fedora-cvs-commits@redhat.com
[Top] [All Lists]

rpms/selinux-policy/devel policy-20061106.patch, 1.6, 1.7 selinux-policy

Subject: rpms/selinux-policy/devel policy-20061106.patch, 1.6, 1.7 selinux-policy.spec, 1.336, 1.337
From:
Date: Thu, 9 Nov 2006 13:57:55 -0500
Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv9732

Modified Files:
        policy-20061106.patch selinux-policy.spec 
Log Message:
* Thu Nov 8 2006 Dan Walsh <dwalsh@xxxxxxxxxx> 2.4.3-7
- Fix spec of jre files 


policy-20061106.patch:
 Rules.modular                           |   10 
 policy/flask/access_vectors             |    3 
 policy/global_tunables                  |   36 ++
 policy/mls                              |    3 
 policy/modules/admin/acct.te            |    1 
 policy/modules/admin/amanda.te          |    1 
 policy/modules/admin/consoletype.te     |    8 
 policy/modules/admin/dmesg.te           |    1 
 policy/modules/admin/logwatch.te        |    1 
 policy/modules/admin/netutils.te        |    2 
 policy/modules/admin/prelink.te         |    5 
 policy/modules/admin/rpm.fc             |    3 
 policy/modules/admin/rpm.if             |   24 +
 policy/modules/admin/rpm.te             |   33 --
 policy/modules/apps/java.fc             |    2 
 policy/modules/kernel/corecommands.if   |   17 +
 policy/modules/kernel/corenetwork.if.in |   12 
 policy/modules/kernel/corenetwork.te.in |   17 -
 policy/modules/kernel/corenetwork.te.m4 |    4 
 policy/modules/kernel/devices.fc        |    3 
 policy/modules/kernel/devices.te        |    6 
 policy/modules/kernel/domain.te         |    7 
 policy/modules/kernel/files.if          |   67 ++++
 policy/modules/kernel/files.te          |    2 
 policy/modules/kernel/filesystem.te     |    6 
 policy/modules/kernel/terminal.fc       |    1 
 policy/modules/kernel/terminal.te       |    1 
 policy/modules/services/aide.fc         |    3 
 policy/modules/services/aide.if         |   56 +++
 policy/modules/services/aide.te         |   52 +++
 policy/modules/services/apache.fc       |   10 
 policy/modules/services/apache.te       |   10 
 policy/modules/services/automount.te    |    1 
 policy/modules/services/bind.te         |    1 
 policy/modules/services/ccs.fc          |   10 
 policy/modules/services/ccs.if          |   83 +++++
 policy/modules/services/ccs.te          |   89 +++++
 policy/modules/services/cron.if         |   26 -
 policy/modules/services/cron.te         |    5 
 policy/modules/services/cups.fc         |    2 
 policy/modules/services/cups.te         |    4 
 policy/modules/services/cvs.te          |    1 
 policy/modules/services/dbus.fc         |    1 
 policy/modules/services/dbus.if         |    1 
 policy/modules/services/hal.fc          |    4 
 policy/modules/services/hal.te          |    8 
 policy/modules/services/kerberos.te     |    1 
 policy/modules/services/lpd.if          |   52 +--
 policy/modules/services/mta.te          |    1 
 policy/modules/services/nscd.if         |   20 +
 policy/modules/services/nscd.te         |    3 
 policy/modules/services/oddjob.te       |    1 
 policy/modules/services/pegasus.if      |   31 ++
 policy/modules/services/pegasus.te      |    5 
 policy/modules/services/procmail.te     |   16 +
 policy/modules/services/ricci.fc        |   20 +
 policy/modules/services/ricci.if        |  184 ++++++++++++
 policy/modules/services/ricci.te        |  479 ++++++++++++++++++++++++++++++++
 policy/modules/services/rsync.te        |    1 
 policy/modules/services/samba.te        |    6 
 policy/modules/services/sasl.te         |    2 
 policy/modules/services/snmp.te         |    1 
 policy/modules/services/spamassassin.te |    4 
 policy/modules/services/squid.te        |    7 
 policy/modules/services/ssh.te          |    2 
 policy/modules/services/telnet.te       |    1 
 policy/modules/services/xserver.if      |   40 ++
 policy/modules/system/authlogin.if      |    2 
 policy/modules/system/authlogin.te      |    1 
 policy/modules/system/fstools.fc        |    1 
 policy/modules/system/fstools.te        |    2 
 policy/modules/system/getty.te          |    3 
 policy/modules/system/hostname.te       |    6 
 policy/modules/system/init.fc           |    3 
 policy/modules/system/init.te           |   14 
 policy/modules/system/iscsi.if          |    2 
 policy/modules/system/libraries.fc      |   12 
 policy/modules/system/libraries.te      |    6 
 policy/modules/system/locallogin.if     |   37 ++
 policy/modules/system/logging.te        |    1 
 policy/modules/system/modutils.te       |    4 
 policy/modules/system/mount.te          |   19 -
 policy/modules/system/raid.te           |    7 
 policy/modules/system/selinuxutil.if    |    4 
 policy/modules/system/selinuxutil.te    |   13 
 policy/modules/system/unconfined.if     |   19 +
 policy/modules/system/unconfined.te     |   11 
 policy/modules/system/userdomain.if     |  201 +++++++++++++
 policy/modules/system/userdomain.te     |   10 
 policy/modules/system/xen.fc            |    1 
 policy/modules/system/xen.te            |   26 +
 91 files changed, 1782 insertions(+), 143 deletions(-)

Index: policy-20061106.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20061106.patch,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- policy-20061106.patch       8 Nov 2006 20:21:53 -0000       1.6
+++ policy-20061106.patch       9 Nov 2006 18:57:53 -0000       1.7
@@ -239,7 +239,7 @@
 +')
 diff --exclude-from=exclude -N -u -r 
nsaserefpolicy/policy/modules/admin/rpm.te 
serefpolicy-2.4.3/policy/modules/admin/rpm.te
 --- nsaserefpolicy/policy/modules/admin/rpm.te 2006-11-06 11:13:22.000000000 
-0500
-+++ serefpolicy-2.4.3/policy/modules/admin/rpm.te      2006-11-06 
16:45:08.000000000 -0500
++++ serefpolicy-2.4.3/policy/modules/admin/rpm.te      2006-11-09 
08:20:10.000000000 -0500
 @@ -9,6 +9,8 @@
  type rpm_t;
  type rpm_exec_t;
@@ -259,6 +259,38 @@
  dev_list_sysfs(rpm_script_t)
  
  # ideally we would not need this
+@@ -368,31 +373,3 @@
+       usermanage_domtrans_useradd(rpm_script_t)
+ ')
+ 
+-ifdef(`TODO',`
+-optional_policy(`
+-can_exec(rpm_script_t,printconf_t)
+-')
+-
+-optional_policy(`
+-allow cupsd_t rpm_var_lib_t:dir r_dir_perms;
+-allow cupsd_t rpm_var_lib_t:file r_file_perms;
+-allow cupsd_t rpb_var_lib_t:lnk_file r_file_perms;
+-allow cupsd_t initrc_exec_t:file r_file_perms;
+-domain_auto_trans(rpm_script_t, cupsd_exec_t, cupsd_t)
+-')
+-
+-optional_policy(`
+-domain_auto_trans(rpm_script_t, ssh_agent_exec_t, sysadm_ssh_agent_t)
+-')
+-
+-optional_policy(`
+-domain_auto_trans(rpm_t, prelink_exec_t, prelink_t)
+-')
+-
+-ifdef(`hide_broken_symptoms', `
+-      optional_policy(`
+-              domain_trans(rpm_t, pam_console_exec_t, rpm_script_t)
+-      ')
+-')
+-
+-') dnl end TODO
 diff --exclude-from=exclude -N -u -r 
nsaserefpolicy/policy/modules/apps/java.fc 
serefpolicy-2.4.3/policy/modules/apps/java.fc
 --- nsaserefpolicy/policy/modules/apps/java.fc 2006-11-06 11:13:17.000000000 
-0500
 +++ serefpolicy-2.4.3/policy/modules/apps/java.fc      2006-11-06 
16:45:08.000000000 -0500
@@ -1479,7 +1511,7 @@
  hostname_exec(pegasus_t)
 diff --exclude-from=exclude -N -u -r 
nsaserefpolicy/policy/modules/services/procmail.te 
serefpolicy-2.4.3/policy/modules/services/procmail.te
 --- nsaserefpolicy/policy/modules/services/procmail.te 2006-11-06 
11:13:19.000000000 -0500
-+++ serefpolicy-2.4.3/policy/modules/services/procmail.te      2006-11-06 
16:45:08.000000000 -0500
++++ serefpolicy-2.4.3/policy/modules/services/procmail.te      2006-11-09 
08:05:56.000000000 -0500
 @@ -10,6 +10,7 @@
  type procmail_exec_t;
  domain_type(procmail_t)
@@ -1724,8 +1756,8 @@
 +')
 diff --exclude-from=exclude -N -u -r 
nsaserefpolicy/policy/modules/services/ricci.te 
serefpolicy-2.4.3/policy/modules/services/ricci.te
 --- nsaserefpolicy/policy/modules/services/ricci.te    1969-12-31 
19:00:00.000000000 -0500
-+++ serefpolicy-2.4.3/policy/modules/services/ricci.te 2006-11-06 
16:45:08.000000000 -0500
-@@ -0,0 +1,477 @@
++++ serefpolicy-2.4.3/policy/modules/services/ricci.te 2006-11-09 
10:30:02.000000000 -0500
+@@ -0,0 +1,479 @@
 +policy_module(ricci,1.0.0)
 +
 +########################################
@@ -2108,12 +2140,14 @@
 +allow ricci_modstorage_t self:process setsched;
 +allow ricci_modstorage_t self:capability { mknod sys_nice };
 +allow ricci_modstorage_t self:fifo_file rw_file_perms;
++allow ricci_modstorage_t self:unix_dgram_socket create_socket_perms;
 +
 +corecmd_exec_bin(ricci_modstorage_t)
 +corecmd_exec_sbin(ricci_modstorage_t)
 +
 +files_read_etc_files(ricci_modstorage_t)
 +files_read_etc_runtime_files(ricci_modstorage_t)
++files_read_usr_files(ricci_modstorage_t)
 +
 +fstools_domtrans(ricci_modstorage_t)
 +
@@ -2135,9 +2169,10 @@
 +
 +modutils_read_module_deps(ricci_modstorage_t)
 +
-+files_read_usr_files(ricci_modstorage_t)
 +storage_raw_read_fixed_disk(ricci_modstorage_t)
 +
++term_dontaudit_use_console(ricci_modstorage_t)
++
 +optional_policy(`
 +      ccs_read_config(ricci_modstorage_t)
 +')
@@ -2163,6 +2198,7 @@
 +
 +corecmd_exec_shell(ricci_modcluster_t)
 +init_exec(ricci_modcluster_t)
++init_domtrans_script(ricci_modcluster_t)
 +files_search_locks(ricci_modcluster_t)
 +
 +logging_send_syslog_msg(ricci_modcluster_t)
@@ -2198,8 +2234,6 @@
 +      ccs_manage_config(ricci_modcluster_t)
 +')
 +
-+
-+
 +optional_policy(`
 +      consoletype_exec(ricci_modcluster_t)
 +')
@@ -2528,7 +2562,7 @@
        allow iscsid_t $1:process sigchld;
 diff --exclude-from=exclude -N -u -r 
nsaserefpolicy/policy/modules/system/libraries.fc 
serefpolicy-2.4.3/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc  2006-11-06 
11:13:21.000000000 -0500
-+++ serefpolicy-2.4.3/policy/modules/system/libraries.fc       2006-11-07 
09:28:47.000000000 -0500
++++ serefpolicy-2.4.3/policy/modules/system/libraries.fc       2006-11-09 
10:17:47.000000000 -0500
 @@ -1,3 +1,4 @@
 +
  #
@@ -2552,14 +2586,36 @@
  /usr/lib(64)?/libstdc\+\+\.so\.2\.7\.2\.8 --  
gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/libg\+\+\.so\.2\.7\.2\.8        --      
gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/libglide3\.so.*                 --      
gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -262,6 +265,7 @@
- /usr/(local/)?(.*/)?jre.*/libjvm\.so(\.[^/]*)* -- 
gen_context(system_u:object_r:textrel_shlib_t,s0)
- /usr/(local/)?(.*/)?jre.*/libawt\.so(\.[^/]*)* -- 
gen_context(system_u:object_r:textrel_shlib_t,s0)
- /usr/(local/)?(.*/)?jre.*/libjavaplugin_ojigcc3\.so(\.[^/]*)* -- 
gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/usr/(local/)?(.*/)?jre.*/libj9thr23.so -- 
gen_context(system_u:object_r:textrel_shlib_t,s0)
+@@ -258,10 +261,9 @@
+ /usr/lib(64)?/vmware/(.*/)?VmPerl\.so --      
gen_context(system_u:object_r:textrel_shlib_t,s0)
+ 
+ # Java, Sun Microsystems (JPackage SRPM)
+-/usr/(.*/)?jre.*/libdeploy\.so(\.[^/]*)* --   
gen_context(system_u:object_r:textrel_shlib_t,s0)
+-/usr/(local/)?(.*/)?jre.*/libjvm\.so(\.[^/]*)* -- 
gen_context(system_u:object_r:textrel_shlib_t,s0)
+-/usr/(local/)?(.*/)?jre.*/libawt\.so(\.[^/]*)* -- 
gen_context(system_u:object_r:textrel_shlib_t,s0)
+-/usr/(local/)?(.*/)?jre.*/libjavaplugin_ojigcc3\.so(\.[^/]*)* -- 
gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/(.*/)?jre.*/.*\.so(\.[^/]*)* --  
gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/local/(.*/)?jre.*/.*\.so(\.[^/]*)* --    
gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib(64)?/(.*/)?jre.*/.*\.so(\.[^/]*)* -- 
gen_context(system_u:object_r:textrel_shlib_t,s0)
  
  /usr/(local/)?Adobe/(.*/)?intellinux/nppdf\.so -- 
gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/(local/)?Adobe/(.*/)?intellinux/sidecars/* -- 
gen_context(system_u:object_r:textrel_shlib_t,s0)
+diff --exclude-from=exclude -N -u -r 
nsaserefpolicy/policy/modules/system/libraries.te 
serefpolicy-2.4.3/policy/modules/system/libraries.te
+--- nsaserefpolicy/policy/modules/system/libraries.te  2006-11-06 
11:13:21.000000000 -0500
++++ serefpolicy-2.4.3/policy/modules/system/libraries.te       2006-11-09 
08:14:35.000000000 -0500
+@@ -81,12 +81,6 @@
+ 
+ userdom_use_all_users_fds(ldconfig_t)
+ 
+-ifdef(`hide_broken_symptoms',`
+-      optional_policy(`
+-              unconfined_dontaudit_rw_tcp_sockets(ldconfig_t)
+-      ')
+-')
+-
+ ifdef(`targeted_policy',`
+       allow ldconfig_t lib_t:file r_file_perms;
+       unconfined_domain(ldconfig_t) 
 diff --exclude-from=exclude -N -u -r 
nsaserefpolicy/policy/modules/system/locallogin.if 
serefpolicy-2.4.3/policy/modules/system/locallogin.if
 --- nsaserefpolicy/policy/modules/system/locallogin.if 2006-10-16 
12:20:18.000000000 -0400
 +++ serefpolicy-2.4.3/policy/modules/system/locallogin.if      2006-11-06 
16:45:08.000000000 -0500
@@ -2615,9 +2671,23 @@
  
  ifdef(`enable_mls',`
        init_ranged_daemon_domain(auditd_t,auditd_exec_t,mls_systemhigh)
+diff --exclude-from=exclude -N -u -r 
nsaserefpolicy/policy/modules/system/modutils.te 
serefpolicy-2.4.3/policy/modules/system/modutils.te
+--- nsaserefpolicy/policy/modules/system/modutils.te   2006-10-19 
11:47:40.000000000 -0400
++++ serefpolicy-2.4.3/policy/modules/system/modutils.te        2006-11-09 
08:15:16.000000000 -0500
+@@ -117,10 +117,6 @@
+       kernel_domtrans_to(insmod_t,insmod_exec_t)
+ }
+ 
+-ifdef(`hide_broken_symptoms',`
+-      dev_dontaudit_rw_cardmgr(insmod_t)
+-')
+-
+ ifdef(`targeted_policy',`
+       unconfined_domain(insmod_t)
+ ')
 diff --exclude-from=exclude -N -u -r 
nsaserefpolicy/policy/modules/system/mount.te 
serefpolicy-2.4.3/policy/modules/system/mount.te
 --- nsaserefpolicy/policy/modules/system/mount.te      2006-11-06 
11:13:21.000000000 -0500
-+++ serefpolicy-2.4.3/policy/modules/system/mount.te   2006-11-06 
16:45:08.000000000 -0500
++++ serefpolicy-2.4.3/policy/modules/system/mount.te   2006-11-09 
08:15:49.000000000 -0500
 @@ -9,6 +9,7 @@
  type mount_t;
  type mount_exec_t;
@@ -2653,6 +2723,21 @@
        ')
  ')
  
+@@ -163,14 +170,6 @@
+       apm_use_fds(mount_t)
+ ')
+ 
+-optional_policy(`
+-      ifdef(`hide_broken_symptoms',`
+-              # for a bug in the X server
+-              rhgb_dontaudit_rw_stream_sockets(mount_t)
+-              term_dontaudit_use_ptmx(mount_t)
+-      ')
+-')
+-
+ # for kernel package installation
+ optional_policy(`
+       rpm_rw_pipes(mount_t)
 diff --exclude-from=exclude -N -u -r 
nsaserefpolicy/policy/modules/system/raid.te 
serefpolicy-2.4.3/policy/modules/system/raid.te
 --- nsaserefpolicy/policy/modules/system/raid.te       2006-11-06 
11:13:21.000000000 -0500
 +++ serefpolicy-2.4.3/policy/modules/system/raid.te    2006-11-06 
16:45:08.000000000 -0500
@@ -2703,7 +2788,7 @@
  
 diff --exclude-from=exclude -N -u -r 
nsaserefpolicy/policy/modules/system/selinuxutil.te 
serefpolicy-2.4.3/policy/modules/system/selinuxutil.te
 --- nsaserefpolicy/policy/modules/system/selinuxutil.te        2006-11-06 
11:13:21.000000000 -0500
-+++ serefpolicy-2.4.3/policy/modules/system/selinuxutil.te     2006-11-06 
16:45:08.000000000 -0500
++++ serefpolicy-2.4.3/policy/modules/system/selinuxutil.te     2006-11-09 
08:17:07.000000000 -0500
 @@ -107,6 +107,11 @@
  type semanage_exec_t;
  domain_entry_file(semanage_t, semanage_exec_t)
@@ -2724,17 +2809,20 @@
  
  corecmd_list_bin(newrole_t)
  corecmd_read_bin_symlinks(newrole_t)
-@@ -413,6 +419,9 @@
-       optional_policy(`
-               udev_dontaudit_rw_dgram_sockets(restorecon_t)
-       ')
-+      optional_policy(`
-+              xserver_use_xdm_fds(restorecon_t)
-+      ')
+@@ -409,12 +415,6 @@
+       fs_relabel_tmpfs_chr_file(restorecon_t)
  ')
  
+-ifdef(`hide_broken_symptoms',`
+-      optional_policy(`
+-              udev_dontaudit_rw_dgram_sockets(restorecon_t)
+-      ')
+-')
+-
  optional_policy(`
-@@ -449,6 +458,7 @@
+       hotplug_use_fds(restorecon_t)
+ ')
+@@ -449,6 +449,7 @@
  
  auth_relabel_all_files_except_shadow(restorecond_t )
  auth_read_all_files_except_shadow(restorecond_t)


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.336
retrieving revision 1.337
diff -u -r1.336 -r1.337
--- selinux-policy.spec 8 Nov 2006 20:21:53 -0000       1.336
+++ selinux-policy.spec 9 Nov 2006 18:57:53 -0000       1.337
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.4.3
-Release: 6
+Release: 7
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -351,6 +351,9 @@
 %endif
 
 %changelog
+* Thu Nov 8 2006 Dan Walsh <dwalsh@xxxxxxxxxx> 2.4.3-7
+- Fix spec of jre files 
+
 * Wed Nov 8 2006 Dan Walsh <dwalsh@xxxxxxxxxx> 2.4.3-6
 - Fix unconfined access to shadow file
 

-- 
fedora-cvs-commits mailing list
fedora-cvs-commits@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-cvs-commits

<Prev in Thread] Current Thread [Next in Thread>
  • rpms/selinux-policy/devel policy-20061106.patch, 1.6, 1.7 selinux-policy.spec, 1.336, 1.337, fedora-cvs-commits <=