[selinux-policy/f21] * Mon Jul 21 2014 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-66 - Bluejeans wants to connect to port 5

Lukas Vrabec lvrabec at fedoraproject.org
Mon Jul 21 16:47:36 UTC 2014 

commit 2440b8bf4a858060be47d466b4ede58dec0b520e
Author: Lukas Vrabec <lvrabec at redhat.com>
Date:   Mon Jul 21 18:47:08 2014 +0200

    * Mon Jul 21 2014 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-66
    - Bluejeans wants to connect to port 5000
    - geoclue dbus chats with modemmanger
    - Dontaudit list /tmp for icecast (#894387)
    - Revert "Fix labeling path from /var/run/systemd/initctl/fifo to
    /var/run/initctl/fifo."

 policy-rawhide-base.patch    |    4 ++--
 policy-rawhide-contrib.patch |   20 ++++++++++++--------
 selinux-policy.spec          |    9 ++++++++-
 3 files changed, 22 insertions(+), 11 deletions(-)
---
diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index 3977b25..e5d0790 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -30819,7 +30819,7 @@ index b2097e7..0a49e14 100644
  ')
  
 diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
-index bc0ffc8..6fb2053 100644
+index bc0ffc8..7198bd9 100644
 --- a/policy/modules/system/init.fc
 +++ b/policy/modules/system/init.fc
 @@ -1,6 +1,9 @@
@@ -30871,7 +30871,7 @@ index bc0ffc8..6fb2053 100644
  #
 +/var/lib/systemd(/.*)?	gen_context(system_u:object_r:init_var_lib_t,s0)
  /var/run/initctl	-p	gen_context(system_u:object_r:initctl_t,s0)
-+/var/run/initctl/fifo	-p	gen_context(system_u:object_r:initctl_t,s0)
++/var/run/systemd/initctl/fifo	-p	gen_context(system_u:object_r:initctl_t,s0)
  /var/run/utmp		--	gen_context(system_u:object_r:initrc_var_run_t,s0)
  /var/run/runlevel\.dir		gen_context(system_u:object_r:initrc_var_run_t,s0)
  /var/run/random-seed	--	gen_context(system_u:object_r:initrc_var_run_t,s0)
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index 0f72f5b..2ac0e46 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -28999,10 +28999,10 @@ index 0000000..9e17d3e
 +')
 diff --git a/geoclue.te b/geoclue.te
 new file mode 100644
-index 0000000..204995f
+index 0000000..baa5492
 --- /dev/null
 +++ b/geoclue.te
-@@ -0,0 +1,54 @@
+@@ -0,0 +1,57 @@
 +policy_module(geoclue, 1.0.0)
 +
 +########################################
@@ -29054,6 +29054,9 @@ index 0000000..204995f
 +	dbus_system_domain(geoclue_t, geoclue_exec_t)
 +
 +	optional_policy(`
++		modemmanager_dbus_chat(geoclue_t)
++	')
++	optional_policy(`
 +		networkmanager_dbus_chat(geoclue_t)
 +	')
 +')
@@ -34416,10 +34419,10 @@ index 580b533..c267cea 100644
  	domain_system_change_exemption($1)
  	role_transition $2 icecast_initrc_exec_t system_r;
 diff --git a/icecast.te b/icecast.te
-index a9e573a..d375214 100644
+index a9e573a..6420131 100644
 --- a/icecast.te
 +++ b/icecast.te
-@@ -65,12 +65,8 @@ dev_read_sysfs(icecast_t)
+@@ -65,11 +65,9 @@ dev_read_sysfs(icecast_t)
  dev_read_urand(icecast_t)
  dev_read_rand(icecast_t)
  
@@ -34428,10 +34431,10 @@ index a9e573a..d375214 100644
  auth_use_nsswitch(icecast_t)
  
 -miscfiles_read_localization(icecast_t)
--
++files_dontaudit_list_tmp(icecast_t)
+ 
  tunable_policy(`icecast_use_any_tcp_ports',`
  	corenet_tcp_connect_all_ports(icecast_t)
- 	corenet_sendrecv_all_client_packets(icecast_t)
 diff --git a/ifplugd.if b/ifplugd.if
 index 8999899..96909ae 100644
 --- a/ifplugd.if
@@ -46386,7 +46389,7 @@ index 6194b80..7490fe3 100644
  ')
 +
 diff --git a/mozilla.te b/mozilla.te
-index 11ac8e4..1025b89 100644
+index 11ac8e4..07b06e1 100644
 --- a/mozilla.te
 +++ b/mozilla.te
 @@ -6,17 +6,48 @@ policy_module(mozilla, 2.8.0)
@@ -47240,7 +47243,7 @@ index 11ac8e4..1025b89 100644
  ')
  
  optional_policy(`
-@@ -568,108 +593,136 @@ optional_policy(`
+@@ -568,108 +593,137 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -47435,6 +47438,7 @@ index 11ac8e4..1025b89 100644
 +tunable_policy(`mozilla_plugin_use_bluejeans',`
 +    corenet_tcp_bind_unreserved_ports(mozilla_plugin_t)
 +    corenet_dontaudit_tcp_bind_all_defined_ports(mozilla_plugin_t)
++    corenet_tcp_connect_commplex_main_port(mozilla_plugin_t)
  ')
 diff --git a/mpd.fc b/mpd.fc
 index 313ce52..ae93e07 100644
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 41aeac8..7253484 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 65%{?dist}
+Release: 66%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -600,6 +600,13 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+
+* Mon Jul 21 2014 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-66
+- Bluejeans wants to connect to port 5000
+- geoclue dbus chats with modemmanger
+- Dontaudit list /tmp for icecast (#894387)
+- Revert "Fix labeling path from /var/run/systemd/initctl/fifo to /var/run/initctl/fifo."
+
 * Fri Jul 18 2014 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-65
 - Allow sysadm to dbus chat with systemd
 - Add logging_dontaudit_search_audit_logs()

More information about the scm-commits mailing list