rpms/selinux-policy/devel policy-20080710.patch, 1.66, 1.67 selinux-policy.spec, 1.726, 1.727

Daniel J Walsh dwalsh at fedoraproject.org
Fri Oct 17 22:01:07 UTC 2008 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9802

Modified Files:
	policy-20080710.patch selinux-policy.spec 
Log Message:
* Fri Oct 17 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-1
- Policy cleanup 


policy-20080710.patch:

View full diff with command:
/usr/bin/cvs -f diff  -kk -u -N -r 1.66 -r 1.67 policy-20080710.patch
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080710.patch,v
retrieving revision 1.66
retrieving revision 1.67
diff -u -r1.66 -r1.67
--- policy-20080710.patch	16 Oct 2008 19:56:58 -0000	1.66
+++ policy-20080710.patch	17 Oct 2008 22:01:06 -0000	1.67
@@ -1,6 +1,6 @@
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.5.12/Makefile
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.5.13/Makefile
 --- nsaserefpolicy/Makefile	2008-08-07 11:15:00.000000000 -0400
-+++ serefpolicy-3.5.12/Makefile	2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/Makefile	2008-10-17 10:31:26.000000000 -0400
 @@ -311,20 +311,22 @@
  
  # parse-rolemap modulename,outputfile
@@ -45,9 +45,9 @@
  $(appdir)/%: $(appconf)/%
  	@mkdir -p $(appdir)
  	$(verbose) $(INSTALL) -m 644 $< $@
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.5.12/Rules.modular
---- nsaserefpolicy/Rules.modular	2008-08-07 11:15:00.000000000 -0400
-+++ serefpolicy-3.5.12/Rules.modular	2008-10-14 15:00:15.000000000 -0400
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.5.13/Rules.modular
+--- nsaserefpolicy/Rules.modular	2008-10-16 17:21:16.000000000 -0400
++++ serefpolicy-3.5.13/Rules.modular	2008-10-17 10:31:26.000000000 -0400
 @@ -73,8 +73,8 @@
  $(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
  	@echo "Compliling $(NAME) $(@F) module"
@@ -77,9 +77,26 @@
  
  $(tmpdir)/all_te_files.conf: M4PARAM += -D self_contained_policy
  $(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(tmpdir)/rolemap.conf
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.5.12/config/appconfig-mcs/default_contexts
+@@ -192,6 +192,16 @@
+ 
+ ########################################
+ #
++# Remove the dontaudit rules from the base.conf
++#
++enableaudit: $(base_conf)
++	@test -d $(tmpdir) || mkdir -p $(tmpdir)
++	@echo "Removing dontaudit rules from $(^F)"
++	$(verbose) $(GREP) -v dontaudit $(base_conf) > $(tmpdir)/base.audit
++	$(verbose) mv $(tmpdir)/base.audit $(base_conf)
++
++########################################
++#
+ # Appconfig files
+ #
+ $(appdir)/customizable_types: $(base_conf)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.5.13/config/appconfig-mcs/default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/default_contexts	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mcs/default_contexts	2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/default_contexts	2008-10-17 10:31:26.000000000 -0400
 @@ -1,15 +1,6 @@
 -system_r:crond_t:s0		user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 unconfined_r:unconfined_crond_t:s0
 -system_r:local_login_t:s0	user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
@@ -101,15 +118,15 @@
 -user_r:user_su_t:s0		user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
 -user_r:user_sudo_t:s0		sysadm_r:sysadm_t:s0 user_r:user_t:s0
 +system_r:xdm_t:s0		user_r:user_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.5.12/config/appconfig-mcs/failsafe_context
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.5.13/config/appconfig-mcs/failsafe_context
 --- nsaserefpolicy/config/appconfig-mcs/failsafe_context	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mcs/failsafe_context	2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/failsafe_context	2008-10-17 10:31:26.000000000 -0400
 @@ -1 +1 @@
 -sysadm_r:sysadm_t:s0
 +system_r:unconfined_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts serefpolicy-3.5.12/config/appconfig-mcs/guest_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/guest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/config/appconfig-mcs/guest_u_default_contexts	2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/guest_u_default_contexts	2008-10-17 10:31:26.000000000 -0400
 @@ -0,0 +1,6 @@
 +system_r:local_login_t:s0	guest_r:guest_t:s0
 +system_r:remote_login_t:s0	guest_r:guest_t:s0
@@ -117,9 +134,9 @@
 +system_r:crond_t:s0		guest_r:guest_t:s0
 +system_r:initrc_su_t:s0		guest_r:guest_t:s0
 +guest_r:guest_t:s0		guest_r:guest_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.5.12/config/appconfig-mcs/root_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/root_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/root_default_contexts	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mcs/root_default_contexts	2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/root_default_contexts	2008-10-17 10:31:26.000000000 -0400
 @@ -1,11 +1,7 @@
 -system_r:crond_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
 +system_r:crond_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -134,9 +151,9 @@
  #
 -#system_r:sshd_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
 +system_r:sshd_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts serefpolicy-3.5.12/config/appconfig-mcs/staff_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/staff_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mcs/staff_u_default_contexts	2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/staff_u_default_contexts	2008-10-17 10:31:26.000000000 -0400
 @@ -1,10 +1,12 @@
  system_r:local_login_t:s0	staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
  system_r:remote_login_t:s0	staff_r:staff_t:s0
@@ -151,9 +168,9 @@
  sysadm_r:sysadm_su_t:s0		sysadm_r:sysadm_t:s0 
  sysadm_r:sysadm_sudo_t:s0	sysadm_r:sysadm_t:s0
  
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts serefpolicy-3.5.12/config/appconfig-mcs/unconfined_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/unconfined_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mcs/unconfined_u_default_contexts	2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/unconfined_u_default_contexts	2008-10-17 10:31:26.000000000 -0400
 @@ -6,4 +6,6 @@
  system_r:sshd_t:s0		unconfined_r:unconfined_t:s0
  system_r:sysadm_su_t:s0		unconfined_r:unconfined_t:s0
@@ -161,9 +178,9 @@
 +system_r:initrc_su_t:s0		unconfined_r:unconfined_t:s0
 +unconfined_r:unconfined_t:s0	unconfined_r:unconfined_t:s0
  system_r:xdm_t:s0		unconfined_r:unconfined_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts serefpolicy-3.5.12/config/appconfig-mcs/user_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/user_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mcs/user_u_default_contexts	2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/user_u_default_contexts	2008-10-17 10:31:26.000000000 -0400
 @@ -1,8 +1,9 @@
  system_r:local_login_t:s0	user_r:user_t:s0
  system_r:remote_login_t:s0	user_r:user_t:s0
@@ -176,15 +193,15 @@
 -
 +system_r:initrc_su_t:s0		user_r:user_t:s0
 +user_r:user_t:s0		user_r:user_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.5.12/config/appconfig-mcs/userhelper_context
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.5.13/config/appconfig-mcs/userhelper_context
 --- nsaserefpolicy/config/appconfig-mcs/userhelper_context	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mcs/userhelper_context	2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/userhelper_context	2008-10-17 10:31:26.000000000 -0400
 @@ -1 +1 @@
 -system_u:sysadm_r:sysadm_t:s0
 +system_u:system_r:unconfined_t:s0	
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.5.12/config/appconfig-mcs/xguest_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/xguest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/config/appconfig-mcs/xguest_u_default_contexts	2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/xguest_u_default_contexts	2008-10-17 10:31:26.000000000 -0400
 @@ -0,0 +1,7 @@
 +system_r:local_login_t	xguest_r:xguest_t:s0
 +system_r:remote_login_t	xguest_r:xguest_t:s0
@@ -193,9 +210,9 @@
 +system_r:xdm_t		xguest_r:xguest_t:s0
 +system_r:initrc_su_t:s0	xguest_r:xguest_t:s0
 +xguest_r:xguest_t:s0	xguest_r:xguest_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/default_contexts serefpolicy-3.5.12/config/appconfig-mls/default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/default_contexts serefpolicy-3.5.13/config/appconfig-mls/default_contexts
 --- nsaserefpolicy/config/appconfig-mls/default_contexts	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mls/default_contexts	2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mls/default_contexts	2008-10-17 10:31:26.000000000 -0400
 @@ -1,15 +1,6 @@
 -system_r:crond_t:s0		user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 unconfined_r:unconfined_crond_t:s0
 -system_r:local_login_t:s0	user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
@@ -217,17 +234,17 @@
 -user_r:user_su_t:s0		user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
 -user_r:user_sudo_t:s0		sysadm_r:sysadm_t:s0 user_r:user_t:s0
 +system_r:xdm_t:s0		user_r:user_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts serefpolicy-3.5.12/config/appconfig-mls/guest_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts serefpolicy-3.5.13/config/appconfig-mls/guest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/config/appconfig-mls/guest_u_default_contexts	2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mls/guest_u_default_contexts	2008-10-17 10:31:26.000000000 -0400
 @@ -0,0 +1,4 @@
 +system_r:local_login_t:s0	guest_r:guest_t:s0
 +system_r:remote_login_t:s0	guest_r:guest_t:s0
 +system_r:sshd_t:s0		guest_r:guest_t:s0
 +system_r:crond_t:s0		guest_r:guest_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/root_default_contexts serefpolicy-3.5.12/config/appconfig-mls/root_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/root_default_contexts serefpolicy-3.5.13/config/appconfig-mls/root_default_contexts
 --- nsaserefpolicy/config/appconfig-mls/root_default_contexts	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mls/root_default_contexts	2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mls/root_default_contexts	2008-10-17 10:31:26.000000000 -0400
 @@ -1,11 +1,11 @@
 -system_r:crond_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
 -system_r:local_login_t:s0	unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -246,9 +263,9 @@
  #
 -#system_r:sshd_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
 +#system_r:sshd_t:s0		sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/staff_u_default_contexts serefpolicy-3.5.12/config/appconfig-mls/staff_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/staff_u_default_contexts serefpolicy-3.5.13/config/appconfig-mls/staff_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mls/staff_u_default_contexts	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mls/staff_u_default_contexts	2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mls/staff_u_default_contexts	2008-10-17 10:31:26.000000000 -0400
 @@ -1,7 +1,7 @@
  system_r:local_login_t:s0	staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
  system_r:remote_login_t:s0	staff_r:staff_t:s0
@@ -258,9 +275,9 @@
  system_r:xdm_t:s0		staff_r:staff_t:s0
  staff_r:staff_su_t:s0		staff_r:staff_t:s0
  staff_r:staff_sudo_t:s0		staff_r:staff_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/user_u_default_contexts serefpolicy-3.5.12/config/appconfig-mls/user_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/user_u_default_contexts serefpolicy-3.5.13/config/appconfig-mls/user_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mls/user_u_default_contexts	2008-08-07 11:15:14.000000000 -0400
[...6734 lines suppressed...]
  corecmd_exec_bin(xm_t)
@@ -32236,7 +32494,7 @@
  
  corenet_tcp_sendrecv_generic_if(xm_t)
  corenet_tcp_sendrecv_all_nodes(xm_t)
-@@ -351,8 +381,11 @@
+@@ -348,8 +381,11 @@
  
  storage_raw_read_fixed_disk(xm_t)
  
@@ -32248,7 +32506,7 @@
  init_rw_script_stream_sockets(xm_t)
  init_use_fds(xm_t)
  
-@@ -363,6 +396,23 @@
+@@ -360,6 +396,23 @@
  
  sysnet_read_config(xm_t)
  
@@ -32272,10 +32530,152 @@
 +optional_policy(`
 +	unconfined_domain(xend_t)
 +')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.5.12/policy/support/obj_perm_sets.spt
---- nsaserefpolicy/policy/support/obj_perm_sets.spt	2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.12/policy/support/obj_perm_sets.spt	2008-10-14 15:00:15.000000000 -0400
-@@ -316,3 +316,13 @@
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/policy_capabilities serefpolicy-3.5.13/policy/policy_capabilities
+--- nsaserefpolicy/policy/policy_capabilities	2008-10-16 17:21:16.000000000 -0400
++++ serefpolicy-3.5.13/policy/policy_capabilities	2008-10-17 10:31:27.000000000 -0400
+@@ -29,4 +29,4 @@
+ # chr_file: open
+ # blk_file: open
+ #
+-policycap open_perms;
++#policycap open_perms;
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.5.13/policy/support/obj_perm_sets.spt
+--- nsaserefpolicy/policy/support/obj_perm_sets.spt	2008-10-16 17:21:16.000000000 -0400
++++ serefpolicy-3.5.13/policy/support/obj_perm_sets.spt	2008-10-17 10:31:27.000000000 -0400
+@@ -59,22 +59,22 @@
+ # 
+ # Permissions for executing files.
+ #
+-define(`x_file_perms', `{ getattr open execute } refpolicywarn(`$0 is deprecated please use { getattr execute } instead.')')
++define(`x_file_perms', `{ getattr execute } refpolicywarn(`$0 is deprecated please use { getattr execute } instead.')')
+ 
+ # 
+ # Permissions for reading files and their attributes.
+ #
+-define(`r_file_perms', `{ open read getattr lock ioctl } refpolicywarn(`$0 is deprecated please use read_file_perms instead.')')
++define(`r_file_perms', `{ read getattr lock ioctl } refpolicywarn(`$0 is deprecated please use read_file_perms instead.')')
+ 
+ # 
+ # Permissions for reading and executing files.
+ #
+-define(`rx_file_perms', `{ open read getattr lock execute ioctl } refpolicywarn(`$0 is deprecated please use { mmap_file_perms ioctl lock } instead.')')
++define(`rx_file_perms', `{ read getattr lock execute ioctl } refpolicywarn(`$0 is deprecated please use { mmap_file_perms ioctl lock } instead.')')
+ 
+ # 
+ # Permissions for reading and appending to files.
+ #
+-define(`ra_file_perms', `{ open ioctl read getattr lock append } refpolicywarn(`$0 is deprecated please use { read_file_perms append_file_perms } instead.')')
++define(`ra_file_perms', `{ ioctl read getattr lock append } refpolicywarn(`$0 is deprecated please use { read_file_perms append_file_perms } instead.')')
+ 
+ #
+ # Permissions for linking, unlinking and renaming files.
+@@ -89,12 +89,17 @@
+ # 
+ # Permissions for reading directories and their attributes.
+ #
+-define(`r_dir_perms', `{ open read getattr lock search ioctl } refpolicywarn(`$0 is deprecated please use list_dir_perms instead.')')
++define(`r_dir_perms', `{ read getattr lock search ioctl } refpolicywarn(`$0 is deprecated please use list_dir_perms instead.')')
++
++# 
++# Permissions for reading and writing directories and their attributes.
++#
++define(`rw_dir_perms', `{ read getattr lock search ioctl add_name remove_name write }')
+ 
+ # 
+ # Permissions for reading and adding names to directories.
+ #
+-define(`ra_dir_perms', `{ open read getattr lock search ioctl add_name write } refpolicywarn(`$0 is deprecated please use { list_dir_perms add_entry_dir_perms } instead.')')
++define(`ra_dir_perms', `{ read getattr lock search ioctl add_name write } refpolicywarn(`$0 is deprecated please use { list_dir_perms add_entry_dir_perms } instead.')')
+ 
+ 
+ #
+@@ -182,10 +187,9 @@
+ define(`getattr_dir_perms',`{ getattr }')
+ define(`setattr_dir_perms',`{ setattr }')
+ define(`search_dir_perms',`{ getattr search }')
+-define(`list_dir_perms',`{ getattr search open read lock ioctl }')
+-define(`add_entry_dir_perms',`{ getattr search open lock ioctl write add_name }')
+-define(`del_entry_dir_perms',`{ getattr search open lock ioctl write remove_name }')
+-define(`rw_dir_perms', `{ open read getattr lock search ioctl add_name remove_name write }')
++define(`list_dir_perms',`{ getattr search read lock ioctl }')
++define(`add_entry_dir_perms',`{ getattr search lock ioctl write add_name }')
++define(`del_entry_dir_perms',`{ getattr search lock ioctl write remove_name }')
+ define(`create_dir_perms',`{ getattr create }')
+ define(`rename_dir_perms',`{ getattr rename }')
+ define(`delete_dir_perms',`{ getattr rmdir }')
+@@ -199,12 +203,12 @@
+ #
+ define(`getattr_file_perms',`{ getattr }')
+ define(`setattr_file_perms',`{ setattr }')
+-define(`read_file_perms',`{ getattr open read lock ioctl }')
+-define(`mmap_file_perms',`{ getattr open read execute ioctl }')
+-define(`exec_file_perms',`{ getattr open read execute execute_no_trans }')
+-define(`append_file_perms',`{ getattr open append lock ioctl }')
+-define(`write_file_perms',`{ getattr open write append lock ioctl }')
+-define(`rw_file_perms',`{ getattr open read write append ioctl lock }')
++define(`read_file_perms',`{ getattr read lock ioctl }')
++define(`mmap_file_perms',`{ getattr read execute ioctl }')
++define(`exec_file_perms',`{ getattr read execute execute_no_trans }')
++define(`append_file_perms',`{ getattr append lock ioctl }')
++define(`write_file_perms',`{ getattr write append lock ioctl }')
++define(`rw_file_perms',`{ getattr read write append ioctl lock }')
+ define(`create_file_perms',`{ getattr create open }')
+ define(`rename_file_perms',`{ getattr rename }')
+ define(`delete_file_perms',`{ getattr unlink }')
+@@ -235,10 +239,10 @@
+ #
+ define(`getattr_fifo_file_perms',`{ getattr }')
+ define(`setattr_fifo_file_perms',`{ setattr }')
+-define(`read_fifo_file_perms',`{ getattr open read lock ioctl }')
+-define(`append_fifo_file_perms',`{ getattr open append lock ioctl }')
+-define(`write_fifo_file_perms',`{ getattr open write append lock ioctl }')
+-define(`rw_fifo_file_perms',`{ getattr open read write append ioctl lock }')
++define(`read_fifo_file_perms',`{ getattr read lock ioctl }')
++define(`append_fifo_file_perms',`{ getattr append lock ioctl }')
++define(`write_fifo_file_perms',`{ getattr write append lock ioctl }')
++define(`rw_fifo_file_perms',`{ getattr read write append ioctl lock }')
+ define(`create_fifo_file_perms',`{ getattr create open }')
+ define(`rename_fifo_file_perms',`{ getattr rename }')
+ define(`delete_fifo_file_perms',`{ getattr unlink }')
+@@ -268,10 +272,10 @@
+ #
+ define(`getattr_blk_file_perms',`{ getattr }')
+ define(`setattr_blk_file_perms',`{ setattr }')
+-define(`read_blk_file_perms',`{ getattr open read lock ioctl }')
+-define(`append_blk_file_perms',`{ getattr open append lock ioctl }')
+-define(`write_blk_file_perms',`{ getattr open write append lock ioctl }')
+-define(`rw_blk_file_perms',`{ getattr open read write append ioctl lock }')
++define(`read_blk_file_perms',`{ getattr read lock ioctl }')
++define(`append_blk_file_perms',`{ getattr append lock ioctl }')
++define(`write_blk_file_perms',`{ getattr write append lock ioctl }')
++define(`rw_blk_file_perms',`{ getattr read write append ioctl lock }')
+ define(`create_blk_file_perms',`{ getattr create }')
+ define(`rename_blk_file_perms',`{ getattr rename }')
+ define(`delete_blk_file_perms',`{ getattr unlink }')
+@@ -285,10 +289,10 @@
+ #
+ define(`getattr_chr_file_perms',`{ getattr }')
+ define(`setattr_chr_file_perms',`{ setattr }')
+-define(`read_chr_file_perms',`{ getattr open read lock ioctl }')
+-define(`append_chr_file_perms',`{ getattr open append lock ioctl }')
+-define(`write_chr_file_perms',`{ getattr open write append lock ioctl }')
+-define(`rw_chr_file_perms',`{ getattr open read write append ioctl lock }')
++define(`read_chr_file_perms',`{ getattr read lock ioctl }')
++define(`append_chr_file_perms',`{ getattr append lock ioctl }')
++define(`write_chr_file_perms',`{ getattr write append lock ioctl }')
++define(`rw_chr_file_perms',`{ getattr read write append ioctl lock }')
+ define(`create_chr_file_perms',`{ getattr create }')
+ define(`rename_chr_file_perms',`{ getattr rename }')
+ define(`delete_chr_file_perms',`{ getattr unlink }')
+@@ -305,10 +309,20 @@
+ #
+ # Use (read and write) terminals
+ #
+-define(`rw_term_perms', `{ getattr open read write ioctl }')
++define(`rw_term_perms', `{ getattr read write ioctl }')
+ 
+ #
+ # Sockets
  #
  define(`client_stream_socket_perms', `{ create ioctl read getattr write setattr append bind getopt setopt shutdown }')
  define(`server_stream_socket_perms', `{ client_stream_socket_perms listen accept }')
@@ -32289,9 +32689,9 @@
 +define(`all_association_perms', `{ sendto recvfrom setcontext polmatch } ')
 +
 +define(`manage_key_perms', `{ create link read search setattr view write } ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.5.12/policy/users
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.5.13/policy/users
 --- nsaserefpolicy/policy/users	2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.12/policy/users	2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/policy/users	2008-10-17 10:31:27.000000000 -0400
 @@ -25,11 +25,8 @@
  # permit any access to such users, then remove this entry.
  #
@@ -32316,9 +32716,9 @@
 -	gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
 -')
 +gen_user(root, user, unconfined_r sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-3.5.12/support/Makefile.devel
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-3.5.13/support/Makefile.devel
 --- nsaserefpolicy/support/Makefile.devel	2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/support/Makefile.devel	2008-10-16 10:33:22.000000000 -0400
++++ serefpolicy-3.5.13/support/Makefile.devel	2008-10-17 10:31:27.000000000 -0400
 @@ -181,7 +181,7 @@
  tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
  	@$(EINFO) "Compiling $(NAME) $(basename $(@F)) module"


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.726
retrieving revision 1.727
diff -u -r1.726 -r1.727
--- selinux-policy.spec	16 Oct 2008 19:56:59 -0000	1.726
+++ selinux-policy.spec	17 Oct 2008 22:01:06 -0000	1.727
@@ -19,8 +19,8 @@
 %define CHECKPOLICYVER 2.0.16-1
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 3.5.12
-Release: 3%{?dist}
+Version: 3.5.13
+Release: 1%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -461,6 +461,9 @@
 %endif
 
 %changelog
+* Fri Oct 17 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-1
+- Policy cleanup 
+
 * Thu Oct 16 2008 Dan Walsh <dwalsh at redhat.com> 3.5.12-3
 - Remove Multiple spec
 - Add include

More information about the scm-commits mailing list