[selinux-policy/f18] * Mon Dec 17 2012 Miroslav Grepl <mgrepl at redhat.com> 3.11.1-66 - Allow munin disk plugins to get att
Miroslav Grepl
mgrepl at fedoraproject.org
Mon Dec 17 12:03:38 UTC 2012
commit 84e87d6ab4ed9f5c45dadbd17614313dbfb41ed1
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Mon Dec 17 13:02:25 2012 +0100
* Mon Dec 17 2012 Miroslav Grepl <mgrepl at redhat.com> 3.11.1-66
- Allow munin disk plugins to get attributes of all directories
- Allow munin disk plugins to get attributes of all directorie
- Allow logwatch to get attributes of all directories
- Fix networkmanager_manage_lib() interface
- Fix gnome_manage_config() to allow to manage sock_file
- Fix virtual_domain_context
- Add support for dynamic DNS for DHCPv6
policy_contrib-rawhide.patch | 37 ++++++++++++++++++++++---------------
selinux-policy.spec | 11 ++++++++++-
2 files changed, 32 insertions(+), 16 deletions(-)
---
diff --git a/policy_contrib-rawhide.patch b/policy_contrib-rawhide.patch
index e670e6d..fd42ade 100644
--- a/policy_contrib-rawhide.patch
+++ b/policy_contrib-rawhide.patch
@@ -31636,7 +31636,7 @@ index 3c7b1e8..1e155f5 100644
+
+/var/run/epylog\.pid gen_context(system_u:object_r:logwatch_var_run_t,s0)
diff --git a/logwatch.te b/logwatch.te
-index 75ce30f..9279c2d 100644
+index 75ce30f..061b725 100644
--- a/logwatch.te
+++ b/logwatch.te
@@ -7,6 +7,7 @@ policy_module(logwatch, 1.11.0)
@@ -31680,7 +31680,11 @@ index 75ce30f..9279c2d 100644
files_read_usr_files(logwatch_t)
files_search_spool(logwatch_t)
files_search_mnt(logwatch_t)
-@@ -70,6 +80,10 @@ fs_getattr_all_fs(logwatch_t)
+@@ -67,9 +77,14 @@ files_dontaudit_search_boot(logwatch_t)
+ files_dontaudit_search_all_dirs(logwatch_t)
+
+ fs_getattr_all_fs(logwatch_t)
++fs_getattr_all_dirs(logwatch_t)
fs_dontaudit_list_auto_mountpoints(logwatch_t)
fs_list_inotifyfs(logwatch_t)
@@ -31691,7 +31695,7 @@ index 75ce30f..9279c2d 100644
term_dontaudit_getattr_pty_dirs(logwatch_t)
term_dontaudit_list_ptys(logwatch_t)
-@@ -84,19 +98,19 @@ libs_read_lib_files(logwatch_t)
+@@ -84,19 +99,19 @@ libs_read_lib_files(logwatch_t)
logging_read_all_logs(logwatch_t)
logging_send_syslog_msg(logwatch_t)
@@ -31715,7 +31719,7 @@ index 75ce30f..9279c2d 100644
files_getattr_all_file_type_fs(logwatch_t)
')
-@@ -145,3 +159,24 @@ optional_policy(`
+@@ -145,3 +160,24 @@ optional_policy(`
samba_read_log(logwatch_t)
samba_read_share_files(logwatch_t)
')
@@ -36874,7 +36878,7 @@ index c358d8f..1cc176c 100644
init_labeled_script_domtrans($1, munin_initrc_exec_t)
domain_system_change_exemption($1)
diff --git a/munin.te b/munin.te
-index f17583b..dd96224 100644
+index f17583b..de08ab6 100644
--- a/munin.te
+++ b/munin.te
@@ -5,6 +5,8 @@ policy_module(munin, 1.8.0)
@@ -36987,7 +36991,7 @@ index f17583b..dd96224 100644
allow disk_munin_plugin_t self:tcp_socket create_stream_socket_perms;
rw_files_pattern(disk_munin_plugin_t, munin_var_lib_t, munin_var_lib_t)
-@@ -190,15 +205,15 @@ corecmd_exec_shell(disk_munin_plugin_t)
+@@ -190,15 +205,18 @@ corecmd_exec_shell(disk_munin_plugin_t)
corenet_tcp_connect_hddtemp_port(disk_munin_plugin_t)
@@ -37001,13 +37005,16 @@ index f17583b..dd96224 100644
dev_read_sysfs(disk_munin_plugin_t)
dev_read_urand(disk_munin_plugin_t)
+dev_read_all_blk_files(munin_disk_plugin_t)
++
++fs_getattr_all_fs(disk_munin_plugin_t)
++fs_getattr_all_dirs(disk_munin_plugin_t)
-storage_getattr_fixed_disk_dev(disk_munin_plugin_t)
+storage_raw_read_fixed_disk(disk_munin_plugin_t)
sysnet_read_config(disk_munin_plugin_t)
-@@ -221,30 +236,47 @@ rw_files_pattern(mail_munin_plugin_t, munin_var_lib_t, munin_var_lib_t)
+@@ -221,30 +239,47 @@ rw_files_pattern(mail_munin_plugin_t, munin_var_lib_t, munin_var_lib_t)
dev_read_urand(mail_munin_plugin_t)
@@ -37061,7 +37068,7 @@ index f17583b..dd96224 100644
allow services_munin_plugin_t self:tcp_socket create_stream_socket_perms;
allow services_munin_plugin_t self:udp_socket create_socket_perms;
allow services_munin_plugin_t self:netlink_route_socket r_netlink_socket_perms;
-@@ -255,13 +287,10 @@ corenet_tcp_connect_http_port(services_munin_plugin_t)
+@@ -255,13 +290,10 @@ corenet_tcp_connect_http_port(services_munin_plugin_t)
dev_read_urand(services_munin_plugin_t)
dev_read_rand(services_munin_plugin_t)
@@ -37076,7 +37083,7 @@ index f17583b..dd96224 100644
cups_stream_connect(services_munin_plugin_t)
')
-@@ -279,6 +308,10 @@ optional_policy(`
+@@ -279,6 +311,10 @@ optional_policy(`
')
optional_policy(`
@@ -37087,7 +37094,7 @@ index f17583b..dd96224 100644
postgresql_stream_connect(services_munin_plugin_t)
')
-@@ -286,6 +319,18 @@ optional_policy(`
+@@ -286,6 +322,18 @@ optional_policy(`
snmp_read_snmp_var_lib_files(services_munin_plugin_t)
')
@@ -37106,7 +37113,7 @@ index f17583b..dd96224 100644
##################################
#
# local policy for system plugins
-@@ -295,12 +340,10 @@ allow system_munin_plugin_t self:udp_socket create_socket_perms;
+@@ -295,12 +343,10 @@ allow system_munin_plugin_t self:udp_socket create_socket_perms;
rw_files_pattern(system_munin_plugin_t, munin_var_lib_t, munin_var_lib_t)
@@ -37122,7 +37129,7 @@ index f17583b..dd96224 100644
dev_read_sysfs(system_munin_plugin_t)
dev_read_urand(system_munin_plugin_t)
-@@ -313,3 +356,47 @@ init_read_utmp(system_munin_plugin_t)
+@@ -313,3 +359,47 @@ init_read_utmp(system_munin_plugin_t)
sysnet_exec_ifconfig(system_munin_plugin_t)
term_getattr_unallocated_ttys(system_munin_plugin_t)
@@ -38404,7 +38411,7 @@ index 386543b..8fe1d63 100644
/var/run/wpa_supplicant(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
/var/run/wpa_supplicant-global -s gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
diff --git a/networkmanager.if b/networkmanager.if
-index 2324d9e..7c9fca9 100644
+index 2324d9e..96dbf6f 100644
--- a/networkmanager.if
+++ b/networkmanager.if
@@ -43,9 +43,9 @@ interface(`networkmanager_rw_packet_sockets',`
@@ -38570,10 +38577,10 @@ index 2324d9e..7c9fca9 100644
+#
+interface(`networkmanager_manage_lib',`
+ gen_require(`
-+ type NetworkManager_log_t;
++ type NetworkManager_var_lib_t;
+ ')
+
-+ manage_files_pattern($1, NetworkManager_log_t, NetworkManager_log_t)
++ manage_files_pattern($1, NetworkManager_var_lib_t, NetworkManager_var_lib_t)
+')
+
+
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 131a886..bcfcfed 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.11.1
-Release: 65%{?dist}
+Release: 66%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -524,6 +524,15 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Mon Dec 17 2012 Miroslav Grepl <mgrepl at redhat.com> 3.11.1-66
+- Allow munin disk plugins to get attributes of all directories
+- Allow munin disk plugins to get attributes of all directorie
+- Allow logwatch to get attributes of all directories
+- Fix networkmanager_manage_lib() interface
+- Fix gnome_manage_config() to allow to manage sock_file
+- Fix virtual_domain_context
+- Add support for dynamic DNS for DHCPv6
+
* Sat Dec 15 2012 Miroslav Grepl <mgrepl at redhat.com> 3.11.1-65
- Allow svirt to use netlink_route_socket which was a part of auth_use_nsswitch
- Add additional labeling for /var/www/openshift/broker
More information about the scm-commits
mailing list