[selinux-policy/f12/master] - Allow logwatch to use zz-disk_space logwatch script - Allow radius setrlimit
Miroslav Grepl
mgrepl at fedoraproject.org
Tue Oct 26 12:20:32 UTC 2010
commit be062150238db22b883b9e2491d8dc8665723a66
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Tue Oct 26 14:20:16 2010 +0200
- Allow logwatch to use zz-disk_space logwatch script
- Allow radius setrlimit
policy-20100106.patch | 19 +++++++++++++++++--
selinux-policy.spec | 6 +++++-
2 files changed, 22 insertions(+), 3 deletions(-)
---
diff --git a/policy-20100106.patch b/policy-20100106.patch
index 6ad11b0..4369cea 100644
--- a/policy-20100106.patch
+++ b/policy-20100106.patch
@@ -704,7 +704,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/run/epylog\.pid gen_context(system_u:object_r:logwatch_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-3.6.32/policy/modules/admin/logwatch.te
--- nsaserefpolicy/policy/modules/admin/logwatch.te 2010-01-18 18:24:22.550542523 +0100
-+++ serefpolicy-3.6.32/policy/modules/admin/logwatch.te 2010-06-23 09:48:20.982863188 +0200
++++ serefpolicy-3.6.32/policy/modules/admin/logwatch.te 2010-10-26 13:37:29.640651252 +0200
@@ -20,6 +20,9 @@
type logwatch_tmp_t;
files_tmp_file(logwatch_tmp_t)
@@ -725,7 +725,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kernel_read_fs_sysctls(logwatch_t)
kernel_read_kernel_sysctls(logwatch_t)
kernel_read_system_state(logwatch_t)
-@@ -103,6 +109,11 @@
+@@ -103,8 +109,14 @@
mta_send_mail(logwatch_t)
@@ -736,7 +736,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
ifdef(`distro_redhat',`
files_search_all(logwatch_t)
++ files_getattr_all_files(logwatch_t)
files_getattr_all_file_type_fs(logwatch_t)
+ ')
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mcelog.fc serefpolicy-3.6.32/policy/modules/admin/mcelog.fc
--- nsaserefpolicy/policy/modules/admin/mcelog.fc 1970-01-01 01:00:00.000000000 +0100
+++ serefpolicy-3.6.32/policy/modules/admin/mcelog.fc 2010-02-03 17:54:52.841394806 +0100
@@ -13473,6 +13476,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+miscfiles_read_localization(qpidd_t)
+
+sysnet_dns_name_resolve(qpidd_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.te serefpolicy-3.6.32/policy/modules/services/radius.te
+--- nsaserefpolicy/policy/modules/services/radius.te 2009-09-16 16:01:19.000000000 +0200
++++ serefpolicy-3.6.32/policy/modules/services/radius.te 2010-10-26 13:42:30.532650859 +0200
+@@ -37,7 +37,7 @@
+ # gzip also needs chown access to preserve GID for radwtmp files
+ allow radiusd_t self:capability { chown dac_override fsetid kill setgid setuid sys_resource sys_tty_config };
+ dontaudit radiusd_t self:capability sys_tty_config;
+-allow radiusd_t self:process { getsched setsched sigkill signal };
++allow radiusd_t self:process { getsched setsched setrlimit sigkill signal };
+ allow radiusd_t self:fifo_file rw_fifo_file_perms;
+ allow radiusd_t self:unix_stream_socket create_stream_socket_perms;
+ allow radiusd_t self:tcp_socket create_stream_socket_perms;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.if serefpolicy-3.6.32/policy/modules/services/rgmanager.if
--- nsaserefpolicy/policy/modules/services/rgmanager.if 2010-01-18 18:24:22.870539995 +0100
+++ serefpolicy-3.6.32/policy/modules/services/rgmanager.if 2010-02-23 19:35:04.211525807 +0100
diff --git a/selinux-policy.spec b/selinux-policy.spec
index cecf514..8797b74 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.6.32
-Release: 123%{?dist}
+Release: 124%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -469,6 +469,10 @@ exit 0
%endif
%changelog
+* Tue Oct 26 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.32-124
+- Allow logwatch to use zz-disk_space logwatch script
+- Allow radius setrlimit
+
* Fri Oct 1 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.32-123
- Add label for '/usr/share/sampler/tray/tray'
- Fixes for abrt policy
More information about the scm-commits
mailing list