rpms/selinux-policy/devel .cvsignore, 1.163, 1.164 policy-20090105.patch, 1.80, 1.81 sources, 1.183, 1.184

Daniel J Walsh dwalsh at fedoraproject.org
Mon Apr 6 19:27:49 UTC 2009 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19719

Modified Files:
	.cvsignore policy-20090105.patch sources 
Log Message:
* Mon Apr 6 2009 Dan Walsh <dwalsh at redhat.com> 3.6.11-1
- Dontaudit binds to ports < 1024 for named
- Upgrade to latest upstream



Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/.cvsignore,v
retrieving revision 1.163
retrieving revision 1.164
diff -u -r1.163 -r1.164
--- .cvsignore	20 Mar 2009 18:42:38 -0000	1.163
+++ .cvsignore	6 Apr 2009 19:27:19 -0000	1.164
@@ -165,3 +165,4 @@
 serefpolicy-3.6.8.tgz
 serefpolicy-3.6.9.tgz
 serefpolicy-3.6.10.tgz
+serefpolicy-3.6.11.tgz

policy-20090105.patch:

Index: policy-20090105.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20090105.patch,v
retrieving revision 1.80
retrieving revision 1.81
diff -u -r1.80 -r1.81
--- policy-20090105.patch	6 Apr 2009 17:07:59 -0000	1.80
+++ policy-20090105.patch	6 Apr 2009 19:27:19 -0000	1.81
@@ -3926,7 +3926,7 @@
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.6.11/policy/modules/apps/qemu.te
 --- nsaserefpolicy/policy/modules/apps/qemu.te	2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.11/policy/modules/apps/qemu.te	2009-04-06 13:07:12.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/apps/qemu.te	2009-04-06 14:08:29.000000000 -0400
 @@ -13,28 +13,96 @@
  ## </desc>
  gen_tunable(qemu_full_network, false)
@@ -3993,8 +3993,8 @@
  ')
  
 +tunable_policy(`qemu_use_comm',`
-+	term_use_unallocated_ttys(sqemu_t)
-+	dev_rw_printer(sqemu_t)
++	term_use_unallocated_ttys(qemu_t)
++	dev_rw_printer(qemu_t)
 +')
 +
 +tunable_policy(`qemu_use_nfs',`
@@ -8295,12 +8295,12 @@
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-3.6.11/policy/modules/services/bind.te
 --- nsaserefpolicy/policy/modules/services/bind.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.11/policy/modules/services/bind.te	2009-04-06 12:59:54.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/bind.te	2009-04-06 14:03:35.000000000 -0400
 @@ -123,6 +123,7 @@
  corenet_sendrecv_dns_client_packets(named_t)
  corenet_sendrecv_rndc_server_packets(named_t)
  corenet_sendrecv_rndc_client_packets(named_t)
-+corenet_udp_dontaudit_bind_all_reserved_ports(named_t)
++corenet_dontaudit_udp_bind_all_reserved_ports(named_t)
  corenet_udp_bind_all_unreserved_ports(named_t)
  
  dev_read_sysfs(named_t)
@@ -18331,7 +18331,7 @@
  	ccs_read_config(ricci_modstorage_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.6.11/policy/modules/services/rpc.te
 --- nsaserefpolicy/policy/modules/services/rpc.te	2009-03-20 12:39:39.000000000 -0400
-+++ serefpolicy-3.6.11/policy/modules/services/rpc.te	2009-04-06 12:59:54.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/rpc.te	2009-04-06 15:25:10.000000000 -0400
 @@ -23,7 +23,7 @@
  gen_tunable(allow_nfsd_anon_write, false)
  
@@ -18349,7 +18349,7 @@
  
  tunable_policy(`nfs_export_all_ro',`
  	dev_getattr_all_blk_files(nfsd_t)
-@@ -183,6 +184,7 @@
+@@ -183,9 +184,12 @@
  files_read_usr_symlinks(gssd_t) 
  
  auth_use_nsswitch(gssd_t)
@@ -18357,6 +18357,11 @@
  
  miscfiles_read_certs(gssd_t)
  
++mount_signal(gssd_t)
++
+ tunable_policy(`allow_gssd_read_tmp',`
+ 	userdom_list_user_tmp(gssd_t) 
+ 	userdom_read_user_tmp_files(gssd_t) 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd.te serefpolicy-3.6.11/policy/modules/services/rshd.te
 --- nsaserefpolicy/policy/modules/services/rshd.te	2009-01-19 11:06:49.000000000 -0500
 +++ serefpolicy-3.6.11/policy/modules/services/rshd.te	2009-04-06 12:59:54.000000000 -0400
@@ -21462,8 +21467,8 @@
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.6.11/policy/modules/services/virt.te
 --- nsaserefpolicy/policy/modules/services/virt.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.11/policy/modules/services/virt.te	2009-04-06 12:59:54.000000000 -0400
-@@ -8,19 +8,38 @@
++++ serefpolicy-3.6.11/policy/modules/services/virt.te	2009-04-06 14:11:37.000000000 -0400
+@@ -8,19 +8,24 @@
  
  ## <desc>
  ## <p>
@@ -21476,13 +21481,6 @@
  ## <desc>
  ## <p>
 -## Allow virt to manage cifs files
-+## Allow svirt to manage nfs files
-+## </p>
-+## </desc>
-+gen_tunable(virt_use_nfs, false)
-+
-+## <desc>
-+## <p>
 +## Allow svirt to manage cifs files
  ## </p>
  ## </desc>
@@ -21491,13 +21489,6 @@
 -attribute virt_image_type;
 +## <desc>
 +## <p>
-+## Allow svirt to manage nfs files
-+## </p>
-+## </desc>
-+gen_tunable(virt_use_nfs, false)
-+
-+## <desc>
-+## <p>
 +## Allow svirt to user serial/parallell communication ports
 +## </p>
 +## </desc>
@@ -21505,7 +21496,7 @@
  
  type virt_etc_t;
  files_config_file(virt_etc_t)
-@@ -29,8 +48,12 @@
+@@ -29,8 +34,12 @@
  files_type(virt_etc_rw_t)
  
  # virt Image files
@@ -21520,7 +21511,7 @@
  
  type virt_log_t;
  logging_log_file(virt_log_t)
-@@ -48,17 +71,39 @@
+@@ -48,17 +57,39 @@
  type virtd_initrc_exec_t;
  init_script_file(virtd_initrc_exec_t)
  
@@ -21562,7 +21553,7 @@
  read_files_pattern(virtd_t, virt_etc_t, virt_etc_t)
  read_lnk_files_pattern(virtd_t, virt_etc_t, virt_etc_t)
  
-@@ -67,7 +112,11 @@
+@@ -67,7 +98,11 @@
  manage_lnk_files_pattern(virtd_t, virt_etc_rw_t, virt_etc_rw_t)
  filetrans_pattern(virtd_t, virt_etc_t, virt_etc_rw_t, dir)
  
@@ -21575,7 +21566,7 @@
  
  manage_dirs_pattern(virtd_t, virt_log_t, virt_log_t)
  manage_files_pattern(virtd_t, virt_log_t, virt_log_t)
-@@ -86,6 +135,7 @@
+@@ -86,6 +121,7 @@
  kernel_read_network_state(virtd_t)
  kernel_rw_net_sysctls(virtd_t)
  kernel_load_module(virtd_t)
@@ -21583,7 +21574,7 @@
  
  corecmd_exec_bin(virtd_t)
  corecmd_exec_shell(virtd_t)
-@@ -96,7 +146,7 @@
+@@ -96,7 +132,7 @@
  corenet_tcp_sendrecv_generic_node(virtd_t)
  corenet_tcp_sendrecv_all_ports(virtd_t)
  corenet_tcp_bind_generic_node(virtd_t)
@@ -21592,7 +21583,7 @@
  corenet_tcp_bind_vnc_port(virtd_t)
  corenet_tcp_connect_vnc_port(virtd_t)
  corenet_tcp_connect_soundd_port(virtd_t)
-@@ -104,21 +154,39 @@
+@@ -104,21 +140,39 @@
  
  dev_read_sysfs(virtd_t)
  dev_read_rand(virtd_t)
@@ -21633,7 +21624,7 @@
  term_getattr_pty_fs(virtd_t)
  term_use_ptmx(virtd_t)
  
-@@ -129,6 +197,13 @@
+@@ -129,6 +183,13 @@
  
  logging_send_syslog_msg(virtd_t)
  
@@ -21647,7 +21638,7 @@
  userdom_read_all_users_state(virtd_t)
  
  tunable_policy(`virt_use_nfs',`
-@@ -167,22 +242,34 @@
+@@ -167,22 +228,34 @@
  	dnsmasq_domtrans(virtd_t)
  	dnsmasq_signal(virtd_t)
  	dnsmasq_kill(virtd_t)
@@ -21670,15 +21661,15 @@
 +optional_policy(`
 +	lvm_domtrans(virtd_t)
 +')
-+
-+optional_policy(`
+ 
+ optional_policy(`
+-	qemu_domtrans(virtd_t)
 +	polkit_domtrans_auth(virtd_t)
 +	polkit_domtrans_resolve(virtd_t)
 +	polkit_read_lib(virtd_t)
 +')
- 
- optional_policy(`
--	qemu_domtrans(virtd_t)
++
++optional_policy(`
 +	qemu_spec_domtrans(virtd_t, svirt_t)
  	qemu_read_state(virtd_t)
  	qemu_signal(virtd_t)
@@ -21687,7 +21678,7 @@
  ')
  
  optional_policy(`
-@@ -198,5 +285,78 @@
+@@ -198,5 +271,78 @@
  ')
  
  optional_policy(`
@@ -25205,7 +25196,7 @@
 +/var/run/davfs2(/.*)?		gen_context(system_u:object_r:mount_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.6.11/policy/modules/system/mount.if
 --- nsaserefpolicy/policy/modules/system/mount.if	2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.11/policy/modules/system/mount.if	2009-04-06 12:59:54.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/mount.if	2009-04-06 15:24:32.000000000 -0400
 @@ -43,9 +43,11 @@
  
  	mount_domtrans($1)


Index: sources
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/sources,v
retrieving revision 1.183
retrieving revision 1.184
diff -u -r1.183 -r1.184
--- sources	24 Mar 2009 19:45:02 -0000	1.183
+++ sources	6 Apr 2009 19:27:19 -0000	1.184
@@ -1 +1 @@
-38720499e445f99f9e2d4df792f2b6f5  serefpolicy-3.6.10.tgz
+8692c0a1feea7a6914bc3f33019c0570  serefpolicy-3.6.11.tgz

More information about the scm-commits mailing list