rpms/selinux-policy/devel modules-targeted.conf, 1.126, 1.127 policy-20090105.patch, 1.106, 1.107 selinux-policy.spec, 1.843, 1.844
Daniel J Walsh
dwalsh at fedoraproject.org
Sat May 2 11:52:44 UTC 2009
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv26422
Modified Files:
modules-targeted.conf policy-20090105.patch
selinux-policy.spec
Log Message:
* Fri May 1 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-27
- Fix /sbin/ip6tables-save context
Index: modules-targeted.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/modules-targeted.conf,v
retrieving revision 1.126
retrieving revision 1.127
diff -u -p -r1.126 -r1.127
--- modules-targeted.conf 30 Apr 2009 22:21:59 -0000 1.126
+++ modules-targeted.conf 2 May 2009 11:52:11 -0000 1.127
@@ -994,7 +994,7 @@ portmap = module
#
postfix = module
-o# Layer: services
+# Layer: services
# Module: postgrey
#
# email scanner
policy-20090105.patch:
Index: policy-20090105.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20090105.patch,v
retrieving revision 1.106
retrieving revision 1.107
diff -u -p -r1.106 -r1.107
--- policy-20090105.patch 30 Apr 2009 22:21:59 -0000 1.106
+++ policy-20090105.patch 2 May 2009 11:52:11 -0000 1.107
@@ -4479,6 +4479,41 @@ diff -b -B --ignore-all-space --exclude-
+')
+
+permissive sambagui_t;
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.fc serefpolicy-3.6.12/policy/modules/apps/screen.fc
+--- nsaserefpolicy/policy/modules/apps/screen.fc 2008-11-11 16:13:42.000000000 -0500
++++ serefpolicy-3.6.12/policy/modules/apps/screen.fc 2009-05-02 07:46:25.000000000 -0400
+@@ -13,3 +13,4 @@
+ #
+ /var/run/screens?/S-[^/]+ -d gen_context(system_u:object_r:screen_dir_t,s0)
+ /var/run/screens?/S-[^/]+/.* <<none>>
++/var/run/screen(/.*)? gen_context(system_u:object_r:screen_var_run_t,s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.if serefpolicy-3.6.12/policy/modules/apps/screen.if
+--- nsaserefpolicy/policy/modules/apps/screen.if 2009-01-19 11:03:28.000000000 -0500
++++ serefpolicy-3.6.12/policy/modules/apps/screen.if 2009-05-02 07:49:38.000000000 -0400
+@@ -165,3 +165,23 @@
+ nscd_socket_use($1_screen_t)
+ ')
+ ')
++
++########################################
++## <summary>
++## Manage screen var_run files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`screen_manage_var_run',`
++ gen_require(`
++ type screen_var_run_t;
++ ')
++
++ manage_dirs_pattern($1,screen_var_run_t,screen_var_run_t)
++ manage_files_pattern($1,screen_var_run_t,screen_var_run_t)
++ manage_lnk_files_pattern($1,screen_var_run_t,screen_var_run_t)
++')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/uml.te serefpolicy-3.6.12/policy/modules/apps/uml.te
--- nsaserefpolicy/policy/modules/apps/uml.te 2009-01-19 11:03:28.000000000 -0500
+++ serefpolicy-3.6.12/policy/modules/apps/uml.te 2009-04-28 11:42:33.000000000 -0400
@@ -6039,7 +6074,7 @@ diff -b -B --ignore-all-space --exclude-
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.6.12/policy/modules/kernel/kernel.te
--- nsaserefpolicy/policy/modules/kernel/kernel.te 2009-02-03 22:50:50.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/kernel/kernel.te 2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/kernel/kernel.te 2009-05-01 13:41:10.000000000 -0400
@@ -63,6 +63,15 @@
genfscon debugfs / gen_context(system_u:object_r:debugfs_t,s0)
@@ -6056,7 +6091,15 @@ diff -b -B --ignore-all-space --exclude-
# kvmFS
#
-@@ -120,6 +129,10 @@
+@@ -100,6 +109,7 @@
+ genfscon proc /net gen_context(system_u:object_r:proc_net_t,s0)
+
+ type proc_xen_t, proc_type;
++files_mountpoint(proc_xen_t)
+ genfscon proc /xen gen_context(system_u:object_r:proc_xen_t,s0)
+
+ #
+@@ -120,6 +130,10 @@
type sysctl_rpc_t, sysctl_type;
genfscon proc /net/rpc gen_context(system_u:object_r:sysctl_rpc_t,s0)
@@ -6067,7 +6110,7 @@ diff -b -B --ignore-all-space --exclude-
# /proc/sys/fs directory and files
type sysctl_fs_t, sysctl_type;
files_mountpoint(sysctl_fs_t)
-@@ -160,6 +173,7 @@
+@@ -160,6 +174,7 @@
#
type unlabeled_t;
sid unlabeled gen_context(system_u:object_r:unlabeled_t,mls_systemhigh)
@@ -6075,7 +6118,7 @@ diff -b -B --ignore-all-space --exclude-
# These initial sids are no longer used, and can be removed:
sid any_socket gen_context(system_u:object_r:unlabeled_t,mls_systemhigh)
-@@ -198,6 +212,8 @@
+@@ -198,6 +213,8 @@
allow kernel_t self:sock_file read_sock_file_perms;
allow kernel_t self:fd use;
@@ -6084,7 +6127,7 @@ diff -b -B --ignore-all-space --exclude-
allow kernel_t proc_t:dir list_dir_perms;
allow kernel_t proc_t:file read_file_perms;
allow kernel_t proc_t:lnk_file read_lnk_file_perms;
-@@ -248,7 +264,8 @@
+@@ -248,7 +265,8 @@
selinux_load_policy(kernel_t)
@@ -6094,7 +6137,7 @@ diff -b -B --ignore-all-space --exclude-
corecmd_exec_shell(kernel_t)
corecmd_list_bin(kernel_t)
-@@ -262,6 +279,8 @@
+@@ -262,6 +280,8 @@
files_list_etc(kernel_t)
files_list_home(kernel_t)
files_read_usr_files(kernel_t)
@@ -6103,7 +6146,7 @@ diff -b -B --ignore-all-space --exclude-
mcs_process_set_categories(kernel_t)
-@@ -269,12 +288,18 @@
+@@ -269,12 +289,18 @@
mls_process_write_down(kernel_t)
mls_file_write_all_levels(kernel_t)
mls_file_read_all_levels(kernel_t)
@@ -6122,7 +6165,7 @@ diff -b -B --ignore-all-space --exclude-
tunable_policy(`read_default_t',`
files_list_default(kernel_t)
files_read_default_files(kernel_t)
-@@ -356,7 +381,11 @@
+@@ -356,7 +382,11 @@
')
optional_policy(`
@@ -6135,7 +6178,7 @@ diff -b -B --ignore-all-space --exclude-
')
########################################
-@@ -388,3 +417,7 @@
+@@ -388,3 +418,7 @@
allow kern_unconfined unlabeled_t:association *;
allow kern_unconfined unlabeled_t:packet *;
allow kern_unconfined unlabeled_t:process ~{ transition dyntransition execmem execstack execheap };
@@ -6257,48 +6300,46 @@ diff -b -B --ignore-all-space --exclude-
+gen_user(guest_u, user, guest_r, s0, s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.6.12/policy/modules/roles/staff.te
--- nsaserefpolicy/policy/modules/roles/staff.te 2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/roles/staff.te 2009-04-23 09:44:57.000000000 -0400
-@@ -15,156 +15,90 @@
++++ serefpolicy-3.6.12/policy/modules/roles/staff.te 2009-05-02 07:50:07.000000000 -0400
+@@ -15,156 +15,95 @@
# Local policy
#
-optional_policy(`
- apache_role(staff_r, staff_t)
-')
--
--optional_policy(`
-- auth_role(staff_r, staff_t)
--')
--
--optional_policy(`
-- auditadm_role_change(staff_r)
--')
+kernel_read_ring_buffer(staff_t)
+kernel_getattr_core_if(staff_t)
+kernel_getattr_message_if(staff_t)
+kernel_read_software_raid_state(staff_t)
-optional_policy(`
-- bluetooth_role(staff_r, staff_t)
+- auth_role(staff_r, staff_t)
-')
+auth_domtrans_pam_console(staff_t)
-optional_policy(`
-- cdrecord_role(staff_r, staff_t)
+- auditadm_role_change(staff_r)
-')
+libs_manage_shared_libs(staff_t)
-optional_policy(`
+- bluetooth_role(staff_r, staff_t)
+-')
+-
+-optional_policy(`
+- cdrecord_role(staff_r, staff_t)
+-')
+-
+-optional_policy(`
- cron_role(staff_r, staff_t)
-')
-
-optional_policy(`
- dbus_role_template(staff, staff_r, staff_t)
-')
-+seutil_run_newrole(staff_t, staff_r)
-+netutils_run_ping(staff_t, staff_r)
-
- optional_policy(`
+-
+-optional_policy(`
- ethereal_role(staff_r, staff_t)
-')
-
@@ -6317,8 +6358,10 @@ diff -b -B --ignore-all-space --exclude-
-optional_policy(`
- gnome_role(staff_r, staff_t)
-')
--
--optional_policy(`
++seutil_run_newrole(staff_t, staff_r)
++netutils_run_ping(staff_t, staff_r)
+
+ optional_policy(`
- gpg_role(staff_r, staff_t)
-')
-
@@ -6332,122 +6375,123 @@ diff -b -B --ignore-all-space --exclude-
-
-optional_policy(`
- lockdev_role(staff_r, staff_t)
--')
--
--optional_policy(`
-- lpd_role(staff_r, staff_t)
--')
--
--optional_policy(`
-- mozilla_role(staff_r, staff_t)
+ sudo_role_template(staff, staff_r, staff_t)
')
optional_policy(`
-- mplayer_role(staff_r, staff_t)
+- lpd_role(staff_r, staff_t)
+ auditadm_role_change(staff_r)
')
optional_policy(`
-- mta_role(staff_r, staff_t)
+- mozilla_role(staff_r, staff_t)
+ kerneloops_manage_tmp_files(staff_t)
')
optional_policy(`
-- oident_manage_user_content(staff_t)
-- oident_relabel_user_content(staff_t)
+- mplayer_role(staff_r, staff_t)
+ logadm_role_change(staff_r)
')
optional_policy(`
-- pyzor_role(staff_r, staff_t)
+- mta_role(staff_r, staff_t)
+ secadm_role_change(staff_r)
')
optional_policy(`
-- razor_role(staff_r, staff_t)
+- oident_manage_user_content(staff_t)
+- oident_relabel_user_content(staff_t)
+ ssh_role_template(staff, staff_r, staff_t)
')
optional_policy(`
-- rssh_role(staff_r, staff_t)
+- pyzor_role(staff_r, staff_t)
+ sysadm_role_change(staff_r)
')
optional_policy(`
-- screen_role_template(staff, staff_r, staff_t)
+- razor_role(staff_r, staff_t)
+ usernetctl_run(staff_t, staff_r)
')
optional_policy(`
-- secadm_role_change(staff_r)
+- rssh_role(staff_r, staff_t)
+ unconfined_role_change(staff_r)
')
optional_policy(`
-- spamassassin_role(staff_r, staff_t)
+- screen_role_template(staff, staff_r, staff_t)
+ webadm_role_change(staff_r)
')
-optional_policy(`
-- ssh_role_template(staff, staff_r, staff_t)
+- secadm_role_change(staff_r)
-')
+domain_read_all_domains_state(staff_t)
+domain_getattr_all_domains(staff_t)
+domain_obj_id_change_exemption(staff_t)
-optional_policy(`
-- su_role_template(staff, staff_r, staff_t)
+- spamassassin_role(staff_r, staff_t)
-')
+files_read_kernel_modules(staff_t)
-optional_policy(`
-- sudo_role_template(staff, staff_r, staff_t)
+- ssh_role_template(staff, staff_r, staff_t)
-')
+kernel_read_fs_sysctls(staff_t)
-optional_policy(`
-- sysadm_role_change(staff_r)
-- userdom_dontaudit_use_user_terminals(staff_t)
+- su_role_template(staff, staff_r, staff_t)
-')
+modutils_read_module_config(staff_t)
+modutils_read_module_deps(staff_t)
-optional_policy(`
-- thunderbird_role(staff_r, staff_t)
+- sudo_role_template(staff, staff_r, staff_t)
-')
+miscfiles_read_hwdata(staff_t)
-optional_policy(`
-- tvtime_role(staff_r, staff_t)
+- sysadm_role_change(staff_r)
+- userdom_dontaudit_use_user_terminals(staff_t)
-')
+term_use_unallocated_ttys(staff_t)
optional_policy(`
-- uml_role(staff_r, staff_t)
+- thunderbird_role(staff_r, staff_t)
+ gnomeclock_dbus_chat(staff_t)
')
optional_policy(`
-- userhelper_role_template(staff, staff_r, staff_t)
+- tvtime_role(staff_r, staff_t)
+ kerneloops_dbus_chat(staff_t)
')
optional_policy(`
-- vmware_role(staff_r, staff_t)
+- uml_role(staff_r, staff_t)
+ rpm_dbus_chat(staff_usertype)
')
optional_policy(`
-- wireshark_role(staff_r, staff_t)
+- userhelper_role_template(staff, staff_r, staff_t)
++ screen_manage_var_run(staff_t)
+ ')
+
+ optional_policy(`
+- vmware_role(staff_r, staff_t)
+ setroubleshoot_stream_connect(staff_t)
+ setroubleshoot_dbus_chat(staff_t)
')
optional_policy(`
-- xserver_role(staff_r, staff_t)
+- wireshark_role(staff_r, staff_t)
+ virt_stream_connect(staff_t)
')
+
+-optional_policy(`
+- xserver_role(staff_r, staff_t)
+-')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.if serefpolicy-3.6.12/policy/modules/roles/sysadm.if
--- nsaserefpolicy/policy/modules/roles/sysadm.if 2009-01-19 11:07:34.000000000 -0500
+++ serefpolicy-3.6.12/policy/modules/roles/sysadm.if 2009-04-23 09:44:57.000000000 -0400
@@ -12280,7 +12324,7 @@ diff -b -B --ignore-all-space --exclude-
+/var/run/DeviceKit-disk(/.*)? gen_context(system_u:object_r:devicekit_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.if serefpolicy-3.6.12/policy/modules/services/devicekit.if
--- nsaserefpolicy/policy/modules/services/devicekit.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/devicekit.if 2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/devicekit.if 2009-05-02 07:48:49.000000000 -0400
@@ -0,0 +1,197 @@
+
+## <summary>policy for devicekit</summary>
@@ -13432,8 +13476,8 @@ diff -b -B --ignore-all-space --exclude-
+/usr/libexec/fprintd -- gen_context(system_u:object_r:fprintd_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fprintd.if serefpolicy-3.6.12/policy/modules/services/fprintd.if
--- nsaserefpolicy/policy/modules/services/fprintd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/fprintd.if 2009-04-28 15:26:38.000000000 -0400
-@@ -0,0 +1,22 @@
++++ serefpolicy-3.6.12/policy/modules/services/fprintd.if 2009-05-01 09:45:48.000000000 -0400
+@@ -0,0 +1,42 @@
+
+## <summary>policy for fprintd</summary>
+
@@ -13456,6 +13500,26 @@ diff -b -B --ignore-all-space --exclude-
+ domtrans_pattern($1,fprintd_exec_t,fprintd_t)
+')
+
++########################################
++## <summary>
++## Send and receive messages from
++## fprintd over dbus.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`fprintd_dbus_chat',`
++ gen_require(`
++ type fprintd_t;
++ class dbus send_msg;
++ ')
++
++ allow $1 fprintd_t:dbus send_msg;
++ allow fprintd_t $1:dbus send_msg;
++')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fprintd.te serefpolicy-3.6.12/policy/modules/services/fprintd.te
--- nsaserefpolicy/policy/modules/services/fprintd.te 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.6.12/policy/modules/services/fprintd.te 2009-04-29 10:10:42.000000000 -0400
@@ -14625,7 +14689,7 @@ diff -b -B --ignore-all-space --exclude-
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.te serefpolicy-3.6.12/policy/modules/services/kerneloops.te
--- nsaserefpolicy/policy/modules/services/kerneloops.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/kerneloops.te 2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/kerneloops.te 2009-05-01 13:21:26.000000000 -0400
@@ -13,6 +13,9 @@
type kerneloops_initrc_exec_t;
init_script_file(kerneloops_initrc_exec_t)
@@ -14636,13 +14700,15 @@ diff -b -B --ignore-all-space --exclude-
########################################
#
# kerneloops local policy
-@@ -23,8 +26,13 @@
+@@ -21,10 +24,14 @@
+ allow kerneloops_t self:capability sys_nice;
+ allow kerneloops_t self:process { setsched getsched signal };
allow kerneloops_t self:fifo_file rw_file_perms;
- allow kerneloops_t self:netlink_route_socket r_netlink_socket_perms;
-
+-allow kerneloops_t self:netlink_route_socket r_netlink_socket_perms;
++
+manage_files_pattern(kerneloops_t, kerneloops_tmp_t, kerneloops_tmp_t)
+files_tmp_filetrans(kerneloops_t,kerneloops_tmp_t,file)
-+
+
kernel_read_ring_buffer(kerneloops_t)
+fs_list_inotifyfs(kerneloops_t)
@@ -14650,9 +14716,19 @@ diff -b -B --ignore-all-space --exclude-
# Init script handling
domain_use_interactive_fds(kerneloops_t)
-@@ -46,6 +54,5 @@
- sysnet_dns_name_resolve(kerneloops_t)
+@@ -38,14 +45,13 @@
+
+ files_read_etc_files(kerneloops_t)
+
++auth_use_nsswitch(kerneloops_t)
++
+ logging_send_syslog_msg(kerneloops_t)
+ logging_read_generic_logs(kerneloops_t)
+
+ miscfiles_read_localization(kerneloops_t)
+-sysnet_dns_name_resolve(kerneloops_t)
+-
optional_policy(`
- dbus_system_bus_client(kerneloops_t)
- dbus_connect_system_bus(kerneloops_t)
@@ -25914,7 +25990,7 @@ diff -b -B --ignore-all-space --exclude-
+/var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.6.12/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2008-11-11 16:13:48.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/system/authlogin.if 2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/authlogin.if 2009-05-01 09:46:46.000000000 -0400
@@ -43,20 +43,38 @@
interface(`auth_login_pgm_domain',`
gen_require(`
@@ -25962,7 +26038,7 @@ diff -b -B --ignore-all-space --exclude-
init_rw_utmp($1)
-@@ -100,11 +119,40 @@
+@@ -100,9 +119,42 @@
seutil_read_config($1)
seutil_read_default_contexts($1)
@@ -25975,16 +26051,16 @@ diff -b -B --ignore-all-space --exclude-
+
+ optional_policy(`
+ afs_rw_udp_sockets($1)
-+ ')
+ ')
+
+ optional_policy(`
+ dbus_system_bus_client($1)
+ optional_policy(`
+ oddjob_dbus_chat($1)
+ oddjob_domtrans_mkhomedir($1)
- ')
- ')
-
++ ')
++')
++
+ optional_policy(`
+ corecmd_exec_bin($1)
+ storage_getattr_fixed_disk_dev($1)
@@ -25992,6 +26068,10 @@ diff -b -B --ignore-all-space --exclude-
+ ')
+
+ optional_policy(`
++ fprintd_dbus_chat($1)
++ ')
++
++ optional_policy(`
+ nis_authenticate($1)
+ ')
+
@@ -26000,12 +26080,10 @@ diff -b -B --ignore-all-space --exclude-
+ userdom_read_user_home_content_files($1)
+ ')
+
-+')
-+
+ ')
+
########################################
- ## <summary>
- ## Use the login program as an entry point program.
-@@ -197,8 +245,11 @@
+@@ -197,8 +249,11 @@
interface(`auth_domtrans_chk_passwd',`
gen_require(`
type chkpwd_t, chkpwd_exec_t, shadow_t;
@@ -26017,7 +26095,7 @@ diff -b -B --ignore-all-space --exclude-
corecmd_search_bin($1)
domtrans_pattern($1, chkpwd_exec_t, chkpwd_t)
-@@ -207,19 +258,16 @@
+@@ -207,19 +262,16 @@
dev_read_rand($1)
dev_read_urand($1)
@@ -26042,7 +26120,7 @@ diff -b -B --ignore-all-space --exclude-
')
optional_policy(`
-@@ -230,6 +278,29 @@
+@@ -230,6 +282,29 @@
optional_policy(`
samba_stream_connect_winbind($1)
')
@@ -26072,7 +26150,7 @@ diff -b -B --ignore-all-space --exclude-
')
########################################
-@@ -254,6 +325,7 @@
+@@ -254,6 +329,7 @@
auth_domtrans_chk_passwd($1)
role $2 types chkpwd_t;
@@ -26080,7 +26158,7 @@ diff -b -B --ignore-all-space --exclude-
')
########################################
-@@ -650,7 +722,7 @@
+@@ -650,7 +726,7 @@
########################################
## <summary>
@@ -26089,7 +26167,7 @@ diff -b -B --ignore-all-space --exclude-
## </summary>
## <param name="domain">
## <summary>
-@@ -1031,6 +1103,32 @@
+@@ -1031,6 +1107,32 @@
########################################
## <summary>
@@ -26122,7 +26200,7 @@ diff -b -B --ignore-all-space --exclude-
## Manage all files on the filesystem, except
## the shadow passwords and listed exceptions.
## </summary>
-@@ -1297,6 +1395,14 @@
+@@ -1297,6 +1399,14 @@
')
optional_policy(`
@@ -26137,7 +26215,7 @@ diff -b -B --ignore-all-space --exclude-
nis_use_ypbind($1)
')
-@@ -1305,8 +1411,13 @@
+@@ -1305,8 +1415,13 @@
')
optional_policy(`
@@ -26151,7 +26229,7 @@ diff -b -B --ignore-all-space --exclude-
')
')
-@@ -1341,3 +1452,99 @@
+@@ -1341,3 +1456,99 @@
typeattribute $1 can_write_shadow_passwords;
typeattribute $1 can_relabelto_shadow_passwords;
')
@@ -27102,9 +27180,9 @@ diff -b -B --ignore-all-space --exclude-
dev_read_urand(racoon_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.fc serefpolicy-3.6.12/policy/modules/system/iptables.fc
--- nsaserefpolicy/policy/modules/system/iptables.fc 2009-04-06 12:42:08.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/iptables.fc 2009-04-30 08:29:56.000000000 -0400
-@@ -1,9 +1,11 @@
- /sbin/ip6tables.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
++++ serefpolicy-3.6.12/policy/modules/system/iptables.fc 2009-04-30 18:57:54.000000000 -0400
+@@ -1,9 +1,10 @@
+-/sbin/ip6tables.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
/sbin/ipchains.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
-/sbin/iptables.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
+/sbin/ip6?tables -- gen_context(system_u:object_r:iptables_exec_t,s0)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.843
retrieving revision 1.844
diff -u -p -r1.843 -r1.844
--- selinux-policy.spec 30 Apr 2009 22:22:00 -0000 1.843
+++ selinux-policy.spec 2 May 2009 11:52:13 -0000 1.844
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.6.12
-Release: 26%{?dist}
+Release: 27%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -480,6 +480,9 @@ exit 0
%endif
%changelog
+* Fri May 1 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-27
+- Fix /sbin/ip6tables-save context
+
* Thu Apr 30 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-26
- Add shorewall policy
More information about the scm-commits
mailing list