rpms/selinux-policy/F-12 policy-20100106.patch, 1.4, 1.5 selinux-policy.spec, 1.993, 1.994
Miroslav Grepl
mgrepl at fedoraproject.org
Mon Jan 11 16:00:57 UTC 2010
- Previous message: rpms/system-config-printer/F-11 system-config-printer-copy-crash.patch, NONE, 1.1 system-config-printer.spec, 1.329, 1.330
- Next message: rpms/perl-HTML-FormFu/devel .cvsignore, 1.8, 1.9 perl-HTML-FormFu.spec, 1.13, 1.14 sources, 1.8, 1.9
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mgrepl
Update of /cvs/extras/rpms/selinux-policy/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv4676
Modified Files:
policy-20100106.patch selinux-policy.spec
Log Message:
- Fixes for iscsid
- Allow openvpn to bind to http port
- Add wine_mmap_zero_ignore boolean
policy-20100106.patch:
apps/sandbox.if | 46 ++++++++++++++++++++++++++++++++++++++++------
apps/sandbox.te | 29 +++++++++++++++++------------
apps/wine.if | 4 ++++
apps/wine.te | 14 ++++++++++++++
kernel/devices.fc | 2 ++
kernel/devices.if | 18 ++++++++++++++++++
kernel/devices.te | 6 ++++++
services/abrt.te | 1 +
services/apache.if | 3 +++
services/apcupsd.te | 2 +-
services/cups.te | 1 +
services/dovecot.te | 6 ++++++
services/fail2ban.if | 18 ++++++++++++++++++
services/nagios.fc | 40 ++++++++++++++++++++++++++++++++++++++--
services/nagios.te | 3 +++
services/openvpn.te | 1 +
services/postfix.te | 5 ++++-
services/samba.te | 5 +++++
services/sendmail.te | 2 ++
services/snmp.te | 2 +-
services/spamassassin.if | 18 ++++++++++++++++++
services/sssd.if | 19 +++++++++++++++++++
services/virt.te | 4 +++-
services/xserver.fc | 4 ++++
services/xserver.te | 2 ++
system/iscsi.fc | 2 ++
system/iscsi.te | 4 ++++
system/libraries.fc | 6 ++++++
system/miscfiles.if | 19 +++++++++++++++++++
system/mount.te | 1 +
system/unconfined.if | 2 ++
system/userdomain.fc | 1 +
system/userdomain.if | 18 ++++++++++++++++++
system/xen.te | 6 ++++++
34 files changed, 290 insertions(+), 24 deletions(-)
Index: policy-20100106.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-12/policy-20100106.patch,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -p -r1.4 -r1.5
--- policy-20100106.patch 11 Jan 2010 13:10:26 -0000 1.4
+++ policy-20100106.patch 11 Jan 2010 16:00:57 -0000 1.5
@@ -175,6 +175,51 @@ diff -b -B --ignore-all-space --exclude-
dbus_system_bus_client(sandbox_net_client_t)
dbus_read_config(sandbox_net_client_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-3.6.32/policy/modules/apps/wine.if
+--- nsaserefpolicy/policy/modules/apps/wine.if 2010-01-06 11:05:50.000000000 +0100
++++ serefpolicy-3.6.32/policy/modules/apps/wine.if 2010-01-11 16:01:58.000000000 +0100
+@@ -143,6 +143,10 @@
+ userdom_unpriv_usertype($1, $1_wine_t)
+ userdom_manage_tmpfs_role($2, $1_wine_t)
+
++ tunable_policy(`wine_mmap_zero_ignore',`
++ allow $1_wine_t self:memprotect mmap_zero;
++ ')
++
+ domain_mmap_low_type($1_wine_t)
+ tunable_policy(`mmap_low_allowed',`
+ domain_mmap_low($1_wine_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-3.6.32/policy/modules/apps/wine.te
+--- nsaserefpolicy/policy/modules/apps/wine.te 2010-01-06 11:05:50.000000000 +0100
++++ serefpolicy-3.6.32/policy/modules/apps/wine.te 2010-01-11 16:01:03.000000000 +0100
+@@ -6,6 +6,15 @@
+ # Declarations
+ #
+
++## <desc>
++## <p>
++## Ignore wine mmap_zero errors
++## </p>
++## </desc>
++#
++gen_tunable(wine_mmap_zero_ignore, false)
++
++
+ type wine_t;
+ type wine_exec_t;
+ application_domain(wine_t, wine_exec_t)
+@@ -29,6 +38,11 @@
+ manage_files_pattern(wine_t, wine_tmp_t, wine_tmp_t)
+ files_tmp_filetrans(wine_t, wine_tmp_t,{ file dir })
+
++tunable_policy(`wine_mmap_zero_ignore',`
++ allow wine_t self:memprotect mmap_zero;
++')
++
++
+ domain_mmap_low_type(wine_t)
+ tunable_policy(`mmap_low_allowed',`
+ domain_mmap_low(wine_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.6.32/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2010-01-06 11:05:50.000000000 +0100
+++ serefpolicy-3.6.32/policy/modules/kernel/devices.fc 2010-01-09 20:39:30.000000000 +0100
@@ -418,6 +463,17 @@ diff -b -B --ignore-all-space --exclude-
dev_read_sysfs(nagios_t)
dev_read_urand(nagios_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.6.32/policy/modules/services/openvpn.te
+--- nsaserefpolicy/policy/modules/services/openvpn.te 2010-01-06 11:05:50.000000000 +0100
++++ serefpolicy-3.6.32/policy/modules/services/openvpn.te 2010-01-11 15:49:03.000000000 +0100
+@@ -85,6 +85,7 @@
+ corenet_udp_bind_generic_node(openvpn_t)
+ corenet_tcp_bind_openvpn_port(openvpn_t)
+ corenet_udp_bind_openvpn_port(openvpn_t)
++corenet_tcp_bind_http_port(openvpn_t)
+ corenet_tcp_connect_openvpn_port(openvpn_t)
+ corenet_tcp_connect_http_port(openvpn_t)
+ corenet_tcp_connect_http_cache_port(openvpn_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.6.32/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2010-01-06 11:05:50.000000000 +0100
+++ serefpolicy-3.6.32/policy/modules/services/postfix.te 2010-01-08 20:27:51.000000000 +0100
@@ -703,6 +759,17 @@ diff -b -B --ignore-all-space --exclude-
+ allow $1 fonts_cache_t:dir setattr;
+')
+
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.6.32/policy/modules/system/mount.te
+--- nsaserefpolicy/policy/modules/system/mount.te 2010-01-06 11:05:51.000000000 +0100
++++ serefpolicy-3.6.32/policy/modules/system/mount.te 2010-01-11 15:53:37.000000000 +0100
+@@ -181,6 +181,7 @@
+ auth_read_all_dirs_except_shadow(mount_t)
+ auth_read_all_files_except_shadow(mount_t)
+ files_mounton_non_security(mount_t)
++ files_rw_all_inherited_files(mount_t)
+ ')
+
+ optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.6.32/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2010-01-06 11:05:51.000000000 +0100
+++ serefpolicy-3.6.32/policy/modules/system/unconfined.if 2010-01-08 16:35:49.000000000 +0100
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-12/selinux-policy.spec,v
retrieving revision 1.993
retrieving revision 1.994
diff -u -p -r1.993 -r1.994
--- selinux-policy.spec 11 Jan 2010 11:43:43 -0000 1.993
+++ selinux-policy.spec 11 Jan 2010 16:00:57 -0000 1.994
@@ -453,6 +453,8 @@ exit 0
%changelog
* Mon Jan 11 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.32-69
- Fixes for iscsid
+- Allow openvpn to bind to http port
+- Add wine_mmap_zero_ignore boolean
* Fri Jan 8 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.32-68
- Fixes for xenconsoled
- Previous message: rpms/system-config-printer/F-11 system-config-printer-copy-crash.patch, NONE, 1.1 system-config-printer.spec, 1.329, 1.330
- Next message: rpms/perl-HTML-FormFu/devel .cvsignore, 1.8, 1.9 perl-HTML-FormFu.spec, 1.13, 1.14 sources, 1.8, 1.9
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list