rpms/selinux-policy/devel policy-20080710.patch, 1.78, 1.79 selinux-policy.spec, 1.736, 1.737
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Oct 28 23:22:16 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv11603
Modified Files:
policy-20080710.patch selinux-policy.spec
Log Message:
* Mon Oct 27 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-9
- Allow openoffice execstack/execmem privs
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080710.patch,v
retrieving revision 1.78
retrieving revision 1.79
diff -u -r1.78 -r1.79
--- policy-20080710.patch 28 Oct 2008 20:06:14 -0000 1.78
+++ policy-20080710.patch 28 Oct 2008 23:22:15 -0000 1.79
@@ -5821,6 +5821,17 @@
+')
+
+
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/webalizer.te serefpolicy-3.5.13/policy/modules/apps/webalizer.te
+--- nsaserefpolicy/policy/modules/apps/webalizer.te 2008-10-16 17:21:13.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/apps/webalizer.te 2008-10-28 19:20:51.000000000 -0400
+@@ -68,6 +68,7 @@
+
+ fs_search_auto_mountpoints(webalizer_t)
+ fs_getattr_xattr_fs(webalizer_t)
++fs_rw_anon_inodefs_files(webalizer_t)
+
+ files_read_etc_files(webalizer_t)
+ files_read_etc_runtime_files(webalizer_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-3.5.13/policy/modules/apps/wine.fc
--- nsaserefpolicy/policy/modules/apps/wine.fc 2008-08-07 11:15:02.000000000 -0400
+++ serefpolicy-3.5.13/policy/modules/apps/wine.fc 2008-10-28 10:56:19.000000000 -0400
@@ -9491,8 +9502,8 @@
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.te serefpolicy-3.5.13/policy/modules/roles/unprivuser.te
--- nsaserefpolicy/policy/modules/roles/unprivuser.te 2008-10-14 11:58:09.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/roles/unprivuser.te 2008-10-28 11:05:49.000000000 -0400
-@@ -13,3 +13,20 @@
++++ serefpolicy-3.5.13/policy/modules/roles/unprivuser.te 2008-10-28 19:21:12.000000000 -0400
+@@ -13,3 +13,18 @@
userdom_unpriv_user_template(user)
@@ -9511,8 +9522,6 @@
+optional_policy(`
+ setroubleshoot_dontaudit_stream_connect(user_t)
+')
-+
-+gen_user(user_u, user, user_r, s0, s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/webadm.fc serefpolicy-3.5.13/policy/modules/roles/webadm.fc
--- nsaserefpolicy/policy/modules/roles/webadm.fc 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.5.13/policy/modules/roles/webadm.fc 2008-10-28 10:56:19.000000000 -0400
@@ -33328,18 +33337,16 @@
+define(`manage_key_perms', `{ create link read search setattr view write } ')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.5.13/policy/users
--- nsaserefpolicy/policy/users 2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/users 2008-10-28 11:14:49.000000000 -0400
-@@ -24,12 +24,9 @@
- # SELinux user identity for a Linux user. If you do not want to
++++ serefpolicy-3.5.13/policy/users 2008-10-28 19:21:24.000000000 -0400
+@@ -25,11 +25,8 @@
# permit any access to such users, then remove this entry.
#
--gen_user(user_u, user, user_r, s0, s0)
+ gen_user(user_u, user, user_r, s0, s0)
-gen_user(staff_u, staff, staff_r sysadm_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
-gen_user(sysadm_u, sysadm, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats)
-
-# Until order dependence is fixed for users:
-gen_user(unconfined_u, unconfined, unconfined_r, s0, s0 - mls_systemhigh, mcs_allcats)
-+#gen_user(user_u, user, user_r, s0, s0)
+gen_user(staff_u, user, staff_r system_r sysadm_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
+gen_user(sysadm_u, user, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.736
retrieving revision 1.737
diff -u -r1.736 -r1.737
--- selinux-policy.spec 28 Oct 2008 20:06:14 -0000 1.736
+++ selinux-policy.spec 28 Oct 2008 23:22:15 -0000 1.737
@@ -16,7 +16,7 @@
%define POLICYVER 23
%define libsepolver 2.0.20-1
%define POLICYCOREUTILSVER 2.0.54-2
-%define CHECKPOLICYVER 2.0.16-1
+%define CHECKPOLICYVER 2.0.16-3
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.5.13
More information about the scm-commits
mailing list