From 0879f489ab7afbb793a974b1a0d864eecf9ef532 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 12 Mar 2008 01:10:44 +0000 Subject: [PATCH] - Allow init to transition to initrc_t on shell exec. - Fix init to be able to sendto init_t. - Allow syslog to connect to mysql - Allow lvm to manage its own fifo_files - Allow bugzilla to use ldap - More mls fixes --- booleans-mls.conf | 4 ++++ policy-20071130.patch | 4 ++-- selinux-policy.spec | 12 +++++++++--- 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/booleans-mls.conf b/booleans-mls.conf index 9f3d7baa..f13a20c0 100644 --- a/booleans-mls.conf +++ b/booleans-mls.conf @@ -223,3 +223,7 @@ allow_unlabeled_packets = true # Allow samba to act as the domain controller # samba_domain_controller = false + +# Run the xserver as an object manager +# +xserver_object_manager = true diff --git a/policy-20071130.patch b/policy-20071130.patch index 5603dc94..0b22eb75 100644 --- a/policy-20071130.patch +++ b/policy-20071130.patch @@ -27726,7 +27726,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.f +/usr/bin/qemu-kvm -- gen_context(system_u:object_r:qemu_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.if serefpolicy-3.3.1/policy/modules/system/qemu.if --- nsaserefpolicy/policy/modules/system/qemu.if 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-3.3.1/policy/modules/system/qemu.if 2008-03-11 17:53:51.000000000 -0400 ++++ serefpolicy-3.3.1/policy/modules/system/qemu.if 2008-03-11 21:09:37.000000000 -0400 @@ -0,0 +1,303 @@ + +## policy for qemu @@ -27999,7 +27999,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.i + files_read_var_files($1_t) + files_search_all($1_t) + -+ fs_list_inotify($1_t) ++ fs_list_inotifyfs($1_t) + fs_rw_anon_inodefs_files($1_t) + fs_rw_tmpfs_files($1_t) + diff --git a/selinux-policy.spec b/selinux-policy.spec index 673ae006..ca00fb5b 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -17,12 +17,11 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.3.1 -Release: 14%{?dist} +Release: 15%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz patch: policy-20071130.patch -Patch2: policy-init.patch Source1: modules-targeted.conf Source2: booleans-targeted.conf Source3: Makefile.devel @@ -180,7 +179,6 @@ Based off of reference policy: Checked out revision 2624. %prep %setup -n serefpolicy-%{version} -q %patch -p1 -%patch2 -p1 %install # Build targeted policy @@ -390,6 +388,14 @@ exit 0 %endif %changelog +* Tue Mar 11 2008 Dan Walsh 3.3.1-15 +- Allow init to transition to initrc_t on shell exec. +- Fix init to be able to sendto init_t. +- Allow syslog to connect to mysql +- Allow lvm to manage its own fifo_files +- Allow bugzilla to use ldap +- More mls fixes + * Tue Mar 11 2008 Bill Nottingham 3.3.1-14 - fixes for init policy (#436988) - fix build