[selinux-policy/f15] - Allow getcap, setcap for syslogd - Fix label for /usr/lib64/opera/opera

Miroslav Grepl mgrepl at fedoraproject.org
Fri Jul 1 09:49:16 UTC 2011 

commit 1855f503d11cd84b74a035702402f5ef3866bf82
Author: Miroslav Grepl <mgrepl at redhat.com>
Date:   Fri Jul 1 11:49:53 2011 +0200

    - Allow getcap, setcap for syslogd
    - Fix label for /usr/lib64/opera/opera

 policy-F15.patch    |   15 ++++++++++++---
 selinux-policy.spec |    6 +++++-
 2 files changed, 17 insertions(+), 4 deletions(-)
---
diff --git a/policy-F15.patch b/policy-F15.patch
index 733b71f..597b957 100644
--- a/policy-F15.patch
+++ b/policy-F15.patch
@@ -5293,7 +5293,7 @@ index 66beb80..52db7eb 100644
 +	automount_dontaudit_getattr_tmp_dirs(irssi_t)
 +')
 diff --git a/policy/modules/apps/java.fc b/policy/modules/apps/java.fc
-index 86c1768..cd76e6a 100644
+index 86c1768..afdcf1c 100644
 --- a/policy/modules/apps/java.fc
 +++ b/policy/modules/apps/java.fc
 @@ -5,10 +5,13 @@
@@ -5310,6 +5310,15 @@ index 86c1768..cd76e6a 100644
  /usr/(.*/)?bin/java.* 	--	gen_context(system_u:object_r:java_exec_t,s0)
  /usr/bin/fastjar	--	gen_context(system_u:object_r:java_exec_t,s0)
  /usr/bin/frysk		--	gen_context(system_u:object_r:java_exec_t,s0)
+@@ -25,7 +28,7 @@
+ /usr/lib(.*/)?bin/java[^/]* --	gen_context(system_u:object_r:java_exec_t,s0)
+ /usr/lib/eclipse/eclipse --	gen_context(system_u:object_r:java_exec_t,s0)
+ /usr/lib/jvm/java(.*/)bin(/.*)? -- gen_context(system_u:object_r:java_exec_t,s0)
+-/usr/lib/opera(/.*)?/opera --	gen_context(system_u:object_r:java_exec_t,s0)
++/usr/lib(64)?/opera(/.*)?/opera --	gen_context(system_u:object_r:java_exec_t,s0)
+ /usr/lib/opera(/.*)?/works --	gen_context(system_u:object_r:java_exec_t,s0)
+ /usr/lib64/jvm/java(.*/)bin(/.*)? -- gen_context(system_u:object_r:java_exec_t,s0)
+ 
 @@ -33,6 +36,9 @@
  
  /usr/matlab.*/bin.*/MATLAB.* -- gen_context(system_u:object_r:java_exec_t,s0)
@@ -53736,7 +53745,7 @@ index c7cfb62..ee89659 100644
  	init_labeled_script_domtrans($1, syslogd_initrc_exec_t)
  	domain_system_change_exemption($1)
 diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
-index 9b5a9ed..68fe7d8 100644
+index 9b5a9ed..389ed25 100644
 --- a/policy/modules/system/logging.te
 +++ b/policy/modules/system/logging.te
 @@ -19,6 +19,11 @@ type auditd_log_t;
@@ -53851,7 +53860,7 @@ index 9b5a9ed..68fe7d8 100644
  # setpgid for metalog
  # setrlimit for syslog-ng
 -allow syslogd_t self:process { signal_perms setpgid setrlimit };
-+allow syslogd_t self:process { signal_perms setpgid setsched setrlimit };
++allow syslogd_t self:process { signal_perms setpgid setsched setrlimit setcap getcap };
  # receive messages to be logged
  allow syslogd_t self:unix_dgram_socket create_socket_perms;
  allow syslogd_t self:unix_stream_socket create_stream_socket_perms;
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 0bea73d..b61c38f 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -21,7 +21,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.9.16
-Release: 31%{?dist}
+Release: 32%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -471,6 +471,10 @@ exit 0
 %endif
 
 %changelog
+* Fri July 1 2011 Miroslav Grepl <mgrepl at redhat.com> 3.9.16-32
+- Allow getcap, setcap for syslogd
+- Fix label for /usr/lib64/opera/opera
+
 * Thu Jun 30 2011 Miroslav Grepl <mgrepl at redhat.com> 3.9.16-31
 - Make mozilla_plugin_tmpfs_t as userdom_user_tmpfs_content()
 - Allow init to delete all pid sockets

More information about the scm-commits mailing list