[selinux-policy/f19] Additional fix for freeipa and slapd labeling

Miroslav Grepl mgrepl at fedoraproject.org
Wed Jul 17 08:52:39 UTC 2013 

commit a4b2b1096e6efc28ca41445b28dee6bfe234d385
Author: Miroslav Grepl <mgrepl at redhat.com>
Date:   Wed Jul 17 10:52:03 2013 +0200

    Additional fix for freeipa and slapd labeling

 policy-rawhide-contrib.patch |   27 +++++++++++++--------------
 selinux-policy.spec          |    2 +-
 2 files changed, 14 insertions(+), 15 deletions(-)
---
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index de0843d..a931140 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -11506,10 +11506,10 @@ index 29782b8..685edff 100644
  ')
 diff --git a/cloudform.fc b/cloudform.fc
 new file mode 100644
-index 0000000..cc740da
+index 0000000..3a0de96
 --- /dev/null
 +++ b/cloudform.fc
-@@ -0,0 +1,29 @@
+@@ -0,0 +1,27 @@
 +/etc/rc\.d/init\.d/iwhd --      gen_context(system_u:object_r:iwhd_initrc_exec_t,s0)
 +/etc/rc\.d/init\.d/mongod	--	gen_context(system_u:object_r:mongod_initrc_exec_t,s0)
 +
@@ -11527,16 +11527,14 @@ index 0000000..cc740da
 +/var/lib/cloud(/.*)?            gen_context(system_u:object_r:cloud_var_lib_t,s0)
 +/var/log/cloud-init\.log    --  gen_context(system_u:object_r:cloud_log_t,s0)
 +/var/lib/iwhd(/.*)?             gen_context(system_u:object_r:iwhd_var_lib_t,s0)
-+/var/lib/mongodb(/.*)?          gen_context(system_u:object_r:mongod_var_lib_t,s0)
++/var/lib/mongo.*		gen_context(system_u:object_r:mongod_var_lib_t,s0)
 +
 +/var/log/deltacloud-core(/.*)?	gen_context(system_u:object_r:deltacloudd_log_t,s0)
 +/var/log/iwhd\.log.*		--		gen_context(system_u:object_r:iwhd_log_t,s0)
-+/var/log/mongodb(/.*)?		gen_context(system_u:object_r:mongod_log_t,s0)
-+/var/log/mongo(/.*)?      gen_context(system_u:object_r:mongod_log_t,s0)
-+/var/log/mongo/mongod\.log.*	--	gen_context(system_u:object_r:mongod_log_t,s0)	
++/var/log/mongo.*		gen_context(system_u:object_r:mongod_log_t,s0)
 +/var/log/aeolus-conductor/dbomatic\.log.*	--	gen_context(system_u:object_r:mongod_log_t,s0)
 +
-+/var/run/mongodb(/.*)?		gen_context(system_u:object_r:mongod_var_run_t,s0)
++/var/run/mongo.*		gen_context(system_u:object_r:mongod_var_run_t,s0)
 +/var/run/aeolus/dbomatic\.pid   --  gen_context(system_u:object_r:mongod_var_run_t,s0)
 +/var/run/iwhd\.pid               --      gen_context(system_u:object_r:iwhd_var_run_t,s0)
 diff --git a/cloudform.if b/cloudform.if
@@ -20284,7 +20282,7 @@ index 0000000..021c5ae
 +
 diff --git a/dirsrv.fc b/dirsrv.fc
 new file mode 100644
-index 0000000..0ea1ebb
+index 0000000..5d30dab
 --- /dev/null
 +++ b/dirsrv.fc
 @@ -0,0 +1,23 @@
@@ -20302,7 +20300,7 @@ index 0000000..0ea1ebb
 +/var/run/ldap-agent\.pid	gen_context(system_u:object_r:dirsrv_snmp_var_run_t,s0)
 +
 +# BZ:
-+/var/run/slapd.*    -s  gen_context(system_u:object_r:slapd_var_run_t,s0)
++/var/run/slapd.*    -s  gen_context(system_u:object_r:dirsrv_var_run_t,s0)
 +
 +/var/lib/dirsrv(/.*)?	gen_context(system_u:object_r:dirsrv_var_lib_t,s0)
 +
@@ -37884,14 +37882,14 @@ index 7e534cf..3652584 100644
 +	')
 +')
 diff --git a/mongodb.te b/mongodb.te
-index 4de8949..d705316 100644
+index 4de8949..7bd7e35 100644
 --- a/mongodb.te
 +++ b/mongodb.te
 @@ -49,13 +49,11 @@ corenet_all_recvfrom_unlabeled(mongod_t)
  corenet_all_recvfrom_netlabel(mongod_t)
  corenet_tcp_sendrecv_generic_if(mongod_t)
  corenet_tcp_sendrecv_generic_node(mongod_t)
-+corenet_tcp_connect_mongodb_port(mongod_t)
++corenet_tcp_connect_mongod_port(mongod_t)
  corenet_tcp_bind_generic_node(mongod_t)
  
  dev_read_sysfs(mongod_t)
@@ -65312,7 +65310,7 @@ index c5ad6de..c67dbef 100644
  
  /var/run/rabbitmq(/.*)?	gen_context(system_u:object_r:rabbitmq_var_run_t,s0)
 diff --git a/rabbitmq.te b/rabbitmq.te
-index 3698b51..bc25bbc 100644
+index 3698b51..e0198d9 100644
 --- a/rabbitmq.te
 +++ b/rabbitmq.te
 @@ -45,6 +45,8 @@ setattr_files_pattern(rabbitmq_beam_t, rabbitmq_var_log_t, rabbitmq_var_log_t)
@@ -65333,7 +65331,7 @@ index 3698b51..bc25bbc 100644
  corenet_all_recvfrom_unlabeled(rabbitmq_beam_t)
  corenet_all_recvfrom_netlabel(rabbitmq_beam_t)
  corenet_tcp_sendrecv_generic_if(rabbitmq_beam_t)
-@@ -68,20 +72,32 @@ corenet_sendrecv_epmd_client_packets(rabbitmq_beam_t)
+@@ -68,20 +72,33 @@ corenet_sendrecv_epmd_client_packets(rabbitmq_beam_t)
  corenet_tcp_connect_epmd_port(rabbitmq_beam_t)
  corenet_tcp_sendrecv_epmd_port(rabbitmq_beam_t)
  
@@ -65348,6 +65346,7 @@ index 3698b51..bc25bbc 100644
 +files_getattr_all_mountpoints(rabbitmq_beam_t)
 +
 +fs_getattr_all_fs(rabbitmq_beam_t)
++fs_getattr_all_dirs(rabbitmq_beam_t)
 +fs_getattr_cgroup(rabbitmq_beam_t)
 +
 +dev_read_sysfs(rabbitmq_beam_t)
@@ -65370,7 +65369,7 @@ index 3698b51..bc25bbc 100644
  allow rabbitmq_epmd_t self:process signal;
  allow rabbitmq_epmd_t self:fifo_file rw_fifo_file_perms;
  allow rabbitmq_epmd_t self:tcp_socket create_stream_socket_perms;
-@@ -99,8 +115,5 @@ corenet_sendrecv_epmd_server_packets(rabbitmq_epmd_t)
+@@ -99,8 +116,5 @@ corenet_sendrecv_epmd_server_packets(rabbitmq_epmd_t)
  corenet_tcp_bind_epmd_port(rabbitmq_epmd_t)
  corenet_tcp_sendrecv_epmd_port(rabbitmq_epmd_t)
  
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 6068973..bbcd5b6 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -424,7 +424,7 @@ Obsoletes: cachefilesd-selinux <= 0.10-1
 Conflicts:  seedit
 Conflicts:  389-ds-base < 1.2.7, 389-admin < 1.1.12
 Conflicts:	pki-selinux < 10-0.0-0.45.b1
-Conflicts:  freeipa-server-selinux <= 3.2.1-1
+Conflicts:  freeipa-server-selinux < 3.2.2-1
 
 %description targeted
 SELinux Reference policy targeted base module.

More information about the scm-commits mailing list