[selinux-policy/f16] Fix fc_sort typo
Miroslav Grepl
mgrepl at fedoraproject.org
Wed Aug 3 21:47:08 UTC 2011
commit aee77a025537bf3198e08b81eb586dc227502485
Author: Miroslav <mgrepl at redhat.com>
Date: Wed Aug 3 23:46:48 2011 +0200
Fix fc_sort typo
policy-F16.patch | 156 +++++++++++++++++++++++++++-----------------------
selinux-policy.spec | 5 +-
2 files changed, 88 insertions(+), 73 deletions(-)
---
diff --git a/policy-F16.patch b/policy-F16.patch
index 860e92d..4f45abe 100644
--- a/policy-F16.patch
+++ b/policy-F16.patch
@@ -1084,7 +1084,7 @@ index 3c7b1e8..1e155f5 100644
+
+/var/run/epylog\.pid gen_context(system_u:object_r:logwatch_var_run_t,s0)
diff --git a/policy/modules/admin/logwatch.te b/policy/modules/admin/logwatch.te
-index 75ce30f..b48b383 100644
+index 75ce30f..7db2988 100644
--- a/policy/modules/admin/logwatch.te
+++ b/policy/modules/admin/logwatch.te
@@ -19,6 +19,12 @@ files_lock_file(logwatch_lock_t)
@@ -1143,7 +1143,7 @@ index 75ce30f..b48b383 100644
files_getattr_all_file_type_fs(logwatch_t)
')
-@@ -145,3 +160,22 @@ optional_policy(`
+@@ -145,3 +160,23 @@ optional_policy(`
samba_read_log(logwatch_t)
samba_read_share_files(logwatch_t)
')
@@ -1158,6 +1158,7 @@ index 75ce30f..b48b383 100644
+manage_files_pattern(logwatch_mail_t, logwatch_tmp_t, logwatch_tmp_t)
+
+dev_read_rand(logwatch_mail_t)
++dev_read_sysfs(logwatch_mail_t)
+
+logging_read_all_logs(logwatch_mail_t)
+
@@ -6678,7 +6679,7 @@ index 93ac529..35b51ab 100644
+/usr/lib/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
+/usr/lib/xulrunner[^/]*/plugin-container -- gen_context(system_u:object_r:mozilla_plugin_exec_t,s0)
diff --git a/policy/modules/apps/mozilla.if b/policy/modules/apps/mozilla.if
-index fbb5c5a..170963f 100644
+index fbb5c5a..2339227 100644
--- a/policy/modules/apps/mozilla.if
+++ b/policy/modules/apps/mozilla.if
@@ -29,6 +29,8 @@ interface(`mozilla_role',`
@@ -6716,7 +6717,7 @@ index fbb5c5a..170963f 100644
')
########################################
-@@ -228,6 +238,33 @@ interface(`mozilla_run_plugin',`
+@@ -228,6 +238,35 @@ interface(`mozilla_run_plugin',`
mozilla_domtrans_plugin($1)
role $2 types mozilla_plugin_t;
@@ -6725,6 +6726,8 @@ index fbb5c5a..170963f 100644
+ allow $1 mozilla_plugin_t:fd use;
+
+ allow mozilla_plugin_t $1:unix_stream_socket rw_socket_perms;
++ allow mozilla_plugin_t $1:shm rw_shm_perms;
++ allow mozilla_plugin_t $1:sem create_sem_perms;
+
+ ps_process_pattern($1, mozilla_plugin_t)
+ allow $1 mozilla_plugin_t:process { ptrace signal_perms };
@@ -6750,7 +6753,7 @@ index fbb5c5a..170963f 100644
')
########################################
-@@ -269,9 +306,27 @@ interface(`mozilla_rw_tcp_sockets',`
+@@ -269,9 +308,27 @@ interface(`mozilla_rw_tcp_sockets',`
allow $1 mozilla_t:tcp_socket rw_socket_perms;
')
@@ -6779,7 +6782,7 @@ index fbb5c5a..170963f 100644
## </summary>
## <param name="domain">
## <summary>
-@@ -279,28 +334,28 @@ interface(`mozilla_rw_tcp_sockets',`
+@@ -279,28 +336,28 @@ interface(`mozilla_rw_tcp_sockets',`
## </summary>
## </param>
#
@@ -16004,7 +16007,7 @@ index 6346378..edbe041 100644
+')
+
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
-index d91c62f..9740613 100644
+index d91c62f..848f59b 100644
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@@ -50,6 +50,8 @@ sid kernel gen_context(system_u:system_r:kernel_t,mls_systemhigh)
@@ -16024,12 +16027,21 @@ index d91c62f..9740613 100644
# These initial sids are no longer used, and can be removed:
sid any_socket gen_context(system_u:object_r:unlabeled_t,mls_systemhigh)
-@@ -247,6 +250,9 @@ dev_delete_generic_blk_files(kernel_t)
- dev_create_generic_chr_files(kernel_t)
- dev_delete_generic_chr_files(kernel_t)
+@@ -242,11 +245,14 @@ dev_search_usbfs(kernel_t)
+ # devtmpfs handling:
+ dev_create_generic_dirs(kernel_t)
+ dev_delete_generic_dirs(kernel_t)
+-dev_create_generic_blk_files(kernel_t)
+-dev_delete_generic_blk_files(kernel_t)
+-dev_create_generic_chr_files(kernel_t)
+-dev_delete_generic_chr_files(kernel_t)
++dev_create_all_blk_files(kernel_t)
++dev_delete_all_blk_files(kernel_t)
++dev_create_all_chr_files(kernel_t)
++dev_delete_all_chr_files(kernel_t)
dev_mounton(kernel_t)
+dev_filetrans_all_named_dev(kernel_t)
-+#storage_filetrans_all_named_dev(kernel_t)
++storage_filetrans_all_named_dev(kernel_t)
+term_filetrans_all_named_dev(kernel_t)
# Mount root file system. Used when loading a policy
@@ -35215,7 +35227,7 @@ index da2127e..6538d66 100644
+
+sysnet_read_config(jabberd_domain)
diff --git a/policy/modules/services/kerberos.fc b/policy/modules/services/kerberos.fc
-index 3525d24..74ec098 100644
+index 3525d24..e065744 100644
--- a/policy/modules/services/kerberos.fc
+++ b/policy/modules/services/kerberos.fc
@@ -8,7 +8,7 @@ HOME_DIR/\.k5login -- gen_context(system_u:object_r:krb5_home_t,s0)
@@ -35227,13 +35239,12 @@ index 3525d24..74ec098 100644
/etc/rc\.d/init\.d/kprop -- gen_context(system_u:object_r:kerberos_initrc_exec_t,s0)
/etc/rc\.d/init\.d/krb524d -- gen_context(system_u:object_r:kerberos_initrc_exec_t,s0)
/etc/rc\.d/init\.d/krb5kdc -- gen_context(system_u:object_r:kerberos_initrc_exec_t,s0)
-@@ -30,4 +30,8 @@ HOME_DIR/\.k5login -- gen_context(system_u:object_r:krb5_home_t,s0)
+@@ -30,4 +30,7 @@ HOME_DIR/\.k5login -- gen_context(system_u:object_r:krb5_home_t,s0)
/var/log/krb5kdc\.log gen_context(system_u:object_r:krb5kdc_log_t,s0)
/var/log/kadmin(d)?\.log gen_context(system_u:object_r:kadmind_log_t,s0)
+/var/cache/krb5rcache(/.*)? gen_context(system_u:object_r:krb5_host_rcache_t,s0)
+
-+krb5_host_rcache_t
/var/tmp/host_0 -- gen_context(system_u:object_r:krb5_host_rcache_t,s0)
+/var/tmp/HTTP_23 -- gen_context(system_u:object_r:krb5_host_rcache_t,s0)
diff --git a/policy/modules/services/kerberos.if b/policy/modules/services/kerberos.if
@@ -37663,15 +37674,14 @@ index 47e3612..ece07ab 100644
# The milter runs from /var/lib/spamass-milter
diff --git a/policy/modules/services/mock.fc b/policy/modules/services/mock.fc
new file mode 100644
-index 0000000..68ad33f
+index 0000000..8d0e473
--- /dev/null
+++ b/policy/modules/services/mock.fc
-@@ -0,0 +1,6 @@
+@@ -0,0 +1,5 @@
+
+/usr/sbin/mock -- gen_context(system_u:object_r:mock_exec_t,s0)
+
-+/var/lib/mock -d gen_context(system_u:object_r:mock_var_lib_t,s0)
-+/var/lib/mock(/.*)? <<none>>
++/var/lib/mock(/.*)? gen_context(system_u:object_r:mock_var_lib_t,s0)
+/var/cache/mock(/.*)? gen_context(system_u:object_r:mock_cache_t,s0)
diff --git a/policy/modules/services/mock.if b/policy/modules/services/mock.if
new file mode 100644
@@ -49859,7 +49869,7 @@ index adea9f9..d5b2d93 100644
init_labeled_script_domtrans($1, fsdaemon_initrc_exec_t)
diff --git a/policy/modules/services/smartmon.te b/policy/modules/services/smartmon.te
-index 606a098..f00a814 100644
+index 606a098..5e4d100 100644
--- a/policy/modules/services/smartmon.te
+++ b/policy/modules/services/smartmon.te
@@ -35,7 +35,7 @@ ifdef(`enable_mls',`
@@ -49867,7 +49877,7 @@ index 606a098..f00a814 100644
#
-allow fsdaemon_t self:capability { setpcap setgid sys_rawio sys_admin };
-+allow fsdaemon_t self:capability { dac_override setpcap setgid sys_rawio sys_admin };
++allow fsdaemon_t self:capability { dac_override kill setpcap setgid sys_rawio sys_admin };
dontaudit fsdaemon_t self:capability sys_tty_config;
allow fsdaemon_t self:process { getcap setcap signal_perms };
allow fsdaemon_t self:fifo_file rw_fifo_file_perms;
@@ -57262,7 +57272,7 @@ index 21ae664..3e448dd 100644
+ manage_dirs_pattern($1, zarafa_var_lib_t, zarafa_var_lib_t)
+')
diff --git a/policy/modules/services/zarafa.te b/policy/modules/services/zarafa.te
-index 9fb4747..16b2616 100644
+index 9fb4747..a59cfc2 100644
--- a/policy/modules/services/zarafa.te
+++ b/policy/modules/services/zarafa.te
@@ -18,6 +18,10 @@ files_config_file(zarafa_etc_t)
@@ -57285,7 +57295,7 @@ index 9fb4747..16b2616 100644
########################################
#
# zarafa-deliver local policy
-@@ -57,6 +63,21 @@ corenet_tcp_sendrecv_all_ports(zarafa_gateway_t)
+@@ -57,6 +63,20 @@ corenet_tcp_sendrecv_all_ports(zarafa_gateway_t)
corenet_tcp_bind_generic_node(zarafa_gateway_t)
corenet_tcp_bind_pop_port(zarafa_gateway_t)
@@ -57303,11 +57313,10 @@ index 9fb4747..16b2616 100644
+manage_dirs_pattern(zarafa_indexer_t, zarafa_var_lib_t, zarafa_var_lib_t)
+manage_files_pattern(zarafa_indexer_t, zarafa_var_lib_t, zarafa_var_lib_t)
+
-+
#######################################
#
# zarafa-ical local policy
-@@ -136,6 +157,34 @@ corenet_tcp_sendrecv_generic_node(zarafa_spooler_t)
+@@ -136,6 +156,36 @@ corenet_tcp_sendrecv_generic_node(zarafa_spooler_t)
corenet_tcp_sendrecv_all_ports(zarafa_spooler_t)
corenet_tcp_connect_smtp_port(zarafa_spooler_t)
@@ -57321,6 +57330,8 @@ index 9fb4747..16b2616 100644
+allow zarafa_gateway_t self:capability { chown kill };
+allow zarafa_gateway_t self:process setrlimit;
+
++dev_read_rand(zarafa_gateway_t)
++
+corenet_tcp_bind_pop_port(zarafa_gateway_t)
+
+#######################################
@@ -57342,7 +57353,7 @@ index 9fb4747..16b2616 100644
########################################
#
# zarafa domains local policy
-@@ -156,6 +205,4 @@ kernel_read_system_state(zarafa_domain)
+@@ -156,6 +206,4 @@ kernel_read_system_state(zarafa_domain)
files_read_etc_files(zarafa_domain)
@@ -59254,7 +59265,7 @@ index 94fd8dd..417ec32 100644
+ read_fifo_files_pattern($1, init_var_run_t, init_var_run_t)
+')
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
-index 29a9565..4d20828 100644
+index 29a9565..2163271 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -16,6 +16,34 @@ gen_require(`
@@ -59330,7 +59341,7 @@ index 29a9565..4d20828 100644
# is ~sys_module really needed? observed:
# sys_boot
# sys_tty_config
-@@ -100,11 +134,15 @@ allow init_t self:fifo_file rw_fifo_file_perms;
+@@ -100,11 +134,16 @@ allow init_t self:fifo_file rw_fifo_file_perms;
# Re-exec itself
can_exec(init_t, init_exec_t)
@@ -59347,10 +59358,11 @@ index 29a9565..4d20828 100644
+manage_lnk_files_pattern(init_t, init_var_run_t, init_var_run_t)
+manage_sock_files_pattern(init_t, init_var_run_t, init_var_run_t)
+files_pid_filetrans(init_t, init_var_run_t, { dir file })
++allow init_t init_var_run_t:dir mounton;
allow init_t initctl_t:fifo_file manage_fifo_file_perms;
dev_filetrans(init_t, initctl_t, fifo_file)
-@@ -114,25 +152,34 @@ allow init_t initrc_var_run_t:file { rw_file_perms setattr };
+@@ -114,25 +153,34 @@ allow init_t initrc_var_run_t:file { rw_file_perms setattr };
kernel_read_system_state(init_t)
kernel_share_state(init_t)
@@ -59385,7 +59397,7 @@ index 29a9565..4d20828 100644
files_etc_filetrans_etc_runtime(init_t, file)
# Run /etc/X11/prefdm:
files_exec_etc_files(init_t)
-@@ -151,10 +198,19 @@ mls_file_read_all_levels(init_t)
+@@ -151,10 +199,19 @@ mls_file_read_all_levels(init_t)
mls_file_write_all_levels(init_t)
mls_process_write_down(init_t)
mls_fd_use_all_levels(init_t)
@@ -59406,7 +59418,7 @@ index 29a9565..4d20828 100644
# Run init scripts.
init_domtrans_script(init_t)
-@@ -162,12 +218,16 @@ init_domtrans_script(init_t)
+@@ -162,12 +219,16 @@ init_domtrans_script(init_t)
libs_rw_ld_so_cache(init_t)
logging_send_syslog_msg(init_t)
@@ -59423,7 +59435,7 @@ index 29a9565..4d20828 100644
ifdef(`distro_gentoo',`
allow init_t self:process { getcap setcap };
')
-@@ -178,7 +238,7 @@ ifdef(`distro_redhat',`
+@@ -178,7 +239,7 @@ ifdef(`distro_redhat',`
fs_tmpfs_filetrans(init_t, initctl_t, fifo_file)
')
@@ -59432,7 +59444,7 @@ index 29a9565..4d20828 100644
corecmd_shell_domtrans(init_t, initrc_t)
',`
# Run the shell in the sysadm role for single-user mode.
-@@ -186,16 +246,136 @@ tunable_policy(`init_upstart',`
+@@ -186,16 +247,137 @@ tunable_policy(`init_upstart',`
sysadm_shell_domtrans(init_t)
')
@@ -59497,6 +59509,7 @@ index 29a9565..4d20828 100644
+ files_create_lock_dirs(init_t)
+ files_relabel_all_lock_dirs(init_t)
+
++ fs_getattr_all_fs(init_t)
+ fs_manage_cgroup_dirs(init_t)
+ fs_manage_cgroup_files(init_t)
+ fs_manage_hugetlbfs_dirs(init_t)
@@ -59571,7 +59584,7 @@ index 29a9565..4d20828 100644
')
optional_policy(`
-@@ -203,6 +383,17 @@ optional_policy(`
+@@ -203,6 +385,17 @@ optional_policy(`
')
optional_policy(`
@@ -59589,7 +59602,7 @@ index 29a9565..4d20828 100644
unconfined_domain(init_t)
')
-@@ -212,7 +403,7 @@ optional_policy(`
+@@ -212,7 +405,7 @@ optional_policy(`
#
allow initrc_t self:process { getpgid setsched setpgid setrlimit getsched };
@@ -59598,7 +59611,7 @@ index 29a9565..4d20828 100644
dontaudit initrc_t self:capability sys_module; # sysctl is triggering this
allow initrc_t self:passwd rootok;
allow initrc_t self:key manage_key_perms;
-@@ -241,12 +432,15 @@ manage_fifo_files_pattern(initrc_t, initrc_state_t, initrc_state_t)
+@@ -241,12 +434,15 @@ manage_fifo_files_pattern(initrc_t, initrc_state_t, initrc_state_t)
allow initrc_t initrc_var_run_t:file manage_file_perms;
files_pid_filetrans(initrc_t, initrc_var_run_t, file)
@@ -59614,7 +59627,7 @@ index 29a9565..4d20828 100644
init_write_initctl(initrc_t)
-@@ -258,20 +452,32 @@ kernel_change_ring_buffer_level(initrc_t)
+@@ -258,20 +454,32 @@ kernel_change_ring_buffer_level(initrc_t)
kernel_clear_ring_buffer(initrc_t)
kernel_get_sysvipc_info(initrc_t)
kernel_read_all_sysctls(initrc_t)
@@ -59651,7 +59664,7 @@ index 29a9565..4d20828 100644
corenet_tcp_sendrecv_all_ports(initrc_t)
corenet_udp_sendrecv_all_ports(initrc_t)
corenet_tcp_connect_all_ports(initrc_t)
-@@ -279,6 +485,7 @@ corenet_sendrecv_all_client_packets(initrc_t)
+@@ -279,6 +487,7 @@ corenet_sendrecv_all_client_packets(initrc_t)
dev_read_rand(initrc_t)
dev_read_urand(initrc_t)
@@ -59659,7 +59672,7 @@ index 29a9565..4d20828 100644
dev_write_kmsg(initrc_t)
dev_write_rand(initrc_t)
dev_write_urand(initrc_t)
-@@ -289,8 +496,10 @@ dev_write_framebuffer(initrc_t)
+@@ -289,8 +498,10 @@ dev_write_framebuffer(initrc_t)
dev_read_realtime_clock(initrc_t)
dev_read_sound_mixer(initrc_t)
dev_write_sound_mixer(initrc_t)
@@ -59670,7 +59683,7 @@ index 29a9565..4d20828 100644
dev_delete_lvm_control_dev(initrc_t)
dev_manage_generic_symlinks(initrc_t)
dev_manage_generic_files(initrc_t)
-@@ -298,13 +507,14 @@ dev_manage_generic_files(initrc_t)
+@@ -298,13 +509,14 @@ dev_manage_generic_files(initrc_t)
dev_delete_generic_symlinks(initrc_t)
dev_getattr_all_blk_files(initrc_t)
dev_getattr_all_chr_files(initrc_t)
@@ -59687,7 +59700,7 @@ index 29a9565..4d20828 100644
domain_sigchld_all_domains(initrc_t)
domain_read_all_domains_state(initrc_t)
domain_getattr_all_domains(initrc_t)
-@@ -316,6 +526,7 @@ domain_dontaudit_getattr_all_udp_sockets(initrc_t)
+@@ -316,6 +528,7 @@ domain_dontaudit_getattr_all_udp_sockets(initrc_t)
domain_dontaudit_getattr_all_tcp_sockets(initrc_t)
domain_dontaudit_getattr_all_dgram_sockets(initrc_t)
domain_dontaudit_getattr_all_pipes(initrc_t)
@@ -59695,7 +59708,7 @@ index 29a9565..4d20828 100644
files_getattr_all_dirs(initrc_t)
files_getattr_all_files(initrc_t)
-@@ -323,8 +534,10 @@ files_getattr_all_symlinks(initrc_t)
+@@ -323,8 +536,10 @@ files_getattr_all_symlinks(initrc_t)
files_getattr_all_pipes(initrc_t)
files_getattr_all_sockets(initrc_t)
files_purge_tmp(initrc_t)
@@ -59707,7 +59720,7 @@ index 29a9565..4d20828 100644
files_delete_all_pids(initrc_t)
files_delete_all_pid_dirs(initrc_t)
files_read_etc_files(initrc_t)
-@@ -340,8 +553,12 @@ files_list_isid_type_dirs(initrc_t)
+@@ -340,8 +555,12 @@ files_list_isid_type_dirs(initrc_t)
files_mounton_isid_type_dirs(initrc_t)
files_list_default(initrc_t)
files_mounton_default(initrc_t)
@@ -59721,7 +59734,7 @@ index 29a9565..4d20828 100644
fs_list_inotifyfs(initrc_t)
fs_register_binary_executable_type(initrc_t)
# rhgb-console writes to ramfs
-@@ -351,6 +568,8 @@ fs_mount_all_fs(initrc_t)
+@@ -351,6 +570,8 @@ fs_mount_all_fs(initrc_t)
fs_unmount_all_fs(initrc_t)
fs_remount_all_fs(initrc_t)
fs_getattr_all_fs(initrc_t)
@@ -59730,7 +59743,7 @@ index 29a9565..4d20828 100644
# initrc_t needs to do a pidof which requires ptrace
mcs_ptrace_all(initrc_t)
-@@ -363,6 +582,7 @@ mls_process_read_up(initrc_t)
+@@ -363,6 +584,7 @@ mls_process_read_up(initrc_t)
mls_process_write_down(initrc_t)
mls_rangetrans_source(initrc_t)
mls_fd_share_all_levels(initrc_t)
@@ -59738,7 +59751,7 @@ index 29a9565..4d20828 100644
selinux_get_enforce_mode(initrc_t)
-@@ -374,6 +594,7 @@ term_use_all_terms(initrc_t)
+@@ -374,6 +596,7 @@ term_use_all_terms(initrc_t)
term_reset_tty_labels(initrc_t)
auth_rw_login_records(initrc_t)
@@ -59746,7 +59759,7 @@ index 29a9565..4d20828 100644
auth_setattr_login_records(initrc_t)
auth_rw_lastlog(initrc_t)
auth_read_pam_pid(initrc_t)
-@@ -394,18 +615,17 @@ logging_read_audit_config(initrc_t)
+@@ -394,18 +617,17 @@ logging_read_audit_config(initrc_t)
miscfiles_read_localization(initrc_t)
# slapd needs to read cert files from its initscript
@@ -59768,7 +59781,7 @@ index 29a9565..4d20828 100644
ifdef(`distro_debian',`
dev_setattr_generic_dirs(initrc_t)
-@@ -458,6 +678,10 @@ ifdef(`distro_gentoo',`
+@@ -458,6 +680,10 @@ ifdef(`distro_gentoo',`
sysnet_setattr_config(initrc_t)
optional_policy(`
@@ -59779,7 +59792,7 @@ index 29a9565..4d20828 100644
alsa_read_lib(initrc_t)
')
-@@ -478,7 +702,7 @@ ifdef(`distro_redhat',`
+@@ -478,7 +704,7 @@ ifdef(`distro_redhat',`
# Red Hat systems seem to have a stray
# fd open from the initrd
@@ -59788,7 +59801,7 @@ index 29a9565..4d20828 100644
files_dontaudit_read_root_files(initrc_t)
# These seem to be from the initrd
-@@ -493,6 +717,7 @@ ifdef(`distro_redhat',`
+@@ -493,6 +719,7 @@ ifdef(`distro_redhat',`
files_create_boot_dirs(initrc_t)
files_create_boot_flag(initrc_t)
files_rw_boot_symlinks(initrc_t)
@@ -59796,7 +59809,7 @@ index 29a9565..4d20828 100644
# wants to read /.fonts directory
files_read_default_files(initrc_t)
files_mountpoint(initrc_tmp_t)
-@@ -522,8 +747,33 @@ ifdef(`distro_redhat',`
+@@ -522,8 +749,33 @@ ifdef(`distro_redhat',`
')
optional_policy(`
@@ -59830,7 +59843,7 @@ index 29a9565..4d20828 100644
')
optional_policy(`
-@@ -531,10 +781,26 @@ ifdef(`distro_redhat',`
+@@ -531,10 +783,26 @@ ifdef(`distro_redhat',`
rpc_write_exports(initrc_t)
rpc_manage_nfs_state_data(initrc_t)
')
@@ -59857,7 +59870,7 @@ index 29a9565..4d20828 100644
')
optional_policy(`
-@@ -549,6 +815,39 @@ ifdef(`distro_suse',`
+@@ -549,6 +817,39 @@ ifdef(`distro_suse',`
')
')
@@ -59897,7 +59910,7 @@ index 29a9565..4d20828 100644
optional_policy(`
amavis_search_lib(initrc_t)
amavis_setattr_pid_files(initrc_t)
-@@ -561,6 +860,8 @@ optional_policy(`
+@@ -561,6 +862,8 @@ optional_policy(`
optional_policy(`
apache_read_config(initrc_t)
apache_list_modules(initrc_t)
@@ -59906,7 +59919,7 @@ index 29a9565..4d20828 100644
')
optional_policy(`
-@@ -577,6 +878,7 @@ optional_policy(`
+@@ -577,6 +880,7 @@ optional_policy(`
optional_policy(`
cgroup_stream_connect_cgred(initrc_t)
@@ -59914,7 +59927,7 @@ index 29a9565..4d20828 100644
')
optional_policy(`
-@@ -589,6 +891,11 @@ optional_policy(`
+@@ -589,6 +893,11 @@ optional_policy(`
')
optional_policy(`
@@ -59926,7 +59939,7 @@ index 29a9565..4d20828 100644
dev_getattr_printer_dev(initrc_t)
cups_read_log(initrc_t)
-@@ -605,9 +912,13 @@ optional_policy(`
+@@ -605,9 +914,13 @@ optional_policy(`
dbus_connect_system_bus(initrc_t)
dbus_system_bus_client(initrc_t)
dbus_read_config(initrc_t)
@@ -59940,7 +59953,7 @@ index 29a9565..4d20828 100644
')
optional_policy(`
-@@ -649,6 +960,11 @@ optional_policy(`
+@@ -649,6 +962,11 @@ optional_policy(`
')
optional_policy(`
@@ -59952,7 +59965,7 @@ index 29a9565..4d20828 100644
inn_exec_config(initrc_t)
')
-@@ -689,6 +1005,7 @@ optional_policy(`
+@@ -689,6 +1007,7 @@ optional_policy(`
lpd_list_spool(initrc_t)
lpd_read_config(initrc_t)
@@ -59960,7 +59973,7 @@ index 29a9565..4d20828 100644
')
optional_policy(`
-@@ -706,7 +1023,13 @@ optional_policy(`
+@@ -706,7 +1025,13 @@ optional_policy(`
')
optional_policy(`
@@ -59974,7 +59987,7 @@ index 29a9565..4d20828 100644
mta_dontaudit_read_spool_symlinks(initrc_t)
')
-@@ -729,6 +1052,10 @@ optional_policy(`
+@@ -729,6 +1054,10 @@ optional_policy(`
')
optional_policy(`
@@ -59985,7 +59998,7 @@ index 29a9565..4d20828 100644
postgresql_manage_db(initrc_t)
postgresql_read_config(initrc_t)
')
-@@ -738,10 +1065,20 @@ optional_policy(`
+@@ -738,10 +1067,20 @@ optional_policy(`
')
optional_policy(`
@@ -60006,7 +60019,7 @@ index 29a9565..4d20828 100644
quota_manage_flags(initrc_t)
')
-@@ -750,6 +1087,10 @@ optional_policy(`
+@@ -750,6 +1089,10 @@ optional_policy(`
')
optional_policy(`
@@ -60017,7 +60030,7 @@ index 29a9565..4d20828 100644
fs_write_ramfs_sockets(initrc_t)
fs_search_ramfs(initrc_t)
-@@ -771,8 +1112,6 @@ optional_policy(`
+@@ -771,8 +1114,6 @@ optional_policy(`
# bash tries ioctl for some reason
files_dontaudit_ioctl_all_pids(initrc_t)
@@ -60026,7 +60039,7 @@ index 29a9565..4d20828 100644
')
optional_policy(`
-@@ -790,10 +1129,12 @@ optional_policy(`
+@@ -790,10 +1131,12 @@ optional_policy(`
squid_manage_logs(initrc_t)
')
@@ -60039,7 +60052,7 @@ index 29a9565..4d20828 100644
optional_policy(`
ssh_dontaudit_read_server_keys(initrc_t)
-@@ -805,7 +1146,6 @@ optional_policy(`
+@@ -805,7 +1148,6 @@ optional_policy(`
')
optional_policy(`
@@ -60047,7 +60060,7 @@ index 29a9565..4d20828 100644
udev_manage_pid_files(initrc_t)
udev_manage_rules_files(initrc_t)
')
-@@ -815,11 +1155,24 @@ optional_policy(`
+@@ -815,11 +1157,24 @@ optional_policy(`
')
optional_policy(`
@@ -60073,7 +60086,7 @@ index 29a9565..4d20828 100644
ifdef(`distro_redhat',`
# system-config-services causes avc messages that should be dontaudited
-@@ -829,6 +1182,25 @@ optional_policy(`
+@@ -829,6 +1184,25 @@ optional_policy(`
optional_policy(`
mono_domtrans(initrc_t)
')
@@ -60099,7 +60112,7 @@ index 29a9565..4d20828 100644
')
optional_policy(`
-@@ -844,6 +1216,10 @@ optional_policy(`
+@@ -844,6 +1218,10 @@ optional_policy(`
')
optional_policy(`
@@ -60110,7 +60123,7 @@ index 29a9565..4d20828 100644
# Set device ownerships/modes.
xserver_setattr_console_pipes(initrc_t)
-@@ -854,3 +1230,149 @@ optional_policy(`
+@@ -854,3 +1232,149 @@ optional_policy(`
optional_policy(`
zebra_read_config(initrc_t)
')
@@ -63233,7 +63246,7 @@ index 2cc4bda..167c358 100644
+/etc/share/selinux/targeted(/.*)? gen_context(system_u:object_r:semanage_store_t,s0)
+/etc/share/selinux/mls(/.*)? gen_context(system_u:object_r:semanage_store_t,s0)
diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if
-index 170e2c7..7b10445 100644
+index 170e2c7..b85fc73 100644
--- a/policy/modules/system/selinuxutil.if
+++ b/policy/modules/system/selinuxutil.if
@@ -199,6 +199,10 @@ interface(`seutil_run_newrole',`
@@ -63449,7 +63462,7 @@ index 170e2c7..7b10445 100644
## Full management of the semanage
## module store.
## </summary>
-@@ -1149,3 +1313,199 @@ interface(`seutil_dontaudit_libselinux_linked',`
+@@ -1149,3 +1313,198 @@ interface(`seutil_dontaudit_libselinux_linked',`
selinux_dontaudit_get_fs_mount($1)
seutil_dontaudit_read_config($1)
')
@@ -63527,7 +63540,6 @@ index 170e2c7..7b10445 100644
+ seutil_get_semanage_read_lock($1)
+
+ userdom_dontaudit_write_user_home_content_files($1)
-+
+')
+
+
diff --git a/selinux-policy.spec b/selinux-policy.spec
index ee04699..ea33730 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.10.0
-Release: 14%{?dist}
+Release: 15%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -452,6 +452,9 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Wed Aug 3 2011 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-15
+- Fix fc_sort error
+
* Wed Aug 3 2011 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-14
- Add cfengine policy
More information about the scm-commits
mailing list