rpms/selinux-policy/F-10 policy-20080710.patch, 1.155, 1.156 selinux-policy.spec, 1.785, 1.786
Miroslav Grepl
mgrepl at fedoraproject.org
Mon Mar 30 14:56:27 UTC 2009
- Previous message: rpms/bind/devel .cvsignore, 1.51, 1.52 bind-9.5-libidn.patch, 1.2, 1.3 bind-96-dyndb.patch, 1.2, 1.3 bind.spec, 1.308, 1.309 sources, 1.60, 1.61 bind-95-rh469440.patch, 1.1, NONE bind-96-isc_header.patch, 1.1, NONE bind-96-realloc.patch, 1.1, NONE bind9-fedora-0001.diff, 1.1, NONE
- Next message: rpms/dnsperf/devel dnsperf.spec,1.5,1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mgrepl
Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv14602
Modified Files:
policy-20080710.patch selinux-policy.spec
Log Message:
- Allow logrotate to manage BIND cache files
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.155
retrieving revision 1.156
diff -u -r1.155 -r1.156
--- policy-20080710.patch 27 Mar 2009 16:39:58 -0000 1.155
+++ policy-20080710.patch 30 Mar 2009 14:56:24 -0000 1.156
@@ -665,7 +665,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.5.13/policy/modules/admin/logrotate.te
--- nsaserefpolicy/policy/modules/admin/logrotate.te 2008-10-17 14:49:14.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/admin/logrotate.te 2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/admin/logrotate.te 2009-03-30 16:34:18.000000000 +0200
@@ -119,6 +119,7 @@
seutil_dontaudit_read_config(logrotate_t)
@@ -674,7 +674,18 @@
cron_system_entry(logrotate_t, logrotate_exec_t)
cron_search_spool(logrotate_t)
-@@ -186,9 +187,16 @@
+@@ -152,6 +153,10 @@
+ ')
+
+ optional_policy(`
++ bind_manage_cache(logrotate_t)
++')
++
++optional_policy(`
+ consoletype_exec(logrotate_t)
+ ')
+
+@@ -186,9 +191,16 @@
')
optional_policy(`
@@ -1869,8 +1880,17 @@
## </summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/awstats.te serefpolicy-3.5.13/policy/modules/apps/awstats.te
--- nsaserefpolicy/policy/modules/apps/awstats.te 2008-10-17 14:49:14.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/apps/awstats.te 2009-03-27 14:17:48.000000000 +0100
-@@ -47,6 +47,8 @@
++++ serefpolicy-3.5.13/policy/modules/apps/awstats.te 2009-03-30 14:37:02.000000000 +0200
+@@ -28,6 +28,8 @@
+ awstats_rw_pipes(awstats_t)
+ awstats_cgi_exec(awstats_t)
+
++can_exec(awstats_t, awstats_exec_t)
++
+ manage_dirs_pattern(awstats_t, awstats_tmp_t, awstats_tmp_t)
+ manage_files_pattern(awstats_t, awstats_tmp_t, awstats_tmp_t)
+ files_tmp_filetrans(awstats_t, awstats_tmp_t, { dir file })
+@@ -47,6 +49,8 @@
# e.g. /usr/share/awstats/lang/awstats-en.txt
files_read_usr_files(awstats_t)
@@ -1879,7 +1899,7 @@
libs_read_lib_files(awstats_t)
libs_use_ld_so(awstats_t)
libs_use_shared_libs(awstats_t)
-@@ -55,6 +57,8 @@
+@@ -55,6 +59,8 @@
sysnet_dns_name_resolve(awstats_t)
@@ -13232,7 +13252,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-3.5.13/policy/modules/services/bind.te
--- nsaserefpolicy/policy/modules/services/bind.te 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/bind.te 2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/bind.te 2009-03-30 11:05:25.000000000 +0200
@@ -173,7 +173,7 @@
')
@@ -13242,7 +13262,15 @@
')
optional_policy(`
-@@ -247,6 +247,8 @@
+@@ -233,6 +233,7 @@
+ files_search_pids(ndc_t)
+
+ fs_getattr_xattr_fs(ndc_t)
++fs_list_inotifyfs(ndc_t)
+
+ init_use_fds(ndc_t)
+ init_use_script_ptys(ndc_t)
+@@ -247,6 +248,8 @@
sysnet_read_config(ndc_t)
sysnet_dns_name_resolve(ndc_t)
@@ -16014,7 +16042,7 @@
## </summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.5.13/policy/modules/services/dcc.te
--- nsaserefpolicy/policy/modules/services/dcc.te 2008-10-17 14:49:11.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/dcc.te 2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/dcc.te 2009-03-30 16:36:54.000000000 +0200
@@ -105,6 +105,8 @@
files_read_etc_files(cdcc_t)
files_read_etc_runtime_files(cdcc_t)
@@ -17144,6 +17172,48 @@
+ spamassassin_exec(exim_t)
+ spamassassin_exec_client(exim_t)
')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.if serefpolicy-3.5.13/policy/modules/services/fail2ban.if
+--- nsaserefpolicy/policy/modules/services/fail2ban.if 2008-10-17 14:49:11.000000000 +0200
++++ serefpolicy-3.5.13/policy/modules/services/fail2ban.if 2009-03-30 12:51:09.000000000 +0200
+@@ -79,6 +79,27 @@
+ allow $1 fail2ban_var_run_t:file read_file_perms;
+ ')
+
++#######################################
++## <summary>
++## Connect to fail2ban over a unix domain
++## stream socket.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`fail2ban_stream_connect',`
++ gen_require(`
++ type fail2ban_var_run_t, fail2ban_t;
++ ')
++
++ allow $1 fail2ban_t:unix_stream_socket connectto;
++ allow $1 fail2ban_var_run_t:sock_file { getattr write };
++ files_search_pids($1)
++')
++
+ ########################################
+ ## <summary>
+ ## All of the rules required to administrate
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-3.5.13/policy/modules/services/fail2ban.te
+--- nsaserefpolicy/policy/modules/services/fail2ban.te 2008-10-17 14:49:11.000000000 +0200
++++ serefpolicy-3.5.13/policy/modules/services/fail2ban.te 2009-03-30 12:52:34.000000000 +0200
+@@ -27,6 +27,7 @@
+ #
+
+ allow fail2ban_t self:process signal;
++dontaudit fail2ban_t self:capability sys_tty_config;
+ allow fail2ban_t self:fifo_file rw_fifo_file_perms;
+ allow fail2ban_t self:unix_stream_socket { connectto create_stream_socket_perms };
+ allow fail2ban_t self:tcp_socket create_stream_socket_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.fc serefpolicy-3.5.13/policy/modules/services/fetchmail.fc
--- nsaserefpolicy/policy/modules/services/fetchmail.fc 2008-10-17 14:49:11.000000000 +0200
+++ serefpolicy-3.5.13/policy/modules/services/fetchmail.fc 2009-03-05 15:02:41.000000000 +0100
@@ -18655,7 +18725,7 @@
+/var/spool/milter-regex(/.*)? gen_context(system_u:object_r:regex_milter_data_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.if serefpolicy-3.5.13/policy/modules/services/milter.if
--- nsaserefpolicy/policy/modules/services/milter.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.5.13/policy/modules/services/milter.if 2009-03-17 16:49:58.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/milter.if 2009-03-30 11:13:36.000000000 +0200
@@ -0,0 +1,104 @@
+## <summary>Milter mail filters</summary>
+
@@ -18751,7 +18821,7 @@
+## </summary>
+## </param>
+#
-+interface(`spamass_milter_manage_state',`
++interface(`milter_spamass_manage_state',`
+ gen_require(`
+ type spamass_milter_state_t;
+ ')
@@ -28361,7 +28431,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.5.13/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2008-10-17 14:49:11.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/spamassassin.te 2009-03-27 16:44:52.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/services/spamassassin.te 2009-03-30 11:14:39.000000000 +0200
@@ -21,16 +21,24 @@
gen_tunable(spamd_enable_home_dirs, true)
@@ -28549,7 +28619,7 @@
')
optional_policy(`
-+ spamass_milter_manage_state(spamd_t)
++ milter_spamass_manage_state(spamd_t)
+')
+
+optional_policy(`
@@ -28674,7 +28744,7 @@
+')
+
+optional_policy(`
-+ spamass_milter_manage_state(spamc_t)
++ milter_spamass_manage_state(spamc_t)
+')
+
+optional_policy(`
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/selinux-policy.spec,v
retrieving revision 1.785
retrieving revision 1.786
diff -u -r1.785 -r1.786
--- selinux-policy.spec 25 Mar 2009 13:43:12 -0000 1.785
+++ selinux-policy.spec 30 Mar 2009 14:56:27 -0000 1.786
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.5.13
-Release: 53%{?dist}
+Release: 54%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -460,6 +460,11 @@
%endif
%changelog
+* Mon Mar 30 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-54
+- Allow bitlbee_t to read /proc/meminfo
+- Fix lircd policy
+- Allow logrotate to manage BIND cache files
+
* Wed Mar 25 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-53
- Add labeling for new devices
- Fix devices policy
- Previous message: rpms/bind/devel .cvsignore, 1.51, 1.52 bind-9.5-libidn.patch, 1.2, 1.3 bind-96-dyndb.patch, 1.2, 1.3 bind.spec, 1.308, 1.309 sources, 1.60, 1.61 bind-95-rh469440.patch, 1.1, NONE bind-96-isc_header.patch, 1.1, NONE bind-96-realloc.patch, 1.1, NONE bind9-fedora-0001.diff, 1.1, NONE
- Next message: rpms/dnsperf/devel dnsperf.spec,1.5,1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list