[selinux-policy] * Wed May 7 2014 Miroslav Grepl<mgrepl at redhat.com> 3.13.1-51 - Add gear fixes from dwalsh
Miroslav Grepl
mgrepl at fedoraproject.org
Wed May 7 13:30:25 UTC 2014
commit 4c682c4ccfe016851e4c720b09267845f7f07d1d
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Wed May 7 15:30:41 2014 +0200
* Wed May 7 2014 Miroslav Grepl<mgrepl at redhat.com> 3.13.1-51
- Add gear fixes from dwalsh
policy-rawhide-contrib.patch | 16 +++++++++++++---
selinux-policy.spec | 5 ++++-
2 files changed, 17 insertions(+), 4 deletions(-)
---
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index dff30d4..c843a25 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -28271,10 +28271,10 @@ index 0000000..04e159f
+')
diff --git a/gear.te b/gear.te
new file mode 100644
-index 0000000..7f1639a
+index 0000000..45141fc
--- /dev/null
+++ b/gear.te
-@@ -0,0 +1,105 @@
+@@ -0,0 +1,115 @@
+policy_module(gear, 1.0.0)
+
+########################################
@@ -28346,6 +28346,11 @@ index 0000000..7f1639a
+corenet_tcp_sendrecv_generic_port(gear_t)
+corenet_tcp_bind_gear_port(gear_t)
+
++dev_mounton_sysfs(gear_t)
++dev_mount_sysfs_fs(gear_t)
++dev_unmount_sysfs_fs(gear_t)
++
++files_mounton_rootfs(gear_t)
+files_read_etc_files(gear_t)
+
+fs_read_cgroup_files(gear_t)
@@ -28369,11 +28374,16 @@ index 0000000..7f1639a
+
+sysnet_dns_name_resolve(gear_t)
+
-+sysnet_domtrans_ifconfig(gear_t)
++sysnet_exec_ifconfig(gear_t)
++sysnet_manage_ifconfig_run(gear_t)
+
+systemd_manage_all_unit_files(gear_t)
+
+optional_policy(`
++ hostname_exec(gear_t)
++')
++
++optional_policy(`
+ docker_stream_connect(gear_t)
+')
+
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 089604a..173e757 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.13.1
-Release: 50%{?dist}
+Release: 51%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -588,6 +588,9 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Wed May 7 2014 Miroslav Grepl<mgrepl at redhat.com> 3.13.1-51
+- Add gear fixes from dwalsh
+
* Tue May 6 2014 Miroslav Grepl<mgrepl at redhat.com> 3.13.1-50
- selinux_unconfined_type should not be able to set booleans if the securemode is set
- Update sandbox_transition() to call sandbox_dyntrasition(). #885288.
More information about the scm-commits
mailing list