[selinux-policy] Policy update should not modify local contexts

Daniel J Walsh dwalsh at fedoraproject.org
Fri Oct 21 14:29:02 UTC 2011 

commit 62727652ebc4bcd144fc1ea676efdff6dc418de8
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Fri Oct 21 10:28:58 2011 -0400

    Policy update should not modify local contexts

 policy-F16.patch |   48 ++++++++++++++++++++++++------------------------
 1 files changed, 24 insertions(+), 24 deletions(-)
---
diff --git a/policy-F16.patch b/policy-F16.patch
index 1d7ce0d..f5e1655 100644
--- a/policy-F16.patch
+++ b/policy-F16.patch
@@ -322,18 +322,10 @@ index 63ef90e..a535b31 100644
  ')
  
 diff --git a/policy/modules/admin/alsa.if b/policy/modules/admin/alsa.if
-index 1392679..e75873a 100644
+index 1392679..7793407 100644
 --- a/policy/modules/admin/alsa.if
 +++ b/policy/modules/admin/alsa.if
-@@ -148,6 +148,7 @@ interface(`alsa_manage_home_files',`
- 
- 	userdom_search_user_home_dirs($1)
- 	allow $1 alsa_home_t:file manage_file_perms;
-+	alsa_filetrans_home_content(unpriv_userdomain)
- ')
- 
- ########################################
-@@ -206,3 +207,47 @@ interface(`alsa_read_lib',`
+@@ -206,3 +206,47 @@ interface(`alsa_read_lib',`
  	files_search_var_lib($1)
  	read_files_pattern($1, alsa_var_lib_t, alsa_var_lib_t)
  ')
@@ -20678,10 +20670,10 @@ index be4de58..7e8b6ec 100644
  init_exec(secadm_t)
  
 diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
-index 2be17d2..2c588ca 100644
+index 2be17d2..a1913e8 100644
 --- a/policy/modules/roles/staff.te
 +++ b/policy/modules/roles/staff.te
-@@ -8,12 +8,55 @@ policy_module(staff, 2.2.0)
+@@ -8,12 +8,59 @@ policy_module(staff, 2.2.0)
  role staff_r;
  
  userdom_unpriv_user_template(staff)
@@ -20734,10 +20726,14 @@ index 2be17d2..2c588ca 100644
 +	abrt_read_cache(staff_t)
 +')
 +
++optional_policy(`
++    alsa_filetrans_home_content(staff_t)
++')
++
  optional_policy(`
  	apache_role(staff_r, staff_t)
  ')
-@@ -27,19 +70,113 @@ optional_policy(`
+@@ -27,19 +74,113 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -20853,7 +20849,7 @@ index 2be17d2..2c588ca 100644
  ')
  
  optional_policy(`
-@@ -48,10 +185,48 @@ optional_policy(`
+@@ -48,10 +189,48 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -20902,7 +20898,7 @@ index 2be17d2..2c588ca 100644
  	xserver_role(staff_r, staff_t)
  ')
  
-@@ -89,18 +264,10 @@ ifndef(`distro_redhat',`
+@@ -89,18 +268,10 @@ ifndef(`distro_redhat',`
  	')
  
  	optional_policy(`
@@ -20921,7 +20917,7 @@ index 2be17d2..2c588ca 100644
  		java_role(staff_r, staff_t)
  	')
  
-@@ -121,10 +288,6 @@ ifndef(`distro_redhat',`
+@@ -121,10 +292,6 @@ ifndef(`distro_redhat',`
  	')
  
  	optional_policy(`
@@ -20932,7 +20928,7 @@ index 2be17d2..2c588ca 100644
  		pyzor_role(staff_r, staff_t)
  	')
  
-@@ -137,10 +300,6 @@ ifndef(`distro_redhat',`
+@@ -137,10 +304,6 @@ ifndef(`distro_redhat',`
  	')
  
  	optional_policy(`
@@ -20943,7 +20939,7 @@ index 2be17d2..2c588ca 100644
  		spamassassin_role(staff_r, staff_t)
  	')
  
-@@ -172,3 +331,7 @@ ifndef(`distro_redhat',`
+@@ -172,3 +335,7 @@ ifndef(`distro_redhat',`
  		wireshark_role(staff_r, staff_t)
  	')
  ')
@@ -22632,10 +22628,10 @@ index 0000000..50c38f9
 +gen_user(unconfined_u, user, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
 +
 diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
-index e5bfdd4..50e49e6 100644
+index e5bfdd4..59f013e 100644
 --- a/policy/modules/roles/unprivuser.te
 +++ b/policy/modules/roles/unprivuser.te
-@@ -12,15 +12,93 @@ role user_r;
+@@ -12,15 +12,97 @@ role user_r;
  
  userdom_unpriv_user_template(user)
  
@@ -22653,6 +22649,10 @@ index e5bfdd4..50e49e6 100644
 +	abrt_read_cache(user_t)
 +')
 +
++optional_policy(`
++	alsa_filetrans_home_content(user_t)
++')
++
  optional_policy(`
  	apache_role(user_r, user_t)
  ')
@@ -22729,7 +22729,7 @@ index e5bfdd4..50e49e6 100644
  	vlock_run(user_t, user_r)
  ')
  
-@@ -62,19 +140,11 @@ ifndef(`distro_redhat',`
+@@ -62,19 +144,11 @@ ifndef(`distro_redhat',`
  	')
  
  	optional_policy(`
@@ -22750,7 +22750,7 @@ index e5bfdd4..50e49e6 100644
  	')
  
  	optional_policy(`
-@@ -98,10 +168,6 @@ ifndef(`distro_redhat',`
+@@ -98,10 +172,6 @@ ifndef(`distro_redhat',`
  	')
  
  	optional_policy(`
@@ -22761,7 +22761,7 @@ index e5bfdd4..50e49e6 100644
  		postgresql_role(user_r, user_t)
  	')
  
-@@ -118,11 +184,7 @@ ifndef(`distro_redhat',`
+@@ -118,11 +188,7 @@ ifndef(`distro_redhat',`
  	')
  
  	optional_policy(`
@@ -22774,7 +22774,7 @@ index e5bfdd4..50e49e6 100644
  	')
  
  	optional_policy(`
-@@ -157,3 +219,4 @@ ifndef(`distro_redhat',`
+@@ -157,3 +223,4 @@ ifndef(`distro_redhat',`
  		wireshark_role(user_r, user_t)
  	')
  ')

More information about the scm-commits mailing list