rpms/selinux-policy/F-13 booleans-targeted.conf, 1.57, 1.58 policy-F13.patch, 1.77, 1.78 selinux-policy.spec, 1.985, 1.986
Daniel J Walsh
dwalsh at fedoraproject.org
Sat Mar 13 15:34:21 UTC 2010
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-13
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29575
Modified Files:
booleans-targeted.conf policy-F13.patch selinux-policy.spec
Log Message:
* Sat Mar 13 2010 Dan Walsh <dwalsh at redhat.com> 3.7.14-3
- Add device_t as a file system
- Fix sysfs association
Index: booleans-targeted.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-13/booleans-targeted.conf,v
retrieving revision 1.57
retrieving revision 1.58
diff -u -p -r1.57 -r1.58
--- booleans-targeted.conf 24 Feb 2010 22:02:46 -0000 1.57
+++ booleans-targeted.conf 13 Mar 2010 15:34:19 -0000 1.58
@@ -72,7 +72,7 @@ httpd_can_network_connect_db = false
#
# allow httpd to send dbus messages to avahi
-httpd_dbus_avahi = false
+httpd_dbus_avahi = true
#
# allow httpd to network relay
@@ -140,7 +140,7 @@ samba_enable_home_dirs = false
# Allow squid to connect to all ports, not justHTTP, FTP, and Gopher ports.
#
-squid_connect_any = true
+squid_connect_any = false
# Allow privoxy to connect to all ports, not justHTTP, FTP, and Gopher ports.
#
@@ -258,3 +258,11 @@ init_upstart = true
# Allow mount to mount any file/dir
#
allow_mount_anyfile = true
+
+# Allow confined domains to communicate with ncsd via shared memory
+#
+nscd_use_shm = true
+
+# Allow fenced domain to connect to the network using TCP.
+#
+fenced_can_network_connect=false
policy-F13.patch:
Makefile | 2
policy/global_tunables | 24
policy/modules/admin/acct.te | 1
policy/modules/admin/alsa.te | 2
policy/modules/admin/anaconda.te | 3
policy/modules/admin/brctl.te | 2
policy/modules/admin/certwatch.te | 2
policy/modules/admin/consoletype.if | 3
policy/modules/admin/consoletype.te | 1
policy/modules/admin/firstboot.te | 6
policy/modules/admin/kismet.te | 1
policy/modules/admin/logrotate.te | 38
policy/modules/admin/mcelog.fc | 2
policy/modules/admin/mcelog.if | 21
policy/modules/admin/mcelog.te | 32
policy/modules/admin/mrtg.te | 1
policy/modules/admin/netutils.fc | 1
policy/modules/admin/netutils.te | 20
policy/modules/admin/prelink.fc | 1
policy/modules/admin/prelink.if | 23
policy/modules/admin/prelink.te | 79 +
policy/modules/admin/quota.te | 1
policy/modules/admin/readahead.te | 3
policy/modules/admin/rpm.fc | 21
policy/modules/admin/rpm.if | 387 +++++++
policy/modules/admin/rpm.te | 104 +
policy/modules/admin/shorewall.te | 2
policy/modules/admin/shutdown.fc | 5
policy/modules/admin/shutdown.if | 118 ++
policy/modules/admin/shutdown.te | 57 +
policy/modules/admin/smoltclient.fc | 4
policy/modules/admin/smoltclient.if | 1
policy/modules/admin/smoltclient.te | 66 +
policy/modules/admin/su.if | 8
policy/modules/admin/sudo.if | 9
policy/modules/admin/tmpreaper.te | 18
policy/modules/admin/usermanage.if | 20
policy/modules/admin/usermanage.te | 18
policy/modules/admin/vbetool.te | 6
policy/modules/admin/vpn.te | 8
policy/modules/apps/chrome.fc | 2
policy/modules/apps/chrome.if | 90 +
policy/modules/apps/chrome.te | 81 +
policy/modules/apps/cpufreqselector.te | 2
policy/modules/apps/execmem.fc | 45
policy/modules/apps/execmem.if | 116 ++
policy/modules/apps/execmem.te | 11
policy/modules/apps/firewallgui.fc | 3
policy/modules/apps/firewallgui.if | 23
policy/modules/apps/firewallgui.te | 66 +
policy/modules/apps/gitosis.if | 44
policy/modules/apps/gnome.fc | 24
policy/modules/apps/gnome.if | 242 ++++
policy/modules/apps/gnome.te | 116 ++
policy/modules/apps/gpg.fc | 1
policy/modules/apps/gpg.if | 5
policy/modules/apps/gpg.te | 14
policy/modules/apps/java.fc | 7
policy/modules/apps/java.if | 4
policy/modules/apps/java.te | 8
policy/modules/apps/kdumpgui.fc | 2
policy/modules/apps/kdumpgui.if | 2
policy/modules/apps/kdumpgui.te | 68 +
policy/modules/apps/livecd.fc | 2
policy/modules/apps/livecd.if | 52
policy/modules/apps/livecd.te | 27
policy/modules/apps/loadkeys.if | 3
policy/modules/apps/loadkeys.te | 6
policy/modules/apps/mono.if | 2
policy/modules/apps/mozilla.fc | 2
policy/modules/apps/mozilla.if | 62 +
policy/modules/apps/mozilla.te | 22
policy/modules/apps/mplayer.if | 36
policy/modules/apps/nsplugin.fc | 10
policy/modules/apps/nsplugin.if | 390 +++++++
policy/modules/apps/nsplugin.te | 295 +++++
policy/modules/apps/openoffice.fc | 3
policy/modules/apps/openoffice.if | 129 ++
policy/modules/apps/openoffice.te | 17
policy/modules/apps/podsleuth.te | 3
policy/modules/apps/ptchown.if | 24
policy/modules/apps/ptchown.te | 1
policy/modules/apps/pulseaudio.fc | 8
policy/modules/apps/pulseaudio.if | 72 +
policy/modules/apps/pulseaudio.te | 44
policy/modules/apps/qemu.if | 64 +
policy/modules/apps/qemu.te | 9
policy/modules/apps/sambagui.fc | 1
policy/modules/apps/sambagui.if | 2
policy/modules/apps/sambagui.te | 66 +
policy/modules/apps/sandbox.fc | 1
policy/modules/apps/sandbox.if | 250 ++++
policy/modules/apps/sandbox.te | 365 ++++++
policy/modules/apps/screen.if | 1
policy/modules/apps/seunshare.if | 78 -
policy/modules/apps/seunshare.te | 35
policy/modules/apps/slocate.te | 2
policy/modules/apps/userhelper.fc | 1
policy/modules/apps/userhelper.if | 48
policy/modules/apps/userhelper.te | 42
policy/modules/apps/vmware.if | 19
policy/modules/apps/vmware.te | 10
policy/modules/apps/wine.if | 11
policy/modules/apps/wine.te | 16
policy/modules/apps/wm.if | 16
policy/modules/kernel/corecommands.fc | 21
policy/modules/kernel/corecommands.if | 2
policy/modules/kernel/corenetwork.te.in | 20
policy/modules/kernel/devices.fc | 1
policy/modules/kernel/devices.if | 72 +
policy/modules/kernel/devices.te | 11
policy/modules/kernel/domain.if | 164 +++
policy/modules/kernel/domain.te | 108 ++
policy/modules/kernel/files.fc | 15
policy/modules/kernel/files.if | 579 ++++++++++
policy/modules/kernel/files.te | 11
policy/modules/kernel/filesystem.if | 26
policy/modules/kernel/filesystem.te | 2
policy/modules/kernel/kernel.if | 94 +
policy/modules/kernel/kernel.te | 26
policy/modules/kernel/selinux.if | 25
policy/modules/kernel/terminal.if | 10
policy/modules/roles/auditadm.te | 2
policy/modules/roles/guest.te | 6
policy/modules/roles/staff.te | 103 +
policy/modules/roles/sysadm.te | 96 +
policy/modules/roles/unconfineduser.fc | 10
policy/modules/roles/unconfineduser.if | 667 ++++++++++++
policy/modules/roles/unconfineduser.te | 417 +++++++
policy/modules/roles/unprivuser.te | 21
policy/modules/roles/xguest.te | 72 +
policy/modules/services/abrt.fc | 8
policy/modules/services/abrt.if | 143 ++
policy/modules/services/abrt.te | 140 ++
policy/modules/services/afs.if | 2
policy/modules/services/afs.te | 6
policy/modules/services/aiccu.fc | 5
policy/modules/services/aiccu.if | 119 ++
policy/modules/services/aiccu.te | 41
policy/modules/services/aisexec.fc | 10
policy/modules/services/aisexec.if | 106 ++
policy/modules/services/aisexec.te | 115 ++
policy/modules/services/amavis.if | 23
policy/modules/services/amavis.te | 4
policy/modules/services/apache.fc | 62 +
policy/modules/services/apache.if | 492 ++++++---
policy/modules/services/apache.te | 500 ++++++++-
policy/modules/services/apcupsd.te | 4
policy/modules/services/arpwatch.te | 4
policy/modules/services/asterisk.if | 19
policy/modules/services/asterisk.te | 43
policy/modules/services/avahi.fc | 2
policy/modules/services/avahi.te | 13
policy/modules/services/bind.if | 23
policy/modules/services/bind.te | 4
policy/modules/services/bluetooth.te | 3
policy/modules/services/boinc.fc | 6
policy/modules/services/boinc.if | 151 ++
policy/modules/services/boinc.te | 73 +
policy/modules/services/cachefilesd.fc | 28
policy/modules/services/cachefilesd.if | 41
policy/modules/services/cachefilesd.te | 146 ++
policy/modules/services/ccs.te | 5
policy/modules/services/certmaster.fc | 1
policy/modules/services/certmonger.fc | 6
policy/modules/services/certmonger.if | 217 ++++
policy/modules/services/certmonger.te | 74 +
policy/modules/services/cgroup.fc | 7
policy/modules/services/cgroup.if | 35
policy/modules/services/cgroup.te | 87 +
policy/modules/services/chronyd.fc | 2
policy/modules/services/chronyd.if | 4
policy/modules/services/chronyd.te | 19
policy/modules/services/clamav.te | 5
policy/modules/services/clogd.fc | 4
policy/modules/services/clogd.if | 82 +
policy/modules/services/clogd.te | 65 +
policy/modules/services/cobbler.if | 4
policy/modules/services/cobbler.te | 12
policy/modules/services/consolekit.fc | 3
policy/modules/services/consolekit.if | 39
policy/modules/services/consolekit.te | 35
policy/modules/services/corosync.fc | 14
policy/modules/services/corosync.if | 108 ++
policy/modules/services/corosync.te | 115 ++
policy/modules/services/cron.fc | 6
policy/modules/services/cron.if | 76 +
policy/modules/services/cron.te | 92 +
policy/modules/services/cups.fc | 14
policy/modules/services/cups.te | 65 +
policy/modules/services/cvs.te | 2
policy/modules/services/cyrus.te | 2
policy/modules/services/dbus.if | 56 -
policy/modules/services/dbus.te | 31
policy/modules/services/dcc.te | 2
policy/modules/services/denyhosts.fc | 7
policy/modules/services/denyhosts.if | 90 +
policy/modules/services/denyhosts.te | 72 +
policy/modules/services/devicekit.fc | 6
policy/modules/services/devicekit.if | 22
policy/modules/services/devicekit.te | 88 +
policy/modules/services/dhcp.te | 4
policy/modules/services/djbdns.if | 38
policy/modules/services/djbdns.te | 8
policy/modules/services/dnsmasq.fc | 2
policy/modules/services/dnsmasq.if | 4
policy/modules/services/dnsmasq.te | 22
policy/modules/services/dovecot.fc | 1
policy/modules/services/dovecot.te | 34
policy/modules/services/fail2ban.if | 58 +
policy/modules/services/fetchmail.te | 1
policy/modules/services/fprintd.te | 2
policy/modules/services/ftp.fc | 2
policy/modules/services/ftp.if | 38
policy/modules/services/ftp.te | 179 +++
policy/modules/services/git.fc | 19
policy/modules/services/git.if | 536 ++++++++++
policy/modules/services/git.te | 179 +++
policy/modules/services/gpsd.te | 2
policy/modules/services/hal.te | 33
policy/modules/services/howl.te | 2
policy/modules/services/icecast.fc | 7
policy/modules/services/icecast.if | 199 +++
policy/modules/services/icecast.te | 59 +
policy/modules/services/inn.te | 1
policy/modules/services/kerberos.if | 6
policy/modules/services/kerberos.te | 3
policy/modules/services/ksmtuned.fc | 5
policy/modules/services/ksmtuned.if | 76 +
policy/modules/services/ksmtuned.te | 44
policy/modules/services/ldap.fc | 3
policy/modules/services/ldap.if | 38
policy/modules/services/ldap.te | 13
policy/modules/services/lircd.te | 21
policy/modules/services/mailman.fc | 10
policy/modules/services/memcached.te | 10
policy/modules/services/modemmanager.te | 5
policy/modules/services/mta.fc | 2
policy/modules/services/mta.if | 68 +
policy/modules/services/mta.te | 17
policy/modules/services/munin.fc | 3
policy/modules/services/munin.te | 13
policy/modules/services/mysql.te | 1
policy/modules/services/nagios.fc | 83 +
policy/modules/services/nagios.if | 142 ++
policy/modules/services/nagios.te | 282 ++++-
policy/modules/services/networkmanager.fc | 20
policy/modules/services/networkmanager.if | 86 +
policy/modules/services/networkmanager.te | 121 +-
policy/modules/services/nis.fc | 10
policy/modules/services/nis.if | 78 +
policy/modules/services/nis.te | 21
policy/modules/services/nscd.if | 20
policy/modules/services/nscd.te | 23
policy/modules/services/ntop.fc | 1
policy/modules/services/ntop.te | 34
policy/modules/services/ntp.te | 2
policy/modules/services/nut.te | 21
policy/modules/services/nx.fc | 12
policy/modules/services/nx.if | 67 +
policy/modules/services/nx.te | 13
policy/modules/services/oddjob.if | 1
policy/modules/services/oddjob.te | 5
policy/modules/services/openvpn.te | 7
policy/modules/services/pcscd.if | 38
policy/modules/services/pegasus.te | 28
policy/modules/services/plymouthd.fc | 9
policy/modules/services/plymouthd.if | 322 ++++++
policy/modules/services/plymouthd.te | 105 +
policy/modules/services/policykit.fc | 5
policy/modules/services/policykit.if | 71 +
policy/modules/services/policykit.te | 74 +
policy/modules/services/portreserve.te | 3
policy/modules/services/postfix.fc | 2
policy/modules/services/postfix.if | 187 +++
policy/modules/services/postfix.te | 149 ++
policy/modules/services/postgresql.fc | 8
policy/modules/services/postgresql.if | 17
policy/modules/services/postgresql.te | 6
policy/modules/services/ppp.fc | 1
policy/modules/services/ppp.if | 4
policy/modules/services/ppp.te | 8
policy/modules/services/prelude.te | 3
policy/modules/services/procmail.te | 12
policy/modules/services/pyzor.fc | 4
policy/modules/services/pyzor.if | 47
policy/modules/services/pyzor.te | 37
policy/modules/services/radvd.te | 12
policy/modules/services/razor.fc | 1
policy/modules/services/razor.if | 42
policy/modules/services/razor.te | 32
policy/modules/services/rdisc.if | 19
policy/modules/services/rgmanager.fc | 8
policy/modules/services/rgmanager.if | 98 +
policy/modules/services/rgmanager.te | 223 ++++
policy/modules/services/rhcs.fc | 23
policy/modules/services/rhcs.if | 424 ++++++++
policy/modules/services/rhcs.te | 248 ++++
policy/modules/services/ricci.te | 39
policy/modules/services/rpc.fc | 4
policy/modules/services/rpc.if | 46
policy/modules/services/rpc.te | 35
policy/modules/services/rsync.if | 4
policy/modules/services/rsync.te | 25
policy/modules/services/rtkit.if | 20
policy/modules/services/rtkit.te | 4
policy/modules/services/samba.fc | 4
policy/modules/services/samba.if | 138 ++
policy/modules/services/samba.te | 120 +-
policy/modules/services/sasl.te | 15
policy/modules/services/sendmail.if | 19
policy/modules/services/sendmail.te | 17
policy/modules/services/setroubleshoot.fc | 2
policy/modules/services/setroubleshoot.if | 124 ++
policy/modules/services/setroubleshoot.te | 89 +
policy/modules/services/smokeping.fc | 12
policy/modules/services/smokeping.if | 193 +++
policy/modules/services/smokeping.te | 81 +
policy/modules/services/snmp.te | 2
policy/modules/services/snort.te | 10
policy/modules/services/spamassassin.fc | 15
policy/modules/services/spamassassin.if | 107 ++
policy/modules/services/spamassassin.te | 141 ++
policy/modules/services/squid.te | 9
policy/modules/services/ssh.fc | 2
policy/modules/services/ssh.if | 65 -
policy/modules/services/ssh.te | 53 -
policy/modules/services/sssd.fc | 4
policy/modules/services/sssd.if | 47
policy/modules/services/sssd.te | 17
policy/modules/services/sysstat.te | 5
policy/modules/services/telnet.te | 1
policy/modules/services/tftp.te | 3
policy/modules/services/tor.fc | 3
policy/modules/services/tor.te | 13
policy/modules/services/tuned.fc | 3
policy/modules/services/tuned.te | 16
policy/modules/services/ucspitcp.te | 5
policy/modules/services/usbmuxd.fc | 4
policy/modules/services/usbmuxd.if | 39
policy/modules/services/usbmuxd.te | 50
policy/modules/services/uucp.te | 3
policy/modules/services/vhostmd.fc | 6
policy/modules/services/vhostmd.if | 228 ++++
policy/modules/services/vhostmd.te | 84 +
policy/modules/services/virt.fc | 4
policy/modules/services/virt.if | 42
policy/modules/services/virt.te | 55 -
policy/modules/services/w3c.te | 7
policy/modules/services/xserver.fc | 55 -
policy/modules/services/xserver.if | 383 +++++++
policy/modules/services/xserver.te | 379 ++++++-
policy/modules/services/zebra.if | 20
policy/modules/system/application.te | 11
policy/modules/system/authlogin.fc | 8
policy/modules/system/authlogin.if | 212 +++-
policy/modules/system/authlogin.te | 11
policy/modules/system/daemontools.if | 62 +
policy/modules/system/daemontools.te | 26
policy/modules/system/fstools.fc | 2
policy/modules/system/fstools.te | 4
policy/modules/system/getty.te | 7
policy/modules/system/hostname.te | 3
policy/modules/system/init.fc | 7
policy/modules/system/init.if | 203 +++
policy/modules/system/init.te | 250 ++++
policy/modules/system/ipsec.fc | 4
policy/modules/system/ipsec.if | 19
policy/modules/system/ipsec.te | 41
policy/modules/system/iptables.fc | 2
policy/modules/system/iptables.if | 4
policy/modules/system/iptables.te | 20
policy/modules/system/libraries.fc | 227 +++-
policy/modules/system/libraries.if | 5
policy/modules/system/libraries.te | 28
policy/modules/system/locallogin.te | 39
policy/modules/system/logging.fc | 18
policy/modules/system/logging.if | 38
policy/modules/system/logging.te | 51
policy/modules/system/lvm.fc | 1
policy/modules/system/lvm.if | 2
policy/modules/system/lvm.te | 16
policy/modules/system/modutils.te | 22
policy/modules/system/mount.fc | 8
policy/modules/system/mount.if | 138 ++
policy/modules/system/mount.te | 145 ++
policy/modules/system/raid.te | 1
policy/modules/system/selinuxutil.fc | 17
policy/modules/system/selinuxutil.if | 330 ++++++
policy/modules/system/selinuxutil.te | 231 +---
policy/modules/system/sysnetwork.fc | 9
policy/modules/system/sysnetwork.if | 133 ++
policy/modules/system/sysnetwork.te | 77 +
policy/modules/system/udev.fc | 1
policy/modules/system/udev.if | 1
policy/modules/system/udev.te | 17
policy/modules/system/unconfined.fc | 14
policy/modules/system/unconfined.if | 440 --------
policy/modules/system/unconfined.te | 224 ----
policy/modules/system/userdomain.fc | 8
policy/modules/system/userdomain.if | 1584 ++++++++++++++++++++++++------
policy/modules/system/userdomain.te | 44
policy/modules/system/xen.if | 22
policy/modules/system/xen.te | 32
policy/support/misc_patterns.spt | 4
policy/support/obj_perm_sets.spt | 33
policy/users | 17
407 files changed, 21324 insertions(+), 2342 deletions(-)
Index: policy-F13.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-13/policy-F13.patch,v
retrieving revision 1.77
retrieving revision 1.78
diff -u -p -r1.77 -r1.78
--- policy-F13.patch 12 Mar 2010 19:23:41 -0000 1.77
+++ policy-F13.patch 13 Mar 2010 15:34:20 -0000 1.78
@@ -6187,7 +6187,7 @@ diff --exclude-from=exclude -N -u -r nsa
/dev/usbscanner -c gen_context(system_u:object_r:scanner_device_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.7.14/policy/modules/kernel/devices.if
--- nsaserefpolicy/policy/modules/kernel/devices.if 2010-03-05 10:46:32.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/kernel/devices.if 2010-03-12 14:23:05.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/kernel/devices.if 2010-03-13 09:47:14.000000000 -0500
@@ -934,6 +934,42 @@
########################################
@@ -6283,18 +6283,17 @@ diff --exclude-from=exclude -N -u -r nsa
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.7.14/policy/modules/kernel/devices.te
--- nsaserefpolicy/policy/modules/kernel/devices.te 2010-03-05 10:46:32.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/kernel/devices.te 2010-03-12 12:16:46.000000000 -0500
-@@ -210,7 +210,8 @@
++++ serefpolicy-3.7.14/policy/modules/kernel/devices.te 2010-03-13 09:46:53.000000000 -0500
+@@ -210,7 +210,7 @@
files_mountpoint(sysfs_t)
fs_type(sysfs_t)
genfscon sysfs / gen_context(system_u:object_r:sysfs_t,s0)
-
-+fs_use_xattr sysfs gen_context(system_u:object_r:sysfs_t,s0);
+
#
# Type for /dev/tpm
#
-@@ -239,6 +240,12 @@
+@@ -239,6 +239,12 @@
dev_node(usb_device_t)
#
@@ -6307,13 +6306,14 @@ diff --exclude-from=exclude -N -u -r nsa
# userio_device_t is the type for /dev/uio[0-9]+
#
type userio_device_t;
-@@ -289,5 +296,5 @@
+@@ -289,5 +295,6 @@
#
allow devices_unconfined_type self:capability sys_rawio;
-allow devices_unconfined_type device_node:{ blk_file chr_file } *;
+allow devices_unconfined_type device_node:{ blk_file chr_file lnk_file } *;
allow devices_unconfined_type mtrr_device_t:file *;
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.7.14/policy/modules/kernel/domain.if
--- nsaserefpolicy/policy/modules/kernel/domain.if 2010-03-03 23:26:37.000000000 -0500
+++ serefpolicy-3.7.14/policy/modules/kernel/domain.if 2010-03-12 09:30:00.000000000 -0500
@@ -7542,7 +7542,7 @@ diff --exclude-from=exclude -N -u -r nsa
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-3.7.14/policy/modules/kernel/files.te
--- nsaserefpolicy/policy/modules/kernel/files.te 2010-02-18 14:06:31.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/kernel/files.te 2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/kernel/files.te 2010-03-13 09:49:26.000000000 -0500
@@ -12,6 +12,7 @@
attribute mountpoint;
attribute pidfile;
@@ -7631,17 +7631,8 @@ diff --exclude-from=exclude -N -u -r nsa
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.7.14/policy/modules/kernel/filesystem.te
--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2010-03-12 11:48:14.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/kernel/filesystem.te 2010-03-12 11:59:26.000000000 -0500
-@@ -94,6 +94,8 @@
- type hugetlbfs_t;
- fs_type(hugetlbfs_t)
- files_mountpoint(hugetlbfs_t)
-+files_type(hugetlbfs_t)
-+files_poly_parent(hugetlbfs_t)
- fs_use_trans hugetlbfs gen_context(system_u:object_r:hugetlbfs_t,s0);
-
- type ibmasmfs_t;
-@@ -172,6 +174,7 @@
++++ serefpolicy-3.7.14/policy/modules/kernel/filesystem.te 2010-03-13 09:53:41.000000000 -0500
+@@ -172,6 +172,7 @@
fs_use_trans mqueue gen_context(system_u:object_r:tmpfs_t,s0);
fs_use_trans shm gen_context(system_u:object_r:tmpfs_t,s0);
fs_use_trans tmpfs gen_context(system_u:object_r:tmpfs_t,s0);
@@ -7649,7 +7640,7 @@ diff --exclude-from=exclude -N -u -r nsa
allow tmpfs_t noxattrfs:filesystem associate;
-@@ -242,6 +245,7 @@
+@@ -242,6 +243,7 @@
type removable_t;
allow removable_t noxattrfs:filesystem associate;
fs_noxattr_type(removable_t)
@@ -14626,7 +14617,7 @@ diff --exclude-from=exclude -N -u -r nsa
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.7.14/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2009-11-17 10:54:26.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/services/cron.te 2010-03-12 09:30:00.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/services/cron.te 2010-03-12 14:47:55.000000000 -0500
@@ -38,8 +38,10 @@
type cron_var_lib_t;
files_type(cron_var_lib_t)
@@ -14667,21 +14658,22 @@ diff --exclude-from=exclude -N -u -r nsa
type system_cronjob_lock_t alias system_crond_lock_t;
files_lock_file(system_cronjob_lock_t)
-@@ -110,6 +117,13 @@
+@@ -109,6 +116,14 @@
+ typealias user_cron_spool_t alias { auditadm_cron_spool_t secadm_cron_spool_t };
files_type(user_cron_spool_t)
ubac_constrained(user_cron_spool_t)
-
++mta_system_content(user_cron_spool_t)
++
+type system_cronjob_var_lib_t;
+files_type(system_cronjob_var_lib_t)
+typealias system_cronjob_var_lib_t alias system_crond_var_lib_t;
+
+type system_cronjob_var_run_t;
+files_pid_file(system_cronjob_var_run_t)
-+
+
########################################
#
- # Admin crontab local policy
-@@ -139,7 +153,7 @@
+@@ -139,7 +154,7 @@
allow crond_t self:capability { dac_override setgid setuid sys_nice dac_read_search };
dontaudit crond_t self:capability { sys_resource sys_tty_config };
@@ -14690,7 +14682,7 @@ diff --exclude-from=exclude -N -u -r nsa
allow crond_t self:process { setexec setfscreate };
allow crond_t self:fd use;
allow crond_t self:fifo_file rw_fifo_file_perms;
-@@ -194,6 +208,8 @@
+@@ -194,6 +209,8 @@
corecmd_read_bin_symlinks(crond_t)
domain_use_interactive_fds(crond_t)
@@ -14699,7 +14691,7 @@ diff --exclude-from=exclude -N -u -r nsa
files_read_usr_files(crond_t)
files_read_etc_runtime_files(crond_t)
-@@ -209,7 +225,9 @@
+@@ -209,7 +226,9 @@
auth_use_nsswitch(crond_t)
@@ -14709,7 +14701,7 @@ diff --exclude-from=exclude -N -u -r nsa
seutil_read_config(crond_t)
seutil_read_default_contexts(crond_t)
-@@ -220,8 +238,10 @@
+@@ -220,8 +239,10 @@
userdom_use_unpriv_users_fds(crond_t)
# Not sure why this is needed
userdom_list_user_home_dirs(crond_t)
@@ -14720,7 +14712,7 @@ diff --exclude-from=exclude -N -u -r nsa
ifdef(`distro_debian',`
# pam_limits is used
-@@ -241,8 +261,17 @@
+@@ -241,8 +262,17 @@
')
')
@@ -14740,7 +14732,7 @@ diff --exclude-from=exclude -N -u -r nsa
')
optional_policy(`
-@@ -251,6 +280,20 @@
+@@ -251,6 +281,20 @@
')
optional_policy(`
@@ -14761,7 +14753,7 @@ diff --exclude-from=exclude -N -u -r nsa
amanda_search_var_lib(crond_t)
')
-@@ -260,6 +303,8 @@
+@@ -260,6 +304,8 @@
optional_policy(`
hal_dbus_chat(crond_t)
@@ -14770,7 +14762,7 @@ diff --exclude-from=exclude -N -u -r nsa
')
optional_policy(`
-@@ -302,10 +347,17 @@
+@@ -302,10 +348,17 @@
# This is to handle /var/lib/misc directory. Used currently
# by prelink var/lib files for cron
@@ -14789,7 +14781,7 @@ diff --exclude-from=exclude -N -u -r nsa
# The entrypoint interface is not used as this is not
# a regular entrypoint. Since crontab files are
# not directly executed, crond must ensure that
-@@ -325,6 +377,7 @@
+@@ -325,6 +378,7 @@
allow system_cronjob_t crond_t:fd use;
allow system_cronjob_t crond_t:fifo_file rw_file_perms;
allow system_cronjob_t crond_t:process sigchld;
@@ -14797,7 +14789,7 @@ diff --exclude-from=exclude -N -u -r nsa
# Write /var/lock/makewhatis.lock.
allow system_cronjob_t system_cronjob_lock_t:file manage_file_perms;
-@@ -336,9 +389,13 @@
+@@ -336,9 +390,13 @@
filetrans_pattern(system_cronjob_t, crond_tmp_t, system_cronjob_tmp_t, { file lnk_file })
files_tmp_filetrans(system_cronjob_t, system_cronjob_tmp_t, file)
@@ -14812,7 +14804,7 @@ diff --exclude-from=exclude -N -u -r nsa
kernel_read_kernel_sysctls(system_cronjob_t)
kernel_read_system_state(system_cronjob_t)
-@@ -361,6 +418,7 @@
+@@ -361,6 +419,7 @@
dev_getattr_all_blk_files(system_cronjob_t)
dev_getattr_all_chr_files(system_cronjob_t)
dev_read_urand(system_cronjob_t)
@@ -14820,7 +14812,7 @@ diff --exclude-from=exclude -N -u -r nsa
fs_getattr_all_fs(system_cronjob_t)
fs_getattr_all_files(system_cronjob_t)
-@@ -387,6 +445,7 @@
+@@ -387,6 +446,7 @@
# Access other spool directories like
# /var/spool/anacron and /var/spool/slrnpull.
files_manage_generic_spool(system_cronjob_t)
@@ -14828,7 +14820,7 @@ diff --exclude-from=exclude -N -u -r nsa
init_use_script_fds(system_cronjob_t)
init_read_utmp(system_cronjob_t)
-@@ -411,6 +470,8 @@
+@@ -411,6 +471,8 @@
ifdef(`distro_redhat', `
# Run the rpm program in the rpm_t domain. Allow creation of RPM log files
@@ -14837,7 +14829,7 @@ diff --exclude-from=exclude -N -u -r nsa
# via redirection of standard out.
optional_policy(`
rpm_manage_log(system_cronjob_t)
-@@ -435,6 +496,7 @@
+@@ -435,6 +497,7 @@
apache_read_config(system_cronjob_t)
apache_read_log(system_cronjob_t)
apache_read_sys_content(system_cronjob_t)
@@ -14845,7 +14837,7 @@ diff --exclude-from=exclude -N -u -r nsa
')
optional_policy(`
-@@ -442,6 +504,14 @@
+@@ -442,6 +505,14 @@
')
optional_policy(`
@@ -14860,7 +14852,7 @@ diff --exclude-from=exclude -N -u -r nsa
ftp_read_log(system_cronjob_t)
')
-@@ -456,11 +526,16 @@
+@@ -456,11 +527,16 @@
')
optional_policy(`
@@ -14877,7 +14869,7 @@ diff --exclude-from=exclude -N -u -r nsa
')
optional_policy(`
-@@ -476,7 +551,7 @@
+@@ -476,7 +552,7 @@
prelink_manage_lib(system_cronjob_t)
prelink_manage_log(system_cronjob_t)
prelink_read_cache(system_cronjob_t)
@@ -14886,7 +14878,7 @@ diff --exclude-from=exclude -N -u -r nsa
')
optional_policy(`
-@@ -491,6 +566,7 @@
+@@ -491,6 +567,7 @@
optional_policy(`
spamassassin_manage_lib_files(system_cronjob_t)
@@ -14894,7 +14886,7 @@ diff --exclude-from=exclude -N -u -r nsa
')
optional_policy(`
-@@ -498,6 +574,9 @@
+@@ -498,6 +575,9 @@
')
optional_policy(`
@@ -30255,7 +30247,7 @@ diff --exclude-from=exclude -N -u -r nsa
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.7.14/policy/modules/system/ipsec.te
--- nsaserefpolicy/policy/modules/system/ipsec.te 2010-02-12 10:33:09.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/ipsec.te 2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/system/ipsec.te 2010-03-12 15:16:06.000000000 -0500
@@ -29,9 +29,15 @@
type ipsec_key_file_t;
files_type(ipsec_key_file_t)
@@ -30272,15 +30264,17 @@ diff --exclude-from=exclude -N -u -r nsa
# type for runtime files, including pluto.ctl
type ipsec_var_run_t;
files_pid_file(ipsec_var_run_t)
-@@ -66,7 +72,7 @@
+@@ -66,8 +72,8 @@
# ipsec Local policy
#
-allow ipsec_t self:capability { net_admin dac_override dac_read_search sys_nice };
+-dontaudit ipsec_t self:capability sys_tty_config;
+allow ipsec_t self:capability { dac_override dac_read_search net_admin setpcap sys_nice };
- dontaudit ipsec_t self:capability sys_tty_config;
++dontaudit ipsec_t self:capability { sys_ptrace sys_tty_config };
allow ipsec_t self:process { getcap setcap getsched signal setsched };
allow ipsec_t self:tcp_socket create_stream_socket_perms;
+ allow ipsec_t self:udp_socket create_socket_perms;
@@ -85,6 +91,10 @@
manage_files_pattern(ipsec_t, ipsec_key_file_t, ipsec_key_file_t)
read_lnk_files_pattern(ipsec_t, ipsec_key_file_t, ipsec_key_file_t)
@@ -31178,7 +31172,7 @@ diff --exclude-from=exclude -N -u -r nsa
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.7.14/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2010-02-18 14:06:31.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/logging.te 2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/system/logging.te 2010-03-13 09:50:12.000000000 -0500
@@ -101,6 +101,7 @@
kernel_read_kernel_sysctls(auditctl_t)
@@ -33279,7 +33273,7 @@ diff --exclude-from=exclude -N -u -r nsa
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.7.14/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2009-11-25 11:47:19.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/udev.te 2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/system/udev.te 2010-03-13 09:50:22.000000000 -0500
@@ -50,6 +50,7 @@
allow udev_t self:unix_stream_socket connectto;
allow udev_t self:netlink_kobject_uevent_socket create_socket_perms;
@@ -34104,7 +34098,7 @@ diff --exclude-from=exclude -N -u -r nsa
+HOME_DIR/\.gvfs(/.*)? <<none>>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.7.14/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2010-03-03 23:26:37.000000000 -0500
-+++ serefpolicy-3.7.14/policy/modules/system/userdomain.if 2010-03-12 09:30:01.000000000 -0500
++++ serefpolicy-3.7.14/policy/modules/system/userdomain.if 2010-03-13 10:26:50.000000000 -0500
@@ -30,8 +30,9 @@
')
@@ -34944,7 +34938,7 @@ diff --exclude-from=exclude -N -u -r nsa
loadkeys_run($1_t,$1_r)
')
')
-@@ -871,45 +955,76 @@
+@@ -871,45 +955,80 @@
#
auth_role($1_r, $1_t)
@@ -35032,11 +35026,15 @@ diff --exclude-from=exclude -N -u -r nsa
+ ')
+
+ optional_policy(`
++ udev_read_db($1_usertype)
++ ')
++
++ optional_policy(`
+ wm_role_template($1, $1_r, $1_t)
')
')
-@@ -944,7 +1059,7 @@
+@@ -944,7 +1063,7 @@
#
# Inherit rules for ordinary users.
@@ -35045,7 +35043,7 @@ diff --exclude-from=exclude -N -u -r nsa
userdom_common_user_template($1)
##############################
-@@ -953,54 +1068,73 @@
+@@ -953,54 +1072,73 @@
#
# port access is audited even if dac would not have allowed it, so dontaudit it here
@@ -35130,26 +35128,26 @@ diff --exclude-from=exclude -N -u -r nsa
+
+ optional_policy(`
+ mount_run_fusermount($1_t, $1_r)
-+ ')
-+
-+ optional_policy(`
-+ wine_role_template($1, $1_r, $1_t)
')
- # Run pppd in pppd_t by default for user
optional_policy(`
- ppp_run_cond($1_t,$1_r)
-+ postfix_run_postdrop($1_t, $1_r)
++ wine_role_template($1, $1_r, $1_t)
')
-+ # Run pppd in pppd_t by default for user
optional_policy(`
- setroubleshoot_stream_connect($1_t)
++ postfix_run_postdrop($1_t, $1_r)
++ ')
++
++ # Run pppd in pppd_t by default for user
++ optional_policy(`
+ ppp_run_cond($1_t, $1_r)
')
')
-@@ -1036,7 +1170,7 @@
+@@ -1036,7 +1174,7 @@
template(`userdom_admin_user_template',`
gen_require(`
attribute admindomain;
@@ -35158,7 +35156,7 @@ diff --exclude-from=exclude -N -u -r nsa
')
##############################
-@@ -1071,6 +1205,9 @@
+@@ -1071,6 +1209,9 @@
# Skip authentication when pam_rootok is specified.
allow $1_t self:passwd rootok;
@@ -35168,7 +35166,7 @@ diff --exclude-from=exclude -N -u -r nsa
kernel_read_software_raid_state($1_t)
kernel_getattr_core_if($1_t)
kernel_getattr_message_if($1_t)
-@@ -1085,6 +1222,7 @@
+@@ -1085,6 +1226,7 @@
kernel_sigstop_unlabeled($1_t)
kernel_signull_unlabeled($1_t)
kernel_sigchld_unlabeled($1_t)
@@ -35176,7 +35174,7 @@ diff --exclude-from=exclude -N -u -r nsa
corenet_tcp_bind_generic_port($1_t)
# allow setting up tunnels
-@@ -1120,6 +1258,8 @@
+@@ -1120,6 +1262,8 @@
files_exec_usr_src_files($1_t)
fs_getattr_all_fs($1_t)
@@ -35185,7 +35183,7 @@ diff --exclude-from=exclude -N -u -r nsa
fs_set_all_quotas($1_t)
fs_exec_noxattr($1_t)
-@@ -1207,6 +1347,8 @@
+@@ -1207,6 +1351,8 @@
dev_relabel_all_dev_nodes($1)
files_create_boot_flag($1)
@@ -35194,7 +35192,7 @@ diff --exclude-from=exclude -N -u -r nsa
# Necessary for managing /boot/efi
fs_manage_dos_files($1)
-@@ -1272,11 +1414,15 @@
+@@ -1272,11 +1418,15 @@
interface(`userdom_user_home_content',`
gen_require(`
type user_home_t;
@@ -35210,7 +35208,7 @@ diff --exclude-from=exclude -N -u -r nsa
')
########################################
-@@ -1387,6 +1533,7 @@
+@@ -1387,6 +1537,7 @@
')
allow $1 user_home_dir_t:dir search_dir_perms;
@@ -35218,7 +35216,7 @@ diff --exclude-from=exclude -N -u -r nsa
files_search_home($1)
')
-@@ -1433,6 +1580,14 @@
+@@ -1433,6 +1584,14 @@
allow $1 user_home_dir_t:dir list_dir_perms;
files_search_home($1)
@@ -35233,7 +35231,7 @@ diff --exclude-from=exclude -N -u -r nsa
')
########################################
-@@ -1448,9 +1603,11 @@
+@@ -1448,9 +1607,11 @@
interface(`userdom_dontaudit_list_user_home_dirs',`
gen_require(`
type user_home_dir_t;
@@ -35245,7 +35243,7 @@ diff --exclude-from=exclude -N -u -r nsa
')
########################################
-@@ -1507,6 +1664,42 @@
+@@ -1507,6 +1668,42 @@
allow $1 user_home_dir_t:dir relabelto;
')
@@ -35288,7 +35286,7 @@ diff --exclude-from=exclude -N -u -r nsa
########################################
## <summary>
## Create directories in the home dir root with
-@@ -1581,6 +1774,8 @@
+@@ -1581,6 +1778,8 @@
')
dontaudit $1 user_home_t:dir search_dir_perms;
@@ -35297,7 +35295,7 @@ diff --exclude-from=exclude -N -u -r nsa
')
########################################
-@@ -1595,10 +1790,12 @@
+@@ -1595,10 +1794,12 @@
#
interface(`userdom_list_user_home_content',`
gen_require(`
@@ -35312,7 +35310,7 @@ diff --exclude-from=exclude -N -u -r nsa
')
########################################
-@@ -1641,6 +1838,24 @@
+@@ -1641,6 +1842,24 @@
########################################
## <summary>
@@ -35337,7 +35335,7 @@ diff --exclude-from=exclude -N -u -r nsa
## Do not audit attempts to set the
## attributes of user home files.
## </summary>
-@@ -1692,6 +1907,7 @@
+@@ -1692,6 +1911,7 @@
type user_home_dir_t, user_home_t;
')
@@ -35345,7 +35343,7 @@ diff --exclude-from=exclude -N -u -r nsa
read_files_pattern($1, { user_home_dir_t user_home_t }, user_home_t)
files_search_home($1)
')
-@@ -1708,11 +1924,14 @@
+@@ -1708,11 +1928,14 @@
#
interface(`userdom_dontaudit_read_user_home_content_files',`
gen_require(`
@@ -35363,7 +35361,7 @@ diff --exclude-from=exclude -N -u -r nsa
')
########################################
-@@ -1819,21 +2038,15 @@
+@@ -1819,20 +2042,14 @@
#
interface(`userdom_exec_user_home_content_files',`
gen_require(`
@@ -35377,19 +35375,18 @@ diff --exclude-from=exclude -N -u -r nsa
-
- tunable_policy(`use_nfs_home_dirs',`
- fs_exec_nfs_files($1)
+- ')
+-
+- tunable_policy(`use_samba_home_dirs',`
+- fs_exec_cifs_files($1)
+ exec_files_pattern($1, { user_home_dir_t user_home_type }, user_home_type)
+ dontaudit $1 user_home_type:sock_file execute;
')
-
-- tunable_policy(`use_samba_home_dirs',`
-- fs_exec_cifs_files($1)
-- ')
-')
--
+
########################################
## <summary>
- ## Do not audit attempts to execute user home files.
-@@ -1866,6 +2079,7 @@
+@@ -1866,6 +2083,7 @@
interface(`userdom_manage_user_home_content_files',`
gen_require(`
type user_home_dir_t, user_home_t;
@@ -35397,7 +35394,7 @@ diff --exclude-from=exclude -N -u -r nsa
')
manage_files_pattern($1, user_home_t, user_home_t)
-@@ -2102,6 +2316,25 @@
+@@ -2102,6 +2320,25 @@
########################################
## <summary>
@@ -35423,7 +35420,7 @@ diff --exclude-from=exclude -N -u -r nsa
## Do not audit attempts to list user
## temporary directories.
## </summary>
-@@ -2218,6 +2451,25 @@
+@@ -2218,6 +2455,25 @@
########################################
## <summary>
@@ -35449,7 +35446,7 @@ diff --exclude-from=exclude -N -u -r nsa
## Do not audit attempts to manage users
## temporary files.
## </summary>
-@@ -2427,13 +2679,14 @@
+@@ -2427,13 +2683,14 @@
')
read_files_pattern($1, user_tmpfs_t, user_tmpfs_t)
@@ -35465,7 +35462,7 @@ diff --exclude-from=exclude -N -u -r nsa
## </summary>
## <param name="domain">
## <summary>
-@@ -2787,7 +3040,7 @@
+@@ -2787,7 +3044,7 @@
domain_entry_file_spec_domtrans($1, unpriv_userdomain)
allow unpriv_userdomain $1:fd use;
@@ -35474,7 +35471,7 @@ diff --exclude-from=exclude -N -u -r nsa
allow unpriv_userdomain $1:process sigchld;
')
-@@ -2803,11 +3056,13 @@
+@@ -2803,11 +3060,13 @@
#
interface(`userdom_search_user_home_content',`
gen_require(`
@@ -35490,7 +35487,7 @@ diff --exclude-from=exclude -N -u -r nsa
')
########################################
-@@ -2944,7 +3199,7 @@
+@@ -2944,7 +3203,7 @@
type user_tmp_t;
')
@@ -35499,7 +35496,7 @@ diff --exclude-from=exclude -N -u -r nsa
')
########################################
-@@ -2981,6 +3236,7 @@
+@@ -2981,6 +3240,7 @@
')
read_files_pattern($1, userdomain, userdomain)
@@ -35507,7 +35504,7 @@ diff --exclude-from=exclude -N -u -r nsa
kernel_search_proc($1)
')
-@@ -3111,3 +3367,745 @@
+@@ -3111,3 +3371,745 @@
allow $1 userdomain:dbus send_msg;
')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-13/selinux-policy.spec,v
retrieving revision 1.985
retrieving revision 1.986
diff -u -p -r1.985 -r1.986
--- selinux-policy.spec 12 Mar 2010 19:11:39 -0000 1.985
+++ selinux-policy.spec 13 Mar 2010 15:34:20 -0000 1.986
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.7.14
-Release: 1%{?dist}
+Release: 3%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -466,6 +466,15 @@ exit 0
%endif
%changelog
+* Sat Mar 13 2010 Dan Walsh <dwalsh at redhat.com> 3.7.14-3
+- Add device_t as a file system
+- Fix sysfs association
+
+* Fri Mar 12 2010 Dan Walsh <dwalsh at redhat.com> 3.7.14-2
+- Dontaudit ipsec_mgmt sys_ptrace
+- Allow at to mail its spool files
+- Allow nsplugin to search in .pulse directory
+
* Fri Mar 12 2010 Dan Walsh <dwalsh at redhat.com> 3.7.14-1
- Update to upstream
More information about the scm-commits
mailing list