote_login_t:s0 staff_r:staff_t:s0
@@ -151,9 +151,9 @@
sysadm_r:sysadm_su_t:s0 sysadm_r:sysadm_t:s0
sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts serefpolicy-3.5.11/config/appconfig-mcs/unconfined_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts serefpolicy-3.5.12/config/appconfig-mcs/unconfined_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.11/config/appconfig-mcs/unconfined_u_default_contexts 2008-10-08 20:36:17.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mcs/unconfined_u_default_contexts 2008-10-10 16:08:15.000000000 -0400
@@ -6,4 +6,6 @@
system_r:sshd_t:s0 unconfined_r:unconfined_t:s0
system_r:sysadm_su_t:s0 unconfined_r:unconfined_t:s0
@@ -161,9 +161,9 @@
+system_r:initrc_su_t:s0 unconfined_r:unconfined_t:s0
+unconfined_r:unconfined_t:s0 unconfined_r:unconfined_t:s0
system_r:xdm_t:s0 unconfined_r:unconfined_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts serefpolicy-3.5.11/config/appconfig-mcs/user_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts serefpolicy-3.5.12/config/appconfig-mcs/user_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.11/config/appconfig-mcs/user_u_default_contexts 2008-10-08 20:36:17.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mcs/user_u_default_contexts 2008-10-10 16:08:15.000000000 -0400
@@ -1,8 +1,9 @@
system_r:local_login_t:s0 user_r:user_t:s0
system_r:remote_login_t:s0 user_r:user_t:s0
@@ -176,15 +176,15 @@
-
+system_r:initrc_su_t:s0 user_r:user_t:s0
+user_r:user_t:s0 user_r:user_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.5.11/config/appconfig-mcs/userhelper_context
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.5.12/config/appconfig-mcs/userhelper_context
--- nsaserefpolicy/config/appconfig-mcs/userhelper_context 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.11/config/appconfig-mcs/userhelper_context 2008-10-08 20:36:17.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mcs/userhelper_context 2008-10-10 16:08:15.000000000 -0400
@@ -1 +1 @@
-system_u:sysadm_r:sysadm_t:s0
+system_u:system_r:unconfined_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.5.11/config/appconfig-mcs/xguest_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.5.12/config/appconfig-mcs/xguest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.11/config/appconfig-mcs/xguest_u_default_contexts 2008-10-08 20:36:17.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mcs/xguest_u_default_contexts 2008-10-10 16:08:15.000000000 -0400
@@ -0,0 +1,7 @@
+system_r:local_login_t xguest_r:xguest_t:s0
+system_r:remote_login_t xguest_r:xguest_t:s0
@@ -193,9 +193,9 @@
+system_r:xdm_t xguest_r:xguest_t:s0
+system_r:initrc_su_t:s0 xguest_r:xguest_t:s0
+xguest_r:xguest_t:s0 xguest_r:xguest_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/default_contexts serefpolicy-3.5.11/config/appconfig-mls/default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/default_contexts serefpolicy-3.5.12/config/appconfig-mls/default_contexts
--- nsaserefpolicy/config/appconfig-mls/default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.11/config/appconfig-mls/default_contexts 2008-10-08 20:36:17.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mls/default_contexts 2008-10-10 16:08:15.000000000 -0400
@@ -1,15 +1,6 @@
-system_r:crond_t:s0 user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 unconfined_r:unconfined_crond_t:s0
-system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
@@ -217,17 +217,17 @@
-user_r:user_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
-user_r:user_sudo_t:s0 sysadm_r:sysadm_t:s0 user_r:user_t:s0
+system_r:xdm_t:s0 user_r:user_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts serefpolicy-3.5.11/config/appconfig-mls/guest_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts serefpolicy-3.5.12/config/appconfig-mls/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.11/config/appconfig-mls/guest_u_default_contexts 2008-10-08 20:36:17.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mls/guest_u_default_contexts 2008-10-10 16:08:15.000000000 -0400
@@ -0,0 +1,4 @@
+system_r:local_login_t:s0 guest_r:guest_t:s0
+system_r:remote_login_t:s0 guest_r:guest_t:s0
+system_r:sshd_t:s0 guest_r:guest_t:s0
+system_r:crond_t:s0 guest_r:guest_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/root_default_contexts serefpolicy-3.5.11/config/appconfig-mls/root_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/root_default_contexts serefpolicy-3.5.12/config/appconfig-mls/root_default_contexts
--- nsaserefpolicy/config/appconfig-mls/root_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.11/config/appconfig-mls/root_default_contexts 2008-10-08 20:36:17.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mls/root_default_contexts 2008-10-10 16:08:15.000000000 -0400
@@ -1,11 +1,11 @@
-system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
-system_r:local_login_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -246,9 +246,9 @@
#
-#system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+#system_r:sshd_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/staff_u_default_contexts serefpolicy-3.5.11/config/appconfig-mls/staff_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/staff_u_default_contexts serefpolicy-3.5.12/config/appconfig-mls/staff_u_default_contexts
--- nsaserefpolicy/config/appconfig-mls/staff_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.11/config/appconfig-mls/staff_u_default_contexts 2008-10-08 20:36:17.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mls/staff_u_default_contexts 2008-10-10 16:08:15.000000000 -0400
@@ -1,7 +1,7 @@
system_r:local_login_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
system_r:remote_login_t:s0 staff_r:staff_t:s0
@@ -258,9 +258,9 @@
system_r:xdm_t:s0 staff_r:staff_t:s0
staff_r:staff_su_t:s0 staff_r:staff_t:s0
staff_r:staff_sudo_t:s0 staff_r:staff_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/user_u_default_contexts serefpolicy-3.5.11/config/appconfig-mls/user_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/user_u_default_contexts serefpolicy-3.5.12/config/appconfig-mls/user_u_default_contexts
--- nsaserefpolicy/config/appconfig-mls/user_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.11/config/appconfig-mls/user_u_default_contexts 2008-10-08 20:36:17.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mls/user_u_default_contexts 2008-10-10 16:08:15.000000000 -0400
@@ -1,7 +1,7 @@
system_r:local_login_t:s0 user_r:user_t:s0
system_r:remote_login_t:s0 user_r:user_t:s0
@@ -270,9 +270,9 @@
system_r:xdm_t:s0 user_r:user_t:s0
user_r:user_su_t:s0 user_r:user_t:s0
user_r:user_sudo_t:s0 user_r:user_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/xguest_u_default_contexts serefpolicy-3.5.11/config/appconfig-mls/xguest_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/xguest_u_default_contexts serefpolicy-3.5.12/config/appconfig-mls/xguest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mls/xguest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.11/config/appconfig-mls/xguest_u_default_contexts 2008-10-08 20:36:17.000000000 -0400
++++ serefpolicy-3.5.12/config/appconfig-mls/xguest_u_default_contexts 2008-10-10 16:08:15.000000000 -0400
@@ -0,0 +1,7 @@
+system_r:local_login_t xguest_r:xguest_t:s0
+system_r:remote_login_t xguest_r:xguest_t:s0
@@ -281,17 +281,17 @@
[...5380 lines suppressed...]
- ## </summary>
- ## <param name="domain">
- ## <summary>
-@@ -5345,17 +5417,17 @@
- ## </summary>
- ## </param>
- #
--interface(`userdom_dontaudit_use_unpriv_users_ttys',`
-+interface(`userdom_manage_unpriv_users_tmp_symlinks',`
- gen_require(`
-- attribute user_ttynode;
-+ type user_tmp_t;
- ')
-
-- dontaudit $1 user_ttynode:chr_file rw_file_perms;
-+ manage_lnk_files_pattern($1, user_tmp_t, user_tmp_t)
- ')
-
- ########################################
- ## <summary>
--## Read the process state of all user domains.
-+## Read and write unprivileged user ttys.
- ## </summary>
- ## <param name="domain">
- ## <summary>
-@@ -5363,18 +5435,18 @@
- ## </summary>
- ## </param>
- #
--interface(`userdom_read_all_users_state',`
-+interface(`userdom_use_unpriv_users_ttys',`
- gen_require(`
-- attribute userdomain;
-+ attribute user_ttynode;
- ')
-
-- read_files_pattern($1,userdomain,userdomain)
-- kernel_search_proc($1)
-+ allow $1 user_ttynode:chr_file rw_term_perms;
- ')
-
- ########################################
- ## <summary>
--## Get the attributes of all user domains.
-+## Do not audit attempts to use unprivileged
-+## user ttys.
- ## </summary>
- ## <param name="domain">
- ## <summary>
-@@ -5382,17 +5454,54 @@
- ## </summary>
- ## </param>
- #
--interface(`userdom_getattr_all_users',`
-+interface(`userdom_dontaudit_use_unpriv_users_ttys',`
- gen_require(`
-- attribute userdomain;
-+ attribute user_ttynode;
- ')
-
-- allow $1 userdomain:process getattr;
-+ dontaudit $1 user_ttynode:chr_file rw_file_perms;
- ')
-
- ########################################
- ## <summary>
--## Inherit the file descriptors from all user domains
-+## Read the process state of all user domains.
+## </summary>
+## <param name="domain">
+## <summary>
@@ -32296,18 +31356,17 @@
+## </summary>
+## </param>
+#
-+interface(`userdom_read_all_users_state',`
++interface(`userdom_manage_unpriv_users_tmp_files',`
+ gen_require(`
-+ attribute userdomain;
++ type user_tmp_t;
+ ')
+
-+ ps_process_pattern($1, userdomain)
-+ kernel_search_proc($1)
++ manage_files_pattern($1, user_tmp_t, user_tmp_t)
+')
+
+########################################
+## <summary>
-+## Get the attributes of all user domains.
++## Write all unprivileged users lnk_files in /tmp
+## </summary>
+## <param name="domain">
+## <summary>
@@ -32315,20 +31374,28 @@
+## </summary>
+## </param>
+#
-+interface(`userdom_getattr_all_users',`
++interface(`userdom_manage_unpriv_users_tmp_symlinks',`
+ gen_require(`
-+ attribute userdomain;
++ type user_tmp_t;
+ ')
+
-+ allow $1 userdomain:process getattr;
++ manage_lnk_files_pattern($1, user_tmp_t, user_tmp_t)
+')
+
+########################################
+## <summary>
-+## Inherit the file descriptors from all user domains
+ ## Read and write unprivileged user ttys.
## </summary>
## <param name="domain">
- ## <summary>
+@@ -5368,7 +5477,7 @@
+ attribute userdomain;
+ ')
+
+- read_files_pattern($1,userdomain,userdomain)
++ ps_process_pattern($1, userdomain)
+ kernel_search_proc($1)
+ ')
+
@@ -5483,6 +5592,42 @@
########################################
@@ -32921,9 +31988,9 @@
+ manage_fifo_files_pattern($1, user_tmpfs_t, user_tmpfs_t)
+ fs_tmpfs_filetrans($1, user_tmpfs_t, { dir file lnk_file sock_file fifo_file })
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.5.11/policy/modules/system/userdomain.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.5.12/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.11/policy/modules/system/userdomain.te 2008-10-08 20:36:17.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/userdomain.te 2008-10-10 16:08:15.000000000 -0400
@@ -8,13 +8,6 @@
## <desc>
@@ -33042,9 +32109,9 @@
+ manage_fifo_files_pattern(privhome, cifs_t, cifs_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-3.5.11/policy/modules/system/xen.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-3.5.12/policy/modules/system/xen.fc
--- nsaserefpolicy/policy/modules/system/xen.fc 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.11/policy/modules/system/xen.fc 2008-10-08 20:36:17.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/xen.fc 2008-10-10 16:08:15.000000000 -0400
@@ -20,6 +20,7 @@
/var/run/xenconsoled\.pid -- gen_context(system_u:object_r:xenconsoled_var_run_t,s0)
/var/run/xend(/.*)? gen_context(system_u:object_r:xend_var_run_t,s0)
@@ -33053,9 +32120,9 @@
/var/run/xenstore\.pid -- gen_context(system_u:object_r:xenstored_var_run_t,s0)
/var/run/xenstored(/.*)? gen_context(system_u:object_r:xenstored_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.5.11/policy/modules/system/xen.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.5.12/policy/modules/system/xen.if
--- nsaserefpolicy/policy/modules/system/xen.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.11/policy/modules/system/xen.if 2008-10-08 20:36:17.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/xen.if 2008-10-10 16:08:15.000000000 -0400
@@ -167,11 +167,14 @@
#
interface(`xen_stream_connect',`
@@ -33097,9 +32164,9 @@
+ allow $1 xend_var_lib_t:dir search_dir_perms;
+ rw_files_pattern($1, xen_image_t, xen_image_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.5.11/policy/modules/system/xen.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.5.12/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.11/policy/modules/system/xen.te 2008-10-08 20:36:17.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/xen.te 2008-10-10 16:08:15.000000000 -0400
@@ -6,6 +6,13 @@
# Declarations
#
@@ -33336,9 +32403,9 @@
+optional_policy(`
+ unconfined_domain(xend_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.5.11/policy/support/obj_perm_sets.spt
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.5.12/policy/support/obj_perm_sets.spt
--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.11/policy/support/obj_perm_sets.spt 2008-10-08 20:36:17.000000000 -0400
++++ serefpolicy-3.5.12/policy/support/obj_perm_sets.spt 2008-10-10 16:08:15.000000000 -0400
@@ -316,3 +316,13 @@
#
define(`client_stream_socket_perms', `{ create ioctl read getattr write setattr append bind getopt setopt shutdown }')
@@ -33353,9 +32420,9 @@
+define(`all_association_perms', `{ sendto recvfrom setcontext polmatch } ')
+
+define(`manage_key_perms', `{ create link read search setattr view write } ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.5.11/policy/users
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.5.12/policy/users
--- nsaserefpolicy/policy/users 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.11/policy/users 2008-10-08 20:36:17.000000000 -0400
++++ serefpolicy-3.5.12/policy/users 2008-10-10 16:08:15.000000000 -0400
@@ -25,11 +25,8 @@
# permit any access to such users, then remove this entry.
#
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.721
retrieving revision 1.722
diff -u -r1.721 -r1.722
--- selinux-policy.spec 9 Oct 2008 03:10:32 -0000 1.721
+++ selinux-policy.spec 11 Oct 2008 23:57:43 -0000 1.722
@@ -19,7 +19,7 @@
%define CHECKPOLICYVER 2.0.16-1
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 3.5.11
+Version: 3.5.12
Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Base
@@ -450,6 +450,9 @@
%endif
%changelog
+* Fri Oct 10 2008 Dan Walsh <dwalsh at redhat.com> 3.5.12-1
+- Update to upstream
+
* Wed Oct 8 2008 Dan Walsh <dwalsh at redhat.com> 3.5.11-1
- Update to upstream policy
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/sources,v
retrieving revision 1.167
retrieving revision 1.168
diff -u -r1.167 -r1.168
--- sources 9 Oct 2008 10:48:56 -0000 1.167
+++ sources 11 Oct 2008 23:57:43 -0000 1.168
@@ -1 +1 @@
-e0bb33bf217f7adb81ce3b2d60c7a6a6 serefpolicy-3.5.11.tgz
+6c66ffc8a5a5a5860cc5834940fa3813 serefpolicy-3.5.12.tgz
- Previous message: rpms/python-peak-rules/devel .cvsignore, 1.2, 1.3 python-peak-rules.spec, 1.1, 1.2 sources, 1.2, 1.3
- Next message: rpms/xdvik/devel xdvik-22.84.14-pxdvi.patch, 1.1, 1.2 xdvik.spec, 1.24, 1.25
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list