- Update to upstream

2009-07-15 19:12:04 +00:00 · 2009-07-15 19:12:04 +00:00 · 2360ff9f3f
parent 599d4d6917
commit 2360ff9f3f
6 changed files with 65 additions and 34 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -177,3 +177,4 @@ serefpolicy-3.6.19.tgz
 serefpolicy-3.6.20.tgz
 serefpolicy-3.6.21.tgz
 setroubleshoot-2.2.11.tar.gz
+serefpolicy-3.6.22.tgz
--- a/1
+++ b/1
@ -23,5 +23,6 @@ base.fc
 fc_sort
 CVS
 CVSROOT
+.git
 .svn
 svn
--- a/2
+++ b/2
@ -1 +1 @@
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.6.21 > /tmp/diff
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.6.22 > /tmp/diff
--- a/policy-F12.patch
+++ b/policy-F12.patch
@ -5617,8 +5617,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.te serefpolicy-3.6.22/policy/modules/apps/wm.te
 --- nsaserefpolicy/policy/modules/apps/wm.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.22/policy/modules/apps/wm.te	2009-07-15 14:06:36.000000000 -0400
-@@ -0,0 +1,13 @@
+++ serefpolicy-3.6.22/policy/modules/apps/wm.te	2009-07-15 15:11:12.000000000 -0400
+@@ -0,0 +1,9 @@
 +policy_module(wm,0.0.4)
 +
 +########################################
@ -5628,10 +5628,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +type wm_exec_t;
 +corecmd_executable_file(wm_exec_t)
-+
-+type wm_t;
-+domain_type(wm_t)
-+domain_entry_file(wm_t, wm_exec_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.6.22/policy/modules/kernel/corecommands.fc
 --- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2009-07-14 14:19:57.000000000 -0400
 +++ serefpolicy-3.6.22/policy/modules/kernel/corecommands.fc	2009-07-15 14:06:36.000000000 -0400
@ -6798,7 +6794,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.6.22/policy/modules/kernel/kernel.if
 --- nsaserefpolicy/policy/modules/kernel/kernel.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.22/policy/modules/kernel/kernel.if	2009-07-15 14:06:36.000000000 -0400
+++ serefpolicy-3.6.22/policy/modules/kernel/kernel.if	2009-07-15 14:51:40.000000000 -0400
@@ -1807,7 +1807,7 @@
 	')
 
@ -13924,7 +13920,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 /usr/libexec/hald-addon-macbookpro-backlight --	gen_context(system_u:object_r:hald_mac_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.6.22/policy/modules/services/hal.if
 --- nsaserefpolicy/policy/modules/services/hal.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.22/policy/modules/services/hal.if	2009-07-15 14:06:36.000000000 -0400
+++ serefpolicy-3.6.22/policy/modules/services/hal.if	2009-07-15 14:55:28.000000000 -0400
@@ -20,6 +20,24 @@
 
 ########################################
@ -14052,7 +14048,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.22/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.22/policy/modules/services/hal.te	2009-07-15 14:06:36.000000000 -0400
+++ serefpolicy-3.6.22/policy/modules/services/hal.te	2009-07-15 14:59:38.000000000 -0400
@@ -49,6 +49,15 @@
 type hald_var_lib_t;
 files_type(hald_var_lib_t)
@ -14069,7 +14065,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ########################################
 #
 # Local policy
-@@ -141,13 +150,20 @@
+@@ -94,6 +103,7 @@
+ kernel_rw_irq_sysctls(hald_t)
+ kernel_rw_vm_sysctls(hald_t)
+ kernel_write_proc_files(hald_t)
+kernel_search_network_sysctl(hald_t)
+ kernel_setsched(hald_t)
+ 
+ auth_read_pam_console_data(hald_t)
+@@ -141,13 +151,20 @@
 # hal is now execing pm-suspend
 files_create_boot_flag(hald_t)
 files_getattr_all_dirs(hald_t)
@ -14090,7 +14094,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 files_getattr_all_mountpoints(hald_t)
 
 mls_file_read_all_levels(hald_t)
-@@ -195,6 +211,7 @@
+@@ -195,6 +212,7 @@
 seutil_read_file_contexts(hald_t)
 
 sysnet_read_config(hald_t)
@ -14098,7 +14102,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 
 userdom_dontaudit_use_unpriv_user_fds(hald_t)
 userdom_dontaudit_search_user_home_dirs(hald_t)
-@@ -277,6 +294,18 @@
+@@ -277,6 +295,18 @@
 ')
 
 optional_policy(`
@ -14117,7 +14121,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 	rpc_search_nfs_state_data(hald_t)
 ')
 
-@@ -298,7 +327,11 @@
+@@ -298,7 +328,11 @@
 ')
 
 optional_policy(`
@ -14130,7 +14134,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 
 ########################################
-@@ -306,7 +339,7 @@
+@@ -306,7 +340,7 @@
 # Hal acl local policy
 #
 
@ -14139,7 +14143,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 allow hald_acl_t self:process { getattr signal };
 allow hald_acl_t self:fifo_file rw_fifo_file_perms;
 
-@@ -321,6 +354,7 @@
+@@ -321,6 +355,7 @@
 manage_dirs_pattern(hald_acl_t, hald_var_run_t, hald_var_run_t)
 manage_files_pattern(hald_acl_t, hald_var_run_t, hald_var_run_t)
 files_pid_filetrans(hald_acl_t, hald_var_run_t, { dir file })
@ -14147,7 +14151,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 
 corecmd_exec_bin(hald_acl_t)
 
-@@ -339,6 +373,8 @@
+@@ -339,6 +374,8 @@
 
 storage_getattr_removable_dev(hald_acl_t)
 storage_setattr_removable_dev(hald_acl_t)
@ -14156,7 +14160,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 
 auth_use_nsswitch(hald_acl_t)
 
-@@ -346,12 +382,19 @@
+@@ -346,12 +383,19 @@
 
 miscfiles_read_localization(hald_acl_t)
 
@ -14177,7 +14181,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 
 domtrans_pattern(hald_t, hald_mac_exec_t, hald_mac_t)
 allow hald_t hald_mac_t:process signal;
-@@ -374,6 +417,8 @@
+@@ -374,6 +418,8 @@
 
 auth_use_nsswitch(hald_mac_t)
 
@ -14186,7 +14190,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 miscfiles_read_localization(hald_mac_t)
 
 ########################################
-@@ -415,6 +460,55 @@
+@@ -415,6 +461,62 @@
 
 dev_rw_input_dev(hald_keymap_t)
 
@ -14203,6 +14207,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +#
 +# Local hald dccm policy
 +#
+allow hald_dccm_t self:fifo_file rw_fifo_file_perms;
 +allow hald_dccm_t self:capability { net_bind_service };
 +allow hald_dccm_t self:process getsched;
 +allow hald_dccm_t self:tcp_socket create_stream_socket_perms;
@ -14213,6 +14218,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +allow hald_t hald_dccm_t:process signal;
 +allow hald_dccm_t hald_t:unix_stream_socket connectto;
 +
+hal_rw_dgram_sockets(hald_dccm_t)
+
 +corenet_all_recvfrom_unlabeled(hald_dccm_t)
 +corenet_all_recvfrom_netlabel(hald_dccm_t)
 +corenet_tcp_sendrecv_generic_if(hald_dccm_t)
@ -14241,6 +14248,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 +miscfiles_read_localization(hald_dccm_t)
 +
+optional_policy(`
+	dbus_system_bus_client(hald_dccm_t)
+')
+
 +permissive hald_dccm_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.fc serefpolicy-3.6.22/policy/modules/services/kerberos.fc
 --- nsaserefpolicy/policy/modules/services/kerberos.fc	2009-07-14 14:19:57.000000000 -0400
@ -27138,7 +27149,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.6.22/policy/modules/system/sysnetwork.te
 --- nsaserefpolicy/policy/modules/system/sysnetwork.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.22/policy/modules/system/sysnetwork.te	2009-07-15 14:06:36.000000000 -0400
+++ serefpolicy-3.6.22/policy/modules/system/sysnetwork.te	2009-07-15 14:56:56.000000000 -0400
@@ -20,6 +20,9 @@
 init_daemon_domain(dhcpc_t, dhcpc_exec_t)
 role system_r types dhcpc_t;
@ -27186,7 +27197,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 files_etc_filetrans(dhcpc_t, net_conf_t, file)
 
 # create temp files
-@@ -115,8 +121,9 @@
+@@ -115,11 +121,13 @@
 corecmd_exec_bin(dhcpc_t)
 corecmd_exec_shell(dhcpc_t)
 
@ -27197,7 +27208,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 
 files_read_etc_files(dhcpc_t)
 files_read_etc_runtime_files(dhcpc_t)
-@@ -183,25 +190,23 @@
+files_read_usr_files(dhcpc_t)
+ files_search_home(dhcpc_t)
+ files_search_var_lib(dhcpc_t)
+ files_dontaudit_search_locks(dhcpc_t)
+@@ -183,25 +191,23 @@
 ')
 
 optional_policy(`
@ -27231,7 +27246,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 
 optional_policy(`
-@@ -212,6 +217,7 @@
+@@ -212,6 +218,7 @@
 optional_policy(`
 	seutil_sigchld_newrole(dhcpc_t)
 	seutil_dontaudit_search_config(dhcpc_t)
@ -27239,7 +27254,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 
 optional_policy(`
-@@ -223,6 +229,10 @@
+@@ -223,6 +230,10 @@
 ')
 
 optional_policy(`
@ -27250,7 +27265,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 	kernel_read_xen_state(dhcpc_t)
 	kernel_write_xen_state(dhcpc_t)
 	xen_append_log(dhcpc_t)
-@@ -236,7 +246,6 @@
+@@ -236,7 +247,6 @@
 
 allow ifconfig_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execheap execstack };
 allow ifconfig_t self:capability { net_raw net_admin sys_tty_config };
@ -27258,7 +27273,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 
 allow ifconfig_t self:fd use;
 allow ifconfig_t self:fifo_file rw_fifo_file_perms;
-@@ -250,6 +259,7 @@
+@@ -250,6 +260,7 @@
 allow ifconfig_t self:sem create_sem_perms;
 allow ifconfig_t self:msgq create_msgq_perms;
 allow ifconfig_t self:msg { send receive };
@ -27266,7 +27281,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 
 # Create UDP sockets, necessary when called from dhcpc
 allow ifconfig_t self:udp_socket create_socket_perms;
-@@ -259,13 +269,20 @@
+@@ -259,13 +270,20 @@
 allow ifconfig_t self:netlink_route_socket create_netlink_socket_perms;
 allow ifconfig_t self:netlink_xfrm_socket { create_netlink_socket_perms nlmsg_read };
 allow ifconfig_t self:tcp_socket { create ioctl };
@ -27287,7 +27302,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 
 corenet_rw_tun_tap_dev(ifconfig_t)
 
-@@ -276,8 +293,13 @@
+@@ -276,8 +294,13 @@
 fs_getattr_xattr_fs(ifconfig_t)
 fs_search_auto_mountpoints(ifconfig_t)
 
@ -27301,7 +27316,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 
 domain_use_interactive_fds(ifconfig_t)
 
-@@ -296,6 +318,8 @@
+@@ -296,6 +319,8 @@
 
 seutil_use_runinit_fds(ifconfig_t)
 
@ -27310,7 +27325,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 userdom_use_user_terminals(ifconfig_t)
 userdom_use_all_users_fds(ifconfig_t)
 
-@@ -332,6 +356,14 @@
+@@ -332,8 +357,22 @@
 ')
 
 optional_policy(`
@ -27325,6 +27340,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 	kernel_read_xen_state(ifconfig_t)
 	kernel_write_xen_state(ifconfig_t)
 	xen_append_log(ifconfig_t)
+ 	xen_dontaudit_rw_unix_stream_sockets(ifconfig_t)
+ ')
+
+optional_policy(`
+	hal_rw_dgram_sockets(dhcpc_t)
+	hal_dontaudit_rw_pipes(ifconfig_t)
+')
+
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.fc serefpolicy-3.6.22/policy/modules/system/udev.fc
 --- nsaserefpolicy/policy/modules/system/udev.fc	2009-07-14 14:19:57.000000000 -0400
 +++ serefpolicy-3.6.22/policy/modules/system/udev.fc	2009-07-15 14:06:36.000000000 -0400
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -19,8 +19,8 @@
 %define CHECKPOLICYVER 2.0.16-3
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 3.6.21
-Release: 3%{?dist}
+Version: 3.6.22
+Release: 1%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@ -475,6 +475,12 @@ exit 0
 %endif

 %changelog
+* Tue Jul 14 2009 Dan Walsh <dwalsh@redhat.com> 3.6.22-1
+- Update to upstream
+
+* Fri Jul 10 2009 Dan Walsh <dwalsh@redhat.com> 3.6.21-4
+- Allow clamscan read amavis spool files
+
 * Wed Jul 8 2009 Dan Walsh <dwalsh@redhat.com> 3.6.21-3
 - Fixes for xguest

--- a/2
+++ b/2
@ -1 +1 @@
-25f48f8897109e205e666999c7cb64a1  serefpolicy-3.6.21.tgz
+cd43ce2443ce5e627dee964df3df65a5  serefpolicy-3.6.22.tgz