* Fri Sep 14 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-14

- Fix calls to _admin interfaces
2007-09-14 14:41:51 +00:00 · 2007-09-14 14:41:51 +00:00 · e99a8a65cb
commit e99a8a65cb
parent d7f1fcd1a3
2 changed files with 36 additions and 32 deletions
--- a/policycoreutils-gui.patch
+++ b/policycoreutils-gui.patch
@ -8905,8 +8905,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu
 +    app.stand_alone()
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.25/gui/templates/executable.py
 --- nsapolicycoreutils/gui/templates/executable.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/executable.py	2007-09-10 15:43:29.000000000 -0400
+++ policycoreutils-2.0.25/gui/templates/executable.py	2007-09-14 10:14:10.000000000 -0400
-@@ -0,0 +1,277 @@
+@@ -0,0 +1,278 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
 +#
@ -9135,6 +9135,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
 +## <summary>
 +##	All of the rules required to administrate an TEMPLATETYPE environment
 +## </summary>
 +## <param name="prefix">
 +##	<summary>
 +##	Prefix of the domain. Example, user would be
 +##	the prefix for the uder_t domain.
 +##	</summary>
 +## </param>
 +## <param name="domain">
 +##	<summary>
 +##	Domain allowed access.
@ -9145,11 +9151,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
 +##	The role to be allowed to manage the TEMPLATETYPE domain.
 +##	</summary>
 +## </param>
 +## <param name="terminal">
 +##	<summary>
 +##	The type of the terminal allow the dmidecode domain to use.
 +##	</summary>
 +## </param>
 +## <rolecap/>
 +#
 +interface(`TEMPLATETYPE_admin',`
@ -9157,17 +9158,17 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
 +		type TEMPLATETYPE_t;
 +	')
 +
-+	allow $1 TEMPLATETYPE_t:process { ptrace signal_perms getattr };
+	allow $2 TEMPLATETYPE_t:process { ptrace signal_perms getattr };
-+	read_files_pattern($1, TEMPLATETYPE_t, TEMPLATETYPE_t)
+	read_files_pattern($2, TEMPLATETYPE_t, TEMPLATETYPE_t)
 +	        
 +"""
 +
 +if_initscript_admin="""
 +	# Allow $1 to restart the apache service
-+	TEMPLATETYPE_script_domtrans($1)
+	TEMPLATETYPE_script_domtrans($2)
-+	domain_system_change_exemption($1)
+	domain_system_change_exemption($2)
-+	role_transition $2 TEMPLATETYPE_script_exec_t system_r;
+	role_transition $3 TEMPLATETYPE_script_exec_t system_r;
-+	allow $2 system_r;
+	allow $3 system_r;
 +"""
 +
 +if_end_admin="""
@ -9186,7 +9187,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
 +
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.25/gui/templates/__init__.py
 --- nsapolicycoreutils/gui/templates/__init__.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/__init__.py	2007-08-31 15:07:36.000000000 -0400
+++ policycoreutils-2.0.25/gui/templates/__init__.py	2007-09-14 10:14:10.000000000 -0400
@@ -0,0 +1,18 @@
 +#
 +# Copyright (C) 2007 Red Hat, Inc.
@ -9208,7 +9209,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.p
 +
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.25/gui/templates/network.py
 --- nsapolicycoreutils/gui/templates/network.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/network.py	2007-08-31 15:07:36.000000000 -0400
+++ policycoreutils-2.0.25/gui/templates/network.py	2007-09-14 10:14:10.000000000 -0400
@@ -0,0 +1,80 @@
 +te_port_types="""
 +type TEMPLATETYPE_port_t;
@ -9292,7 +9293,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py
 +
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.25/gui/templates/rw.py
 --- nsapolicycoreutils/gui/templates/rw.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/rw.py	2007-08-31 15:07:36.000000000 -0400
+++ policycoreutils-2.0.25/gui/templates/rw.py	2007-09-14 10:14:10.000000000 -0400
@@ -0,0 +1,128 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
@ -9411,7 +9412,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli
 +"""
 +
 +if_admin_rules="""
-+	TEMPLATETYPE_manage_rw($1)
+	TEMPLATETYPE_manage_rw($2)
 +"""
 +
 +########################### File Context ##################################
@ -9424,7 +9425,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli
 +"""
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.25/gui/templates/script.py
 --- nsapolicycoreutils/gui/templates/script.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/script.py	2007-09-05 22:25:46.000000000 -0400
+++ policycoreutils-2.0.25/gui/templates/script.py	2007-09-14 10:14:10.000000000 -0400
@@ -0,0 +1,45 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
@ -9473,7 +9474,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py
 +"""
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.25/gui/templates/semodule.py
 --- nsapolicycoreutils/gui/templates/semodule.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/semodule.py	2007-08-31 15:07:36.000000000 -0400
+++ policycoreutils-2.0.25/gui/templates/semodule.py	2007-09-14 10:14:10.000000000 -0400
@@ -0,0 +1,41 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
@ -9518,7 +9519,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.p
 +
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.25/gui/templates/tmp.py
 --- nsapolicycoreutils/gui/templates/tmp.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/tmp.py	2007-08-31 15:07:36.000000000 -0400
+++ policycoreutils-2.0.25/gui/templates/tmp.py	2007-09-14 10:14:10.000000000 -0400
@@ -0,0 +1,97 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
@ -9614,12 +9615,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py pol
 +"""
 +
 +if_admin_rules="""
-+	TEMPLATETYPE_manage_tmp($1)
+	TEMPLATETYPE_manage_tmp($2)
 +"""
 +
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.25/gui/templates/user.py
 --- nsapolicycoreutils/gui/templates/user.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/user.py	2007-09-10 11:43:28.000000000 -0400
+++ policycoreutils-2.0.25/gui/templates/user.py	2007-09-14 10:14:10.000000000 -0400
@@ -0,0 +1,139 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
@ -9747,7 +9748,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po
 +
 +te_admin_domain_rules="""
 +optional_policy(`
-+	APPLICATION_admin(TEMPLATETYPE_t,TEMPLATETYPE_r, { TEMPLATETYPE_tty_device_t TEMPLATETYPE_devpts_t })
+	APPLICATION_admin(TEMPLATETYPE,TEMPLATETYPE_t,TEMPLATETYPE_r)
 +')
 +"""
 +
@ -9762,7 +9763,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po
 +
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.25/gui/templates/var_lib.py
 --- nsapolicycoreutils/gui/templates/var_lib.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/var_lib.py	2007-08-31 15:07:36.000000000 -0400
+++ policycoreutils-2.0.25/gui/templates/var_lib.py	2007-09-14 10:14:10.000000000 -0400
@@ -0,0 +1,162 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
@ -9911,7 +9912,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py
 +"""
 +
 +if_admin_rules="""
-+	TEMPLATETYPE_manage_var_lib($1)
+	TEMPLATETYPE_manage_var_lib($2)
 +"""
 +
 +########################### File Context ##################################
@ -9928,7 +9929,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py
 +"""
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.25/gui/templates/var_log.py
 --- nsapolicycoreutils/gui/templates/var_log.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/var_log.py	2007-08-31 15:07:36.000000000 -0400
+++ policycoreutils-2.0.25/gui/templates/var_log.py	2007-09-14 10:14:10.000000000 -0400
@@ -0,0 +1,112 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
@ -10031,7 +10032,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py
 +"""
 +
 +if_admin_rules="""
-+	TEMPLATETYPE_manage_log($1)
+	TEMPLATETYPE_manage_log($2)
 +"""
 +
 +########################### File Context ##################################
@ -10044,7 +10045,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py
 +"""
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.25/gui/templates/var_run.py
 --- nsapolicycoreutils/gui/templates/var_run.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/var_run.py	2007-08-31 15:07:36.000000000 -0400
+++ policycoreutils-2.0.25/gui/templates/var_run.py	2007-09-14 10:14:10.000000000 -0400
@@ -0,0 +1,119 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
@ -10150,7 +10151,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py
 +"""
 +
 +if_admin_rules="""
-+	TEMPLATETYPE_manage_var_run($1)
+	TEMPLATETYPE_manage_var_run($2)
 +"""
 +
 +fc_file="""\
@ -10167,7 +10168,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py
 +
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.25/gui/templates/var_spool.py
 --- nsapolicycoreutils/gui/templates/var_spool.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/var_spool.py	2007-08-31 15:07:36.000000000 -0400
+++ policycoreutils-2.0.25/gui/templates/var_spool.py	2007-09-14 10:14:10.000000000 -0400
@@ -0,0 +1,131 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
@ -10289,7 +10290,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.
 +"""
 +
 +if_admin_rules="""
-+	TEMPLATETYPE_manage_spool($1)
+	TEMPLATETYPE_manage_spool($2)
 +"""
 +
 +########################### File Context ##################################
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -6,7 +6,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.0.25
-Release: 13%{?dist}
+Release: 14%{?dist}
 License: GPLv2+
 Group:	 System Environment/Base
 Source:	 http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -200,6 +200,9 @@ if [ "$1" -ge "1" ]; then
 fi
 %changelog
 * Fri Sep 14 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-14
 - Fix calls to _admin interfaces
 * Tue Sep 13 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-13
 - Upgrade version of sepolgen from NSA
 	* Expand the sepolgen parser to parse all current refpolicy modules from Karl MacMillan.