rpms/selinux-policy/devel policy-20090105.patch, 1.107, 1.108 selinux-policy.spec, 1.844, 1.845
Daniel J Walsh
dwalsh at fedoraproject.org
Mon May 4 18:20:30 UTC 2009
- Previous message: rpms/libvncserver/EL-5 libvncserver-0.9.7-system_minilzo.patch, NONE, 1.1 .cvsignore, 1.2, 1.3 libvncserver.spec, 1.1, 1.2 sources, 1.2, 1.3
- Next message: rpms/xorg-x11-server/F-11 xserver-1.6.1-document-fontpath-correctly.patch, NONE, 1.1 xorg-x11-server.spec, 1.442, 1.443 xserver-1.4.99-document-fontpath-correctly.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30909
Modified Files:
policy-20090105.patch selinux-policy.spec
Log Message:
* Fri May 1 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-27
- Fix /sbin/ip6tables-save context
- Allod udev to transition to mount
- Fix loading of mls policy file
policy-20090105.patch:
Index: policy-20090105.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20090105.patch,v
retrieving revision 1.107
retrieving revision 1.108
diff -u -p -r1.107 -r1.108
--- policy-20090105.patch 2 May 2009 11:52:11 -0000 1.107
+++ policy-20090105.patch 4 May 2009 18:20:27 -0000 1.108
@@ -655,7 +655,16 @@ diff -b -B --ignore-all-space --exclude-
corenet_udp_sendrecv_lo_if(mrtg_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.6.12/policy/modules/admin/netutils.te
--- nsaserefpolicy/policy/modules/admin/netutils.te 2009-03-12 11:16:47.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/admin/netutils.te 2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/admin/netutils.te 2009-05-04 11:25:11.000000000 -0400
+@@ -50,7 +50,7 @@
+ files_tmp_filetrans(netutils_t, netutils_tmp_t, { file dir })
+
+ kernel_search_proc(netutils_t)
+-kernel_read_sysctl(netutils_t)
++kernel_read_all_sysctls(netutils_t)
+
+ corenet_all_recvfrom_unlabeled(netutils_t)
+ corenet_all_recvfrom_netlabel(netutils_t)
@@ -152,6 +152,10 @@
')
@@ -4489,8 +4498,8 @@ diff -b -B --ignore-all-space --exclude-
+/var/run/screen(/.*)? gen_context(system_u:object_r:screen_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.if serefpolicy-3.6.12/policy/modules/apps/screen.if
--- nsaserefpolicy/policy/modules/apps/screen.if 2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/screen.if 2009-05-02 07:49:38.000000000 -0400
-@@ -165,3 +165,23 @@
++++ serefpolicy-3.6.12/policy/modules/apps/screen.if 2009-05-04 11:30:29.000000000 -0400
+@@ -165,3 +165,24 @@
nscd_socket_use($1_screen_t)
')
')
@@ -4513,6 +4522,7 @@ diff -b -B --ignore-all-space --exclude-
+ manage_dirs_pattern($1,screen_var_run_t,screen_var_run_t)
+ manage_files_pattern($1,screen_var_run_t,screen_var_run_t)
+ manage_lnk_files_pattern($1,screen_var_run_t,screen_var_run_t)
++ manage_fifo_files_pattern($1,screen_var_run_t,screen_var_run_t)
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/uml.te serefpolicy-3.6.12/policy/modules/apps/uml.te
--- nsaserefpolicy/policy/modules/apps/uml.te 2009-01-19 11:03:28.000000000 -0500
@@ -5948,7 +5958,7 @@ diff -b -B --ignore-all-space --exclude-
#
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.6.12/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2009-01-05 15:39:38.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/kernel/kernel.if 2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/kernel/kernel.if 2009-05-04 11:25:35.000000000 -0400
@@ -1197,6 +1197,26 @@
')
@@ -20507,7 +20517,7 @@ diff -b -B --ignore-all-space --exclude-
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.6.12/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2009-03-20 12:39:39.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/rpc.te 2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/services/rpc.te 2009-05-04 12:28:35.000000000 -0400
@@ -23,7 +23,7 @@
gen_tunable(allow_nfsd_anon_write, false)
@@ -20517,7 +20527,7 @@ diff -b -B --ignore-all-space --exclude-
rpc_domain_template(gssd)
-@@ -74,21 +74,31 @@
+@@ -74,21 +74,33 @@
files_manage_mounttab(rpcd_t)
@@ -20527,6 +20537,8 @@ diff -b -B --ignore-all-space --exclude-
fs_read_rpc_symlinks(rpcd_t)
fs_rw_rpc_sockets(rpcd_t)
++storage_getattr_fixed_disk_dev(rpcd_t)
++
+kernel_signal(rpcd_t)
+
selinux_dontaudit_read_fs(rpcd_t)
@@ -20549,7 +20561,7 @@ diff -b -B --ignore-all-space --exclude-
########################################
#
# NFSD local policy
-@@ -116,8 +126,9 @@
+@@ -116,8 +128,9 @@
# for exportfs and rpc.mountd
files_getattr_tmp_dirs(nfsd_t)
# cjp: this should really have its own type
@@ -20560,7 +20572,7 @@ diff -b -B --ignore-all-space --exclude-
fs_mount_nfsd_fs(nfsd_t)
fs_search_nfsd_fs(nfsd_t)
fs_getattr_all_fs(nfsd_t)
-@@ -125,6 +136,7 @@
+@@ -125,6 +138,7 @@
fs_rw_nfsd_fs(nfsd_t)
storage_dontaudit_read_fixed_disk(nfsd_t)
@@ -20568,7 +20580,7 @@ diff -b -B --ignore-all-space --exclude-
# Read access to public_content_t and public_content_rw_t
miscfiles_read_public_files(nfsd_t)
-@@ -141,6 +153,7 @@
+@@ -141,6 +155,7 @@
fs_read_noxattr_fs_files(nfsd_t)
auth_manage_all_files_except_shadow(nfsd_t)
')
@@ -20576,7 +20588,7 @@ diff -b -B --ignore-all-space --exclude-
tunable_policy(`nfs_export_all_ro',`
dev_getattr_all_blk_files(nfsd_t)
-@@ -175,6 +188,7 @@
+@@ -175,6 +190,7 @@
corecmd_exec_bin(gssd_t)
@@ -20584,7 +20596,7 @@ diff -b -B --ignore-all-space --exclude-
fs_list_rpc(gssd_t)
fs_rw_rpc_sockets(gssd_t)
fs_read_rpc_files(gssd_t)
-@@ -183,9 +197,12 @@
+@@ -183,9 +199,12 @@
files_read_usr_symlinks(gssd_t)
auth_use_nsswitch(gssd_t)
@@ -29601,7 +29613,7 @@ diff -b -B --ignore-all-space --exclude-
xen_append_log(ifconfig_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.6.12/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2009-04-07 15:53:36.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/udev.te 2009-04-23 09:44:57.000000000 -0400
++++ serefpolicy-3.6.12/policy/modules/system/udev.te 2009-05-04 14:15:06.000000000 -0400
@@ -50,6 +50,7 @@
allow udev_t self:unix_stream_socket connectto;
allow udev_t self:netlink_kobject_uevent_socket create_socket_perms;
@@ -29638,7 +29650,18 @@ diff -b -B --ignore-all-space --exclude-
')
optional_policy(`
-@@ -242,6 +250,10 @@
+@@ -228,6 +236,10 @@
+ ')
+
+ optional_policy(`
++ mount_domtrans(udev_t)
++')
++
++optional_policy(`
+ openct_read_pid_files(udev_t)
+ openct_domtrans(udev_t)
+ ')
+@@ -242,6 +254,10 @@
')
optional_policy(`
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.844
retrieving revision 1.845
diff -u -p -r1.844 -r1.845
--- selinux-policy.spec 2 May 2009 11:52:13 -0000 1.844
+++ selinux-policy.spec 4 May 2009 18:20:29 -0000 1.845
@@ -165,11 +165,6 @@ if [ -s /etc/selinux/config ]; then \
fi \
fi
-%define loadminpolicy() \
-( cd /usr/share/selinux/%1; \
-semodule -b base.pp.bz2 -i unconfined.pp.bz2 unconfineduser.pp.bz2 -s %1; \
-); \
-
%define loadpolicy() \
( cd /usr/share/selinux/%1; \
semodule -b base.pp.bz2 -i %{expand:%%moduleList %1} %2 -s %1; \
@@ -351,12 +346,12 @@ echo $packages
}
if [ $1 -eq 1 ]; then
- packages="unconfined.pp.bz2 unconfineduser.pp.bz2"
+ packages="%{expand:%%moduleList targeted} unconfined.pp.bz2 unconfineduser.pp.bz2"
%loadpolicy targeted $packages
restorecon -R /root /var/log /var/run 2> /dev/null
else
semodule -n -s targeted -r moilscanner -r mailscanner -r gamin -r audio_entropy -r iscsid 2>/dev/null
- packages=`get_unconfined $(semodule -l)`
+ packages="%{expand:%%moduleList targeted} `get_unconfined $(semodule -l)`"
%loadpolicy targeted $packages
%relabel targeted
fi
@@ -402,7 +397,8 @@ SELinux Reference policy minimum base mo
%post minimum
if [ $1 -eq 1 ]; then
-%loadminpolicy minimum
+packages="unconfined.pp.bz2 unconfineduser.pp.bz2"
+%loadpolicy minimum $packages
semanage -S minimum -i - << __eof
login -m -s unconfined_u -r s0-s0:c0.c1023 __default__
login -m -s unconfined_u -r s0-s0:c0.c1023 root
@@ -435,7 +431,8 @@ SELinux Reference policy olpc base modul
%saveFileContext olpc
%post olpc
-%loadpolicy olpc ""
+packages="%{expand:%%moduleList olpc} unconfined.pp.bz2 unconfineduser.pp.bz2"
+%loadpolicy olpc $packages
if [ $1 -ne 1 ]; then
%relabel olpc
@@ -466,7 +463,8 @@ SELinux Reference policy mls base module
%post mls
semodule -n -s mls -r mailscanner 2>/dev/null
-%loadpolicy mls ""
+packages="%{expand:%%moduleList mls}"
+%loadpolicy mls $packages
if [ $1 != 1 ]; then
%relabel mls
@@ -482,6 +480,8 @@ exit 0
%changelog
* Fri May 1 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-27
- Fix /sbin/ip6tables-save context
+- Allod udev to transition to mount
+- Fix loading of mls policy file
* Thu Apr 30 2009 Dan Walsh <dwalsh at redhat.com> 3.6.12-26
- Add shorewall policy
- Previous message: rpms/libvncserver/EL-5 libvncserver-0.9.7-system_minilzo.patch, NONE, 1.1 .cvsignore, 1.2, 1.3 libvncserver.spec, 1.1, 1.2 sources, 1.2, 1.3
- Next message: rpms/xorg-x11-server/F-11 xserver-1.6.1-document-fontpath-correctly.patch, NONE, 1.1 xorg-x11-server.spec, 1.442, 1.443 xserver-1.4.99-document-fontpath-correctly.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list