rpms/selinux-policy/devel policy-20080710.patch,1.80,1.81
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Oct 29 17:12:17 UTC 2008
- Previous message: rpms/ksplice/devel .cvsignore,1.3,1.4 sources,1.3,1.4
- Next message: rpms/ksplice/devel ksplice-0.9.2-config.patch, NONE, 1.1 ksplice.spec, 1.5, 1.6 ksplice-0.9.1-config.patch, 1.2, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9455
Modified Files:
policy-20080710.patch
Log Message:
* Wed Oct 29 2008 Dan Walsh <dwalsh at redhat.com> 3.5.13-10
- Fix confined users
- Allow xguest to read/write xguest_dbusd_t
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080710.patch,v
retrieving revision 1.80
retrieving revision 1.81
diff -u -r1.80 -r1.81
--- policy-20080710.patch 29 Oct 2008 17:03:57 -0000 1.80
+++ policy-20080710.patch 29 Oct 2008 17:12:16 -0000 1.81
@@ -4394,8 +4394,8 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.5.13/policy/modules/apps/nsplugin.te
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/policy/modules/apps/nsplugin.te 2008-10-28 10:58:06.000000000 -0400
-@@ -0,0 +1,256 @@
++++ serefpolicy-3.5.13/policy/modules/apps/nsplugin.te 2008-10-29 12:10:02.000000000 -0400
+@@ -0,0 +1,257 @@
+
+policy_module(nsplugin, 1.0.0)
+
@@ -4494,6 +4494,7 @@
+kernel_read_kernel_sysctls(nsplugin_t)
+kernel_read_system_state(nsplugin_t)
+
++files_dontaudit_getattr_lost_found_dirs(nsplugin_t)
+files_dontaudit_list_home(nsplugin_t)
+files_read_usr_files(nsplugin_t)
+files_read_etc_files(nsplugin_t)
@@ -7133,7 +7134,7 @@
/etc/localtime -l gen_context(system_u:object_r:etc_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.5.13/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2008-08-07 11:15:01.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/kernel/files.if 2008-10-28 10:56:19.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/kernel/files.if 2008-10-29 12:09:50.000000000 -0400
@@ -110,6 +110,11 @@
## </param>
#
@@ -8589,8 +8590,8 @@
+logging_admin(logadm_t, logadm_r, { logadm_devpts_t logadm_tty_device_t })
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.5.13/policy/modules/roles/staff.te
--- nsaserefpolicy/policy/modules/roles/staff.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/roles/staff.te 2008-10-28 11:14:35.000000000 -0400
-@@ -4,27 +4,63 @@
++++ serefpolicy-3.5.13/policy/modules/roles/staff.te 2008-10-29 12:02:31.000000000 -0400
+@@ -4,27 +4,68 @@
########################################
#
# Declarations
@@ -8656,6 +8657,11 @@
+optional_policy(`
+ webadm_role_change_template(staff)
+')
++
++optional_policy(`
++ cron_admin_template(sysadm)
++')
++
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.if serefpolicy-3.5.13/policy/modules/roles/sysadm.if
--- nsaserefpolicy/policy/modules/roles/sysadm.if 2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.13/policy/modules/roles/sysadm.if 2008-10-28 11:21:02.000000000 -0400
@@ -8856,7 +8862,7 @@
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.5.13/policy/modules/roles/sysadm.te
--- nsaserefpolicy/policy/modules/roles/sysadm.te 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.13/policy/modules/roles/sysadm.te 2008-10-29 12:00:43.000000000 -0400
++++ serefpolicy-3.5.13/policy/modules/roles/sysadm.te 2008-10-29 12:02:23.000000000 -0400
@@ -15,7 +14,7 @@
role sysadm_r;
@@ -8866,20 +8872,18 @@
ifndef(`enable_mls',`
userdom_security_admin_template(sysadm_t, sysadm_r, { sysadm_tty_device_t sysadm_devpts_t })
-@@ -109,9 +108,9 @@
- consoletype_run(sysadm_t, sysadm_r, { sysadm_tty_device_t sysadm_devpts_t })
+@@ -110,10 +109,6 @@
')
--optional_policy(`
+ optional_policy(`
- cron_admin_template(sysadm)
-')
-+#optional_policy(`
-+# cron_admin_template(sysadm)
-+#')
-
- optional_policy(`
+-
+-optional_policy(`
cvs_exec(sysadm_t)
-@@ -171,6 +170,10 @@
+ ')
+
+@@ -171,6 +166,10 @@
')
optional_policy(`
@@ -8890,7 +8894,7 @@
kudzu_run(sysadm_t, sysadm_r, { sysadm_tty_device_t sysadm_devpts_t })
')
-@@ -215,8 +218,8 @@
+@@ -215,8 +214,8 @@
optional_policy(`
netutils_run(sysadm_t, sysadm_r, { sysadm_tty_device_t sysadm_devpts_t })
@@ -8901,7 +8905,7 @@
')
optional_policy(`
-@@ -328,3 +331,5 @@
+@@ -328,3 +327,5 @@
optional_policy(`
yam_run(sysadm_t, sysadm_r, { sysadm_tty_device_t sysadm_devpts_t })
')
- Previous message: rpms/ksplice/devel .cvsignore,1.3,1.4 sources,1.3,1.4
- Next message: rpms/ksplice/devel ksplice-0.9.2-config.patch, NONE, 1.1 ksplice.spec, 1.5, 1.6 ksplice-0.9.1-config.patch, 1.2, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list