- Allow execution of gconf

2007-07-19 14:45:16 +00:00 · 2007-07-19 14:45:16 +00:00 · 297dd1a900
commit 297dd1a900
parent 8675561212
4 changed files with 28 additions and 11 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -120,3 +120,4 @@ serefpolicy-2.6.4.tgz
 serefpolicy-2.6.5.tgz
 serefpolicy-3.0.1.tgz
 serefpolicy-3.0.2.tgz
+serefpolicy-3.0.3.tgz
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@ -5536,16 +5536,25 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.0.3/policy/modules/services/ntp.te
 --- nsaserefpolicy/policy/modules/services/ntp.te	2007-07-03 07:06:27.000000000 -0400
-+++ serefpolicy-3.0.3/policy/modules/services/ntp.te	2007-07-19 09:24:25.000000000 -0400
-@@ -40,6 +40,7 @@
+++ serefpolicy-3.0.3/policy/modules/services/ntp.te	2007-07-19 10:44:14.000000000 -0400
+@@ -36,6 +36,7 @@
+ dontaudit ntpd_t self:capability { net_admin sys_tty_config fsetid sys_nice };
+ allow ntpd_t self:process { signal_perms setcap setsched setrlimit };
+ allow ntpd_t self:fifo_file { read write getattr };
+allow ntpd_t self:shm create_shm_perms;
+ allow ntpd_t self:unix_dgram_socket create_socket_perms;
 allow ntpd_t self:unix_stream_socket create_socket_perms;
 allow ntpd_t self:tcp_socket create_stream_socket_perms;
- allow ntpd_t self:udp_socket create_socket_perms;
-+allow ntpd_t self:shm create_shm_perms;
+@@ -82,6 +83,8 @@
 
- manage_files_pattern(ntpd_t,ntp_drift_t,ntp_drift_t)
+ fs_getattr_all_fs(ntpd_t)
+ fs_search_auto_mountpoints(ntpd_t)
+# Necessary to communicate with gpsd devices
+fs_rw_tmpfs_files(ntpd_t)
 
-@@ -107,6 +108,8 @@
+ auth_use_nsswitch(ntpd_t)
+ 
+@@ -107,6 +110,8 @@
 
 sysnet_read_config(ntpd_t)
 
@ -5554,7 +5563,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.
 userdom_dontaudit_use_unpriv_user_fds(ntpd_t)
 userdom_list_sysadm_home_dirs(ntpd_t)
 userdom_dontaudit_list_sysadm_home_dirs(ntpd_t)
-@@ -126,6 +129,10 @@
+@@ -126,9 +131,14 @@
 ')
 
 optional_policy(`
@ -5565,6 +5574,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.
 	seutil_sigchld_newrole(ntpd_t)
 ')
 
+ optional_policy(`
+ 	udev_read_db(ntpd_t)
+ ')
+
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.if serefpolicy-3.0.3/policy/modules/services/openvpn.if
 --- nsaserefpolicy/policy/modules/services/openvpn.if	2007-05-29 14:10:57.000000000 -0400
 +++ serefpolicy-3.0.3/policy/modules/services/openvpn.if	2007-07-17 15:46:25.000000000 -0400
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -16,8 +16,8 @@
 %define CHECKPOLICYVER 2.0.3-1
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 3.0.2
-Release: 8%{?dist}
+Version: 3.0.3
+Release: 1%{?dist}
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@ -172,7 +172,7 @@ fi;

 %description
 SELinux Reference Policy - modular.
-Based off of reference policy: Checked out revision 2348.
+Based off of reference policy: Checked out revision 2370.

 %prep 
 %setup -q -n serefpolicy-%{version}
@ -357,6 +357,9 @@ exit 0
 %endif

 %changelog
+* Tue Jul 17 2007 Dan Walsh <dwalsh@redhat.com> 3.0.2-9
+- Allow execution of gconf
+
 * Sat Jul 14 2007 Dan Walsh <dwalsh@redhat.com> 3.0.2-8
 - Fix moilscanner update problem

--- a/2
+++ b/2
@ -1 +1 @@
-7487348a6530067125f23316f43ff369  serefpolicy-3.0.2.tgz
+af54ae49007f995f1cb9e5d6f5baf8bf  serefpolicy-3.0.3.tgz