rpms/selinux-policy/devel policy-20080710.patch, 1.78, 1.79 selinux-policy.spec, 1.736, 1.737

Daniel J Walsh dwalsh at fedoraproject.org
Tue Oct 28 23:22:16 UTC 2008 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv11603

Modified Files:
	policy-20080710.patch selinux-policy.spec 
Log Message:
* Mon Oct 27 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-9
- Allow openoffice execstack/execmem privs


policy-20080710.patch:

Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080710.patch,v
retrieving revision 1.78
retrieving revision 1.79
diff -u -r1.78 -r1.79
--- policy-20080710.patch	28 Oct 2008 20:06:14 -0000	1.78
+++ policy-20080710.patch	28 Oct 2008 23:22:15 -0000	1.79
@@ -5821,6 +5821,17 @@
 +')
 +
 +
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/webalizer.te serefpolicy-3.5.13/policy/modules/apps/webalizer.te
+--- nsaserefpolicy/policy/modules/apps/webalizer.te	2008-10-16 17:21:13.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/apps/webalizer.te	2008-10-28 19:20:51.000000000 -0400
+@@ -68,6 +68,7 @@
+ 
+ fs_search_auto_mountpoints(webalizer_t)
+ fs_getattr_xattr_fs(webalizer_t)
++fs_rw_anon_inodefs_files(webalizer_t)
+ 
+ files_read_etc_files(webalizer_t)
+ files_read_etc_runtime_files(webalizer_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-3.5.13/policy/modules/apps/wine.fc
 --- nsaserefpolicy/policy/modules/apps/wine.fc	2008-08-07 11:15:02.000000000 -0400
 +++ serefpolicy-3.5.13/policy/modules/apps/wine.fc	2008-10-28 10:56:19.000000000 -0400
@@ -9491,8 +9502,8 @@
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.te serefpolicy-3.5.13/policy/modules/roles/unprivuser.te
 --- nsaserefpolicy/policy/modules/roles/unprivuser.te	2008-10-14 11:58:09.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/roles/unprivuser.te	2008-10-28 11:05:49.000000000 -0400
-@@ -13,3 +13,20 @@
++++ serefpolicy-3.5.13/policy/modules/roles/unprivuser.te	2008-10-28 19:21:12.000000000 -0400
+@@ -13,3 +13,18 @@
  
  userdom_unpriv_user_template(user)
  
@@ -9511,8 +9522,6 @@
 +optional_policy(`
 +	setroubleshoot_dontaudit_stream_connect(user_t)
 +')
-+
-+gen_user(user_u, user, user_r, s0, s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/webadm.fc serefpolicy-3.5.13/policy/modules/roles/webadm.fc
 --- nsaserefpolicy/policy/modules/roles/webadm.fc	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-3.5.13/policy/modules/roles/webadm.fc	2008-10-28 10:56:19.000000000 -0400
@@ -33328,18 +33337,16 @@
 +define(`manage_key_perms', `{ create link read search setattr view write } ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.5.13/policy/users
 --- nsaserefpolicy/policy/users	2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.5.13/policy/users	2008-10-28 11:14:49.000000000 -0400
-@@ -24,12 +24,9 @@
- # SELinux user identity for a Linux user.  If you do not want to
++++ serefpolicy-3.5.13/policy/users	2008-10-28 19:21:24.000000000 -0400
+@@ -25,11 +25,8 @@
  # permit any access to such users, then remove this entry.
  #
--gen_user(user_u, user, user_r, s0, s0)
+ gen_user(user_u, user, user_r, s0, s0)
 -gen_user(staff_u, staff, staff_r sysadm_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
 -gen_user(sysadm_u, sysadm, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats)
 -
 -# Until order dependence is fixed for users:
 -gen_user(unconfined_u, unconfined, unconfined_r, s0, s0 - mls_systemhigh, mcs_allcats)
-+#gen_user(user_u, user, user_r, s0, s0)
 +gen_user(staff_u, user, staff_r system_r sysadm_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
 +gen_user(sysadm_u, user, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats)
  


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.736
retrieving revision 1.737
diff -u -r1.736 -r1.737
--- selinux-policy.spec	28 Oct 2008 20:06:14 -0000	1.736
+++ selinux-policy.spec	28 Oct 2008 23:22:15 -0000	1.737
@@ -16,7 +16,7 @@
 %define POLICYVER 23
 %define libsepolver 2.0.20-1
 %define POLICYCOREUTILSVER 2.0.54-2
-%define CHECKPOLICYVER 2.0.16-1
+%define CHECKPOLICYVER 2.0.16-3
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.5.13

More information about the scm-commits mailing list