lvrabec pushed to selinux-policy (f21). "* Thu Apr 02 2015 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-105.11 (..more)"
notifications at fedoraproject.org
notifications at fedoraproject.org
Thu Apr 2 09:10:27 UTC 2015
>From 73dbe0dc017b99d725ce630289539177b783030b Mon Sep 17 00:00:00 2001
From: Lukas Vrabec <lvrabec at redhat.com>
Date: Thu, 2 Apr 2015 11:10:10 +0200
Subject: * Thu Apr 02 2015 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-105.11 -
Allow networkmanager and cloud_init_t to dbus chat - Fix
sysnet_filetrans_named_content interface. BZ(1207942)
diff --git a/policy-f21-base.patch b/policy-f21-base.patch
index 5c49f28..5d6b5e9 100644
--- a/policy-f21-base.patch
+++ b/policy-f21-base.patch
@@ -39197,7 +39197,7 @@ index 40edc18..b328c40 100644
+/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
+
diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
-index 2cea692..a1734af 100644
+index 2cea692..7bc562c 100644
--- a/policy/modules/system/sysnetwork.if
+++ b/policy/modules/system/sysnetwork.if
@@ -38,11 +38,30 @@ interface(`sysnet_domtrans_dhcpc',`
@@ -39566,7 +39566,7 @@ index 2cea692..a1734af 100644
corenet_tcp_sendrecv_generic_if($1)
corenet_udp_sendrecv_generic_if($1)
corenet_tcp_sendrecv_generic_node($1)
-@@ -796,3 +1010,120 @@ interface(`sysnet_use_portmap',`
+@@ -796,3 +1010,122 @@ interface(`sysnet_use_portmap',`
sysnet_read_config($1)
')
@@ -39644,8 +39644,10 @@ index 2cea692..a1734af 100644
+ files_etc_filetrans($1, net_conf_t, file, "ethers")
+ files_etc_filetrans($1, net_conf_t, file, "yp.conf")
+ files_etc_filetrans($1, net_conf_t, file, "ntp.conf")
-+ init_pid_filetrans($1, net_conf_t, dir, "network")
-+ networkmanager_pid_filetrans($1, net_conf_t, file, "resolv.conf.tmp")
++ init_pid_filetrans($1, net_conf_t, dir, "network")
++
++ optional_policy(`
++ networkmanager_pid_filetrans($1, net_conf_t, file, "resolv.conf.tmp")
+ networkmanager_pid_filetrans($1, net_conf_t, file, "resolv.conf")
+ ')
+')
diff --git a/policy-f21-contrib.patch b/policy-f21-contrib.patch
index 86b9b80..d1d0f9f 100644
--- a/policy-f21-contrib.patch
+++ b/policy-f21-contrib.patch
@@ -13511,10 +13511,10 @@ index 0000000..a06f04b
+')
diff --git a/cloudform.te b/cloudform.te
new file mode 100644
-index 0000000..21e071f
+index 0000000..40eebdb
--- /dev/null
+++ b/cloudform.te
-@@ -0,0 +1,236 @@
+@@ -0,0 +1,240 @@
+policy_module(cloudform, 1.0)
+########################################
+#
@@ -13634,6 +13634,10 @@ index 0000000..21e071f
+')
+
+optional_policy(`
++ NetworkManager_dbus_chat(cloud_init_t)
++')
++
++optional_policy(`
+ dmidecode_domtrans(cloud_init_t)
+')
+
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 447f88e..f644fb0 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.13.1
-Release: 105.10%{?dist}
+Release: 105.11%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -604,6 +604,10 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Thu Apr 02 2015 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-105.11
+- Allow networkmanager and cloud_init_t to dbus chat
+- Fix sysnet_filetrans_named_content interface. BZ(1207942)
+
* Mon Mar 30 2015 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-105.10
- Allow kmscon to read system state. BZ (1206871)
- Allow plymouthd to open usbttys. BZ(1202429)
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/selinux-policy.git/commit/?h=f21&id=73dbe0dc017b99d725ce630289539177b783030b
More information about the scm-commits
mailing list