rpms/selinux-policy/F-10 policy-20080710.patch, 1.167, 1.168 selinux-policy.spec, 1.794, 1.795

Miroslav Grepl mgrepl at fedoraproject.org
Fri May 22 08:37:37 UTC 2009 

Author: mgrepl

Update of /cvs/extras/rpms/selinux-policy/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv32693

Modified Files:
	policy-20080710.patch selinux-policy.spec 
Log Message:
- Allow hald to gettattr on all files



policy-20080710.patch:

Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/policy-20080710.patch,v
retrieving revision 1.167
retrieving revision 1.168
diff -u -p -r1.167 -r1.168
--- policy-20080710.patch	15 May 2009 08:05:28 -0000	1.167
+++ policy-20080710.patch	22 May 2009 08:37:34 -0000	1.168
@@ -18090,7 +18090,7 @@ diff --exclude-from=exclude -N -u -r nsa
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.5.13/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/hal.te	2009-04-14 10:23:38.000000000 +0200
++++ serefpolicy-3.5.13/policy/modules/services/hal.te	2009-05-19 10:45:26.000000000 +0200
 @@ -49,6 +49,15 @@
  type hald_var_lib_t;
  files_type(hald_var_lib_t)
@@ -18115,8 +18115,11 @@ diff --exclude-from=exclude -N -u -r nsa
  
  kernel_read_system_state(hald_t)
  kernel_read_network_state(hald_t)
-@@ -143,11 +153,16 @@
+@@ -141,13 +151,19 @@
+ # hal is now execing pm-suspend
+ files_create_boot_flag(hald_t)
  files_getattr_all_dirs(hald_t)
++files_getattr_all_files(hald_t)
  files_read_kernel_img(hald_t)
  files_rw_lock_dirs(hald_t)
 +files_read_generic_pids(hald_t)
@@ -18132,7 +18135,7 @@ diff --exclude-from=exclude -N -u -r nsa
  files_getattr_all_mountpoints(hald_t)
  
  mls_file_read_all_levels(hald_t)
-@@ -197,6 +212,7 @@
+@@ -197,6 +213,7 @@
  seutil_read_file_contexts(hald_t)
  
  sysnet_read_config(hald_t)
@@ -18140,7 +18143,7 @@ diff --exclude-from=exclude -N -u -r nsa
  
  userdom_dontaudit_use_unpriv_user_fds(hald_t)
  
-@@ -280,6 +296,16 @@
+@@ -280,6 +297,16 @@
  ')
  
  optional_policy(`
@@ -18157,7 +18160,7 @@ diff --exclude-from=exclude -N -u -r nsa
  	rpc_search_nfs_state_data(hald_t)
  ')
  
-@@ -300,12 +326,20 @@
+@@ -300,12 +327,20 @@
  	vbetool_domtrans(hald_t)
  ')
  
@@ -18179,7 +18182,7 @@ diff --exclude-from=exclude -N -u -r nsa
  allow hald_acl_t self:process { getattr signal };
  allow hald_acl_t self:fifo_file rw_fifo_file_perms;
  
-@@ -326,6 +360,7 @@
+@@ -326,6 +361,7 @@
  dev_getattr_all_chr_files(hald_acl_t)
  dev_setattr_all_chr_files(hald_acl_t)
  dev_getattr_generic_usb_dev(hald_acl_t)
@@ -18187,7 +18190,7 @@ diff --exclude-from=exclude -N -u -r nsa
  dev_getattr_video_dev(hald_acl_t)
  dev_setattr_video_dev(hald_acl_t)
  dev_getattr_sound_dev(hald_acl_t)
-@@ -338,19 +373,30 @@
+@@ -338,19 +374,30 @@
  
  storage_getattr_removable_dev(hald_acl_t)
  storage_setattr_removable_dev(hald_acl_t)
@@ -18218,7 +18221,7 @@ diff --exclude-from=exclude -N -u -r nsa
  domtrans_pattern(hald_t, hald_mac_exec_t, hald_mac_t)
  allow hald_t hald_mac_t:process signal;
  allow hald_mac_t hald_t:unix_stream_socket connectto;
-@@ -359,6 +405,8 @@
+@@ -359,6 +406,8 @@
  manage_files_pattern(hald_mac_t, hald_var_lib_t, hald_var_lib_t)
  files_search_var_lib(hald_mac_t)
  
@@ -18227,7 +18230,7 @@ diff --exclude-from=exclude -N -u -r nsa
  kernel_read_system_state(hald_mac_t)
  
  dev_read_raw_memory(hald_mac_t)
-@@ -366,10 +414,15 @@
+@@ -366,10 +415,15 @@
  dev_read_sysfs(hald_mac_t)
  
  files_read_usr_files(hald_mac_t)
@@ -18243,7 +18246,7 @@ diff --exclude-from=exclude -N -u -r nsa
  miscfiles_read_localization(hald_mac_t)
  
  ########################################
-@@ -388,6 +441,8 @@
+@@ -388,6 +442,8 @@
  manage_files_pattern(hald_sonypic_t, hald_var_lib_t, hald_var_lib_t)
  files_search_var_lib(hald_sonypic_t)
  
@@ -18252,7 +18255,7 @@ diff --exclude-from=exclude -N -u -r nsa
  files_read_usr_files(hald_sonypic_t)
  
  libs_use_ld_so(hald_sonypic_t)
-@@ -408,6 +463,8 @@
+@@ -408,6 +464,8 @@
  manage_files_pattern(hald_keymap_t, hald_var_lib_t, hald_var_lib_t)
  files_search_var_lib(hald_keymap_t)
  
@@ -18261,7 +18264,7 @@ diff --exclude-from=exclude -N -u -r nsa
  dev_rw_input_dev(hald_keymap_t)
  
  files_read_usr_files(hald_keymap_t)
-@@ -419,4 +476,53 @@
+@@ -419,4 +477,53 @@
  
  # This is caused by a bug in hald and PolicyKit.  
  # Should be removed when this is fixed
@@ -25543,8 +25546,10 @@ diff --exclude-from=exclude -N -u -r nsa
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.5.13/policy/modules/services/pyzor.fc
 --- nsaserefpolicy/policy/modules/services/pyzor.fc	2008-10-17 14:49:11.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/pyzor.fc	2009-02-10 15:07:15.000000000 +0100
-@@ -1,6 +1,8 @@
++++ serefpolicy-3.5.13/policy/modules/services/pyzor.fc	2009-05-21 14:36:40.000000000 +0200
+@@ -1,6 +1,10 @@
++/root/\.pyzor(/.*)?            gen_context(system_u:object_r:spamc_home_t,s0)
++
  /etc/pyzor(/.*)?		gen_context(system_u:object_r:pyzor_etc_t, s0)
 +/etc/rc\.d/init\.d/pyzord	--	gen_context(system_u:object_r:pyzord_initrc_exec_t,s0)
  
@@ -28219,9 +28224,11 @@ diff --exclude-from=exclude -N -u -r nsa
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.5.13/policy/modules/services/spamassassin.fc
 --- nsaserefpolicy/policy/modules/services/spamassassin.fc	2008-10-17 14:49:11.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/services/spamassassin.fc	2009-04-14 17:49:28.000000000 +0200
-@@ -1,16 +1,24 @@
++++ serefpolicy-3.5.13/policy/modules/services/spamassassin.fc	2009-05-21 14:36:57.000000000 +0200
+@@ -1,16 +1,26 @@
 -HOME_DIR/\.spamassassin(/.*)?	gen_context(system_u:object_r:ROLE_spamassassin_home_t,s0)
++/root/\.spamassassin(/.*)?     gen_context(system_u:object_r:spamc_home_t,s0)
++
 +HOME_DIR/\.spamassassin(/.*)?	gen_context(system_u:object_r:spamc_home_t,s0)
 +
 +/etc/rc\.d/init\.d/spamd	--	gen_context(system_u:object_r:spamd_initrc_exec_t,s0)


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-10/selinux-policy.spec,v
retrieving revision 1.794
retrieving revision 1.795
diff -u -p -r1.794 -r1.795
--- selinux-policy.spec	15 May 2009 08:05:30 -0000	1.794
+++ selinux-policy.spec	22 May 2009 08:37:36 -0000	1.795
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.5.13
-Release: 60%{?dist}
+Release: 61%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -44,7 +44,7 @@ Source17: booleans-minimum.conf
 Source18: setrans-minimum.conf
 Source19: securetty_types-minimum
 
-Url: http://serefpolicy.sourceforge.net
+Url: http://oss.tresys.com/repos/refpolicy/
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildArch: noarch
 BuildRequires: python gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils >= %{POLICYCOREUTILSVER} bzip2
@@ -462,6 +462,9 @@ exit 0
 %endif
 
 %changelog
+* Fri May 22 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-61
+- Allow hald to gettattr on all files
+
 * Fri May 15 2009 Miroslav Grepl <mgrepl at redhat.com> 3.5.13-60
 - Fixes for kpropd
 - Add /usr/share/selinux/packages

More information about the scm-commits mailing list