[selinux-policy/f18] * Mon Dec 17 2012 Miroslav Grepl <mgrepl at redhat.com> 3.11.1-66 - Allow munin disk plugins to get att

Miroslav Grepl mgrepl at fedoraproject.org
Mon Dec 17 12:03:38 UTC 2012 

commit 84e87d6ab4ed9f5c45dadbd17614313dbfb41ed1
Author: Miroslav Grepl <mgrepl at redhat.com>
Date:   Mon Dec 17 13:02:25 2012 +0100

    * Mon Dec 17 2012 Miroslav Grepl <mgrepl at redhat.com> 3.11.1-66
    - Allow munin disk plugins to get attributes of all directories
    - Allow munin disk plugins to get attributes of all directorie
    - Allow logwatch to get attributes of all directories
    - Fix networkmanager_manage_lib() interface
    - Fix gnome_manage_config() to allow to manage sock_file
    - Fix virtual_domain_context
    - Add support for dynamic DNS for DHCPv6

 policy_contrib-rawhide.patch |   37 ++++++++++++++++++++++---------------
 selinux-policy.spec          |   11 ++++++++++-
 2 files changed, 32 insertions(+), 16 deletions(-)
---
diff --git a/policy_contrib-rawhide.patch b/policy_contrib-rawhide.patch
index e670e6d..fd42ade 100644
--- a/policy_contrib-rawhide.patch
+++ b/policy_contrib-rawhide.patch
@@ -31636,7 +31636,7 @@ index 3c7b1e8..1e155f5 100644
 +
 +/var/run/epylog\.pid		gen_context(system_u:object_r:logwatch_var_run_t,s0)
 diff --git a/logwatch.te b/logwatch.te
-index 75ce30f..9279c2d 100644
+index 75ce30f..061b725 100644
 --- a/logwatch.te
 +++ b/logwatch.te
 @@ -7,6 +7,7 @@ policy_module(logwatch, 1.11.0)
@@ -31680,7 +31680,11 @@ index 75ce30f..9279c2d 100644
  files_read_usr_files(logwatch_t)
  files_search_spool(logwatch_t)
  files_search_mnt(logwatch_t)
-@@ -70,6 +80,10 @@ fs_getattr_all_fs(logwatch_t)
+@@ -67,9 +77,14 @@ files_dontaudit_search_boot(logwatch_t)
+ files_dontaudit_search_all_dirs(logwatch_t)
+ 
+ fs_getattr_all_fs(logwatch_t)
++fs_getattr_all_dirs(logwatch_t)
  fs_dontaudit_list_auto_mountpoints(logwatch_t)
  fs_list_inotifyfs(logwatch_t)
  
@@ -31691,7 +31695,7 @@ index 75ce30f..9279c2d 100644
  term_dontaudit_getattr_pty_dirs(logwatch_t)
  term_dontaudit_list_ptys(logwatch_t)
  
-@@ -84,19 +98,19 @@ libs_read_lib_files(logwatch_t)
+@@ -84,19 +99,19 @@ libs_read_lib_files(logwatch_t)
  logging_read_all_logs(logwatch_t)
  logging_send_syslog_msg(logwatch_t) 
  
@@ -31715,7 +31719,7 @@ index 75ce30f..9279c2d 100644
  	files_getattr_all_file_type_fs(logwatch_t)
  ')
  
-@@ -145,3 +159,24 @@ optional_policy(`
+@@ -145,3 +160,24 @@ optional_policy(`
  	samba_read_log(logwatch_t)
  	samba_read_share_files(logwatch_t)
  ')
@@ -36874,7 +36878,7 @@ index c358d8f..1cc176c 100644
  	init_labeled_script_domtrans($1, munin_initrc_exec_t)
  	domain_system_change_exemption($1)
 diff --git a/munin.te b/munin.te
-index f17583b..dd96224 100644
+index f17583b..de08ab6 100644
 --- a/munin.te
 +++ b/munin.te
 @@ -5,6 +5,8 @@ policy_module(munin, 1.8.0)
@@ -36987,7 +36991,7 @@ index f17583b..dd96224 100644
  allow disk_munin_plugin_t self:tcp_socket create_stream_socket_perms;
  
  rw_files_pattern(disk_munin_plugin_t, munin_var_lib_t, munin_var_lib_t)
-@@ -190,15 +205,15 @@ corecmd_exec_shell(disk_munin_plugin_t)
+@@ -190,15 +205,18 @@ corecmd_exec_shell(disk_munin_plugin_t)
  
  corenet_tcp_connect_hddtemp_port(disk_munin_plugin_t)
  
@@ -37001,13 +37005,16 @@ index f17583b..dd96224 100644
  dev_read_sysfs(disk_munin_plugin_t)
  dev_read_urand(disk_munin_plugin_t)
 +dev_read_all_blk_files(munin_disk_plugin_t)
++
++fs_getattr_all_fs(disk_munin_plugin_t)
++fs_getattr_all_dirs(disk_munin_plugin_t)
  
 -storage_getattr_fixed_disk_dev(disk_munin_plugin_t)
 +storage_raw_read_fixed_disk(disk_munin_plugin_t)
  
  sysnet_read_config(disk_munin_plugin_t)
  
-@@ -221,30 +236,47 @@ rw_files_pattern(mail_munin_plugin_t, munin_var_lib_t, munin_var_lib_t)
+@@ -221,30 +239,47 @@ rw_files_pattern(mail_munin_plugin_t, munin_var_lib_t, munin_var_lib_t)
  
  dev_read_urand(mail_munin_plugin_t)
  
@@ -37061,7 +37068,7 @@ index f17583b..dd96224 100644
  allow services_munin_plugin_t self:tcp_socket create_stream_socket_perms;
  allow services_munin_plugin_t self:udp_socket create_socket_perms;
  allow services_munin_plugin_t self:netlink_route_socket r_netlink_socket_perms;
-@@ -255,13 +287,10 @@ corenet_tcp_connect_http_port(services_munin_plugin_t)
+@@ -255,13 +290,10 @@ corenet_tcp_connect_http_port(services_munin_plugin_t)
  dev_read_urand(services_munin_plugin_t)
  dev_read_rand(services_munin_plugin_t)
  
@@ -37076,7 +37083,7 @@ index f17583b..dd96224 100644
  	cups_stream_connect(services_munin_plugin_t)
  ')
  
-@@ -279,6 +308,10 @@ optional_policy(`
+@@ -279,6 +311,10 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -37087,7 +37094,7 @@ index f17583b..dd96224 100644
  	postgresql_stream_connect(services_munin_plugin_t)
  ')
  
-@@ -286,6 +319,18 @@ optional_policy(`
+@@ -286,6 +322,18 @@ optional_policy(`
  	snmp_read_snmp_var_lib_files(services_munin_plugin_t)
  ')
  
@@ -37106,7 +37113,7 @@ index f17583b..dd96224 100644
  ##################################
  #
  # local policy for system plugins
-@@ -295,12 +340,10 @@ allow system_munin_plugin_t self:udp_socket create_socket_perms;
+@@ -295,12 +343,10 @@ allow system_munin_plugin_t self:udp_socket create_socket_perms;
  
  rw_files_pattern(system_munin_plugin_t, munin_var_lib_t, munin_var_lib_t)
  
@@ -37122,7 +37129,7 @@ index f17583b..dd96224 100644
  
  dev_read_sysfs(system_munin_plugin_t)
  dev_read_urand(system_munin_plugin_t)
-@@ -313,3 +356,47 @@ init_read_utmp(system_munin_plugin_t)
+@@ -313,3 +359,47 @@ init_read_utmp(system_munin_plugin_t)
  sysnet_exec_ifconfig(system_munin_plugin_t)
  
  term_getattr_unallocated_ttys(system_munin_plugin_t)
@@ -38404,7 +38411,7 @@ index 386543b..8fe1d63 100644
  /var/run/wpa_supplicant(/.*)?		gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
  /var/run/wpa_supplicant-global	-s	gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
 diff --git a/networkmanager.if b/networkmanager.if
-index 2324d9e..7c9fca9 100644
+index 2324d9e..96dbf6f 100644
 --- a/networkmanager.if
 +++ b/networkmanager.if
 @@ -43,9 +43,9 @@ interface(`networkmanager_rw_packet_sockets',`
@@ -38570,10 +38577,10 @@ index 2324d9e..7c9fca9 100644
 +#
 +interface(`networkmanager_manage_lib',`
 +    gen_require(`
-+        type NetworkManager_log_t;
++        type NetworkManager_var_lib_t;
 +    ')
 +
-+    manage_files_pattern($1, NetworkManager_log_t, NetworkManager_log_t)
++    manage_files_pattern($1, NetworkManager_var_lib_t, NetworkManager_var_lib_t)
 +')
 +
 +
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 131a886..bcfcfed 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.11.1
-Release: 65%{?dist}
+Release: 66%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -524,6 +524,15 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Mon Dec 17 2012 Miroslav Grepl <mgrepl at redhat.com> 3.11.1-66
+- Allow munin disk plugins to get attributes of all directories
+- Allow munin disk plugins to get attributes of all directorie
+- Allow logwatch to get attributes of all directories
+- Fix networkmanager_manage_lib() interface
+- Fix gnome_manage_config() to allow to manage sock_file
+- Fix virtual_domain_context
+- Add support for dynamic DNS for DHCPv6
+
 * Sat Dec 15 2012 Miroslav Grepl <mgrepl at redhat.com> 3.11.1-65
 - Allow svirt to use netlink_route_socket which was a part of auth_use_nsswitch
 - Add additional labeling for /var/www/openshift/broker

More information about the scm-commits mailing list