[selinux-policy: 2134/3172] trunk: 7 patches from dan.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 22:09:20 UTC 2010 

commit 20272c2b2724f43287aa00d2e618d0d9412c7874
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri Jun 26 13:22:39 2009 +0000

    trunk: 7 patches from dan.

 policy/modules/services/apm.te          |    3 ++-
 policy/modules/services/audioentropy.te |   10 +++++++++-
 policy/modules/services/bitlbee.te      |    4 +++-
 policy/modules/services/lpd.if          |    1 +
 policy/modules/services/lpd.te          |    2 +-
 policy/modules/services/portreserve.te  |    8 +++++---
 policy/modules/services/privoxy.te      |   23 ++++++++++++++---------
 policy/modules/services/sasl.te         |    7 ++++++-
 8 files changed, 41 insertions(+), 17 deletions(-)
---
diff --git a/policy/modules/services/apm.te b/policy/modules/services/apm.te
index 3bd8c13..5dd72f7 100644
--- a/policy/modules/services/apm.te
+++ b/policy/modules/services/apm.te
@@ -1,5 +1,5 @@
 
-policy_module(apm, 1.9.1)
+policy_module(apm, 1.9.2)
 
 ########################################
 #
@@ -123,6 +123,7 @@ libs_exec_ld_so(apmd_t)
 libs_exec_lib_files(apmd_t)
 
 logging_send_syslog_msg(apmd_t)
+logging_send_audit_msgs(apmd_t)
 
 miscfiles_read_localization(apmd_t)
 miscfiles_read_hwdata(apmd_t)
diff --git a/policy/modules/services/audioentropy.te b/policy/modules/services/audioentropy.te
index e8a50c0..46e4cd8 100644
--- a/policy/modules/services/audioentropy.te
+++ b/policy/modules/services/audioentropy.te
@@ -1,5 +1,5 @@
 
-policy_module(audioentropy, 1.5.0)
+policy_module(audioentropy, 1.5.1)
 
 ########################################
 #
@@ -40,6 +40,9 @@ dev_read_sound(entropyd_t)
 # and sample rate.
 dev_write_sound(entropyd_t)
 
+files_read_etc_files(entropyd_t)
+files_read_usr_files(entropyd_t)
+
 fs_getattr_all_fs(entropyd_t)
 fs_search_auto_mountpoints(entropyd_t)
 
@@ -53,6 +56,11 @@ userdom_dontaudit_use_unpriv_user_fds(entropyd_t)
 userdom_dontaudit_search_user_home_dirs(entropyd_t)
 
 optional_policy(`
+	alsa_read_lib(entropyd_t)
+	alsa_read_rw_config(entropyd_t)
+')
+
+optional_policy(`
 	seutil_sigchld_newrole(entropyd_t)
 ')
 
diff --git a/policy/modules/services/bitlbee.te b/policy/modules/services/bitlbee.te
index 95e1cd4..10611a0 100644
--- a/policy/modules/services/bitlbee.te
+++ b/policy/modules/services/bitlbee.te
@@ -1,5 +1,5 @@
 
-policy_module(bitlbee, 1.1.1)
+policy_module(bitlbee, 1.1.2)
 
 ########################################
 #
@@ -46,6 +46,8 @@ files_tmp_filetrans(bitlbee_t, bitlbee_tmp_t, file)
 manage_files_pattern(bitlbee_t, bitlbee_var_t, bitlbee_var_t)
 files_var_lib_filetrans(bitlbee_t, bitlbee_var_t, file)
 
+kernel_read_system_state(bitlbee_t)
+
 corenet_all_recvfrom_unlabeled(bitlbee_t)
 corenet_udp_sendrecv_generic_if(bitlbee_t)
 corenet_udp_sendrecv_generic_node(bitlbee_t)
diff --git a/policy/modules/services/lpd.if b/policy/modules/services/lpd.if
index 9c1c7cf..c358cd7 100644
--- a/policy/modules/services/lpd.if
+++ b/policy/modules/services/lpd.if
@@ -134,6 +134,7 @@ interface(`lpd_manage_spool',`
 	files_search_spool($1)
 	manage_dirs_pattern($1, print_spool_t, print_spool_t)
 	manage_files_pattern($1, print_spool_t, print_spool_t)
+	manage_lnk_files_pattern($1, print_spool_t, print_spool_t)
 ')
 
 ########################################
diff --git a/policy/modules/services/lpd.te b/policy/modules/services/lpd.te
index 8604239..9c6b9ce 100644
--- a/policy/modules/services/lpd.te
+++ b/policy/modules/services/lpd.te
@@ -1,5 +1,5 @@
 
-policy_module(lpd, 1.11.2)
+policy_module(lpd, 1.11.3)
 
 ########################################
 #
diff --git a/policy/modules/services/portreserve.te b/policy/modules/services/portreserve.te
index 347387b..7e1cf86 100644
--- a/policy/modules/services/portreserve.te
+++ b/policy/modules/services/portreserve.te
@@ -1,5 +1,5 @@
 
-policy_module(portreserve, 1.0.0)
+policy_module(portreserve, 1.0.1)
 
 ########################################
 #
@@ -37,9 +37,11 @@ manage_files_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t
 manage_sock_files_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t)
 files_pid_filetrans(portreserve_t, portreserve_var_run_t, { file sock_file })
 
+corenet_all_recvfrom_unlabeled(portreserve_t)
+corenet_all_recvfrom_netlabel(portreserve_t)
 corenet_tcp_bind_generic_node(portreserve_t)
 corenet_udp_bind_generic_node(portreserve_t)
-corenet_tcp_bind_all_reserved_ports(portreserve_t)
-corenet_udp_bind_all_reserved_ports(portreserve_t)
+corenet_tcp_bind_all_ports(portreserve_t)
+corenet_udp_bind_all_ports(portreserve_t)
 
 files_read_etc_files(portreserve_t)
diff --git a/policy/modules/services/privoxy.te b/policy/modules/services/privoxy.te
index 9660faa..d95879a 100644
--- a/policy/modules/services/privoxy.te
+++ b/policy/modules/services/privoxy.te
@@ -1,11 +1,19 @@
 
-policy_module(privoxy, 1.8.2)
+policy_module(privoxy, 1.8.3)
 
 ########################################
 #
 # Declarations
 #
 
+## <desc>
+## <p>
+## Allow privoxy to connect to all ports, not just
+## HTTP, FTP, and Gopher ports.
+## </p>
+## </desc>
+gen_tunable(privoxy_connect_any, false)
+
 type privoxy_t; # web_client_domain
 type privoxy_exec_t;
 init_daemon_domain(privoxy_t, privoxy_exec_t)
@@ -70,23 +78,20 @@ domain_use_interactive_fds(privoxy_t)
 
 files_read_etc_files(privoxy_t)
 
+auth_use_nsswitch(privoxy_t)
+
 logging_send_syslog_msg(privoxy_t)
 
 miscfiles_read_localization(privoxy_t)
 
-sysnet_dns_name_resolve(privoxy_t)
-
 userdom_dontaudit_use_unpriv_user_fds(privoxy_t)
 userdom_dontaudit_search_user_home_dirs(privoxy_t)
 # cjp: this should really not be needed
 userdom_use_user_terminals(privoxy_t)
 
-optional_policy(`
-	nis_use_ypbind(privoxy_t)
-')
-
-optional_policy(`
-	nscd_socket_use(privoxy_t)
+tunable_policy(`privoxy_connect_any',`
+	corenet_tcp_connect_all_ports(privoxy_t)
+	corenet_sendrecv_all_client_packets(privoxy_t)
 ')
 
 optional_policy(`
diff --git a/policy/modules/services/sasl.te b/policy/modules/services/sasl.te
index 4d47b0a..703c8d9 100644
--- a/policy/modules/services/sasl.te
+++ b/policy/modules/services/sasl.te
@@ -1,5 +1,5 @@
 
-policy_module(sasl, 1.11.2)
+policy_module(sasl, 1.11.3)
 
 ########################################
 #
@@ -99,6 +99,7 @@ tunable_policy(`allow_saslauthd_read_shadow',`
 
 optional_policy(`
 	kerberos_keytab_template(saslauthd, saslauthd_t)
+	kerberos_manage_host_rcache(saslauthd_t)
 ')
 
 optional_policy(`
@@ -107,6 +108,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	nis_authenticate(saslauthd_t)
+')
+
+optional_policy(`
 	seutil_sigchld_newrole(saslauthd_t)
 ')

More information about the scm-commits mailing list