rpms/selinux-policy/F-11 policy-20090105.patch, 1.100, 1.101 selinux-policy.spec, 1.835, 1.836

Fri Apr 24 03:14:58 UTC 2009

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7301

Modified Files:
	policy-20090105.patch selinux-policy.spec 
Log Message:
* Thu Apr 23 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-15
- Additional perms for readahead


policy-20090105.patch:

Index: policy-20090105.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-11/policy-20090105.patch,v
retrieving revision 1.100
retrieving revision 1.101
diff -u -r1.100 -r1.101

--- policy-20090105.patch	23 Apr 2009 14:47:07 -0000	1.100
+++ policy-20090105.patch	24 Apr 2009 03:14:57 -0000	1.101
@@ -770,12 +770,41 @@
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.fc serefpolicy-3.6.12/policy/modules/admin/readahead.fc
 --- nsaserefpolicy/policy/modules/admin/readahead.fc	2008-08-07 11:15:13.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/admin/readahead.fc	2009-04-23 10:30:56.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/admin/readahead.fc	2009-04-23 17:15:49.000000000 -0400
 @@ -1,3 +1,4 @@
  /etc/readahead.d(/.*)?		gen_context(system_u:object_r:readahead_etc_rw_t,s0)
  
- /usr/sbin/readahead	--	gen_context(system_u:object_r:readahead_exec_t,s0)
-+/sbin/readahead		--	gen_context(system_u:object_r:readahead_exec_t,s0)
+-/usr/sbin/readahead	--	gen_context(system_u:object_r:readahead_exec_t,s0)
++/usr/sbin/readahead.*	--	gen_context(system_u:object_r:readahead_exec_t,s0)
++/sbin/readahead.*	--	gen_context(system_u:object_r:readahead_exec_t,s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-3.6.12/policy/modules/admin/readahead.te
+--- nsaserefpolicy/policy/modules/admin/readahead.te	2009-01-05 15:39:44.000000000 -0500
++++ serefpolicy-3.6.12/policy/modules/admin/readahead.te	2009-04-23 17:21:40.000000000 -0400
+@@ -24,7 +24,7 @@
+ 
+ allow readahead_t self:capability { fowner dac_override dac_read_search };
+ dontaudit readahead_t self:capability sys_tty_config;
+-allow readahead_t self:process signal_perms;
++allow readahead_t self:process { setsched signal_perms };
+ 
+ manage_files_pattern(readahead_t, readahead_etc_rw_t, readahead_etc_rw_t)
+ 
+@@ -58,6 +58,7 @@
+ fs_dontaudit_search_ramfs(readahead_t)
+ fs_dontaudit_read_ramfs_pipes(readahead_t)
+ fs_dontaudit_read_ramfs_files(readahead_t)
++fs_dontaudit_use_tmpfs_chr_dev(readahead_t)
+ fs_read_tmpfs_symlinks(readahead_t)
+ fs_list_inotifyfs(readahead_t)
+ 
+@@ -72,6 +73,7 @@
+ init_getattr_initctl(readahead_t)
+ 
+ logging_send_syslog_msg(readahead_t)
++logging_send_audit_msgs(readahead_t)
+ logging_dontaudit_search_audit_config(readahead_t)
+ 
+ miscfiles_read_localization(readahead_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.6.12/policy/modules/admin/rpm.fc
 --- nsaserefpolicy/policy/modules/admin/rpm.fc	2008-08-07 11:15:13.000000000 -0400
 +++ serefpolicy-3.6.12/policy/modules/admin/rpm.fc	2009-04-23 09:44:57.000000000 -0400
@@ -5693,7 +5722,7 @@
 +/dev/shm		-d	gen_context(system_u:object_r:tmpfs_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.6.12/policy/modules/kernel/filesystem.if
 --- nsaserefpolicy/policy/modules/kernel/filesystem.if	2009-03-04 16:49:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/kernel/filesystem.if	2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/kernel/filesystem.if	2009-04-23 17:21:31.000000000 -0400
 @@ -723,6 +723,24 @@
  
  ########################################


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-11/selinux-policy.spec,v
retrieving revision 1.835
retrieving revision 1.836
diff -u -r1.835 -r1.836
--- selinux-policy.spec	23 Apr 2009 14:47:08 -0000	1.835
+++ selinux-policy.spec	24 Apr 2009 03:14:57 -0000	1.836
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.12
-Release: 14%{?dist}
+Release: 15%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -213,8 +213,8 @@
 %if %{BUILD_TARGETED}
 # Build targeted policy
 # Commented out because only targeted ref policy currently builds
-%setupCmds targeted mcs n y allow
-%installCmds targeted mcs n y allow
+%setupCmds targeted mcs y y allow
+%installCmds targeted mcs y y allow
 %endif
 
 %if %{BUILD_MINIMUM}
@@ -237,7 +237,7 @@
 %installCmds olpc mcs n y allow
 %endif
 
-make UNK_PERMS=allow NAME=targeted TYPE=mcs DISTRO=%{distro} UBAC=n DIRECT_INITRC=n MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} POLY=y MLS_CATS=1024 MCS_CATS=1024 install-headers install-docs
+make UNK_PERMS=allow NAME=targeted TYPE=mcs DISTRO=%{distro} UBAC=n DIRECT_INITRC=y MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} POLY=y MLS_CATS=1024 MCS_CATS=1024 install-headers install-docs
 mkdir %{buildroot}%{_usr}/share/selinux/devel/
 mv %{buildroot}%{_usr}/share/selinux/targeted/include %{buildroot}%{_usr}/share/selinux/devel/include
 install -m 755 $RPM_SOURCE_DIR/policygentool %{buildroot}%{_usr}/share/selinux/devel/
@@ -446,6 +446,9 @@
 %endif
 
 %changelog
+* Thu Apr 23 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-15
+- Additional perms for readahead
+
 * Thu Apr 23 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-14
 - Allow pulseaudio to acquire_svc on session bus
 - Fix readahead labeling


