rpms/selinux-policy/F-10 policy-20080710.patch, 1.141, 1.142 selinux-policy.spec, 1.776, 1.777
Miroslav Grepl
mgrepl at fedoraproject.org
Thu Feb 26 15:04:52 UTC 2009
Author: mgrepl
Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv24978
Modified Files:
policy-20080710.patch selinux-policy.spec
Log Message:
- Allow ktalkd to write to terminals
- Fix qemu labeling
- Fix mysqld_safe policy
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.141
retrieving revision 1.142
diff -u -r1.141 -r1.142
--- policy-20080710.patch 23 Feb 2009 14:09:26 -0000 1.141
+++ policy-20080710.patch 26 Feb 2009 15:04:20 -0000 1.142
@@ -5212,14 +5212,14 @@
dbus_system_bus_client_template(podsleuth, podsleuth_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.5.13/policy/modules/apps/qemu.fc
--- nsaserefpolicy/policy/modules/apps/qemu.fc 2008-10-17 14:49:14.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/apps/qemu.fc 2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/apps/qemu.fc 2009-02-25 19:55:15.000000000 +0100
@@ -1,2 +1,7 @@
/usr/bin/qemu -- gen_context(system_u:object_r:qemu_exec_t,s0)
/usr/bin/qemu-kvm -- gen_context(system_u:object_r:qemu_exec_t,s0)
+
-+/var/cache/libvirt(/.*)? -- gen_context(system_u:object_r:qemu_cache_t,s0)
++/var/cache/libvirt(/.*)? gen_context(system_u:object_r:qemu_cache_t,s0)
+
-+/var/run/libvirt/qemu(/.*)? -- gen_context(system_u:object_r:qemu_var_run_t,s0)
++/var/run/libvirt/qemu(/.*)? gen_context(system_u:object_r:qemu_var_run_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if serefpolicy-3.5.13/policy/modules/apps/qemu.if
--- nsaserefpolicy/policy/modules/apps/qemu.if 2008-10-17 14:49:14.000000000 +0200
@@ -5651,7 +5651,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.5.13/policy/modules/apps/qemu.te
--- nsaserefpolicy/policy/modules/apps/qemu.te 2008-10-17 14:49:14.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/apps/qemu.te 2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/apps/qemu.te 2009-02-26 15:42:13.000000000 +0100
@@ -6,6 +6,9 @@
# Declarations
#
@@ -5662,7 +5662,7 @@
## <desc>
## <p>
## Allow qemu to connect fully to the network
-@@ -13,16 +16,118 @@
+@@ -13,16 +16,120 @@
## </desc>
gen_tunable(qemu_full_network, false)
@@ -5714,8 +5714,10 @@
+manage_files_pattern(qemu_t, qemu_cache_t, qemu_cache_t)
+files_var_filetrans(qemu_t, qemu_cache_t, { file dir })
+
++manage_dirs_pattern(qemu_t, qemu_var_run_t, qemu_var_run_t)
+manage_files_pattern(qemu_t, qemu_var_run_t, qemu_var_run_t)
-+files_pid_filetrans(qemu_t, qemu_var_run_t, file)
++manage_lnk_files_pattern(qemu_t, qemu_var_run_t, qemu_var_run_t)
++files_pid_filetrans(qemu_t, qemu_var_run_t, { file dir })
+
+kernel_read_system_state(qemutype)
+
@@ -5781,7 +5783,7 @@
tunable_policy(`qemu_full_network',`
allow qemu_t self:udp_socket create_socket_perms;
-@@ -35,6 +140,38 @@
+@@ -35,6 +142,38 @@
corenet_tcp_connect_all_ports(qemu_t)
')
@@ -6654,8 +6656,16 @@
+wm_domain_template(user,xdm)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.5.13/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2008-10-17 14:49:14.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/kernel/corecommands.fc 2009-02-10 15:07:15.000000000 +0100
-@@ -129,6 +129,9 @@
++++ serefpolicy-3.5.13/policy/modules/kernel/corecommands.fc 2009-02-26 15:48:02.000000000 +0100
+@@ -123,12 +123,17 @@
+
+ /opt/(.*/)?sbin(/.*)? gen_context(system_u:object_r:bin_t,s0)
+
++/opt/real/RealPlayer/realplay(\.bin)? gen_context(system_u:object_r:bin_t,s0)
++
+ ifdef(`distro_gentoo',`
+ /opt/RealPlayer/realplay(\.bin)? gen_context(system_u:object_r:bin_t,s0)
+ /opt/RealPlayer/postint(/.*)? gen_context(system_u:object_r:bin_t,s0)
/opt/vmware/workstation/lib/lib/wrapper-gtk24\.sh -- gen_context(system_u:object_r:bin_t,s0)
')
@@ -6665,7 +6675,7 @@
#
# /usr
#
-@@ -176,6 +179,8 @@
+@@ -176,6 +181,8 @@
/usr/lib(64)?/[^/]*/mozilla-xremote-client -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/thunderbird.*/mozilla-xremote-client -- gen_context(system_u:object_r:bin_t,s0)
@@ -6674,7 +6684,7 @@
/usr/lib(64)?/xen/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/libexec(/.*)? gen_context(system_u:object_r:bin_t,s0)
-@@ -184,10 +189,8 @@
+@@ -184,10 +191,8 @@
/usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
/usr/local/lib(64)?/ipsec/.* -- gen_context(system_u:object_r:bin_t,s0)
@@ -6687,7 +6697,7 @@
/usr/local/linuxprinter/filters(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/sbin/scponlyc -- gen_context(system_u:object_r:shell_exec_t,s0)
-@@ -202,6 +205,7 @@
+@@ -202,6 +207,7 @@
/usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/hal/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/mc/extfs/.* -- gen_context(system_u:object_r:bin_t,s0)
@@ -6695,7 +6705,7 @@
/usr/share/printconf/util/print\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/selinux/devel/policygentool -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/turboprint/lib(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
-@@ -222,14 +226,15 @@
+@@ -222,14 +228,15 @@
/usr/lib64/.*/program(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib64/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
@@ -6713,7 +6723,7 @@
/usr/share/fedora-usermgmt/wrapper -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/hplip/[^/]* -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/hwbrowser/hwbrowser -- gen_context(system_u:object_r:bin_t,s0)
-@@ -292,3 +297,14 @@
+@@ -292,3 +299,14 @@
ifdef(`distro_suse',`
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
')
@@ -10806,7 +10816,7 @@
## </summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.5.13/policy/modules/services/apache.fc
--- nsaserefpolicy/policy/modules/services/apache.fc 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/apache.fc 2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/apache.fc 2009-02-26 15:55:33.000000000 +0100
@@ -1,16 +1,18 @@
-HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_ROLE_content_t,s0)
+HOME_DIR/((www)|(web)|(public_html)|(public_git))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
@@ -10854,7 +10864,7 @@
/var/cache/mod_proxy(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0)
/var/cache/mod_ssl(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0)
/var/cache/php-eaccelerator(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0)
-@@ -47,11 +54,14 @@
+@@ -47,11 +54,16 @@
/var/lib/cacti/rra(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
/var/lib/dav(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0)
@@ -10863,13 +10873,15 @@
/var/lib/httpd(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0)
/var/lib/php/session(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0)
+
++/var/lib/rt3/data/RT-Shredder(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0)
++
/var/lib/squirrelmail/prefs(/.*)? gen_context(system_u:object_r:httpd_squirrelmail_t,s0)
+/var/www(/.*)?/logs(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
/var/log/apache(2)?(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
/var/log/apache-ssl(2)?(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
/var/log/cacti(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
-@@ -64,11 +74,23 @@
+@@ -64,11 +76,23 @@
/var/run/apache.* gen_context(system_u:object_r:httpd_var_run_t,s0)
/var/run/gcache_port -s gen_context(system_u:object_r:httpd_var_run_t,s0)
/var/run/httpd.* gen_context(system_u:object_r:httpd_var_run_t,s0)
@@ -16367,7 +16379,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.5.13/policy/modules/services/dovecot.te
--- nsaserefpolicy/policy/modules/services/dovecot.te 2008-10-17 14:49:11.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/dovecot.te 2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/dovecot.te 2009-02-25 19:29:32.000000000 +0100
@@ -15,12 +15,21 @@
domain_entry_file(dovecot_auth_t, dovecot_auth_exec_t)
role system_r types dovecot_auth_t;
@@ -16484,7 +16496,7 @@
files_read_usr_symlinks(dovecot_auth_t)
files_search_tmp(dovecot_auth_t)
files_read_var_lib_files(dovecot_t)
-@@ -185,5 +217,53 @@
+@@ -185,5 +217,55 @@
')
optional_policy(`
@@ -16521,6 +16533,8 @@
+
+files_read_etc_files(dovecot_deliver_t)
+files_read_etc_runtime_files(dovecot_deliver_t)
++files_search_tmp(dovecot_deliver_t)
++fs_getattr_all_fs(dovecot_deliver_t)
+
+auth_use_nsswitch(dovecot_deliver_t)
+
@@ -17582,6 +17596,17 @@
kernel_read_ring_buffer(kerneloops_t)
# Init script handling
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ktalk.te serefpolicy-3.5.13/policy/modules/services/ktalk.te
+--- nsaserefpolicy/policy/modules/services/ktalk.te 2008-10-17 14:49:13.000000000 +0200
++++ serefpolicy-3.5.13/policy/modules/services/ktalk.te 2009-02-25 19:56:42.000000000 +0100
+@@ -69,6 +69,7 @@
+ files_read_etc_files(ktalkd_t)
+
+ term_search_ptys(ktalkd_t)
++term_use_all_terms(ktalkd_t)
+
+ auth_use_nsswitch(ktalkd_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.te serefpolicy-3.5.13/policy/modules/services/ldap.te
--- nsaserefpolicy/policy/modules/services/ldap.te 2008-10-17 14:49:13.000000000 +0200
+++ serefpolicy-3.5.13/policy/modules/services/ldap.te 2009-02-10 15:07:15.000000000 +0100
@@ -18623,7 +18648,7 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.if serefpolicy-3.5.13/policy/modules/services/mysql.if
--- nsaserefpolicy/policy/modules/services/mysql.if 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/mysql.if 2009-02-10 17:48:59.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/mysql.if 2009-02-26 16:00:52.000000000 +0100
@@ -53,9 +53,11 @@
interface(`mysql_stream_connect',`
gen_require(`
@@ -18645,7 +18670,59 @@
')
########################################
-@@ -157,7 +159,26 @@
+@@ -120,6 +122,25 @@
+ allow $1 mysqld_db_t:dir rw_dir_perms;
+ ')
+
++#######################################
++## <summary>
++## Read and write to the MySQL database directory.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`mysql_rw_db_files',`
++ gen_require(`
++ type mysqld_db_t;
++ ')
++
++ files_search_var_lib($1)
++ rw_files_pattern($1,mysqld_db_t,mysqld_db_t)
++')
++
+ ########################################
+ ## <summary>
+ ## Create, read, write, and delete MySQL database directories.
+@@ -139,6 +160,25 @@
+ allow $1 mysqld_db_t:dir manage_dir_perms;
+ ')
+
++#######################################
++## <summary>
++## Create, read, write, and delete MySQL database files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`mysql_manage_db_files',`
++ gen_require(`
++ type mysqld_db_t;
++ ')
++
++ files_search_var_lib($1)
++ manage_files_pattern($1,mysqld_db_t,mysqld_db_t)
++')
++
+ ########################################
+ ## <summary>
+ ## Read and write to the MySQL database
+@@ -157,7 +197,26 @@
files_search_var_lib($1)
allow $1 mysqld_db_t:dir search;
@@ -18673,10 +18750,13 @@
')
########################################
-@@ -178,3 +199,47 @@
+@@ -176,5 +235,49 @@
+ ')
+
logging_search_logs($1)
- allow $1 mysqld_log_t:file { write append setattr ioctl };
- ')
+- allow $1 mysqld_log_t:file { write append setattr ioctl };
++ write_files_pattern($1,mysqld_log_t,mysqld_log_t)
++')
+
+########################################
+## <summary>
@@ -18720,10 +18800,10 @@
+ admin_pattern($1, mysqld_log_t)
+
+ admin_pattern($1, mysqld_tmp_t)
-+')
+ ')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.5.13/policy/modules/services/mysql.te
--- nsaserefpolicy/policy/modules/services/mysql.te 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/mysql.te 2009-02-10 17:41:12.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/mysql.te 2009-02-26 15:37:23.000000000 +0100
@@ -10,6 +10,10 @@
type mysqld_exec_t;
init_daemon_domain(mysqld_t, mysqld_exec_t)
@@ -18769,7 +18849,7 @@
domain_use_interactive_fds(mysqld_t)
-@@ -120,3 +129,33 @@
+@@ -120,3 +129,40 @@
optional_policy(`
udev_read_db(mysqld_t)
')
@@ -18783,15 +18863,19 @@
+
+allow mysqld_safe_t self:capability { dac_override fowner chown };
+allow mysqld_safe_t self:fifo_file rw_fifo_file_perms;
-+
++
++append_files_pattern(mysqld_safe_t, mysqld_db_t, mysqld_db_t)
++
+mysql_read_config(mysqld_safe_t)
-+mysql_search_db(mysqld_safe_t)
+mysql_search_pid_files(mysqld_safe_t)
+mysql_write_log(mysqld_safe_t)
+
+kernel_read_system_state(mysqld_safe_t)
-+
++
++dev_list_sysfs(mysqld_safe_t)
++
+files_read_etc_files(mysqld_safe_t)
++files_read_usr_files(mysqld_safe_t)
+
+corecmd_exec_bin(mysqld_safe_t)
+
@@ -18799,10 +18883,13 @@
+libs_use_shared_libs(mysqld_safe_t)
+
+miscfiles_read_localization(mysqld_safe_t)
-+
++
++hostname_exec(mysqld_safe_t)
++
+permissive mysqld_safe_t;
+
+
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.5.13/policy/modules/services/nagios.fc
--- nsaserefpolicy/policy/modules/services/nagios.fc 2008-10-17 14:49:13.000000000 +0200
+++ serefpolicy-3.5.13/policy/modules/services/nagios.fc 2009-02-10 15:07:15.000000000 +0100
@@ -25466,7 +25553,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.5.13/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/samba.te 2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/samba.te 2009-02-26 15:44:58.000000000 +0100
@@ -66,6 +66,13 @@
## </desc>
gen_tunable(samba_share_nfs, false)
@@ -25715,7 +25802,23 @@
########################################
#
-@@ -452,6 +514,7 @@
+@@ -415,14 +477,11 @@
+ files_pid_filetrans(nmbd_t, nmbd_var_run_t, file)
+
+ read_files_pattern(nmbd_t, samba_etc_t, samba_etc_t)
++read_lnk_files_pattern(nmbd_t, samba_etc_t, samba_etc_t)
+
+ manage_dirs_pattern(nmbd_t, samba_log_t, samba_log_t)
+ manage_files_pattern(nmbd_t, samba_log_t, samba_log_t)
+
+-read_files_pattern(nmbd_t, samba_log_t, samba_log_t)
+-create_files_pattern(nmbd_t, samba_log_t, samba_log_t)
+-allow nmbd_t samba_log_t:dir setattr;
+-
+ manage_files_pattern(nmbd_t, samba_var_t, samba_var_t)
+
+ allow nmbd_t smbd_var_run_t:dir rw_dir_perms;
+@@ -452,6 +511,7 @@
dev_getattr_mtrr_dev(nmbd_t)
fs_getattr_all_fs(nmbd_t)
@@ -25723,7 +25826,7 @@
fs_search_auto_mountpoints(nmbd_t)
domain_use_interactive_fds(nmbd_t)
-@@ -536,6 +599,7 @@
+@@ -536,6 +596,7 @@
storage_raw_write_fixed_disk(smbmount_t)
term_list_ptys(smbmount_t)
@@ -25731,7 +25834,7 @@
corecmd_list_bin(smbmount_t)
-@@ -547,32 +611,46 @@
+@@ -547,32 +608,46 @@
auth_use_nsswitch(smbmount_t)
@@ -25784,7 +25887,7 @@
rw_files_pattern(swat_t, samba_etc_t, samba_etc_t)
-@@ -592,6 +670,9 @@
+@@ -592,6 +667,9 @@
files_pid_filetrans(swat_t, swat_var_run_t, file)
allow swat_t winbind_exec_t:file mmap_file_perms;
@@ -25794,7 +25897,7 @@
kernel_read_kernel_sysctls(swat_t)
kernel_read_system_state(swat_t)
-@@ -616,10 +697,12 @@
+@@ -616,10 +694,12 @@
dev_read_urand(swat_t)
@@ -25807,7 +25910,7 @@
auth_domtrans_chk_passwd(swat_t)
auth_use_nsswitch(swat_t)
-@@ -628,6 +711,7 @@
+@@ -628,6 +708,7 @@
libs_use_shared_libs(swat_t)
logging_send_syslog_msg(swat_t)
@@ -25815,7 +25918,7 @@
logging_search_logs(swat_t)
miscfiles_read_localization(swat_t)
-@@ -645,15 +729,26 @@
+@@ -645,15 +726,26 @@
kerberos_use(swat_t)
')
@@ -25844,7 +25947,7 @@
allow winbind_t self:fifo_file rw_fifo_file_perms;
allow winbind_t self:unix_dgram_socket create_socket_perms;
allow winbind_t self:unix_stream_socket create_stream_socket_perms;
-@@ -694,9 +789,10 @@
+@@ -694,9 +786,10 @@
manage_sock_files_pattern(winbind_t, winbind_var_run_t, winbind_var_run_t)
files_pid_filetrans(winbind_t, winbind_var_run_t, file)
@@ -25857,7 +25960,7 @@
corenet_all_recvfrom_unlabeled(winbind_t)
corenet_all_recvfrom_netlabel(winbind_t)
-@@ -720,10 +816,12 @@
+@@ -720,10 +813,12 @@
auth_domtrans_chk_passwd(winbind_t)
auth_use_nsswitch(winbind_t)
@@ -25870,7 +25973,7 @@
libs_use_ld_so(winbind_t)
libs_use_shared_libs(winbind_t)
-@@ -780,8 +878,13 @@
+@@ -780,8 +875,13 @@
miscfiles_read_localization(winbind_helper_t)
optional_policy(`
@@ -25884,7 +25987,7 @@
')
########################################
-@@ -790,6 +893,16 @@
+@@ -790,6 +890,16 @@
#
optional_policy(`
@@ -25901,7 +26004,7 @@
type samba_unconfined_script_t;
type samba_unconfined_script_exec_t;
domain_type(samba_unconfined_script_t)
-@@ -800,9 +913,46 @@
+@@ -800,9 +910,46 @@
allow smbd_t samba_unconfined_script_exec_t:dir search_dir_perms;
allow smbd_t samba_unconfined_script_exec_t:file ioctl;
@@ -28446,7 +28549,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.if serefpolicy-3.5.13/policy/modules/services/virt.if
--- nsaserefpolicy/policy/modules/services/virt.if 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/virt.if 2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/virt.if 2009-02-26 14:56:14.000000000 +0100
@@ -18,6 +18,25 @@
domtrans_pattern($1, virtd_exec_t, virtd_t)
')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/selinux-policy.spec,v
retrieving revision 1.776
retrieving revision 1.777
diff -u -r1.776 -r1.777
--- selinux-policy.spec 19 Feb 2009 08:50:19 -0000 1.776
+++ selinux-policy.spec 26 Feb 2009 15:04:21 -0000 1.777
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.5.13
-Release: 46%{?dist}
+Release: 47%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -460,6 +460,11 @@
%endif
%changelog
+* Thu Feb 26 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-47
+- Allow ktalkd to write to terminals
+- Fix qemu labeling
+- Fix mysqld_safe policy
+
* Thu Feb 19 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-46
- Fix squidGuard labeling
- Allow ftpd to list inotifyfs
More information about the scm-commits
mailing list