rpms/selinux-policy/F-10 policy-20080710.patch, 1.167, 1.168 selinux-policy.spec, 1.794, 1.795
Miroslav Grepl
mgrepl at fedoraproject.org
Fri May 22 08:37:37 UTC 2009
- Previous message: rpms/wireshark/devel .cvsignore, 1.24, 1.25 sources, 1.24, 1.25 wireshark.spec, 1.51, 1.52
- Next message: rpms/ftgl/devel ftgl-2.1.3-rc5-ttf_font.patch, NONE, 1.1 import.log, NONE, 1.1 .cvsignore, 1.3, 1.4 ftgl.spec, 1.7, 1.8 sources, 1.3, 1.4 ftgl-2.1.2-Glyph-g++_41.patch, 1.1, NONE ftgl-2.1.2-destdir.patch, 1.1, NONE ftgl-2.1.2-pc_req.patch, 1.1, NONE ftgl-2.1.2-rpath_FTGLDemo.patch, 1.1, NONE ftgl-2.1.2-ttf_font.patch, 1.2, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mgrepl
Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv32693
Modified Files:
policy-20080710.patch selinux-policy.spec
Log Message:
- Allow hald to gettattr on all files
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.167
retrieving revision 1.168
diff -u -p -r1.167 -r1.168
--- policy-20080710.patch 15 May 2009 08:05:28 -0000 1.167
+++ policy-20080710.patch 22 May 2009 08:37:34 -0000 1.168
@@ -18090,7 +18090,7 @@ diff --exclude-from=exclude -N -u -r nsa
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.5.13/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/hal.te 2009-04-14 10:23:38.000000000 +0200
++++ serefpolicy-3.5.13/policy/modules/services/hal.te 2009-05-19 10:45:26.000000000 +0200
@@ -49,6 +49,15 @@
type hald_var_lib_t;
files_type(hald_var_lib_t)
@@ -18115,8 +18115,11 @@ diff --exclude-from=exclude -N -u -r nsa
kernel_read_system_state(hald_t)
kernel_read_network_state(hald_t)
-@@ -143,11 +153,16 @@
+@@ -141,13 +151,19 @@
+ # hal is now execing pm-suspend
+ files_create_boot_flag(hald_t)
files_getattr_all_dirs(hald_t)
++files_getattr_all_files(hald_t)
files_read_kernel_img(hald_t)
files_rw_lock_dirs(hald_t)
+files_read_generic_pids(hald_t)
@@ -18132,7 +18135,7 @@ diff --exclude-from=exclude -N -u -r nsa
files_getattr_all_mountpoints(hald_t)
mls_file_read_all_levels(hald_t)
-@@ -197,6 +212,7 @@
+@@ -197,6 +213,7 @@
seutil_read_file_contexts(hald_t)
sysnet_read_config(hald_t)
@@ -18140,7 +18143,7 @@ diff --exclude-from=exclude -N -u -r nsa
userdom_dontaudit_use_unpriv_user_fds(hald_t)
-@@ -280,6 +296,16 @@
+@@ -280,6 +297,16 @@
')
optional_policy(`
@@ -18157,7 +18160,7 @@ diff --exclude-from=exclude -N -u -r nsa
rpc_search_nfs_state_data(hald_t)
')
-@@ -300,12 +326,20 @@
+@@ -300,12 +327,20 @@
vbetool_domtrans(hald_t)
')
@@ -18179,7 +18182,7 @@ diff --exclude-from=exclude -N -u -r nsa
allow hald_acl_t self:process { getattr signal };
allow hald_acl_t self:fifo_file rw_fifo_file_perms;
-@@ -326,6 +360,7 @@
+@@ -326,6 +361,7 @@
dev_getattr_all_chr_files(hald_acl_t)
dev_setattr_all_chr_files(hald_acl_t)
dev_getattr_generic_usb_dev(hald_acl_t)
@@ -18187,7 +18190,7 @@ diff --exclude-from=exclude -N -u -r nsa
dev_getattr_video_dev(hald_acl_t)
dev_setattr_video_dev(hald_acl_t)
dev_getattr_sound_dev(hald_acl_t)
-@@ -338,19 +373,30 @@
+@@ -338,19 +374,30 @@
storage_getattr_removable_dev(hald_acl_t)
storage_setattr_removable_dev(hald_acl_t)
@@ -18218,7 +18221,7 @@ diff --exclude-from=exclude -N -u -r nsa
domtrans_pattern(hald_t, hald_mac_exec_t, hald_mac_t)
allow hald_t hald_mac_t:process signal;
allow hald_mac_t hald_t:unix_stream_socket connectto;
-@@ -359,6 +405,8 @@
+@@ -359,6 +406,8 @@
manage_files_pattern(hald_mac_t, hald_var_lib_t, hald_var_lib_t)
files_search_var_lib(hald_mac_t)
@@ -18227,7 +18230,7 @@ diff --exclude-from=exclude -N -u -r nsa
kernel_read_system_state(hald_mac_t)
dev_read_raw_memory(hald_mac_t)
-@@ -366,10 +414,15 @@
+@@ -366,10 +415,15 @@
dev_read_sysfs(hald_mac_t)
files_read_usr_files(hald_mac_t)
@@ -18243,7 +18246,7 @@ diff --exclude-from=exclude -N -u -r nsa
miscfiles_read_localization(hald_mac_t)
########################################
-@@ -388,6 +441,8 @@
+@@ -388,6 +442,8 @@
manage_files_pattern(hald_sonypic_t, hald_var_lib_t, hald_var_lib_t)
files_search_var_lib(hald_sonypic_t)
@@ -18252,7 +18255,7 @@ diff --exclude-from=exclude -N -u -r nsa
files_read_usr_files(hald_sonypic_t)
libs_use_ld_so(hald_sonypic_t)
-@@ -408,6 +463,8 @@
+@@ -408,6 +464,8 @@
manage_files_pattern(hald_keymap_t, hald_var_lib_t, hald_var_lib_t)
files_search_var_lib(hald_keymap_t)
@@ -18261,7 +18264,7 @@ diff --exclude-from=exclude -N -u -r nsa
dev_rw_input_dev(hald_keymap_t)
files_read_usr_files(hald_keymap_t)
-@@ -419,4 +476,53 @@
+@@ -419,4 +477,53 @@
# This is caused by a bug in hald and PolicyKit.
# Should be removed when this is fixed
@@ -25543,8 +25546,10 @@ diff --exclude-from=exclude -N -u -r nsa
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.5.13/policy/modules/services/pyzor.fc
--- nsaserefpolicy/policy/modules/services/pyzor.fc 2008-10-17 14:49:11.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/pyzor.fc 2009-02-10 15:07:15.000000000 +0100
-@@ -1,6 +1,8 @@
++++ serefpolicy-3.5.13/policy/modules/services/pyzor.fc 2009-05-21 14:36:40.000000000 +0200
+@@ -1,6 +1,10 @@
++/root/\.pyzor(/.*)? gen_context(system_u:object_r:spamc_home_t,s0)
++
/etc/pyzor(/.*)? gen_context(system_u:object_r:pyzor_etc_t, s0)
+/etc/rc\.d/init\.d/pyzord -- gen_context(system_u:object_r:pyzord_initrc_exec_t,s0)
@@ -28219,9 +28224,11 @@ diff --exclude-from=exclude -N -u -r nsa
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.5.13/policy/modules/services/spamassassin.fc
--- nsaserefpolicy/policy/modules/services/spamassassin.fc 2008-10-17 14:49:11.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/spamassassin.fc 2009-04-14 17:49:28.000000000 +0200
-@@ -1,16 +1,24 @@
++++ serefpolicy-3.5.13/policy/modules/services/spamassassin.fc 2009-05-21 14:36:57.000000000 +0200
+@@ -1,16 +1,26 @@
-HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:ROLE_spamassassin_home_t,s0)
++/root/\.spamassassin(/.*)? gen_context(system_u:object_r:spamc_home_t,s0)
++
+HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:spamc_home_t,s0)
+
+/etc/rc\.d/init\.d/spamd -- gen_context(system_u:object_r:spamd_initrc_exec_t,s0)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/selinux-policy.spec,v
retrieving revision 1.794
retrieving revision 1.795
diff -u -p -r1.794 -r1.795
--- selinux-policy.spec 15 May 2009 08:05:30 -0000 1.794
+++ selinux-policy.spec 22 May 2009 08:37:36 -0000 1.795
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.5.13
-Release: 60%{?dist}
+Release: 61%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -44,7 +44,7 @@ Source17: booleans-minimum.conf
Source18: setrans-minimum.conf
Source19: securetty_types-minimum
-Url: http://serefpolicy.sourceforge.net
+Url: http://oss.tresys.com/repos/refpolicy/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
BuildRequires: python gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils >= %{POLICYCOREUTILSVER} bzip2
@@ -462,6 +462,9 @@ exit 0
%endif
%changelog
+* Fri May 22 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-61
+- Allow hald to gettattr on all files
+
* Fri May 15 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-60
- Fixes for kpropd
- Add /usr/share/selinux/packages
- Previous message: rpms/wireshark/devel .cvsignore, 1.24, 1.25 sources, 1.24, 1.25 wireshark.spec, 1.51, 1.52
- Next message: rpms/ftgl/devel ftgl-2.1.3-rc5-ttf_font.patch, NONE, 1.1 import.log, NONE, 1.1 .cvsignore, 1.3, 1.4 ftgl.spec, 1.7, 1.8 sources, 1.3, 1.4 ftgl-2.1.2-Glyph-g++_41.patch, 1.1, NONE ftgl-2.1.2-destdir.patch, 1.1, NONE ftgl-2.1.2-pc_req.patch, 1.1, NONE ftgl-2.1.2-rpath_FTGLDemo.patch, 1.1, NONE ftgl-2.1.2-ttf_font.patch, 1.2, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list