rpms/selinux-policy/devel policy-20090105.patch,1.41,1.42

Daniel J Walsh dwalsh at fedoraproject.org
Mon Feb 16 22:54:23 UTC 2009 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1919

Modified Files:
	policy-20090105.patch 
Log Message:
* Wed Feb 11 2009 Dan Walsh <dwalsh at redhat.com> 3.6.6-1
- Re-add corenet_in_generic_if(unlabeled_t)


policy-20090105.patch:

Index: policy-20090105.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20090105.patch,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -r1.41 -r1.42
--- policy-20090105.patch	16 Feb 2009 22:30:36 -0000	1.41
+++ policy-20090105.patch	16 Feb 2009 22:54:22 -0000	1.42
@@ -4413,7 +4413,7 @@
 +corecmd_executable_file(wm_exec_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.6.6/policy/modules/kernel/corecommands.fc
 --- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.6/policy/modules/kernel/corecommands.fc	2009-02-16 17:29:50.000000000 -0500
++++ serefpolicy-3.6.6/policy/modules/kernel/corecommands.fc	2009-02-16 17:52:43.000000000 -0500
 @@ -58,6 +58,8 @@
  
  /etc/init\.d/functions		--	gen_context(system_u:object_r:bin_t,s0)
@@ -4423,16 +4423,23 @@
  /etc/netplug\.d(/.*)? 	 		gen_context(system_u:object_r:bin_t,s0)
  
  /etc/ppp/ip-down\..*		--	gen_context(system_u:object_r:bin_t,s0)
-@@ -78,6 +80,8 @@
- /etc/sysconfig/network-scripts/ifup-.*	-l gen_context(system_u:object_r:bin_t,s0)
- /etc/sysconfig/network-scripts/ifdown-.* -- gen_context(system_u:object_r:bin_t,s0)
- /etc/sysconfig/network-scripts/ifdown-.* -l gen_context(system_u:object_r:bin_t,s0)
-+/etc/sysconfig/network-scripts/net.* -- gen_context(system_u:object_r:bin_t,s0)
-+/etc/sysconfig/network-scripts/init.* -- gen_context(system_u:object_r:bin_t,s0)
+@@ -74,10 +76,11 @@
+ /etc/sysconfig/libvirtd		-- gen_context(system_u:object_r:bin_t,s0)
+ /etc/sysconfig/netconsole	-- gen_context(system_u:object_r:bin_t,s0)
+ /etc/sysconfig/readonly-root 	-- gen_context(system_u:object_r:bin_t,s0)
+-/etc/sysconfig/network-scripts/ifup-.*	-- gen_context(system_u:object_r:bin_t,s0)
+-/etc/sysconfig/network-scripts/ifup-.*	-l gen_context(system_u:object_r:bin_t,s0)
+-/etc/sysconfig/network-scripts/ifdown-.* -- gen_context(system_u:object_r:bin_t,s0)
+-/etc/sysconfig/network-scripts/ifdown-.* -l gen_context(system_u:object_r:bin_t,s0)
++
++/etc/sysconfig/network-scripts/ifup.*	gen_context(system_u:object_r:bin_t,s0)
++/etc/sysconfig/network-scripts/ifdown.* gen_context(system_u:object_r:bin_t,s0)
++/etc/sysconfig/network-scripts/net.* gen_context(system_u:object_r:bin_t,s0)
++/etc/sysconfig/network-scripts/init.* gen_context(system_u:object_r:bin_t,s0)
  
  /etc/X11/xdm/GiveConsole	--	gen_context(system_u:object_r:bin_t,s0)
  /etc/X11/xdm/TakeConsole	--	gen_context(system_u:object_r:bin_t,s0)
-@@ -130,6 +134,8 @@
+@@ -130,6 +133,8 @@
  /opt/vmware/workstation/lib/lib/wrapper-gtk24\.sh -- gen_context(system_u:object_r:bin_t,s0)
  ')
  
@@ -4441,7 +4448,7 @@
  #
  # /usr
  #
-@@ -203,6 +209,7 @@
+@@ -203,6 +208,7 @@
  /usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
  /usr/share/hal/scripts(/.*)?		gen_context(system_u:object_r:bin_t,s0)
  /usr/share/mc/extfs/.*		--	gen_context(system_u:object_r:bin_t,s0)
@@ -4449,7 +4456,7 @@
  /usr/share/printconf/util/print\.py --	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/selinux/devel/policygentool -- gen_context(system_u:object_r:bin_t,s0)
  /usr/share/turboprint/lib(/.*)?	--	gen_context(system_u:object_r:bin_t,s0)
-@@ -223,14 +230,15 @@
+@@ -223,14 +229,15 @@
  /usr/lib64/.*/program(/.*)?		gen_context(system_u:object_r:bin_t,s0)
  /usr/lib/bluetooth(/.*)?	--	gen_context(system_u:object_r:bin_t,s0)
  /usr/lib64/bluetooth(/.*)?	--	gen_context(system_u:object_r:bin_t,s0)
@@ -4467,7 +4474,7 @@
  /usr/share/fedora-usermgmt/wrapper --	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/hplip/[^/]*		--	gen_context(system_u:object_r:bin_t,s0)
  /usr/share/hwbrowser/hwbrowser --	gen_context(system_u:object_r:bin_t,s0)
-@@ -293,3 +301,14 @@
+@@ -293,3 +300,14 @@
  ifdef(`distro_suse',`
  /var/lib/samba/bin/.+			gen_context(system_u:object_r:bin_t,s0)
  ')
@@ -5381,12 +5388,12 @@
  type power_device_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.6.6/policy/modules/kernel/domain.if
 --- nsaserefpolicy/policy/modules/kernel/domain.if	2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.6/policy/modules/kernel/domain.if	2009-02-16 17:25:53.000000000 -0500
++++ serefpolicy-3.6.6/policy/modules/kernel/domain.if	2009-02-16 17:42:39.000000000 -0500
 @@ -629,6 +629,7 @@
  
  	dontaudit $1 unconfined_domain_type:dir search_dir_perms;
  	dontaudit $1 unconfined_domain_type:file read_file_perms;
-+	dontaudit $1 unconfined_domain_type:lnk_file read_file_perms;
++	dontaudit $1 unconfined_domain_type:lnk_file read_lnk_file_perms;
  ')
  
  ########################################
@@ -28059,7 +28066,7 @@
 +/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.6.6/policy/modules/system/sysnetwork.if
 --- nsaserefpolicy/policy/modules/system/sysnetwork.if	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.6/policy/modules/system/sysnetwork.if	2009-02-16 13:18:06.000000000 -0500
++++ serefpolicy-3.6.6/policy/modules/system/sysnetwork.if	2009-02-16 17:51:03.000000000 -0500
 @@ -43,6 +43,39 @@
  
  	sysnet_domtrans_dhcpc($1)
@@ -28127,6 +28134,24 @@
  ')
  
  #######################################
+@@ -230,7 +281,7 @@
+ 	')
+ 
+ 	files_search_etc($1)
+-	allow $1 net_conf_t:file read_file_perms;
++	read_files_pattern($1, net_conf_t, net_conf_t)
+ ')
+ 
+ #######################################
+@@ -323,7 +374,7 @@
+ 		type net_conf_t;
+ 	')
+ 
+-	allow $1 net_conf_t:file manage_file_perms;
++	manage_files_pattern($1, net_conf_t, net_conf_t)
+ ')
+ 
+ #######################################
 @@ -541,6 +592,7 @@
  		type net_conf_t;
  	')

More information about the scm-commits mailing list