[selinux-policy/f14/master] - Add label for /usr/share/shorewall/getparams
Miroslav Grepl
mgrepl at fedoraproject.org
Mon Mar 21 08:07:52 UTC 2011
commit 68bbf78c18055feac61ab75fe8a5e462bcfa3dfc
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Mon Mar 21 09:07:46 2011 +0000
- Add label for /usr/share/shorewall/getparams
policy-F14.patch | 29 ++++++++++++++++++++++-------
selinux-policy.spec | 5 ++++-
2 files changed, 26 insertions(+), 8 deletions(-)
---
diff --git a/policy-F14.patch b/policy-F14.patch
index e56fa4d..b9ed5a3 100644
--- a/policy-F14.patch
+++ b/policy-F14.patch
@@ -8386,7 +8386,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.if se
dbus_session_bus_client($1_wm_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.9.7/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2010-10-12 20:42:50.000000000 +0000
-+++ serefpolicy-3.9.7/policy/modules/kernel/corecommands.fc 2011-03-18 15:10:04.615630000 +0000
++++ serefpolicy-3.9.7/policy/modules/kernel/corecommands.fc 2011-03-21 08:55:19.913630000 +0000
@@ -9,8 +9,11 @@
/bin/bash2 -- gen_context(system_u:object_r:shell_exec_t,s0)
/bin/fish -- gen_context(system_u:object_r:shell_exec_t,s0)
@@ -8512,7 +8512,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
/usr/share/gnucash/finance-quote-check -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/gnucash/finance-quote-helper -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
-@@ -314,6 +340,7 @@
+@@ -243,6 +269,7 @@
+ /usr/share/smolt/client(/.*)? gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/shorewall/compiler\.pl -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/shorewall/configpath -- gen_context(system_u:object_r:bin_t,s0)
++/usr/share/shorewall/getparams -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/shorewall-perl(/.*)? gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/shorewall-shell(/.*)? gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/shorewall-lite(/.*)? gen_context(system_u:object_r:bin_t,s0)
+@@ -314,6 +341,7 @@
/usr/share/texmf/web2c/mktexdir -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/texmf/web2c/mktexnam -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/texmf/web2c/mktexupd -- gen_context(system_u:object_r:bin_t,s0)
@@ -8520,7 +8528,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
')
ifdef(`distro_suse', `
-@@ -340,3 +367,28 @@
+@@ -340,3 +368,28 @@
ifdef(`distro_suse',`
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
')
@@ -26080,7 +26088,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milt
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.te serefpolicy-3.9.7/policy/modules/services/milter.te
--- nsaserefpolicy/policy/modules/services/milter.te 2010-10-12 20:42:48.000000000 +0000
-+++ serefpolicy-3.9.7/policy/modules/services/milter.te 2011-03-15 14:58:42.887107001 +0000
++++ serefpolicy-3.9.7/policy/modules/services/milter.te 2011-03-21 09:00:27.137630000 +0000
@@ -9,6 +9,13 @@
attribute milter_domains;
attribute milter_data_type;
@@ -26125,7 +26133,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milt
#
# It removes any existing socket (not owned by root) whilst running as root,
-@@ -38,6 +61,12 @@
+@@ -32,12 +55,19 @@
+ # drop privileges
+ allow greylist_milter_t self:capability { chown dac_override setgid setuid sys_nice };
+ allow greylist_milter_t self:process { setsched getsched };
++allow greylist_milter_t self:tcp_socket create_stream_socket_perms;
+
+ # It creates a pid file /var/run/milter-greylist.pid
+ files_pid_filetrans(greylist_milter_t, greylist_milter_data_t, file)
kernel_read_kernel_sysctls(greylist_milter_t)
@@ -26138,7 +26153,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milt
# Allow the milter to read a GeoIP database in /usr/share
files_read_usr_files(greylist_milter_t)
# The milter runs from /var/lib/milter-greylist and maintains files there
-@@ -52,8 +81,8 @@
+@@ -52,8 +82,8 @@
########################################
#
# milter-regex local policy
@@ -26149,7 +26164,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milt
#
# It removes any existing socket (not owned by root) whilst running as root
-@@ -72,8 +101,8 @@
+@@ -72,8 +102,8 @@
########################################
#
# spamass-milter local policy
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 53ab0bd..fadbe28 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -21,7 +21,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.9.7
-Release: 36%{?dist}
+Release: 37%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -472,6 +472,9 @@ exit 0
%endif
%changelog
+* Mon Mar 21 2011 Miroslav Grepl <mgrepl at redhat.com> 3.9.7-37
+- Add label for /usr/share/shorewall/getparams
+
* Sun Mar 20 2011 Miroslav Grepl <mgrepl at redhat.com> 3.9.7-36
- xdm needs to read KDE config files
More information about the scm-commits
mailing list