rpms/selinux-policy/devel policy-20080710.patch, 1.66, 1.67 selinux-policy.spec, 1.726, 1.727
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Oct 17 22:01:07 UTC 2008
- Previous message: rpms/varnish/EL-5 .cvsignore, 1.3, 1.4 sources, 1.3, 1.4 varnish.spec, 1.2, 1.3
- Next message: rpms/selinux-policy/devel .cvsignore, 1.152, 1.153 sources, 1.169, 1.170
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9802
Modified Files:
policy-20080710.patch selinux-policy.spec
Log Message:
* Fri Oct 17 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-1
- Policy cleanup
policy-20080710.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.66 -r 1.67 policy-20080710.patch
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080710.patch,v
retrieving revision 1.66
retrieving revision 1.67
diff -u -r1.66 -r1.67
--- policy-20080710.patch 16 Oct 2008 19:56:58 -0000 1.66
+++ policy-20080710.patch 17 Oct 2008 22:01:06 -0000 1.67
@@ -1,6 +1,6 @@
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.5.12/Makefile
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.5.13/Makefile
--- nsaserefpolicy/Makefile 2008-08-07 11:15:00.000000000 -0400
-+++ serefpolicy-3.5.12/Makefile 2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/Makefile 2008-10-17 10:31:26.000000000 -0400
@@ -311,20 +311,22 @@
# parse-rolemap modulename,outputfile
@@ -45,9 +45,9 @@
$(appdir)/%: $(appconf)/%
@mkdir -p $(appdir)
$(verbose) $(INSTALL) -m 644 $< $@
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.5.12/Rules.modular
---- nsaserefpolicy/Rules.modular 2008-08-07 11:15:00.000000000 -0400
-+++ serefpolicy-3.5.12/Rules.modular 2008-10-14 15:00:15.000000000 -0400
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.5.13/Rules.modular
+--- nsaserefpolicy/Rules.modular 2008-10-16 17:21:16.000000000 -0400
++++ serefpolicy-3.5.13/Rules.modular 2008-10-17 10:31:26.000000000 -0400
@@ -73,8 +73,8 @@
$(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
@echo "Compliling $(NAME) $(@F) module"
@@ -77,9 +77,26 @@
$(tmpdir)/all_te_files.conf: M4PARAM += -D self_contained_policy
$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(tmpdir)/rolemap.conf
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.5.12/config/appconfig-mcs/default_contexts
+@@ -192,6 +192,16 @@
+
+ ########################################
+ #
++# Remove the dontaudit rules from the base.conf
++#
++enableaudit: $(base_conf)
++ @test -d $(tmpdir) || mkdir -p $(tmpdir)
++ @echo "Removing dontaudit rules from $(^F)"
++ $(verbose) $(GREP) -v dontaudit $(base_conf) > $(tmpdir)/base.audit
++ $(verbose) mv $(tmpdir)/base.audit $(base_conf)
++
++########################################
++#
+ # Appconfig files
+ #
+ $(appdir)/customizable_types: $(base_conf)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.5.13/config/appconfig-mcs/default_contexts
--- nsaserefpolicy/config/appconfig-mcs/default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mcs/default_contexts 2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/default_contexts 2008-10-17 10:31:26.000000000 -0400
@@ -1,15 +1,6 @@
-system_r:crond_t:s0 user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 unconfined_r:unconfined_crond_t:s0
-system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
@@ -101,15 +118,15 @@
-user_r:user_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
-user_r:user_sudo_t:s0 sysadm_r:sysadm_t:s0 user_r:user_t:s0
+system_r:xdm_t:s0 user_r:user_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.5.12/config/appconfig-mcs/failsafe_context
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.5.13/config/appconfig-mcs/failsafe_context
--- nsaserefpolicy/config/appconfig-mcs/failsafe_context 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mcs/failsafe_context 2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/failsafe_context 2008-10-17 10:31:26.000000000 -0400
@@ -1 +1 @@
-sysadm_r:sysadm_t:s0
+system_r:unconfined_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts serefpolicy-3.5.12/config/appconfig-mcs/guest_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/config/appconfig-mcs/guest_u_default_contexts 2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/guest_u_default_contexts 2008-10-17 10:31:26.000000000 -0400
@@ -0,0 +1,6 @@
+system_r:local_login_t:s0 guest_r:guest_t:s0
+system_r:remote_login_t:s0 guest_r:guest_t:s0
@@ -117,9 +134,9 @@
+system_r:crond_t:s0 guest_r:guest_t:s0
+system_r:initrc_su_t:s0 guest_r:guest_t:s0
+guest_r:guest_t:s0 guest_r:guest_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.5.12/config/appconfig-mcs/root_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/root_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/root_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mcs/root_default_contexts 2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/root_default_contexts 2008-10-17 10:31:26.000000000 -0400
@@ -1,11 +1,7 @@
-system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
+system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -134,9 +151,9 @@
#
-#system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts serefpolicy-3.5.12/config/appconfig-mcs/staff_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/staff_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mcs/staff_u_default_contexts 2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/staff_u_default_contexts 2008-10-17 10:31:26.000000000 -0400
@@ -1,10 +1,12 @@
system_r:local_login_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
system_r:remote_login_t:s0 staff_r:staff_t:s0
@@ -151,9 +168,9 @@
sysadm_r:sysadm_su_t:s0 sysadm_r:sysadm_t:s0
sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts serefpolicy-3.5.12/config/appconfig-mcs/unconfined_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/unconfined_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mcs/unconfined_u_default_contexts 2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/unconfined_u_default_contexts 2008-10-17 10:31:26.000000000 -0400
@@ -6,4 +6,6 @@
system_r:sshd_t:s0 unconfined_r:unconfined_t:s0
system_r:sysadm_su_t:s0 unconfined_r:unconfined_t:s0
@@ -161,9 +178,9 @@
+system_r:initrc_su_t:s0 unconfined_r:unconfined_t:s0
+unconfined_r:unconfined_t:s0 unconfined_r:unconfined_t:s0
system_r:xdm_t:s0 unconfined_r:unconfined_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts serefpolicy-3.5.12/config/appconfig-mcs/user_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/user_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mcs/user_u_default_contexts 2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/user_u_default_contexts 2008-10-17 10:31:26.000000000 -0400
@@ -1,8 +1,9 @@
system_r:local_login_t:s0 user_r:user_t:s0
system_r:remote_login_t:s0 user_r:user_t:s0
@@ -176,15 +193,15 @@
-
+system_r:initrc_su_t:s0 user_r:user_t:s0
+user_r:user_t:s0 user_r:user_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.5.12/config/appconfig-mcs/userhelper_context
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.5.13/config/appconfig-mcs/userhelper_context
--- nsaserefpolicy/config/appconfig-mcs/userhelper_context 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mcs/userhelper_context 2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/userhelper_context 2008-10-17 10:31:26.000000000 -0400
@@ -1 +1 @@
-system_u:sysadm_r:sysadm_t:s0
+system_u:system_r:unconfined_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.5.12/config/appconfig-mcs/xguest_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.5.13/config/appconfig-mcs/xguest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/config/appconfig-mcs/xguest_u_default_contexts 2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mcs/xguest_u_default_contexts 2008-10-17 10:31:26.000000000 -0400
@@ -0,0 +1,7 @@
+system_r:local_login_t xguest_r:xguest_t:s0
+system_r:remote_login_t xguest_r:xguest_t:s0
@@ -193,9 +210,9 @@
+system_r:xdm_t xguest_r:xguest_t:s0
+system_r:initrc_su_t:s0 xguest_r:xguest_t:s0
+xguest_r:xguest_t:s0 xguest_r:xguest_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/default_contexts serefpolicy-3.5.12/config/appconfig-mls/default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/default_contexts serefpolicy-3.5.13/config/appconfig-mls/default_contexts
--- nsaserefpolicy/config/appconfig-mls/default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mls/default_contexts 2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mls/default_contexts 2008-10-17 10:31:26.000000000 -0400
@@ -1,15 +1,6 @@
-system_r:crond_t:s0 user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 unconfined_r:unconfined_crond_t:s0
-system_r:local_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
@@ -217,17 +234,17 @@
-user_r:user_su_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
-user_r:user_sudo_t:s0 sysadm_r:sysadm_t:s0 user_r:user_t:s0
+system_r:xdm_t:s0 user_r:user_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts serefpolicy-3.5.12/config/appconfig-mls/guest_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts serefpolicy-3.5.13/config/appconfig-mls/guest_u_default_contexts
--- nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.12/config/appconfig-mls/guest_u_default_contexts 2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mls/guest_u_default_contexts 2008-10-17 10:31:26.000000000 -0400
@@ -0,0 +1,4 @@
+system_r:local_login_t:s0 guest_r:guest_t:s0
+system_r:remote_login_t:s0 guest_r:guest_t:s0
+system_r:sshd_t:s0 guest_r:guest_t:s0
+system_r:crond_t:s0 guest_r:guest_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/root_default_contexts serefpolicy-3.5.12/config/appconfig-mls/root_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/root_default_contexts serefpolicy-3.5.13/config/appconfig-mls/root_default_contexts
--- nsaserefpolicy/config/appconfig-mls/root_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mls/root_default_contexts 2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mls/root_default_contexts 2008-10-17 10:31:26.000000000 -0400
@@ -1,11 +1,11 @@
-system_r:crond_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
-system_r:local_login_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -246,9 +263,9 @@
#
-#system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+#system_r:sshd_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/staff_u_default_contexts serefpolicy-3.5.12/config/appconfig-mls/staff_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/staff_u_default_contexts serefpolicy-3.5.13/config/appconfig-mls/staff_u_default_contexts
--- nsaserefpolicy/config/appconfig-mls/staff_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/config/appconfig-mls/staff_u_default_contexts 2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/config/appconfig-mls/staff_u_default_contexts 2008-10-17 10:31:26.000000000 -0400
@@ -1,7 +1,7 @@
system_r:local_login_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
system_r:remote_login_t:s0 staff_r:staff_t:s0
@@ -258,9 +275,9 @@
system_r:xdm_t:s0 staff_r:staff_t:s0
staff_r:staff_su_t:s0 staff_r:staff_t:s0
staff_r:staff_sudo_t:s0 staff_r:staff_t:s0
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/user_u_default_contexts serefpolicy-3.5.12/config/appconfig-mls/user_u_default_contexts
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/user_u_default_contexts serefpolicy-3.5.13/config/appconfig-mls/user_u_default_contexts
--- nsaserefpolicy/config/appconfig-mls/user_u_default_contexts 2008-08-07 11:15:14.000000000 -0400
[...6734 lines suppressed...]
corecmd_exec_bin(xm_t)
@@ -32236,7 +32494,7 @@
corenet_tcp_sendrecv_generic_if(xm_t)
corenet_tcp_sendrecv_all_nodes(xm_t)
-@@ -351,8 +381,11 @@
+@@ -348,8 +381,11 @@
storage_raw_read_fixed_disk(xm_t)
@@ -32248,7 +32506,7 @@
init_rw_script_stream_sockets(xm_t)
init_use_fds(xm_t)
-@@ -363,6 +396,23 @@
+@@ -360,6 +396,23 @@
sysnet_read_config(xm_t)
@@ -32272,10 +32530,152 @@
+optional_policy(`
+ unconfined_domain(xend_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.5.12/policy/support/obj_perm_sets.spt
---- nsaserefpolicy/policy/support/obj_perm_sets.spt 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.12/policy/support/obj_perm_sets.spt 2008-10-14 15:00:15.000000000 -0400
-@@ -316,3 +316,13 @@
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/policy_capabilities serefpolicy-3.5.13/policy/policy_capabilities
+--- nsaserefpolicy/policy/policy_capabilities 2008-10-16 17:21:16.000000000 -0400
++++ serefpolicy-3.5.13/policy/policy_capabilities 2008-10-17 10:31:27.000000000 -0400
+@@ -29,4 +29,4 @@
+ # chr_file: open
+ # blk_file: open
+ #
+-policycap open_perms;
++#policycap open_perms;
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.5.13/policy/support/obj_perm_sets.spt
+--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2008-10-16 17:21:16.000000000 -0400
++++ serefpolicy-3.5.13/policy/support/obj_perm_sets.spt 2008-10-17 10:31:27.000000000 -0400
+@@ -59,22 +59,22 @@
+ #
+ # Permissions for executing files.
+ #
+-define(`x_file_perms', `{ getattr open execute } refpolicywarn(`$0 is deprecated please use { getattr execute } instead.')')
++define(`x_file_perms', `{ getattr execute } refpolicywarn(`$0 is deprecated please use { getattr execute } instead.')')
+
+ #
+ # Permissions for reading files and their attributes.
+ #
+-define(`r_file_perms', `{ open read getattr lock ioctl } refpolicywarn(`$0 is deprecated please use read_file_perms instead.')')
++define(`r_file_perms', `{ read getattr lock ioctl } refpolicywarn(`$0 is deprecated please use read_file_perms instead.')')
+
+ #
+ # Permissions for reading and executing files.
+ #
+-define(`rx_file_perms', `{ open read getattr lock execute ioctl } refpolicywarn(`$0 is deprecated please use { mmap_file_perms ioctl lock } instead.')')
++define(`rx_file_perms', `{ read getattr lock execute ioctl } refpolicywarn(`$0 is deprecated please use { mmap_file_perms ioctl lock } instead.')')
+
+ #
+ # Permissions for reading and appending to files.
+ #
+-define(`ra_file_perms', `{ open ioctl read getattr lock append } refpolicywarn(`$0 is deprecated please use { read_file_perms append_file_perms } instead.')')
++define(`ra_file_perms', `{ ioctl read getattr lock append } refpolicywarn(`$0 is deprecated please use { read_file_perms append_file_perms } instead.')')
+
+ #
+ # Permissions for linking, unlinking and renaming files.
+@@ -89,12 +89,17 @@
+ #
+ # Permissions for reading directories and their attributes.
+ #
+-define(`r_dir_perms', `{ open read getattr lock search ioctl } refpolicywarn(`$0 is deprecated please use list_dir_perms instead.')')
++define(`r_dir_perms', `{ read getattr lock search ioctl } refpolicywarn(`$0 is deprecated please use list_dir_perms instead.')')
++
++#
++# Permissions for reading and writing directories and their attributes.
++#
++define(`rw_dir_perms', `{ read getattr lock search ioctl add_name remove_name write }')
+
+ #
+ # Permissions for reading and adding names to directories.
+ #
+-define(`ra_dir_perms', `{ open read getattr lock search ioctl add_name write } refpolicywarn(`$0 is deprecated please use { list_dir_perms add_entry_dir_perms } instead.')')
++define(`ra_dir_perms', `{ read getattr lock search ioctl add_name write } refpolicywarn(`$0 is deprecated please use { list_dir_perms add_entry_dir_perms } instead.')')
+
+
+ #
+@@ -182,10 +187,9 @@
+ define(`getattr_dir_perms',`{ getattr }')
+ define(`setattr_dir_perms',`{ setattr }')
+ define(`search_dir_perms',`{ getattr search }')
+-define(`list_dir_perms',`{ getattr search open read lock ioctl }')
+-define(`add_entry_dir_perms',`{ getattr search open lock ioctl write add_name }')
+-define(`del_entry_dir_perms',`{ getattr search open lock ioctl write remove_name }')
+-define(`rw_dir_perms', `{ open read getattr lock search ioctl add_name remove_name write }')
++define(`list_dir_perms',`{ getattr search read lock ioctl }')
++define(`add_entry_dir_perms',`{ getattr search lock ioctl write add_name }')
++define(`del_entry_dir_perms',`{ getattr search lock ioctl write remove_name }')
+ define(`create_dir_perms',`{ getattr create }')
+ define(`rename_dir_perms',`{ getattr rename }')
+ define(`delete_dir_perms',`{ getattr rmdir }')
+@@ -199,12 +203,12 @@
+ #
+ define(`getattr_file_perms',`{ getattr }')
+ define(`setattr_file_perms',`{ setattr }')
+-define(`read_file_perms',`{ getattr open read lock ioctl }')
+-define(`mmap_file_perms',`{ getattr open read execute ioctl }')
+-define(`exec_file_perms',`{ getattr open read execute execute_no_trans }')
+-define(`append_file_perms',`{ getattr open append lock ioctl }')
+-define(`write_file_perms',`{ getattr open write append lock ioctl }')
+-define(`rw_file_perms',`{ getattr open read write append ioctl lock }')
++define(`read_file_perms',`{ getattr read lock ioctl }')
++define(`mmap_file_perms',`{ getattr read execute ioctl }')
++define(`exec_file_perms',`{ getattr read execute execute_no_trans }')
++define(`append_file_perms',`{ getattr append lock ioctl }')
++define(`write_file_perms',`{ getattr write append lock ioctl }')
++define(`rw_file_perms',`{ getattr read write append ioctl lock }')
+ define(`create_file_perms',`{ getattr create open }')
+ define(`rename_file_perms',`{ getattr rename }')
+ define(`delete_file_perms',`{ getattr unlink }')
+@@ -235,10 +239,10 @@
+ #
+ define(`getattr_fifo_file_perms',`{ getattr }')
+ define(`setattr_fifo_file_perms',`{ setattr }')
+-define(`read_fifo_file_perms',`{ getattr open read lock ioctl }')
+-define(`append_fifo_file_perms',`{ getattr open append lock ioctl }')
+-define(`write_fifo_file_perms',`{ getattr open write append lock ioctl }')
+-define(`rw_fifo_file_perms',`{ getattr open read write append ioctl lock }')
++define(`read_fifo_file_perms',`{ getattr read lock ioctl }')
++define(`append_fifo_file_perms',`{ getattr append lock ioctl }')
++define(`write_fifo_file_perms',`{ getattr write append lock ioctl }')
++define(`rw_fifo_file_perms',`{ getattr read write append ioctl lock }')
+ define(`create_fifo_file_perms',`{ getattr create open }')
+ define(`rename_fifo_file_perms',`{ getattr rename }')
+ define(`delete_fifo_file_perms',`{ getattr unlink }')
+@@ -268,10 +272,10 @@
+ #
+ define(`getattr_blk_file_perms',`{ getattr }')
+ define(`setattr_blk_file_perms',`{ setattr }')
+-define(`read_blk_file_perms',`{ getattr open read lock ioctl }')
+-define(`append_blk_file_perms',`{ getattr open append lock ioctl }')
+-define(`write_blk_file_perms',`{ getattr open write append lock ioctl }')
+-define(`rw_blk_file_perms',`{ getattr open read write append ioctl lock }')
++define(`read_blk_file_perms',`{ getattr read lock ioctl }')
++define(`append_blk_file_perms',`{ getattr append lock ioctl }')
++define(`write_blk_file_perms',`{ getattr write append lock ioctl }')
++define(`rw_blk_file_perms',`{ getattr read write append ioctl lock }')
+ define(`create_blk_file_perms',`{ getattr create }')
+ define(`rename_blk_file_perms',`{ getattr rename }')
+ define(`delete_blk_file_perms',`{ getattr unlink }')
+@@ -285,10 +289,10 @@
+ #
+ define(`getattr_chr_file_perms',`{ getattr }')
+ define(`setattr_chr_file_perms',`{ setattr }')
+-define(`read_chr_file_perms',`{ getattr open read lock ioctl }')
+-define(`append_chr_file_perms',`{ getattr open append lock ioctl }')
+-define(`write_chr_file_perms',`{ getattr open write append lock ioctl }')
+-define(`rw_chr_file_perms',`{ getattr open read write append ioctl lock }')
++define(`read_chr_file_perms',`{ getattr read lock ioctl }')
++define(`append_chr_file_perms',`{ getattr append lock ioctl }')
++define(`write_chr_file_perms',`{ getattr write append lock ioctl }')
++define(`rw_chr_file_perms',`{ getattr read write append ioctl lock }')
+ define(`create_chr_file_perms',`{ getattr create }')
+ define(`rename_chr_file_perms',`{ getattr rename }')
+ define(`delete_chr_file_perms',`{ getattr unlink }')
+@@ -305,10 +309,20 @@
+ #
+ # Use (read and write) terminals
+ #
+-define(`rw_term_perms', `{ getattr open read write ioctl }')
++define(`rw_term_perms', `{ getattr read write ioctl }')
+
+ #
+ # Sockets
#
define(`client_stream_socket_perms', `{ create ioctl read getattr write setattr append bind getopt setopt shutdown }')
define(`server_stream_socket_perms', `{ client_stream_socket_perms listen accept }')
@@ -32289,9 +32689,9 @@
+define(`all_association_perms', `{ sendto recvfrom setcontext polmatch } ')
+
+define(`manage_key_perms', `{ create link read search setattr view write } ')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.5.12/policy/users
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.5.13/policy/users
--- nsaserefpolicy/policy/users 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.12/policy/users 2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.13/policy/users 2008-10-17 10:31:27.000000000 -0400
@@ -25,11 +25,8 @@
# permit any access to such users, then remove this entry.
#
@@ -32316,9 +32716,9 @@
- gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
-')
+gen_user(root, user, unconfined_r sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-3.5.12/support/Makefile.devel
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-3.5.13/support/Makefile.devel
--- nsaserefpolicy/support/Makefile.devel 2008-08-07 11:15:14.000000000 -0400
-+++ serefpolicy-3.5.12/support/Makefile.devel 2008-10-16 10:33:22.000000000 -0400
++++ serefpolicy-3.5.13/support/Makefile.devel 2008-10-17 10:31:27.000000000 -0400
@@ -181,7 +181,7 @@
tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
@$(EINFO) "Compiling $(NAME) $(basename $(@F)) module"
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.726
retrieving revision 1.727
diff -u -r1.726 -r1.727
--- selinux-policy.spec 16 Oct 2008 19:56:59 -0000 1.726
+++ selinux-policy.spec 17 Oct 2008 22:01:06 -0000 1.727
@@ -19,8 +19,8 @@
%define CHECKPOLICYVER 2.0.16-1
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 3.5.12
-Release: 3%{?dist}
+Version: 3.5.13
+Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -461,6 +461,9 @@
%endif
%changelog
+* Fri Oct 17 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-1
+- Policy cleanup
+
* Thu Oct 16 2008 Dan Walsh <dwalsh at redhat.com> 3.5.12-3
- Remove Multiple spec
- Add include
- Previous message: rpms/varnish/EL-5 .cvsignore, 1.3, 1.4 sources, 1.3, 1.4 varnish.spec, 1.2, 1.3
- Next message: rpms/selinux-policy/devel .cvsignore, 1.152, 1.153 sources, 1.169, 1.170
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list