[selinux-policy/f21] * Mon Jul 21 2014 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-66 - Bluejeans wants to connect to port 5
Lukas Vrabec
lvrabec at fedoraproject.org
Mon Jul 21 16:47:36 UTC 2014
commit 2440b8bf4a858060be47d466b4ede58dec0b520e
Author: Lukas Vrabec <lvrabec at redhat.com>
Date: Mon Jul 21 18:47:08 2014 +0200
* Mon Jul 21 2014 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-66
- Bluejeans wants to connect to port 5000
- geoclue dbus chats with modemmanger
- Dontaudit list /tmp for icecast (#894387)
- Revert "Fix labeling path from /var/run/systemd/initctl/fifo to
/var/run/initctl/fifo."
policy-rawhide-base.patch | 4 ++--
policy-rawhide-contrib.patch | 20 ++++++++++++--------
selinux-policy.spec | 9 ++++++++-
3 files changed, 22 insertions(+), 11 deletions(-)
---
diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index 3977b25..e5d0790 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -30819,7 +30819,7 @@ index b2097e7..0a49e14 100644
')
diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
-index bc0ffc8..6fb2053 100644
+index bc0ffc8..7198bd9 100644
--- a/policy/modules/system/init.fc
+++ b/policy/modules/system/init.fc
@@ -1,6 +1,9 @@
@@ -30871,7 +30871,7 @@ index bc0ffc8..6fb2053 100644
#
+/var/lib/systemd(/.*)? gen_context(system_u:object_r:init_var_lib_t,s0)
/var/run/initctl -p gen_context(system_u:object_r:initctl_t,s0)
-+/var/run/initctl/fifo -p gen_context(system_u:object_r:initctl_t,s0)
++/var/run/systemd/initctl/fifo -p gen_context(system_u:object_r:initctl_t,s0)
/var/run/utmp -- gen_context(system_u:object_r:initrc_var_run_t,s0)
/var/run/runlevel\.dir gen_context(system_u:object_r:initrc_var_run_t,s0)
/var/run/random-seed -- gen_context(system_u:object_r:initrc_var_run_t,s0)
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index 0f72f5b..2ac0e46 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -28999,10 +28999,10 @@ index 0000000..9e17d3e
+')
diff --git a/geoclue.te b/geoclue.te
new file mode 100644
-index 0000000..204995f
+index 0000000..baa5492
--- /dev/null
+++ b/geoclue.te
-@@ -0,0 +1,54 @@
+@@ -0,0 +1,57 @@
+policy_module(geoclue, 1.0.0)
+
+########################################
@@ -29054,6 +29054,9 @@ index 0000000..204995f
+ dbus_system_domain(geoclue_t, geoclue_exec_t)
+
+ optional_policy(`
++ modemmanager_dbus_chat(geoclue_t)
++ ')
++ optional_policy(`
+ networkmanager_dbus_chat(geoclue_t)
+ ')
+')
@@ -34416,10 +34419,10 @@ index 580b533..c267cea 100644
domain_system_change_exemption($1)
role_transition $2 icecast_initrc_exec_t system_r;
diff --git a/icecast.te b/icecast.te
-index a9e573a..d375214 100644
+index a9e573a..6420131 100644
--- a/icecast.te
+++ b/icecast.te
-@@ -65,12 +65,8 @@ dev_read_sysfs(icecast_t)
+@@ -65,11 +65,9 @@ dev_read_sysfs(icecast_t)
dev_read_urand(icecast_t)
dev_read_rand(icecast_t)
@@ -34428,10 +34431,10 @@ index a9e573a..d375214 100644
auth_use_nsswitch(icecast_t)
-miscfiles_read_localization(icecast_t)
--
++files_dontaudit_list_tmp(icecast_t)
+
tunable_policy(`icecast_use_any_tcp_ports',`
corenet_tcp_connect_all_ports(icecast_t)
- corenet_sendrecv_all_client_packets(icecast_t)
diff --git a/ifplugd.if b/ifplugd.if
index 8999899..96909ae 100644
--- a/ifplugd.if
@@ -46386,7 +46389,7 @@ index 6194b80..7490fe3 100644
')
+
diff --git a/mozilla.te b/mozilla.te
-index 11ac8e4..1025b89 100644
+index 11ac8e4..07b06e1 100644
--- a/mozilla.te
+++ b/mozilla.te
@@ -6,17 +6,48 @@ policy_module(mozilla, 2.8.0)
@@ -47240,7 +47243,7 @@ index 11ac8e4..1025b89 100644
')
optional_policy(`
-@@ -568,108 +593,136 @@ optional_policy(`
+@@ -568,108 +593,137 @@ optional_policy(`
')
optional_policy(`
@@ -47435,6 +47438,7 @@ index 11ac8e4..1025b89 100644
+tunable_policy(`mozilla_plugin_use_bluejeans',`
+ corenet_tcp_bind_unreserved_ports(mozilla_plugin_t)
+ corenet_dontaudit_tcp_bind_all_defined_ports(mozilla_plugin_t)
++ corenet_tcp_connect_commplex_main_port(mozilla_plugin_t)
')
diff --git a/mpd.fc b/mpd.fc
index 313ce52..ae93e07 100644
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 41aeac8..7253484 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.13.1
-Release: 65%{?dist}
+Release: 66%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -600,6 +600,13 @@ SELinux Reference policy mls base module.
%endif
%changelog
+
+* Mon Jul 21 2014 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-66
+- Bluejeans wants to connect to port 5000
+- geoclue dbus chats with modemmanger
+- Dontaudit list /tmp for icecast (#894387)
+- Revert "Fix labeling path from /var/run/systemd/initctl/fifo to /var/run/initctl/fifo."
+
* Fri Jul 18 2014 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-65
- Allow sysadm to dbus chat with systemd
- Add logging_dontaudit_search_audit_logs()
More information about the scm-commits
mailing list