[selinux-policy: 2134/3172] trunk: 7 patches from dan.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:09:20 UTC 2010
commit 20272c2b2724f43287aa00d2e618d0d9412c7874
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Fri Jun 26 13:22:39 2009 +0000
trunk: 7 patches from dan.
policy/modules/services/apm.te | 3 ++-
policy/modules/services/audioentropy.te | 10 +++++++++-
policy/modules/services/bitlbee.te | 4 +++-
policy/modules/services/lpd.if | 1 +
policy/modules/services/lpd.te | 2 +-
policy/modules/services/portreserve.te | 8 +++++---
policy/modules/services/privoxy.te | 23 ++++++++++++++---------
policy/modules/services/sasl.te | 7 ++++++-
8 files changed, 41 insertions(+), 17 deletions(-)
---
diff --git a/policy/modules/services/apm.te b/policy/modules/services/apm.te
index 3bd8c13..5dd72f7 100644
--- a/policy/modules/services/apm.te
+++ b/policy/modules/services/apm.te
@@ -1,5 +1,5 @@
-policy_module(apm, 1.9.1)
+policy_module(apm, 1.9.2)
########################################
#
@@ -123,6 +123,7 @@ libs_exec_ld_so(apmd_t)
libs_exec_lib_files(apmd_t)
logging_send_syslog_msg(apmd_t)
+logging_send_audit_msgs(apmd_t)
miscfiles_read_localization(apmd_t)
miscfiles_read_hwdata(apmd_t)
diff --git a/policy/modules/services/audioentropy.te b/policy/modules/services/audioentropy.te
index e8a50c0..46e4cd8 100644
--- a/policy/modules/services/audioentropy.te
+++ b/policy/modules/services/audioentropy.te
@@ -1,5 +1,5 @@
-policy_module(audioentropy, 1.5.0)
+policy_module(audioentropy, 1.5.1)
########################################
#
@@ -40,6 +40,9 @@ dev_read_sound(entropyd_t)
# and sample rate.
dev_write_sound(entropyd_t)
+files_read_etc_files(entropyd_t)
+files_read_usr_files(entropyd_t)
+
fs_getattr_all_fs(entropyd_t)
fs_search_auto_mountpoints(entropyd_t)
@@ -53,6 +56,11 @@ userdom_dontaudit_use_unpriv_user_fds(entropyd_t)
userdom_dontaudit_search_user_home_dirs(entropyd_t)
optional_policy(`
+ alsa_read_lib(entropyd_t)
+ alsa_read_rw_config(entropyd_t)
+')
+
+optional_policy(`
seutil_sigchld_newrole(entropyd_t)
')
diff --git a/policy/modules/services/bitlbee.te b/policy/modules/services/bitlbee.te
index 95e1cd4..10611a0 100644
--- a/policy/modules/services/bitlbee.te
+++ b/policy/modules/services/bitlbee.te
@@ -1,5 +1,5 @@
-policy_module(bitlbee, 1.1.1)
+policy_module(bitlbee, 1.1.2)
########################################
#
@@ -46,6 +46,8 @@ files_tmp_filetrans(bitlbee_t, bitlbee_tmp_t, file)
manage_files_pattern(bitlbee_t, bitlbee_var_t, bitlbee_var_t)
files_var_lib_filetrans(bitlbee_t, bitlbee_var_t, file)
+kernel_read_system_state(bitlbee_t)
+
corenet_all_recvfrom_unlabeled(bitlbee_t)
corenet_udp_sendrecv_generic_if(bitlbee_t)
corenet_udp_sendrecv_generic_node(bitlbee_t)
diff --git a/policy/modules/services/lpd.if b/policy/modules/services/lpd.if
index 9c1c7cf..c358cd7 100644
--- a/policy/modules/services/lpd.if
+++ b/policy/modules/services/lpd.if
@@ -134,6 +134,7 @@ interface(`lpd_manage_spool',`
files_search_spool($1)
manage_dirs_pattern($1, print_spool_t, print_spool_t)
manage_files_pattern($1, print_spool_t, print_spool_t)
+ manage_lnk_files_pattern($1, print_spool_t, print_spool_t)
')
########################################
diff --git a/policy/modules/services/lpd.te b/policy/modules/services/lpd.te
index 8604239..9c6b9ce 100644
--- a/policy/modules/services/lpd.te
+++ b/policy/modules/services/lpd.te
@@ -1,5 +1,5 @@
-policy_module(lpd, 1.11.2)
+policy_module(lpd, 1.11.3)
########################################
#
diff --git a/policy/modules/services/portreserve.te b/policy/modules/services/portreserve.te
index 347387b..7e1cf86 100644
--- a/policy/modules/services/portreserve.te
+++ b/policy/modules/services/portreserve.te
@@ -1,5 +1,5 @@
-policy_module(portreserve, 1.0.0)
+policy_module(portreserve, 1.0.1)
########################################
#
@@ -37,9 +37,11 @@ manage_files_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t
manage_sock_files_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t)
files_pid_filetrans(portreserve_t, portreserve_var_run_t, { file sock_file })
+corenet_all_recvfrom_unlabeled(portreserve_t)
+corenet_all_recvfrom_netlabel(portreserve_t)
corenet_tcp_bind_generic_node(portreserve_t)
corenet_udp_bind_generic_node(portreserve_t)
-corenet_tcp_bind_all_reserved_ports(portreserve_t)
-corenet_udp_bind_all_reserved_ports(portreserve_t)
+corenet_tcp_bind_all_ports(portreserve_t)
+corenet_udp_bind_all_ports(portreserve_t)
files_read_etc_files(portreserve_t)
diff --git a/policy/modules/services/privoxy.te b/policy/modules/services/privoxy.te
index 9660faa..d95879a 100644
--- a/policy/modules/services/privoxy.te
+++ b/policy/modules/services/privoxy.te
@@ -1,11 +1,19 @@
-policy_module(privoxy, 1.8.2)
+policy_module(privoxy, 1.8.3)
########################################
#
# Declarations
#
+## <desc>
+## <p>
+## Allow privoxy to connect to all ports, not just
+## HTTP, FTP, and Gopher ports.
+## </p>
+## </desc>
+gen_tunable(privoxy_connect_any, false)
+
type privoxy_t; # web_client_domain
type privoxy_exec_t;
init_daemon_domain(privoxy_t, privoxy_exec_t)
@@ -70,23 +78,20 @@ domain_use_interactive_fds(privoxy_t)
files_read_etc_files(privoxy_t)
+auth_use_nsswitch(privoxy_t)
+
logging_send_syslog_msg(privoxy_t)
miscfiles_read_localization(privoxy_t)
-sysnet_dns_name_resolve(privoxy_t)
-
userdom_dontaudit_use_unpriv_user_fds(privoxy_t)
userdom_dontaudit_search_user_home_dirs(privoxy_t)
# cjp: this should really not be needed
userdom_use_user_terminals(privoxy_t)
-optional_policy(`
- nis_use_ypbind(privoxy_t)
-')
-
-optional_policy(`
- nscd_socket_use(privoxy_t)
+tunable_policy(`privoxy_connect_any',`
+ corenet_tcp_connect_all_ports(privoxy_t)
+ corenet_sendrecv_all_client_packets(privoxy_t)
')
optional_policy(`
diff --git a/policy/modules/services/sasl.te b/policy/modules/services/sasl.te
index 4d47b0a..703c8d9 100644
--- a/policy/modules/services/sasl.te
+++ b/policy/modules/services/sasl.te
@@ -1,5 +1,5 @@
-policy_module(sasl, 1.11.2)
+policy_module(sasl, 1.11.3)
########################################
#
@@ -99,6 +99,7 @@ tunable_policy(`allow_saslauthd_read_shadow',`
optional_policy(`
kerberos_keytab_template(saslauthd, saslauthd_t)
+ kerberos_manage_host_rcache(saslauthd_t)
')
optional_policy(`
@@ -107,6 +108,10 @@ optional_policy(`
')
optional_policy(`
+ nis_authenticate(saslauthd_t)
+')
+
+optional_policy(`
seutil_sigchld_newrole(saslauthd_t)
')
More information about the scm-commits
mailing list