[selinux-policy/f21] * Mon Mar 23 2015 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-105.9 - Allow mysqld_t to use pam. BZ(119
Lukas Vrabec
lvrabec at fedoraproject.org
Mon Mar 23 15:23:54 UTC 2015
commit daf5d909332c486259e64313a2261465c1560b22
Author: Lukas Vrabec <lvrabec at redhat.com>
Date: Mon Mar 23 16:23:39 2015 +0100
* Mon Mar 23 2015 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-105.9
- Allow mysqld_t to use pam. BZ(1196104)
- Allow fetchmail to read mail_spool_t. BZ(1200552)
- Dontaudit blueman_t write to all mountpoints. BZ(1198272)
policy-f21-contrib.patch | 15 +++++++++------
selinux-policy.spec | 7 ++++++-
2 files changed, 15 insertions(+), 7 deletions(-)
---
diff --git a/policy-f21-contrib.patch b/policy-f21-contrib.patch
index a608b6f..dfa87b9 100644
--- a/policy-f21-contrib.patch
+++ b/policy-f21-contrib.patch
@@ -9547,7 +9547,7 @@ index 16ec525..1dd4059 100644
########################################
diff --git a/blueman.te b/blueman.te
-index 3a5032e..2097425 100644
+index 3a5032e..7987a21 100644
--- a/blueman.te
+++ b/blueman.te
@@ -7,7 +7,7 @@ policy_module(blueman, 1.1.0)
@@ -9578,7 +9578,7 @@ index 3a5032e..2097425 100644
kernel_read_system_state(blueman_t)
kernel_request_load_module(blueman_t)
-@@ -41,29 +42,44 @@ corecmd_exec_bin(blueman_t)
+@@ -41,29 +42,45 @@ corecmd_exec_bin(blueman_t)
dev_read_rand(blueman_t)
dev_read_urand(blueman_t)
dev_rw_wireless(blueman_t)
@@ -9588,6 +9588,7 @@ index 3a5032e..2097425 100644
files_list_tmp(blueman_t)
-files_read_usr_files(blueman_t)
++files_dontaudit_write_all_mountpoints(blueman_t)
auth_use_nsswitch(blueman_t)
@@ -28012,7 +28013,7 @@ index c3f7916..cab3954 100644
admin_pattern($1, fetchmail_etc_t)
diff --git a/fetchmail.te b/fetchmail.te
-index 742559a..a6c5c24 100644
+index 742559a..869cd4e 100644
--- a/fetchmail.te
+++ b/fetchmail.te
@@ -32,14 +32,17 @@ files_type(fetchmail_uidl_cache_t)
@@ -28042,7 +28043,7 @@ index 742559a..a6c5c24 100644
corenet_all_recvfrom_netlabel(fetchmail_t)
corenet_tcp_sendrecv_generic_if(fetchmail_t)
corenet_tcp_sendrecv_generic_node(fetchmail_t)
-@@ -84,15 +86,23 @@ fs_search_auto_mountpoints(fetchmail_t)
+@@ -84,15 +86,24 @@ fs_search_auto_mountpoints(fetchmail_t)
domain_use_interactive_fds(fetchmail_t)
@@ -28061,6 +28062,7 @@ index 742559a..a6c5c24 100644
+
+optional_policy(`
+ mta_send_mail(fetchmail_t)
++ mta_read_spool(fetchmail_t)
+')
+
+optional_policy(`
@@ -53093,7 +53095,7 @@ index 687af38..5381f1b 100644
+ mysql_stream_connect($1)
')
diff --git a/mysql.te b/mysql.te
-index 7584bbe..e14423d 100644
+index 7584bbe..976d57e 100644
--- a/mysql.te
+++ b/mysql.te
@@ -6,20 +6,15 @@ policy_module(mysql, 1.14.1)
@@ -53226,7 +53228,8 @@ index 7584bbe..e14423d 100644
+files_search_pids(mysqld_t)
+files_getattr_all_sockets(mysqld_t)
- auth_use_nsswitch(mysqld_t)
+-auth_use_nsswitch(mysqld_t)
++auth_use_pam(mysqld_t)
logging_send_syslog_msg(mysqld_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index e6a7801..4b80494 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.13.1
-Release: 105.8%{?dist}
+Release: 105.9%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -604,6 +604,11 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Mon Mar 23 2015 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-105.9
+- Allow mysqld_t to use pam. BZ(1196104)
+- Allow fetchmail to read mail_spool_t. BZ(1200552)
+- Dontaudit blueman_t write to all mountpoints. BZ(1198272)
+
* Mon Mar 16 2015 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-105.8
- Merge docker policy from rawhide.
- Allow docker to relablefrom/to sockets and docker_log_t
More information about the scm-commits
mailing list