|
|
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy-strict/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv14707
Modified Files:
policy-20051021.patch selinux-policy-strict.spec
Log Message:
* Tue Nov 8 2005 Dan Walsh <dwalsh@xxxxxxxxxx> 1.27.2-17
- Fix dhcpc and dhcpd state handling
- Add controlchan to innd_exec_t
policy-20051021.patch:
Makefile | 22 --
attrib.te | 18 +
domains/admin.te | 2
domains/misc/kernel.te | 2
domains/program/fsadm.te | 2
domains/program/getty.te | 2
domains/program/ifconfig.te | 2
domains/program/init.te | 2
domains/program/initrc.te | 13 +
domains/program/login.te | 2
domains/program/logrotate.te | 2
domains/program/modutil.te | 8
domains/program/newrole.te | 4
domains/program/restorecon.te | 4
domains/program/setfiles.te | 2
domains/program/ssh.te | 2
domains/program/su.te | 4
domains/program/syslogd.te | 4
domains/program/tmpreaper.te | 2
domains/program/unused/NetworkManager.te | 10 +
domains/program/unused/amanda.te | 21 +-
domains/program/unused/apache.te | 16 +
domains/program/unused/apmd.te | 13 +
domains/program/unused/auditd.te | 6
domains/program/unused/avahi.te | 31 +++
domains/program/unused/bluetooth.te | 57 +++++
domains/program/unused/cups.te | 11 -
domains/program/unused/cyrus.te | 8
domains/program/unused/dbusd.te | 2
domains/program/unused/dhcpc.te | 4
domains/program/unused/dhcpd.te | 4
domains/program/unused/exim.te | 309 +++++++++++++++++++++++++++++++
domains/program/unused/ftpd.te | 6
domains/program/unused/hald.te | 5
domains/program/unused/hotplug.te | 5
domains/program/unused/ipsec.te | 2
domains/program/unused/kudzu.te | 3
domains/program/unused/mta.te | 5
domains/program/unused/mysqld.te | 6
domains/program/unused/named.te | 17 +
domains/program/unused/nscd.te | 1
domains/program/unused/ntpd.te | 5
domains/program/unused/pamconsole.te | 2
domains/program/unused/pegasus.te | 15 +
domains/program/unused/ping.te | 2
domains/program/unused/postfix.te | 55 +++--
domains/program/unused/postgresql.te | 11 -
domains/program/unused/pppd.te | 24 +-
domains/program/unused/procmail.te | 6
domains/program/unused/radius.te | 3
domains/program/unused/rpcd.te | 16 +
domains/program/unused/rpm.te | 4
domains/program/unused/rsync.te | 3
domains/program/unused/samba.te | 6
domains/program/unused/saslauthd.te | 1
domains/program/unused/sendmail.te | 50 ++++-
domains/program/unused/slapd.te | 25 ++
domains/program/unused/snmpd.te | 1
domains/program/unused/spamd.te | 28 --
domains/program/unused/udev.te | 8
domains/program/unused/webalizer.te | 3
domains/program/unused/xdm.te | 2
domains/program/unused/yppasswdd.te | 40 ++++
domains/program/unused/ypserv.te | 8
file_contexts/distros.fc | 1
file_contexts/program/apache.fc | 3
file_contexts/program/avahi.fc | 4
file_contexts/program/backup.fc | 2
file_contexts/program/bluetooth.fc | 2
file_contexts/program/compat.fc | 4
file_contexts/program/dhcpc.fc | 1
file_contexts/program/dhcpd.fc | 9
file_contexts/program/exim.fc | 18 +
file_contexts/program/ftpd.fc | 5
file_contexts/program/games.fc | 3
file_contexts/program/innd.fc | 15 -
file_contexts/program/kudzu.fc | 2
file_contexts/program/pegasus.fc | 6
file_contexts/program/rshd.fc | 1
file_contexts/program/rsync.fc | 2
file_contexts/program/sendmail.fc | 7
file_contexts/program/slapd.fc | 12 +
file_contexts/program/squid.fc | 3
file_contexts/program/yppasswdd.fc | 2
file_contexts/types.fc | 5
genfs_contexts | 1
macros/base_user_macros.te | 7
macros/global_macros.te | 26 --
macros/home_macros.te | 9
macros/program/chkpwd_macros.te | 7
macros/program/dbusd_macros.te | 1
macros/program/exim_macros.te | 75 +++++++
macros/program/su_macros.te | 2
macros/program/ypbind_macros.te | 1
macros/user_macros.te | 1
man/man8/ftpd_selinux.8 | 19 +
man/man8/httpd_selinux.8 | 9
man/man8/rsync_selinux.8 | 12 -
man/man8/samba_selinux.8 | 9
mcs | 194 ++++++-------------
mls | 227 ++++++++--------------
net_contexts | 4
targeted/assert.te | 2
targeted/domains/program/compat.te | 1
targeted/domains/program/sendmail.te | 18 -
targeted/domains/program/ssh.te | 2
targeted/domains/program/xdm.te | 4
targeted/domains/unconfined.te | 10 -
tunables/distro.tun | 2
tunables/tunable.tun | 4
types/devpts.te | 4
types/file.te | 44 +---
types/network.te | 10 -
types/nfs.te | 1
types/security.te | 2
115 files changed, 1210 insertions(+), 564 deletions(-)
Index: policy-20051021.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/policy-20051021.patch,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- policy-20051021.patch 7 Nov 2005 19:43:16 -0000 1.19
+++ policy-20051021.patch 8 Nov 2005 16:47:13 -0000 1.20
@@ -664,16 +664,17 @@
+allow system_dbusd_t self:netlink_audit_socket { create_netlink_socket_perms
nlmsg_relay };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/dhcpc.te
policy-1.27.2/domains/program/unused/dhcpc.te
--- nsapolicy/domains/program/unused/dhcpc.te 2005-10-21 11:36:15.000000000
-0400
-+++ policy-1.27.2/domains/program/unused/dhcpc.te 2005-11-07
10:47:22.000000000 -0500
-@@ -120,6 +120,7 @@
++++ policy-1.27.2/domains/program/unused/dhcpc.te 2005-11-08
10:42:24.000000000 -0500
+@@ -120,6 +120,8 @@
allow dhcpc_t self:packet_socket create_socket_perms;
allow dhcpc_t var_lib_t:dir search;
file_type_auto_trans(dhcpc_t, dhcp_state_t, dhcpc_state_t, file)
++rw_dir_create_file(dhcpc_t, dhcpc_state_t)
+allow dhcpc_t dhcp_state_t:file { getattr read };
allow dhcpc_t bin_t:dir { getattr search };
allow dhcpc_t bin_t:lnk_file read;
-@@ -163,3 +164,5 @@
+@@ -163,3 +165,5 @@
allow dhcpc_t unconfined_t:dbus send_msg;
')dnl end ifdef unconfined.te
')
@@ -681,7 +682,7 @@
+allow dhcpc_t locale_t:file write;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/dhcpd.te
policy-1.27.2/domains/program/unused/dhcpd.te
--- nsapolicy/domains/program/unused/dhcpd.te 2005-09-12 16:40:28.000000000
-0400
-+++ policy-1.27.2/domains/program/unused/dhcpd.te 2005-11-07
10:47:22.000000000 -0500
++++ policy-1.27.2/domains/program/unused/dhcpd.te 2005-11-08
10:41:55.000000000 -0500
@@ -17,8 +17,6 @@
#
daemon_domain(dhcpd, `, nscd_client_domain')
@@ -699,6 +700,14 @@
can_ypbind(dhcpd_t)
allow dhcpd_t self:unix_dgram_socket create_socket_perms;
allow dhcpd_t self:unix_stream_socket create_socket_perms;
+@@ -46,6 +45,7 @@
+ allow dhcpd_t dhcp_etc_t:file { read getattr };
+ allow dhcpd_t dhcp_etc_t:dir search;
+ file_type_auto_trans(dhcpd_t, dhcp_state_t, dhcpd_state_t, file)
++rw_dir_create_file(dhcpd_t, dhcpd_state_t)
+
+ allow dhcpd_t etc_t:lnk_file read;
+ allow dhcpd_t { etc_t etc_runtime_t }:file r_file_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/exim.te
policy-1.27.2/domains/program/unused/exim.te
--- nsapolicy/domains/program/unused/exim.te 1969-12-31 19:00:00.000000000
-0500
+++ policy-1.27.2/domains/program/unused/exim.te 2005-11-07
10:47:22.000000000 -0500
@@ -2151,6 +2160,43 @@
/usr/bin/civserver.* -- system_u:object_r:games_exec_t
')dnl end non-Debian section
+
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/innd.fc
policy-1.27.2/file_contexts/program/innd.fc
+--- nsapolicy/file_contexts/program/innd.fc 2005-09-12 16:40:27.000000000
-0400
++++ policy-1.27.2/file_contexts/program/innd.fc 2005-11-08
10:12:26.000000000 -0500
+@@ -18,25 +18,26 @@
+ /usr/lib(64)?/news/bin/archive -- system_u:object_r:innd_exec_t
+ /usr/lib(64)?/news/bin/batcher -- system_u:object_r:innd_exec_t
+ /usr/lib(64)?/news/bin/buffchan -- system_u:object_r:innd_exec_t
++/usr/lib(64)?/news/bin/controlchan -- system_u:object_r:innd_exec_t
+ /usr/lib(64)?/news/bin/convdate -- system_u:object_r:innd_exec_t
+ /usr/lib(64)?/news/bin/ctlinnd -- system_u:object_r:innd_exec_t
+ /usr/lib(64)?/news/bin/cvtbatch -- system_u:object_r:innd_exec_t
+ /usr/lib(64)?/news/bin/expire -- system_u:object_r:innd_exec_t
+-/usr/lib(64)?/news/bin/expireover -- system_u:object_r:innd_exec_t
++/usr/lib(64)?/news/bin/expireover -- system_u:object_r:innd_exec_t
+ /usr/lib(64)?/news/bin/fastrm -- system_u:object_r:innd_exec_t
+ /usr/lib(64)?/news/bin/filechan -- system_u:object_r:innd_exec_t
+ /usr/lib(64)?/news/bin/getlist -- system_u:object_r:innd_exec_t
+-/usr/lib(64)?/news/bin/grephistory -- system_u:object_r:innd_exec_t
++/usr/lib(64)?/news/bin/grephistory -- system_u:object_r:innd_exec_t
+ /usr/lib(64)?/news/bin/inews -- system_u:object_r:innd_exec_t
+-/usr/lib(64)?/news/bin/innconfval -- system_u:object_r:innd_exec_t
++/usr/lib(64)?/news/bin/innconfval -- system_u:object_r:innd_exec_t
+ /usr/lib(64)?/news/bin/inndf -- system_u:object_r:innd_exec_t
+-/usr/lib(64)?/news/bin/inndstart -- system_u:object_r:innd_exec_t
++/usr/lib(64)?/news/bin/inndstart -- system_u:object_r:innd_exec_t
+ /usr/lib(64)?/news/bin/innfeed -- system_u:object_r:innd_exec_t
+-/usr/lib(64)?/news/bin/innxbatch -- system_u:object_r:innd_exec_t
++/usr/lib(64)?/news/bin/innxbatch -- system_u:object_r:innd_exec_t
+ /usr/lib(64)?/news/bin/innxmit -- system_u:object_r:innd_exec_t
+ /usr/lib(64)?/news/bin/makedbz -- system_u:object_r:innd_exec_t
+-/usr/lib(64)?/news/bin/makehistory -- system_u:object_r:innd_exec_t
+-/usr/lib(64)?/news/bin/newsrequeue -- system_u:object_r:innd_exec_t
++/usr/lib(64)?/news/bin/makehistory -- system_u:object_r:innd_exec_t
++/usr/lib(64)?/news/bin/newsrequeue -- system_u:object_r:innd_exec_t
+ /usr/lib(64)?/news/bin/nnrpd -- system_u:object_r:innd_exec_t
+ /usr/lib(64)?/news/bin/nntpget -- system_u:object_r:innd_exec_t
+ /usr/lib(64)?/news/bin/ovdb_recover -- system_u:object_r:innd_exec_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/kudzu.fc
policy-1.27.2/file_contexts/program/kudzu.fc
--- nsapolicy/file_contexts/program/kudzu.fc 2005-09-12 16:40:28.000000000
-0400
+++ policy-1.27.2/file_contexts/program/kudzu.fc 2005-11-07
10:47:22.000000000 -0500
@@ -2558,7 +2604,7 @@
ifdef(`lockdev.te', `lockdev_domain($1)')
diff --exclude-from=exclude -N -u -r nsapolicy/Makefile policy-1.27.2/Makefile
--- nsapolicy/Makefile 2005-10-21 11:36:15.000000000 -0400
-+++ policy-1.27.2/Makefile 2005-11-07 10:47:22.000000000 -0500
++++ policy-1.27.2/Makefile 2005-11-08 11:44:19.000000000 -0500
@@ -27,7 +27,7 @@
GENHOMEDIRCON = $(SBINDIR)/genhomedircon
SETFILES = $(SBINDIR)/setfiles
@@ -2568,7 +2614,29 @@
KERNVERS := $(shell cat /selinux/policyvers)
MLSENABLED := $(shell cat /selinux/mls)
POLICYVER := policy.$(VERS)
-@@ -178,11 +178,7 @@
+@@ -84,12 +84,8 @@
+ all: policy
+
+ tmp/valid_fc: $(LOADPATH) $(FC)
+-ifeq ($(CHECKPOLMLS), -M)
+-ifeq ($(MLSENABLED),1)
+ @echo "Validating file contexts files ..."
+ $(SETFILES) -q -c $(LOADPATH) $(FC)
+-endif
+-endif
+ @touch tmp/valid_fc
+
+ install: $(FCPATH) $(APPFILES) $(ROOTFILES) $(USERPATH)/local.users
+@@ -169,20 +165,12 @@
+
+ $(POLICYVER): policy.conf $(FC) $(CHECKPOLICY)
+ $(CHECKPOLICY) $(CHECKPOLMLS) -o $@ policy.conf
+-ifeq ($(CHECKPOLMLS), -M)
+-ifeq (1, $(MLSENABLED))
+ @echo "Validating file contexts files ..."
+ $(SETFILES) -q -c $(POLICYVER) $(FC)
+-endif
+-endif
reload tmp/load: $(LOADPATH)
@echo "Loading Policy ..."
@@ -2581,7 +2649,7 @@
touch tmp/load
load: tmp/load $(FCPATH)
-@@ -340,10 +336,10 @@
+@@ -340,10 +328,10 @@
done
@for file in $(USER_FILES); do \
echo "Converting $$file"; \
@@ -2594,7 +2662,7 @@
@echo "Enabling MLS in the Makefile"
@sed "s/MLS=n/MLS=y/" Makefile > Makefile.new
@mv Makefile.new Makefile
-@@ -358,7 +354,7 @@
+@@ -358,7 +346,7 @@
@for file in $(USER_FILES); do \
echo "Converting $$file"; \
sed -r -e 's/\;/ level s0 range s0;/' $$file | \
Index: selinux-policy-strict.spec
===================================================================
RCS file:
/cvs/dist/rpms/selinux-policy-strict/devel/selinux-policy-strict.spec,v
retrieving revision 1.417
retrieving revision 1.418
diff -u -r1.417 -r1.418
--- selinux-policy-strict.spec 7 Nov 2005 19:43:16 -0000 1.417
+++ selinux-policy-strict.spec 8 Nov 2005 16:47:13 -0000 1.418
@@ -9,7 +9,7 @@
Summary: SELinux %{type} policy configuration
Name: selinux-policy-%{type}
Version: 1.27.2
-Release: 16
+Release: 17
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -245,7 +245,11 @@
exit 0
%changelog
-* Fri Nov 7 2005 Dan Walsh <dwalsh@xxxxxxxxxx> 1.27.2-16
+* Tue Nov 8 2005 Dan Walsh <dwalsh@xxxxxxxxxx> 1.27.2-17
+- Fix dhcpc and dhcpd state handling
+- Add controlchan to innd_exec_t
+
+* Mon Nov 7 2005 Dan Walsh <dwalsh@xxxxxxxxxx> 1.27.2-16
- Allow scanimage to work with hplip
- Fix multiple definititions in file context
- Fix missing launch
--
fedora-cvs-commits mailing list
fedora-cvs-commits@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-cvs-commits
|
|