rpms/selinux-policy/F-10 policy-20080710.patch, 1.173, 1.174 selinux-policy.spec, 1.801, 1.802
Miroslav Grepl
mgrepl at fedoraproject.org
Mon Jul 20 13:25:11 UTC 2009
- Previous message: rpms/perl-Test-ClassAPI/F-10 .cvsignore, 1.5, 1.6 perl-Test-ClassAPI.spec, 1.12, 1.13 sources, 1.5, 1.6
- Next message: rpms/glibc/devel .cvsignore, 1.272, 1.273 glibc-fedora.patch, 1.305, 1.306 glibc.spec, 1.396, 1.397 import.log, 1.15, 1.16 sources, 1.297, 1.298
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mgrepl
Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29535
Modified Files:
policy-20080710.patch selinux-policy.spec
Log Message:
- Allow setroubleshootd to read all symlinks
policy-20080710.patch:
Makefile | 26
Rules.modular | 18
config/appconfig-mcs/default_contexts | 19
config/appconfig-mcs/failsafe_context | 2
config/appconfig-mcs/guest_u_default_contexts | 6
config/appconfig-mcs/root_default_contexts | 8
config/appconfig-mcs/seusers | 4
config/appconfig-mcs/staff_u_default_contexts | 4
config/appconfig-mcs/unconfined_u_default_contexts | 2
config/appconfig-mcs/user_u_default_contexts | 5
config/appconfig-mcs/userhelper_context | 2
config/appconfig-mcs/xguest_u_default_contexts | 7
config/appconfig-mls/default_contexts | 19
config/appconfig-mls/guest_u_default_contexts | 4
config/appconfig-mls/root_default_contexts | 12
config/appconfig-mls/staff_u_default_contexts | 2
config/appconfig-mls/user_u_default_contexts | 2
config/appconfig-mls/xguest_u_default_contexts | 7
config/appconfig-standard/guest_u_default_contexts | 4
config/appconfig-standard/root_default_contexts | 6
config/appconfig-standard/staff_u_default_contexts | 2
config/appconfig-standard/user_u_default_contexts | 2
config/appconfig-standard/xguest_u_default_contexts | 5
man/man8/nfs_selinux.8 | 19
man/man8/samba_selinux.8 | 12
policy/flask/access_vectors | 1
policy/global_tunables | 20
policy/mcs | 8
policy/mls | 9
policy/modules/admin/alsa.te | 1
policy/modules/admin/anaconda.te | 1
policy/modules/admin/certwatch.te | 4
policy/modules/admin/consoletype.te | 11
policy/modules/admin/kismet.if | 1
policy/modules/admin/kismet.te | 49
policy/modules/admin/logrotate.te | 14
policy/modules/admin/logwatch.te | 11
policy/modules/admin/mrtg.te | 1
policy/modules/admin/netutils.te | 11
policy/modules/admin/prelink.te | 18
policy/modules/admin/rpm.fc | 10
policy/modules/admin/rpm.if | 290 +++
policy/modules/admin/rpm.te | 40
policy/modules/admin/su.if | 69
policy/modules/admin/sudo.if | 55
policy/modules/admin/tmpreaper.te | 24
policy/modules/admin/usermanage.te | 19
policy/modules/admin/vbetool.if | 31
policy/modules/admin/vbetool.te | 9
policy/modules/admin/vpn.if | 36
policy/modules/apps/awstats.te | 6
policy/modules/apps/ethereal.fc | 2
policy/modules/apps/ethereal.if | 54
policy/modules/apps/ethereal.te | 7
policy/modules/apps/games.if | 28
policy/modules/apps/gitosis.fc | 4
policy/modules/apps/gitosis.if | 94
policy/modules/apps/gitosis.te | 43
policy/modules/apps/gnome.fc | 14
policy/modules/apps/gnome.if | 171 +
policy/modules/apps/gnome.te | 31
policy/modules/apps/gpg.fc | 8
policy/modules/apps/gpg.if | 304 ---
policy/modules/apps/gpg.te | 248 ++
policy/modules/apps/java.fc | 17
policy/modules/apps/java.if | 188 +
policy/modules/apps/java.te | 31
policy/modules/apps/livecd.fc | 2
policy/modules/apps/livecd.if | 56
policy/modules/apps/livecd.te | 26
policy/modules/apps/loadkeys.te | 5
policy/modules/apps/mono.if | 103 +
policy/modules/apps/mono.te | 6
policy/modules/apps/mozilla.fc | 13
policy/modules/apps/mozilla.if | 325 +--
policy/modules/apps/mozilla.te | 19
policy/modules/apps/mplayer.fc | 8
policy/modules/apps/mplayer.if | 64
policy/modules/apps/mplayer.te | 4
policy/modules/apps/nsplugin.fc | 13
policy/modules/apps/nsplugin.if | 318 +++
policy/modules/apps/nsplugin.te | 290 +++
policy/modules/apps/openoffice.fc | 3
policy/modules/apps/openoffice.if | 106 +
policy/modules/apps/openoffice.te | 14
policy/modules/apps/podsleuth.fc | 2
policy/modules/apps/podsleuth.if | 34
policy/modules/apps/podsleuth.te | 44
policy/modules/apps/qemu.fc | 5
policy/modules/apps/qemu.if | 367 +++
policy/modules/apps/qemu.te | 152 +
policy/modules/apps/sambagui.fc | 4
policy/modules/apps/sambagui.if | 2
policy/modules/apps/sambagui.te | 62
policy/modules/apps/screen.fc | 2
policy/modules/apps/screen.if | 24
policy/modules/apps/screen.te | 4
policy/modules/apps/slocate.te | 4
policy/modules/apps/thunderbird.fc | 2
policy/modules/apps/thunderbird.if | 34
policy/modules/apps/thunderbird.te | 4
policy/modules/apps/tvtime.if | 39
policy/modules/apps/tvtime.te | 6
policy/modules/apps/uml.fc | 2
policy/modules/apps/vmware.fc | 19
policy/modules/apps/vmware.if | 14
policy/modules/apps/vmware.te | 17
policy/modules/apps/webalizer.te | 2
policy/modules/apps/wine.fc | 23
policy/modules/apps/wine.if | 50
policy/modules/apps/wine.te | 8
policy/modules/apps/wireshark.if | 2
policy/modules/apps/wm.fc | 3
policy/modules/apps/wm.if | 178 +
policy/modules/apps/wm.te | 10
policy/modules/kernel/.filesystem.if.swp |binary
policy/modules/kernel/corecommands.fc | 47
policy/modules/kernel/corecommands.if | 1
policy/modules/kernel/corenetwork.if.in | 46
policy/modules/kernel/corenetwork.te.in | 41
policy/modules/kernel/devices.fc | 46
policy/modules/kernel/devices.if | 541 +++++
policy/modules/kernel/devices.te | 45
policy/modules/kernel/domain.if | 22
policy/modules/kernel/domain.te | 53
policy/modules/kernel/files.fc | 2
policy/modules/kernel/files.if | 304 +++
policy/modules/kernel/files.te | 11
policy/modules/kernel/filesystem.if | 356 +++
policy/modules/kernel/filesystem.te | 18
policy/modules/kernel/kernel.if | 42
policy/modules/kernel/kernel.te | 16
policy/modules/kernel/selinux.if | 54
policy/modules/kernel/selinux.te | 6
policy/modules/kernel/storage.fc | 2
policy/modules/kernel/storage.if | 1
policy/modules/kernel/terminal.if | 6
policy/modules/roles/.staff.te.swp |binary
policy/modules/roles/guest.fc | 1
policy/modules/roles/guest.if | 161 +
policy/modules/roles/guest.te | 36
policy/modules/roles/logadm.fc | 1
policy/modules/roles/logadm.if | 44
policy/modules/roles/logadm.te | 20
policy/modules/roles/staff.te | 58
policy/modules/roles/sysadm.if | 114 -
policy/modules/roles/sysadm.te | 14
policy/modules/roles/unprivuser.if | 605 ++++++
policy/modules/roles/unprivuser.te | 15
policy/modules/roles/webadm.fc | 1
policy/modules/roles/webadm.if | 44
policy/modules/roles/webadm.te | 65
policy/modules/roles/xguest.fc | 1
policy/modules/roles/xguest.if | 161 +
policy/modules/roles/xguest.te | 87
policy/modules/services/aide.if | 6
policy/modules/services/amavis.if | 20
policy/modules/services/amavis.te | 2
policy/modules/services/apache.fc | 35
policy/modules/services/apache.if | 488 +++--
policy/modules/services/apache.te | 397 +++-
policy/modules/services/apcupsd.fc | 2
policy/modules/services/arpwatch.fc | 1
policy/modules/services/arpwatch.if | 42
policy/modules/services/arpwatch.te | 3
policy/modules/services/asterisk.fc | 1
policy/modules/services/asterisk.if | 53
policy/modules/services/asterisk.te | 3
policy/modules/services/audioentropy.fc | 2
policy/modules/services/audioentropy.te | 1
policy/modules/services/automount.if | 18
policy/modules/services/automount.te | 6
policy/modules/services/avahi.fc | 4
policy/modules/services/avahi.if | 132 +
policy/modules/services/avahi.te | 15
policy/modules/services/bind.fc | 7
policy/modules/services/bind.if | 92
policy/modules/services/bind.te | 5
policy/modules/services/bitlbee.te | 2
policy/modules/services/bluetooth.fc | 5
policy/modules/services/bluetooth.if | 53
policy/modules/services/bluetooth.te | 22
policy/modules/services/certmaster.fc | 9
policy/modules/services/certmaster.if | 128 +
policy/modules/services/certmaster.te | 81
policy/modules/services/clamav.fc | 12
policy/modules/services/clamav.if | 105 +
policy/modules/services/clamav.te | 35
policy/modules/services/consolekit.fc | 3
policy/modules/services/consolekit.if | 21
policy/modules/services/consolekit.te | 64
policy/modules/services/courier.fc | 2
policy/modules/services/courier.if | 19
policy/modules/services/courier.te | 4
policy/modules/services/cron.fc | 10
policy/modules/services/cron.if | 250 +-
policy/modules/services/cron.te | 112 -
policy/modules/services/cups.fc | 32
policy/modules/services/cups.if | 106 +
policy/modules/services/cups.te | 186 +
policy/modules/services/cvs.te | 1
policy/modules/services/cyphesis.fc | 5
policy/modules/services/cyrus.te | 1
policy/modules/services/dbus.fc | 3
policy/modules/services/dbus.if | 235 ++
policy/modules/services/dbus.te | 57
policy/modules/services/dcc.fc | 2
policy/modules/services/dcc.if | 18
policy/modules/services/dcc.te | 62
policy/modules/services/dhcp.fc | 1
policy/modules/services/dhcp.if | 60
policy/modules/services/dhcp.te | 18
policy/modules/services/dnsmasq.fc | 3
policy/modules/services/dnsmasq.if | 174 +
policy/modules/services/dnsmasq.te | 22
policy/modules/services/dovecot.fc | 12
policy/modules/services/dovecot.if | 98 +
policy/modules/services/dovecot.te | 98 -
policy/modules/services/exim.if | 40
policy/modules/services/exim.te | 102 -
policy/modules/services/fail2ban.fc | 1
policy/modules/services/fail2ban.if | 45
policy/modules/services/fail2ban.te | 10
policy/modules/services/fetchmail.fc | 2
policy/modules/services/fetchmail.if | 26
policy/modules/services/fetchmail.te | 10
policy/modules/services/ftp.te | 53
policy/modules/services/gamin.fc | 2
policy/modules/services/gamin.if | 57
policy/modules/services/gamin.te | 39
policy/modules/services/gnomeclock.fc | 3
policy/modules/services/gnomeclock.if | 75
policy/modules/services/gnomeclock.te | 55
policy/modules/services/gpsd.fc | 3
policy/modules/services/gpsd.if | 89
policy/modules/services/gpsd.te | 55
policy/modules/services/hal.fc | 4
policy/modules/services/hal.if | 39
policy/modules/services/hal.te | 112 +
policy/modules/services/inetd.fc | 2
policy/modules/services/inetd.te | 2
policy/modules/services/kerberos.fc | 6
policy/modules/services/kerberos.te | 3
policy/modules/services/kerneloops.if | 23
policy/modules/services/kerneloops.te | 6
policy/modules/services/ktalk.te | 1
policy/modules/services/ldap.te | 6
policy/modules/services/lircd.fc | 9
policy/modules/services/lircd.if | 100 +
policy/modules/services/lircd.te | 69
policy/modules/services/lpd.fc | 6
policy/modules/services/mailman.fc | 1
policy/modules/services/mailman.if | 28
policy/modules/services/mailman.te | 33
policy/modules/services/mailscanner.fc | 2
policy/modules/services/mailscanner.if | 59
policy/modules/services/mailscanner.te | 5
policy/modules/services/milter.fc | 15
policy/modules/services/milter.if | 104 +
policy/modules/services/milter.te | 107 +
policy/modules/services/mta.fc | 10
policy/modules/services/mta.if | 70
policy/modules/services/mta.te | 76
policy/modules/services/munin.fc | 7
policy/modules/services/munin.if | 92
policy/modules/services/munin.te | 77
policy/modules/services/mysql.fc | 3
policy/modules/services/mysql.if | 128 +
policy/modules/services/mysql.te | 53
policy/modules/services/nagios.fc | 11
policy/modules/services/nagios.if | 71
policy/modules/services/nagios.te | 58
policy/modules/services/networkmanager.fc | 12
policy/modules/services/networkmanager.if | 18
policy/modules/services/networkmanager.te | 106 -
policy/modules/services/nis.fc | 6
policy/modules/services/nis.if | 126 +
policy/modules/services/nis.te | 27
policy/modules/services/nscd.fc | 1
policy/modules/services/nscd.if | 126 +
policy/modules/services/nscd.te | 32
policy/modules/services/ntp.if | 57
policy/modules/services/ntp.te | 19
policy/modules/services/oddjob.fc | 2
policy/modules/services/oddjob.if | 32
policy/modules/services/oddjob.te | 28
policy/modules/services/openvpn.fc | 1
policy/modules/services/openvpn.if | 36
policy/modules/services/openvpn.te | 19
policy/modules/services/pads.fc | 12
policy/modules/services/pads.if | 10
policy/modules/services/pads.te | 68
policy/modules/services/pcscd.fc | 1
policy/modules/services/pcscd.te | 12
policy/modules/services/pegasus.te | 28
policy/modules/services/pingd.fc | 11
policy/modules/services/pingd.if | 99 +
policy/modules/services/pingd.te | 54
policy/modules/services/pki.fc | 46
policy/modules/services/pki.if | 643 ++++++
policy/modules/services/pki.te | 91
policy/modules/services/polkit.fc | 9
policy/modules/services/polkit.if | 233 ++
policy/modules/services/polkit.te | 235 ++
policy/modules/services/portmap.te | 1
policy/modules/services/portreserve.fc | 12
policy/modules/services/portreserve.if | 70
policy/modules/services/portreserve.te | 55
policy/modules/services/postfix.fc | 6
policy/modules/services/postfix.if | 136 +
policy/modules/services/postfix.te | 134 +
policy/modules/services/postgresql.fc | 1
policy/modules/services/postgresql.if | 43
policy/modules/services/postgresql.te | 11
policy/modules/services/postgrey.fc | 4
policy/modules/services/postgrey.if | 67
policy/modules/services/postgrey.te | 19
policy/modules/services/ppp.fc | 6
policy/modules/services/ppp.if | 64
policy/modules/services/ppp.te | 38
policy/modules/services/prelude.fc | 14
policy/modules/services/prelude.if | 71
policy/modules/services/prelude.te | 193 ++
policy/modules/services/privoxy.fc | 2
policy/modules/services/privoxy.if | 12
policy/modules/services/privoxy.te | 17
policy/modules/services/procmail.fc | 3
policy/modules/services/procmail.if | 38
policy/modules/services/procmail.te | 35
policy/modules/services/psad.fc | 17
policy/modules/services/psad.if | 304 +++
policy/modules/services/psad.te | 107 +
policy/modules/services/pyzor.fc | 6
policy/modules/services/pyzor.if | 61
policy/modules/services/pyzor.te | 51
policy/modules/services/qmail.te | 8
policy/modules/services/radius.te | 3
policy/modules/services/radvd.te | 2
policy/modules/services/razor.fc | 4
policy/modules/services/razor.if | 87
policy/modules/services/razor.te | 38
policy/modules/services/ricci.te | 18
policy/modules/services/rlogin.te | 16
policy/modules/services/roundup.fc | 2
policy/modules/services/roundup.if | 38
policy/modules/services/roundup.te | 3
policy/modules/services/rpc.fc | 1
policy/modules/services/rpc.if | 43
policy/modules/services/rpc.te | 33
policy/modules/services/rpcbind.fc | 2
policy/modules/services/rpcbind.te | 3
policy/modules/services/rshd.te | 17
policy/modules/services/rsync.fc | 2
policy/modules/services/rsync.te | 11
policy/modules/services/samba.fc | 8
policy/modules/services/samba.if | 387 ++++
policy/modules/services/samba.te | 209 +-
policy/modules/services/sasl.te | 5
policy/modules/services/sendmail.if | 103 +
policy/modules/services/sendmail.te | 92
policy/modules/services/setroubleshoot.fc | 2
policy/modules/services/setroubleshoot.if | 48
policy/modules/services/setroubleshoot.te | 31
policy/modules/services/smartmon.te | 12
policy/modules/services/snmp.fc | 6
policy/modules/services/snmp.if | 36
policy/modules/services/snmp.te | 28
policy/modules/services/snort.if | 9
policy/modules/services/snort.te | 9
policy/modules/services/spamassassin.fc | 16
policy/modules/services/spamassassin.if | 472 ++--
policy/modules/services/spamassassin.te | 219 ++
policy/modules/services/squid.fc | 4
policy/modules/services/squid.if | 18
policy/modules/services/squid.te | 8
policy/modules/services/ssh.fc | 2
policy/modules/services/ssh.if | 151 +
policy/modules/services/ssh.te | 43
policy/modules/services/stunnel.fc | 1
policy/modules/services/stunnel.te | 3
policy/modules/services/sysstat.te | 2
policy/modules/services/telnet.te | 4
policy/modules/services/tftp.te | 1
policy/modules/services/tor.te | 2
policy/modules/services/ulogd.fc | 10
policy/modules/services/ulogd.if | 127 +
policy/modules/services/ulogd.te | 54
policy/modules/services/uucp.fc | 7
policy/modules/services/uucp.te | 14
policy/modules/services/virt.fc | 1
policy/modules/services/virt.if | 94
policy/modules/services/virt.te | 47
policy/modules/services/w3c.te | 7
policy/modules/services/xserver.fc | 40
policy/modules/services/xserver.if | 915 +++++++--
policy/modules/services/xserver.te | 317 +++
policy/modules/services/zebra.te | 2
policy/modules/services/zosremote.fc | 2
policy/modules/services/zosremote.if | 52
policy/modules/services/zosremote.te | 36
policy/modules/system/application.te | 6
policy/modules/system/authlogin.fc | 10
policy/modules/system/authlogin.if | 212 ++
policy/modules/system/authlogin.te | 46
policy/modules/system/fstools.fc | 2
policy/modules/system/fstools.te | 9
policy/modules/system/hostname.te | 4
policy/modules/system/init.fc | 5
policy/modules/system/init.if | 129 +
policy/modules/system/init.te | 114 +
policy/modules/system/ipsec.fc | 3
policy/modules/system/ipsec.te | 47
policy/modules/system/iptables.fc | 16
policy/modules/system/iptables.te | 13
policy/modules/system/iscsi.te | 4
policy/modules/system/libraries.fc | 85
policy/modules/system/libraries.te | 18
policy/modules/system/locallogin.te | 26
policy/modules/system/logging.fc | 11
policy/modules/system/logging.if | 25
policy/modules/system/logging.te | 18
policy/modules/system/lvm.fc | 2
policy/modules/system/lvm.te | 66
policy/modules/system/miscfiles.if | 39
policy/modules/system/modutils.te | 40
policy/modules/system/mount.fc | 8
policy/modules/system/mount.if | 21
policy/modules/system/mount.te | 81
policy/modules/system/raid.te | 4
policy/modules/system/selinuxutil.fc | 10
policy/modules/system/selinuxutil.if | 373 +++
policy/modules/system/selinuxutil.te | 229 --
policy/modules/system/setrans.if | 20
policy/modules/system/sysnetwork.fc | 15
policy/modules/system/sysnetwork.if | 82
policy/modules/system/sysnetwork.te | 72
policy/modules/system/udev.fc | 3
policy/modules/system/udev.if | 28
policy/modules/system/udev.te | 15
policy/modules/system/unconfined.fc | 34
policy/modules/system/unconfined.if | 300 +++
policy/modules/system/unconfined.te | 209 +-
policy/modules/system/userdomain.fc | 9
policy/modules/system/userdomain.if | 1898 ++++++++++++++------
policy/modules/system/userdomain.te | 89
policy/modules/system/xen.fc | 6
policy/modules/system/xen.if | 50
policy/modules/system/xen.te | 127 +
policy/policy_capabilities | 2
policy/support/obj_perm_sets.spt | 74
policy/users | 13
support/Makefile.devel | 3
452 files changed, 22205 insertions(+), 3610 deletions(-)
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.173
retrieving revision 1.174
diff -u -p -r1.173 -r1.174
--- policy-20080710.patch 3 Jul 2009 09:09:29 -0000 1.173
+++ policy-20080710.patch 20 Jul 2009 13:25:09 -0000 1.174
@@ -12944,7 +12944,7 @@ diff --exclude-from=exclude -N -u -r nsa
fs_search_auto_mountpoints(entropyd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.if serefpolicy-3.5.13/policy/modules/services/automount.if
--- nsaserefpolicy/policy/modules/services/automount.if 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/automount.if 2009-06-08 16:14:26.000000000 +0200
++++ serefpolicy-3.5.13/policy/modules/services/automount.if 2009-07-20 14:45:58.000000000 +0200
@@ -107,6 +107,24 @@
dontaudit $1 automount_tmp_t:dir getattr;
')
@@ -26344,7 +26344,7 @@ diff --exclude-from=exclude -N -u -r nsa
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.5.13/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2008-10-17 14:49:11.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/rpc.te 2009-06-08 16:17:53.000000000 +0200
++++ serefpolicy-3.5.13/policy/modules/services/rpc.te 2009-07-20 14:45:25.000000000 +0200
@@ -23,7 +23,7 @@
gen_tunable(allow_nfsd_anon_write, false)
@@ -27941,7 +27941,7 @@ diff --exclude-from=exclude -N -u -r nsa
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.5.13/policy/modules/services/setroubleshoot.te
--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2008-10-17 14:49:11.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/setroubleshoot.te 2009-03-12 12:57:27.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/setroubleshoot.te 2009-07-17 08:50:57.000000000 +0200
@@ -11,6 +11,9 @@
domain_type(setroubleshootd_t)
init_daemon_domain(setroubleshootd_t, setroubleshootd_exec_t)
@@ -27974,7 +27974,7 @@ diff --exclude-from=exclude -N -u -r nsa
corecmd_exec_bin(setroubleshootd_t)
corecmd_exec_shell(setroubleshootd_t)
-@@ -68,16 +74,23 @@
+@@ -68,16 +74,24 @@
dev_read_urand(setroubleshootd_t)
dev_read_sysfs(setroubleshootd_t)
@@ -27983,6 +27983,7 @@ diff --exclude-from=exclude -N -u -r nsa
domain_dontaudit_search_all_domains_state(setroubleshootd_t)
++files_read_all_symlinks(setroubleshootd_t)
files_read_usr_files(setroubleshootd_t)
files_read_etc_files(setroubleshootd_t)
-files_getattr_all_dirs(setroubleshootd_t)
@@ -27999,7 +28000,7 @@ diff --exclude-from=exclude -N -u -r nsa
selinux_get_enforce_mode(setroubleshootd_t)
selinux_validate_context(setroubleshootd_t)
-@@ -97,23 +110,30 @@
+@@ -97,23 +111,30 @@
locallogin_dontaudit_use_fds(setroubleshootd_t)
@@ -33301,7 +33302,7 @@ diff --exclude-from=exclude -N -u -r nsa
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.5.13/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/system/init.te 2009-04-14 11:07:25.000000000 +0200
++++ serefpolicy-3.5.13/policy/modules/system/init.te 2009-07-20 14:40:59.000000000 +0200
@@ -17,6 +17,20 @@
## </desc>
gen_tunable(init_upstart,false)
@@ -33446,11 +33447,12 @@ diff --exclude-from=exclude -N -u -r nsa
')
optional_policy(`
-@@ -521,6 +553,31 @@
+@@ -521,6 +553,32 @@
')
')
+domain_dontaudit_use_interactive_fds(daemon)
++userdom_dontaudit_rw_stream(daemon)
+
+sysadm_dontaudit_search_home_dirs(daemon)
+
@@ -33478,7 +33480,7 @@ diff --exclude-from=exclude -N -u -r nsa
optional_policy(`
amavis_search_lib(initrc_t)
amavis_setattr_pid_files(initrc_t)
-@@ -575,6 +632,10 @@
+@@ -575,6 +633,10 @@
dbus_read_config(initrc_t)
optional_policy(`
@@ -33489,7 +33491,7 @@ diff --exclude-from=exclude -N -u -r nsa
networkmanager_dbus_chat(initrc_t)
')
')
-@@ -660,12 +721,6 @@
+@@ -660,12 +722,6 @@
mta_read_config(initrc_t)
mta_dontaudit_read_spool_symlinks(initrc_t)
')
@@ -33502,7 +33504,7 @@ diff --exclude-from=exclude -N -u -r nsa
optional_policy(`
ifdef(`distro_redhat',`
-@@ -726,6 +781,9 @@
+@@ -726,6 +782,9 @@
# why is this needed:
rpm_manage_db(initrc_t)
@@ -33512,7 +33514,7 @@ diff --exclude-from=exclude -N -u -r nsa
')
optional_policy(`
-@@ -738,10 +796,12 @@
+@@ -738,10 +797,12 @@
squid_manage_logs(initrc_t)
')
@@ -33525,7 +33527,7 @@ diff --exclude-from=exclude -N -u -r nsa
optional_policy(`
ssh_dontaudit_read_server_keys(initrc_t)
-@@ -759,6 +819,15 @@
+@@ -759,6 +820,15 @@
uml_setattr_util_sockets(initrc_t)
')
@@ -33541,7 +33543,7 @@ diff --exclude-from=exclude -N -u -r nsa
optional_policy(`
unconfined_domain(initrc_t)
-@@ -773,6 +842,10 @@
+@@ -773,6 +843,10 @@
')
optional_policy(`
@@ -33552,7 +33554,7 @@ diff --exclude-from=exclude -N -u -r nsa
vmware_read_system_config(initrc_t)
vmware_append_system_config(initrc_t)
')
-@@ -795,3 +868,19 @@
+@@ -795,3 +869,19 @@
optional_policy(`
zebra_read_config(initrc_t)
')
@@ -36015,9 +36017,12 @@ diff --exclude-from=exclude -N -u -r nsa
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.5.13/policy/modules/system/sysnetwork.te
--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/system/sysnetwork.te 2009-06-24 09:52:07.000000000 +0200
-@@ -20,6 +20,9 @@
++++ serefpolicy-3.5.13/policy/modules/system/sysnetwork.te 2009-07-17 09:06:00.000000000 +0200
+@@ -18,8 +18,12 @@
+ type dhcpc_t;
+ type dhcpc_exec_t;
init_daemon_domain(dhcpc_t,dhcpc_exec_t)
++domain_obj_id_change_exemption(dhcpc_t)
role system_r types dhcpc_t;
+type dhcpc_helper_exec_t;
@@ -36026,7 +36031,7 @@ diff --exclude-from=exclude -N -u -r nsa
type dhcpc_state_t;
files_type(dhcpc_state_t)
-@@ -41,21 +44,22 @@
+@@ -41,21 +45,22 @@
#
# DHCP client local policy
#
@@ -36054,7 +36059,7 @@ diff --exclude-from=exclude -N -u -r nsa
manage_files_pattern(dhcpc_t,dhcpc_state_t,dhcpc_state_t)
filetrans_pattern(dhcpc_t,dhcp_state_t,dhcpc_state_t,file)
-@@ -65,7 +69,7 @@
+@@ -65,7 +70,7 @@
# Allow read/write to /etc/resolv.conf and /etc/ntp.conf. Note that any files
# in /etc created by dhcpcd will be labelled net_conf_t.
@@ -36063,7 +36068,7 @@ diff --exclude-from=exclude -N -u -r nsa
files_etc_filetrans(dhcpc_t,net_conf_t,file)
# create temp files
-@@ -116,7 +120,7 @@
+@@ -116,7 +121,7 @@
corecmd_exec_shell(dhcpc_t)
domain_use_interactive_fds(dhcpc_t)
@@ -36072,7 +36077,7 @@ diff --exclude-from=exclude -N -u -r nsa
files_read_etc_files(dhcpc_t)
files_read_etc_runtime_files(dhcpc_t)
-@@ -135,8 +139,6 @@
+@@ -135,8 +140,6 @@
modutils_domtrans_insmod(dhcpc_t)
@@ -36081,7 +36086,7 @@ diff --exclude-from=exclude -N -u -r nsa
ifdef(`distro_redhat', `
files_exec_etc_files(dhcpc_t)
')
-@@ -185,25 +187,23 @@
+@@ -185,25 +188,23 @@
')
optional_policy(`
@@ -36115,7 +36120,7 @@ diff --exclude-from=exclude -N -u -r nsa
')
optional_policy(`
-@@ -214,6 +214,11 @@
+@@ -214,6 +215,11 @@
optional_policy(`
seutil_sigchld_newrole(dhcpc_t)
seutil_dontaudit_search_config(dhcpc_t)
@@ -36127,7 +36132,7 @@ diff --exclude-from=exclude -N -u -r nsa
')
optional_policy(`
-@@ -225,6 +230,10 @@
+@@ -225,6 +231,10 @@
')
optional_policy(`
@@ -36138,7 +36143,7 @@ diff --exclude-from=exclude -N -u -r nsa
kernel_read_xen_state(dhcpc_t)
kernel_write_xen_state(dhcpc_t)
xen_append_log(dhcpc_t)
-@@ -238,7 +247,6 @@
+@@ -238,7 +248,6 @@
allow ifconfig_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execheap execstack };
allow ifconfig_t self:capability { net_raw net_admin sys_tty_config };
@@ -36146,7 +36151,7 @@ diff --exclude-from=exclude -N -u -r nsa
allow ifconfig_t self:fd use;
allow ifconfig_t self:fifo_file rw_fifo_file_perms;
-@@ -252,6 +260,7 @@
+@@ -252,6 +261,7 @@
allow ifconfig_t self:sem create_sem_perms;
allow ifconfig_t self:msgq create_msgq_perms;
allow ifconfig_t self:msg { send receive };
@@ -36154,7 +36159,7 @@ diff --exclude-from=exclude -N -u -r nsa
# Create UDP sockets, necessary when called from dhcpc
allow ifconfig_t self:udp_socket create_socket_perms;
-@@ -261,13 +270,20 @@
+@@ -261,13 +271,20 @@
allow ifconfig_t self:netlink_route_socket create_netlink_socket_perms;
allow ifconfig_t self:netlink_xfrm_socket { create_netlink_socket_perms nlmsg_read };
allow ifconfig_t self:tcp_socket { create ioctl };
@@ -36175,7 +36180,7 @@ diff --exclude-from=exclude -N -u -r nsa
corenet_rw_tun_tap_dev(ifconfig_t)
-@@ -278,8 +294,13 @@
+@@ -278,8 +295,13 @@
fs_getattr_xattr_fs(ifconfig_t)
fs_search_auto_mountpoints(ifconfig_t)
@@ -36189,7 +36194,7 @@ diff --exclude-from=exclude -N -u -r nsa
domain_use_interactive_fds(ifconfig_t)
-@@ -300,6 +321,8 @@
+@@ -300,6 +322,8 @@
seutil_use_runinit_fds(ifconfig_t)
@@ -36198,7 +36203,7 @@ diff --exclude-from=exclude -N -u -r nsa
userdom_use_all_users_fds(ifconfig_t)
ifdef(`distro_ubuntu',`
-@@ -335,6 +358,14 @@
+@@ -335,6 +359,14 @@
')
optional_policy(`
@@ -36739,7 +36744,7 @@ diff --exclude-from=exclude -N -u -r nsa
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.5.13/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/system/unconfined.te 2009-03-20 09:28:45.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/system/unconfined.te 2009-07-20 14:36:41.000000000 +0200
@@ -6,35 +6,78 @@
# Declarations
#
@@ -36826,7 +36831,7 @@ diff --exclude-from=exclude -N -u -r nsa
libs_run_ldconfig(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
-@@ -42,28 +85,39 @@
+@@ -42,7 +85,10 @@
logging_run_auditctl(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
mount_run_unconfined(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
@@ -36837,8 +36842,7 @@ diff --exclude-from=exclude -N -u -r nsa
seutil_run_setfiles(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
seutil_run_semanage(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
- unconfined_domain(unconfined_t)
-+domain_mmap_low(unconfined_t)
+@@ -50,20 +96,27 @@
userdom_priveleged_home_dir_manager(unconfined_t)
@@ -36870,7 +36874,7 @@ diff --exclude-from=exclude -N -u -r nsa
')
optional_policy(`
-@@ -75,12 +129,6 @@
+@@ -75,12 +128,6 @@
')
optional_policy(`
@@ -36883,7 +36887,7 @@ diff --exclude-from=exclude -N -u -r nsa
init_dbus_chat_script(unconfined_t)
dbus_stub(unconfined_t)
-@@ -106,12 +154,24 @@
+@@ -106,12 +153,24 @@
')
optional_policy(`
@@ -36908,7 +36912,7 @@ diff --exclude-from=exclude -N -u -r nsa
')
optional_policy(`
-@@ -123,79 +183,95 @@
+@@ -123,79 +182,95 @@
')
optional_policy(`
@@ -37025,7 +37029,7 @@ diff --exclude-from=exclude -N -u -r nsa
')
optional_policy(`
-@@ -203,7 +279,7 @@
+@@ -203,7 +278,7 @@
')
optional_policy(`
@@ -37034,7 +37038,7 @@ diff --exclude-from=exclude -N -u -r nsa
')
optional_policy(`
-@@ -215,11 +291,12 @@
+@@ -215,11 +290,12 @@
')
optional_policy(`
@@ -37049,7 +37053,7 @@ diff --exclude-from=exclude -N -u -r nsa
')
########################################
-@@ -229,14 +306,61 @@
+@@ -229,14 +305,61 @@
allow unconfined_execmem_t self:process { execstack execmem };
unconfined_domain_noaudit(unconfined_execmem_t)
@@ -37128,7 +37132,7 @@ diff --exclude-from=exclude -N -u -r nsa
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.5.13/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/system/userdomain.if 2009-04-14 10:42:32.000000000 +0200
++++ serefpolicy-3.5.13/policy/modules/system/userdomain.if 2009-07-20 14:40:31.000000000 +0200
@@ -28,10 +28,14 @@
class context contains;
')
@@ -39349,7 +39353,7 @@ diff --exclude-from=exclude -N -u -r nsa
## Send a dbus message to all user domains.
## </summary>
## <param name="domain">
-@@ -5513,3 +5725,642 @@
+@@ -5513,3 +5725,661 @@
interface(`userdom_unconfined',`
refpolicywarn(`$0($*) has been deprecated.')
')
@@ -39992,6 +39996,25 @@ diff --exclude-from=exclude -N -u -r nsa
+ dontaudit $1 admin_home_t:dir list_dir_perms;
+')
+
++#######################################
++## <summary>
++## Do not audit attempts to read and write
++## unserdomain stream.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain to not audit.
++## </summary>
++## </param>
++#
++interface(`userdom_dontaudit_rw_stream',`
++ gen_require(`
++ attribute userdomain;
++ ')
++
++ dontaudit $1 userdomain:unix_stream_socket rw_file_perms;
++')
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.5.13/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2008-10-17 14:49:13.000000000 +0200
+++ serefpolicy-3.5.13/policy/modules/system/userdomain.te 2009-02-10 15:07:15.000000000 +0100
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/selinux-policy.spec,v
retrieving revision 1.801
retrieving revision 1.802
diff -u -p -r1.801 -r1.802
--- selinux-policy.spec 3 Jul 2009 09:09:30 -0000 1.801
+++ selinux-policy.spec 20 Jul 2009 13:25:10 -0000 1.802
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.5.13
-Release: 66%{?dist}
+Release: 67%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -462,6 +462,9 @@ exit 0
%endif
%changelog
+* Mon Jul 20 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-67
+- Allow setroubleshootd to read all symlinks
+
* Fri Jul 3 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-66
- Allow ftpd to create shm
- Previous message: rpms/perl-Test-ClassAPI/F-10 .cvsignore, 1.5, 1.6 perl-Test-ClassAPI.spec, 1.12, 1.13 sources, 1.5, 1.6
- Next message: rpms/glibc/devel .cvsignore, 1.272, 1.273 glibc-fedora.patch, 1.305, 1.306 glibc.spec, 1.396, 1.397 import.log, 1.15, 1.16 sources, 1.297, 1.298
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list