rpms/selinux-policy/devel .cvsignore, 1.163, 1.164 policy-20090105.patch, 1.80, 1.81 sources, 1.183, 1.184
Daniel J Walsh
dwalsh at fedoraproject.org
Mon Apr 6 19:27:49 UTC 2009
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19719
Modified Files:
.cvsignore policy-20090105.patch sources
Log Message:
* Mon Apr 6 2009 Dan Walsh <dwalsh at redhat.com> 3.6.11-1
- Dontaudit binds to ports < 1024 for named
- Upgrade to latest upstream
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/.cvsignore,v
retrieving revision 1.163
retrieving revision 1.164
diff -u -r1.163 -r1.164
--- .cvsignore 20 Mar 2009 18:42:38 -0000 1.163
+++ .cvsignore 6 Apr 2009 19:27:19 -0000 1.164
@@ -165,3 +165,4 @@
serefpolicy-3.6.8.tgz
serefpolicy-3.6.9.tgz
serefpolicy-3.6.10.tgz
+serefpolicy-3.6.11.tgz
policy-20090105.patch:
Index: policy-20090105.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20090105.patch,v
retrieving revision 1.80
retrieving revision 1.81
diff -u -r1.80 -r1.81
--- policy-20090105.patch 6 Apr 2009 17:07:59 -0000 1.80
+++ policy-20090105.patch 6 Apr 2009 19:27:19 -0000 1.81
@@ -3926,7 +3926,7 @@
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.6.11/policy/modules/apps/qemu.te
--- nsaserefpolicy/policy/modules/apps/qemu.te 2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.11/policy/modules/apps/qemu.te 2009-04-06 13:07:12.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/apps/qemu.te 2009-04-06 14:08:29.000000000 -0400
@@ -13,28 +13,96 @@
## </desc>
gen_tunable(qemu_full_network, false)
@@ -3993,8 +3993,8 @@
')
+tunable_policy(`qemu_use_comm',`
-+ term_use_unallocated_ttys(sqemu_t)
-+ dev_rw_printer(sqemu_t)
++ term_use_unallocated_ttys(qemu_t)
++ dev_rw_printer(qemu_t)
+')
+
+tunable_policy(`qemu_use_nfs',`
@@ -8295,12 +8295,12 @@
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-3.6.11/policy/modules/services/bind.te
--- nsaserefpolicy/policy/modules/services/bind.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.11/policy/modules/services/bind.te 2009-04-06 12:59:54.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/bind.te 2009-04-06 14:03:35.000000000 -0400
@@ -123,6 +123,7 @@
corenet_sendrecv_dns_client_packets(named_t)
corenet_sendrecv_rndc_server_packets(named_t)
corenet_sendrecv_rndc_client_packets(named_t)
-+corenet_udp_dontaudit_bind_all_reserved_ports(named_t)
++corenet_dontaudit_udp_bind_all_reserved_ports(named_t)
corenet_udp_bind_all_unreserved_ports(named_t)
dev_read_sysfs(named_t)
@@ -18331,7 +18331,7 @@
ccs_read_config(ricci_modstorage_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.6.11/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2009-03-20 12:39:39.000000000 -0400
-+++ serefpolicy-3.6.11/policy/modules/services/rpc.te 2009-04-06 12:59:54.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/services/rpc.te 2009-04-06 15:25:10.000000000 -0400
@@ -23,7 +23,7 @@
gen_tunable(allow_nfsd_anon_write, false)
@@ -18349,7 +18349,7 @@
tunable_policy(`nfs_export_all_ro',`
dev_getattr_all_blk_files(nfsd_t)
-@@ -183,6 +184,7 @@
+@@ -183,9 +184,12 @@
files_read_usr_symlinks(gssd_t)
auth_use_nsswitch(gssd_t)
@@ -18357,6 +18357,11 @@
miscfiles_read_certs(gssd_t)
++mount_signal(gssd_t)
++
+ tunable_policy(`allow_gssd_read_tmp',`
+ userdom_list_user_tmp(gssd_t)
+ userdom_read_user_tmp_files(gssd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd.te serefpolicy-3.6.11/policy/modules/services/rshd.te
--- nsaserefpolicy/policy/modules/services/rshd.te 2009-01-19 11:06:49.000000000 -0500
+++ serefpolicy-3.6.11/policy/modules/services/rshd.te 2009-04-06 12:59:54.000000000 -0400
@@ -21462,8 +21467,8 @@
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.6.11/policy/modules/services/virt.te
--- nsaserefpolicy/policy/modules/services/virt.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.11/policy/modules/services/virt.te 2009-04-06 12:59:54.000000000 -0400
-@@ -8,19 +8,38 @@
++++ serefpolicy-3.6.11/policy/modules/services/virt.te 2009-04-06 14:11:37.000000000 -0400
+@@ -8,19 +8,24 @@
## <desc>
## <p>
@@ -21476,13 +21481,6 @@
## <desc>
## <p>
-## Allow virt to manage cifs files
-+## Allow svirt to manage nfs files
-+## </p>
-+## </desc>
-+gen_tunable(virt_use_nfs, false)
-+
-+## <desc>
-+## <p>
+## Allow svirt to manage cifs files
## </p>
## </desc>
@@ -21491,13 +21489,6 @@
-attribute virt_image_type;
+## <desc>
+## <p>
-+## Allow svirt to manage nfs files
-+## </p>
-+## </desc>
-+gen_tunable(virt_use_nfs, false)
-+
-+## <desc>
-+## <p>
+## Allow svirt to user serial/parallell communication ports
+## </p>
+## </desc>
@@ -21505,7 +21496,7 @@
type virt_etc_t;
files_config_file(virt_etc_t)
-@@ -29,8 +48,12 @@
+@@ -29,8 +34,12 @@
files_type(virt_etc_rw_t)
# virt Image files
@@ -21520,7 +21511,7 @@
type virt_log_t;
logging_log_file(virt_log_t)
-@@ -48,17 +71,39 @@
+@@ -48,17 +57,39 @@
type virtd_initrc_exec_t;
init_script_file(virtd_initrc_exec_t)
@@ -21562,7 +21553,7 @@
read_files_pattern(virtd_t, virt_etc_t, virt_etc_t)
read_lnk_files_pattern(virtd_t, virt_etc_t, virt_etc_t)
-@@ -67,7 +112,11 @@
+@@ -67,7 +98,11 @@
manage_lnk_files_pattern(virtd_t, virt_etc_rw_t, virt_etc_rw_t)
filetrans_pattern(virtd_t, virt_etc_t, virt_etc_rw_t, dir)
@@ -21575,7 +21566,7 @@
manage_dirs_pattern(virtd_t, virt_log_t, virt_log_t)
manage_files_pattern(virtd_t, virt_log_t, virt_log_t)
-@@ -86,6 +135,7 @@
+@@ -86,6 +121,7 @@
kernel_read_network_state(virtd_t)
kernel_rw_net_sysctls(virtd_t)
kernel_load_module(virtd_t)
@@ -21583,7 +21574,7 @@
corecmd_exec_bin(virtd_t)
corecmd_exec_shell(virtd_t)
-@@ -96,7 +146,7 @@
+@@ -96,7 +132,7 @@
corenet_tcp_sendrecv_generic_node(virtd_t)
corenet_tcp_sendrecv_all_ports(virtd_t)
corenet_tcp_bind_generic_node(virtd_t)
@@ -21592,7 +21583,7 @@
corenet_tcp_bind_vnc_port(virtd_t)
corenet_tcp_connect_vnc_port(virtd_t)
corenet_tcp_connect_soundd_port(virtd_t)
-@@ -104,21 +154,39 @@
+@@ -104,21 +140,39 @@
dev_read_sysfs(virtd_t)
dev_read_rand(virtd_t)
@@ -21633,7 +21624,7 @@
term_getattr_pty_fs(virtd_t)
term_use_ptmx(virtd_t)
-@@ -129,6 +197,13 @@
+@@ -129,6 +183,13 @@
logging_send_syslog_msg(virtd_t)
@@ -21647,7 +21638,7 @@
userdom_read_all_users_state(virtd_t)
tunable_policy(`virt_use_nfs',`
-@@ -167,22 +242,34 @@
+@@ -167,22 +228,34 @@
dnsmasq_domtrans(virtd_t)
dnsmasq_signal(virtd_t)
dnsmasq_kill(virtd_t)
@@ -21670,15 +21661,15 @@
+optional_policy(`
+ lvm_domtrans(virtd_t)
+')
-+
-+optional_policy(`
+
+ optional_policy(`
+- qemu_domtrans(virtd_t)
+ polkit_domtrans_auth(virtd_t)
+ polkit_domtrans_resolve(virtd_t)
+ polkit_read_lib(virtd_t)
+')
-
- optional_policy(`
-- qemu_domtrans(virtd_t)
++
++optional_policy(`
+ qemu_spec_domtrans(virtd_t, svirt_t)
qemu_read_state(virtd_t)
qemu_signal(virtd_t)
@@ -21687,7 +21678,7 @@
')
optional_policy(`
-@@ -198,5 +285,78 @@
+@@ -198,5 +271,78 @@
')
optional_policy(`
@@ -25205,7 +25196,7 @@
+/var/run/davfs2(/.*)? gen_context(system_u:object_r:mount_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.6.11/policy/modules/system/mount.if
--- nsaserefpolicy/policy/modules/system/mount.if 2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.11/policy/modules/system/mount.if 2009-04-06 12:59:54.000000000 -0400
++++ serefpolicy-3.6.11/policy/modules/system/mount.if 2009-04-06 15:24:32.000000000 -0400
@@ -43,9 +43,11 @@
mount_domtrans($1)
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/sources,v
retrieving revision 1.183
retrieving revision 1.184
diff -u -r1.183 -r1.184
--- sources 24 Mar 2009 19:45:02 -0000 1.183
+++ sources 6 Apr 2009 19:27:19 -0000 1.184
@@ -1 +1 @@
-38720499e445f99f9e2d4df792f2b6f5 serefpolicy-3.6.10.tgz
+8692c0a1feea7a6914bc3f33019c0570 serefpolicy-3.6.11.tgz
More information about the scm-commits
mailing list