rpms/selinux-policy/F-9 policy-20071130.patch,1.229,1.230

Daniel J Walsh dwalsh at fedoraproject.org
Mon Oct 20 20:16:41 UTC 2008 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv17865

Modified Files:
	policy-20071130.patch 
Log Message:
* Mon Oct 20 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-103
- More fixes for new netoworkmanager
- Fixes for MLS initrc scripts


policy-20071130.patch:

Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.229
retrieving revision 1.230
diff -u -r1.229 -r1.230
--- policy-20071130.patch	20 Oct 2008 19:53:49 -0000	1.229
+++ policy-20071130.patch	20 Oct 2008 20:16:40 -0000	1.230
@@ -12545,8 +12545,8 @@
  /var/run/avahi-daemon(/.*)? 		gen_context(system_u:object_r:avahi_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.if serefpolicy-3.3.1/policy/modules/services/avahi.if
 --- nsaserefpolicy/policy/modules/services/avahi.if	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/avahi.if	2008-10-16 14:48:24.000000000 -0400
-@@ -2,6 +2,122 @@
++++ serefpolicy-3.3.1/policy/modules/services/avahi.if	2008-10-20 16:08:13.000000000 -0400
+@@ -2,6 +2,103 @@
  
  ########################################
  ## <summary>
@@ -12647,29 +12647,10 @@
 +
 +########################################
 +## <summary>
-+##	Send avahi a sigkill
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+#
-+interface(`avahi_sigkill',`
-+	gen_require(`
-+		type avahi_t;
-+	')
-+
-+	allow $1 avahi_t:process sigkill;
-+')
-+
-+########################################
-+## <summary>
  ##	Send and receive messages from
  ##	avahi over dbus.
  ## </summary>
-@@ -57,3 +173,45 @@
+@@ -57,3 +154,45 @@
  
  	dontaudit $1 avahi_var_run_t:dir search_dir_perms;
  ')
@@ -21293,8 +21274,58 @@
 +/etc/rc\.d/init\.d/nscd	--	gen_context(system_u:object_r:nscd_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.3.1/policy/modules/services/nscd.if
 --- nsaserefpolicy/policy/modules/services/nscd.if	2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/nscd.if	2008-10-14 11:43:20.000000000 -0400
-@@ -70,15 +70,14 @@
++++ serefpolicy-3.3.1/policy/modules/services/nscd.if	2008-10-20 16:12:35.000000000 -0400
+@@ -2,6 +2,24 @@
+ 
+ ########################################
+ ## <summary>
++##	Send sigkills to NSCD.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`nscd_sigkill',`
++	gen_require(`
++		type nscd_t;
++	')
++
++	allow $1 nscd_t:process sigkill;
++')
++
++########################################
++## <summary>
+ ##	Send generic signals to NSCD.
+ ## </summary>
+ ## <param name="domain">
+@@ -20,6 +38,24 @@
+ 
+ ########################################
+ ## <summary>
++##	Send signulls to NSCD.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`nscd_signull',`
++	gen_require(`
++		type nscd_t;
++	')
++
++	allow $1 nscd_t:process signull;
++')
++
++########################################
++## <summary>
+ ##	Execute NSCD in the nscd domain.
+ ## </summary>
+ ## <param name="domain">
+@@ -70,15 +106,14 @@
  interface(`nscd_socket_use',`
  	gen_require(`
  		type nscd_t, nscd_var_run_t;
@@ -21312,7 +21343,7 @@
  	files_search_pids($1)
  	stream_connect_pattern($1,nscd_var_run_t,nscd_var_run_t,nscd_t)
  	dontaudit $1 nscd_var_run_t:file { getattr read };
-@@ -204,3 +203,68 @@
+@@ -204,3 +239,68 @@
  	role $2 types nscd_t;
  	dontaudit nscd_t $3:chr_file rw_term_perms;
  ')

More information about the scm-commits mailing list