rpms/gcl/F-11 gcl-2.6.8-selinux.patch,1.2,1.3 gcl.spec,1.37,1.38
Jerry James
jjames at fedoraproject.org
Tue Oct 20 22:11:47 UTC 2009
- Previous message: rpms/tellico/F-11 .cvsignore, 1.17, 1.18 sources, 1.17, 1.18 tellico.spec, 1.35, 1.36 tellico-1.3.5-gcc44.patch, 1.1, NONE
- Next message: rpms/gcl/F-12 gcl-2.6.8-plt.patch, 1.1, 1.2 gcl-2.6.8-selinux.patch, 1.2, 1.3 gcl.spec, 1.40, 1.41
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jjames
Update of /cvs/pkgs/rpms/gcl/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv6958/F-11
Modified Files:
gcl-2.6.8-selinux.patch gcl.spec
Log Message:
* Tue Oct 20 2009 Jerry James <loganjerry at gmail.com> - 2.6.8-0.6.20090701cvs
- Update SELinux policy for confined users (bz 529757)
gcl-2.6.8-selinux.patch:
clcs/makefile | 6 ++
makefile | 3 +
selinux/gcl.fc | 5 +
selinux/gcl.if | 146 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
selinux/gcl.te | 45 ++++++++++++++++
unixport/makefile | 6 ++
6 files changed, 211 insertions(+)
Index: gcl-2.6.8-selinux.patch
===================================================================
RCS file: /cvs/pkgs/rpms/gcl/F-11/gcl-2.6.8-selinux.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -p -r1.2 -r1.3
--- gcl-2.6.8-selinux.patch 13 Oct 2009 15:37:48 -0000 1.2
+++ gcl-2.6.8-selinux.patch 20 Oct 2009 22:11:46 -0000 1.3
@@ -1,6 +1,6 @@
diff -durN gcl-2.6.8.ORIG/clcs/makefile gcl-2.6.8/clcs/makefile
--- gcl-2.6.8.ORIG/clcs/makefile 2005-05-06 15:56:55.000000000 -0600
-+++ gcl-2.6.8/clcs/makefile 2009-10-13 09:12:33.455633583 -0600
++++ gcl-2.6.8/clcs/makefile 2009-10-20 16:00:21.608387999 -0600
@@ -9,6 +9,9 @@
saved_clcs_gcl: ../unixport/saved_pcl_gcl
@@ -23,7 +23,7 @@ diff -durN gcl-2.6.8.ORIG/clcs/makefile
rm -f *.o *.fn saved_full_gcl$(EXE) saved_full_gcl cmpinclude.h *.c *.h *.data saved_clcs_gcl
diff -durN gcl-2.6.8.ORIG/makefile gcl-2.6.8/makefile
--- gcl-2.6.8.ORIG/makefile 2007-11-30 09:59:33.000000000 -0700
-+++ gcl-2.6.8/makefile 2009-10-13 09:12:33.456633051 -0600
++++ gcl-2.6.8/makefile 2009-10-20 16:00:21.609347326 -0600
@@ -187,6 +187,9 @@
if gcc --version | grep -i mingw >/dev/null 2>&1 ; then if grep -i oncrpc makedefs >/dev/null 2>&1 ; then cp /mingw/bin/oncrpc.dll $(DESTDIR)$(INSTALL_LIB_DIR)/$(PORTDIR); fi ; fi
cd $(DESTDIR)$(INSTALL_LIB_DIR)/$(PORTDIR) && \
@@ -36,16 +36,16 @@ diff -durN gcl-2.6.8.ORIG/makefile gcl-2
if [ -e "unixport/rsym$(EXE)" ] ; then cp unixport/rsym$(EXE) $(DESTDIR)$(INSTALL_LIB_DIR)/unixport/ ; fi
diff -durN gcl-2.6.8.ORIG/selinux/gcl.fc gcl-2.6.8/selinux/gcl.fc
--- gcl-2.6.8.ORIG/selinux/gcl.fc 1969-12-31 17:00:00.000000000 -0700
-+++ gcl-2.6.8/selinux/gcl.fc 2009-10-13 09:12:33.462625115 -0600
++++ gcl-2.6.8/selinux/gcl.fc 2009-10-20 16:00:52.173119081 -0600
@@ -0,0 +1,5 @@
+/usr/lib64/gcl-[^/]+/unixport/saved_.* -- gen_context(system_u:object_r:gcl_exec_t,s0)
+/usr/lib/gcl-[^/]+/unixport/saved_.* -- gen_context(system_u:object_r:gcl_exec_t,s0)
-+/usr/lib/maxima/[^/]+/binary-gcl -- gen_context(system_u:object:r:gcl_exec_t,s0)
-+/usr/lib64/maxima/[^/]+/binary-gcl -- gen_context(system_u:object:r:gcl_exec_t,s0)
++/usr/lib/maxima/[^/]+/binary-gcl -- gen_context(system_u:object_r:gcl_exec_t,s0)
++/usr/lib64/maxima/[^/]+/binary-gcl -- gen_context(system_u:object_r:gcl_exec_t,s0)
+
diff -durN gcl-2.6.8.ORIG/selinux/gcl.if gcl-2.6.8/selinux/gcl.if
--- gcl-2.6.8.ORIG/selinux/gcl.if 1969-12-31 17:00:00.000000000 -0700
-+++ gcl-2.6.8/selinux/gcl.if 2009-10-13 09:12:33.463716289 -0600
++++ gcl-2.6.8/selinux/gcl.if 2009-10-20 16:00:21.622010253 -0600
@@ -0,0 +1,146 @@
+
+## <summary>policy for gcl</summary>
@@ -195,9 +195,9 @@ diff -durN gcl-2.6.8.ORIG/selinux/gcl.if
+')
diff -durN gcl-2.6.8.ORIG/selinux/gcl.te gcl-2.6.8/selinux/gcl.te
--- gcl-2.6.8.ORIG/selinux/gcl.te 1969-12-31 17:00:00.000000000 -0700
-+++ gcl-2.6.8/selinux/gcl.te 2009-10-13 09:14:37.562683865 -0600
-@@ -0,0 +1,50 @@
-+policy_module(gcl,1.0.0)
++++ gcl-2.6.8/selinux/gcl.te 2009-10-20 15:52:31.702057692 -0600
+@@ -0,0 +1,45 @@
++policy_module(gcl,1.0.1)
+
+########################################
+#
@@ -225,31 +225,26 @@ diff -durN gcl-2.6.8.ORIG/selinux/gcl.te
+
+## The GCL memory management and executable dumping routines manipulate memory
+## in various (usually forbidden) ways.
-+allow gcl_t self:memprotect mmap_zero;
+allow gcl_t self:process { execmem execheap };
+
-+unconfined_domain(gcl_t)
++optional_policy(`
++ unconfined_domain(gcl_t)
++')
+
+optional_policy(`
+ gen_require(`
+ type unconfined_t;
+ type unconfined_devpts_t;
-+ type unconfined_execmem_t; # Remove this later; see below
+ type unconfined_tty_device_t;
+ role unconfined_r;
+ ')
+
+ gcl_run(unconfined_t, unconfined_r, { unconfined_tty_device_t unconfined_devpts_t })
+ allow gcl_t gcl_exec_t:file execmod;
-+
-+ # Some versions of selinux-policy-targeted, released between November
-+ # 2008 and early January 2009, give /usr/bin/gcl type execmem_exec_t.
-+ # Remove this once those versions are dead and buried.
-+ allow unconfined_execmem_t gcl_exec_t:file execmod;
+')
diff -durN gcl-2.6.8.ORIG/unixport/makefile gcl-2.6.8/unixport/makefile
--- gcl-2.6.8.ORIG/unixport/makefile 2006-08-23 12:14:22.000000000 -0600
-+++ gcl-2.6.8/unixport/makefile 2009-10-13 09:12:33.465652023 -0600
++++ gcl-2.6.8/unixport/makefile 2009-10-20 16:00:21.622998021 -0600
@@ -118,6 +118,9 @@
cp init_$*.lsp foo
echo " (in-package \"USER\")(system:save-system \"$@\")" >>foo
Index: gcl.spec
===================================================================
RCS file: /cvs/pkgs/rpms/gcl/F-11/gcl.spec,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -p -r1.37 -r1.38
--- gcl.spec 13 Oct 2009 15:37:48 -0000 1.37
+++ gcl.spec 20 Oct 2009 22:11:46 -0000 1.38
@@ -28,7 +28,7 @@
Name: gcl
Version: 2.6.8
-Release: 0.3.%{alphatag}%{?dist}
+Release: 0.4.%{alphatag}%{?dist}
Summary: GNU Common Lisp
Group: Development/Languages
@@ -364,6 +364,9 @@ fi
%changelog
+* Tue Oct 20 2009 Jerry James <loganjerry at gmail.com> - 2.6.8-0.6.20090701cvs
+- Update SELinux policy for confined users (bz 529757)
+
* Tue Oct 13 2009 Jerry James <loganjerry at gmail.com> - 2.6.8-0.3.20090701cvs
- Update SELinux files to give compiled maxima files the right context
- Update to 20090701 CVS snapshot, fixes bz 511483
- Previous message: rpms/tellico/F-11 .cvsignore, 1.17, 1.18 sources, 1.17, 1.18 tellico.spec, 1.35, 1.36 tellico-1.3.5-gcc44.patch, 1.1, NONE
- Next message: rpms/gcl/F-12 gcl-2.6.8-plt.patch, 1.1, 1.2 gcl-2.6.8-selinux.patch, 1.2, 1.3 gcl.spec, 1.40, 1.41
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list