Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy
Conflicts: selinux-policy.spec
This commit is contained in:
Dan Walsh
commit
45852f5fe5
@ -47,12 +47,12 @@ alsa = module
|
|||||||
#
|
#
|
||||||
amanda = module
|
amanda = module
|
||||||
|
|
||||||
# Layer: services
|
# Layer: contrib
|
||||||
# Module: amavis
|
# Module: antivirus
|
||||||
#
|
#
|
||||||
# Anti-virus
|
# Anti-virus
|
||||||
#
|
#
|
||||||
amavis = module
|
antivirus = module
|
||||||
|
|
||||||
# Layer: admin
|
# Layer: admin
|
||||||
# Module: amtu
|
# Module: amtu
|
||||||
@ -243,20 +243,13 @@ chrome = module
|
|||||||
#
|
#
|
||||||
chronyd = module
|
chronyd = module
|
||||||
|
|
||||||
q# Layer: services
|
# Layer: services
|
||||||
# Module: cipe
|
# Module: cipe
|
||||||
#
|
#
|
||||||
# Encrypted tunnel daemon
|
# Encrypted tunnel daemon
|
||||||
#
|
#
|
||||||
cipe = module
|
cipe = module
|
||||||
|
|
||||||
# Layer: services
|
|
||||||
# Module: clamav
|
|
||||||
#
|
|
||||||
# ClamAV Virus Scanner
|
|
||||||
#
|
|
||||||
clamav = module
|
|
||||||
|
|
||||||
# Layer: services
|
# Layer: services
|
||||||
# Module: clogd
|
# Module: clogd
|
||||||
#
|
#
|
||||||
|
|||||||
@ -68,13 +68,6 @@ alsa = module
|
|||||||
#
|
#
|
||||||
amanda = module
|
amanda = module
|
||||||
|
|
||||||
# Layer: services
|
|
||||||
# Module: amavis
|
|
||||||
#
|
|
||||||
# Anti-virus
|
|
||||||
#
|
|
||||||
amavis = module
|
|
||||||
|
|
||||||
# Layer: admin
|
# Layer: admin
|
||||||
# Module: amtu
|
# Module: amtu
|
||||||
#
|
#
|
||||||
@ -327,12 +320,6 @@ chronyd = module
|
|||||||
#
|
#
|
||||||
cipe = module
|
cipe = module
|
||||||
|
|
||||||
# Layer: services
|
|
||||||
# Module: clamav
|
|
||||||
#
|
|
||||||
# ClamAV Virus Scanner
|
|
||||||
#
|
|
||||||
clamav = module
|
|
||||||
|
|
||||||
# Layer: services
|
# Layer: services
|
||||||
# Module: clogd
|
# Module: clogd
|
||||||
|
|||||||
154921
policy-rawhide-base.patch
154921
policy-rawhide-base.patch
File diff suppressed because one or more lines are too long
File diff suppressed because it is too large
Load Diff
@ -19,7 +19,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.12.1
|
Version: 3.12.1
|
||||||
Release: 5%{?dist}
|
Release: 8%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -252,7 +252,7 @@ fi;
|
|||||||
. %{_sysconfdir}/selinux/config; \
|
. %{_sysconfdir}/selinux/config; \
|
||||||
if [ -e /etc/selinux/%2/.rebuild ]; then \
|
if [ -e /etc/selinux/%2/.rebuild ]; then \
|
||||||
rm /etc/selinux/%2/.rebuild; \
|
rm /etc/selinux/%2/.rebuild; \
|
||||||
(cd /etc/selinux/%2/modules/active/modules; rm -f gnomeclock.pp matahari.pp xfs.pp kudzu.pp kerneloops.pp execmem.pp openoffice.pp ada.pp tzdata.pp hal.pp hotplug.pp howl.pp java.pp mono.pp moilscanner.pp gamin.pp audio_entropy.pp audioentropy.pp iscsid.pp polkit_auth.pp polkit.pp rtkit_daemon.pp ModemManager.pp telepathysofiasip.pp ethereal.pp passanger.pp qpidd.pp pyzor.pp razor.pp pki-selinux.pp phpfpm.pp consoletype.pp ctdbd.pp fcoemon.pp isnsd.pp l2tp.pp ) \
|
(cd /etc/selinux/%2/modules/active/modules; rm -f amavis.pp clamav.pp gnomeclock.pp matahari.pp xfs.pp kudzu.pp kerneloops.pp execmem.pp openoffice.pp ada.pp tzdata.pp hal.pp hotplug.pp howl.pp java.pp mono.pp moilscanner.pp gamin.pp audio_entropy.pp audioentropy.pp iscsid.pp polkit_auth.pp polkit.pp rtkit_daemon.pp ModemManager.pp telepathysofiasip.pp ethereal.pp passanger.pp qpidd.pp pyzor.pp razor.pp pki-selinux.pp phpfpm.pp consoletype.pp ctdbd.pp fcoemon.pp isnsd.pp l2tp.pp ) \
|
||||||
/usr/sbin/semodule -B -n -s %2; \
|
/usr/sbin/semodule -B -n -s %2; \
|
||||||
else \
|
else \
|
||||||
touch /etc/selinux/%2/modules/active/modules/sandbox.disabled \
|
touch /etc/selinux/%2/modules/active/modules/sandbox.disabled \
|
||||||
@ -521,6 +521,64 @@ SELinux Reference policy mls base module.
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jan 28 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-8
|
||||||
|
- Change ssh_use_pts to use macro and only inherited sshd_devpts_t
|
||||||
|
- Allow confined users to read systemd_logind seat information
|
||||||
|
- libmpg ships badly created libraries
|
||||||
|
- Add support for strongswan.service
|
||||||
|
- Add labeling for strongswan
|
||||||
|
- Allow l2tpd_t to read network manager content in /run directory
|
||||||
|
- Allow rsync to getattr any file in rsync_data_t
|
||||||
|
- Add labeling and filename transition for .grl-podcasts
|
||||||
|
|
||||||
|
* Fri Jan 25 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-7
|
||||||
|
- mount.glusterfs executes glusterfsd binary
|
||||||
|
- Allow systemd_hostnamed_t to stream connect to systemd
|
||||||
|
- Dontaudit any user doing a access check
|
||||||
|
- Allow obex-data-server to request the kernel to load a module
|
||||||
|
- Allow gpg-agent to manage gnome content (~/.cache/gpg-agent-info)
|
||||||
|
- Allow gpg-agent to read /proc/sys/crypto/fips_enabled
|
||||||
|
- Add new types for antivirus.pp policy module
|
||||||
|
- Allow gnomesystemmm_t caps because of ioprio_set
|
||||||
|
- Make sure if mozilla_plugin creates files while in permissive mode, they get created with the correct label, user_home_t
|
||||||
|
- Allow gnomesystemmm_t caps because of ioprio_set
|
||||||
|
- Allow NM rawip socket
|
||||||
|
- files_relabel_non_security_files can not be used with boolean
|
||||||
|
- Add interface to thumb_t dbus_chat to allow it to read remote process state
|
||||||
|
- ALlow logrotate to domtrans to mdadm_t
|
||||||
|
- kde gnomeclock wants to write content to /tmp
|
||||||
|
|
||||||
|
* Wed Jan 23 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-6
|
||||||
|
- kde gnomeclock wants to write content to /tmp
|
||||||
|
- /usr/libexec/kde4/kcmdatetimehelper attempts to create /root/.kde
|
||||||
|
- Allow blueman_t to rwx zero_device_t, for some kind of jre
|
||||||
|
- Allow mozilla_plugin_t to rwx zero_device_t, for some kind of jre
|
||||||
|
- Ftp full access should be allowed to create directories as well as files
|
||||||
|
- Add boolean to allow rsync_full_acces, so that an rsync server can write all
|
||||||
|
- over the local machine
|
||||||
|
- logrotate needs to rotate logs in openshift directories, needs back port to RHEL6
|
||||||
|
- Add missing vpnc_roles type line
|
||||||
|
- Allow stapserver to write content in /tmp
|
||||||
|
- Allow gnome keyring to create keyrings dir in ~/.local/share
|
||||||
|
- Dontaudit thumb drives trying to bind to udp sockets if nis_enabled is turned on
|
||||||
|
- Add interface to colord_t dbus_chat to allow it to read remote process state
|
||||||
|
- Allow colord_t to read cupsd_t state
|
||||||
|
- Add mate-thumbnail-font as thumnailer
|
||||||
|
- Allow sectoolm to sys_ptrace since it is looking at other proceses /proc data.
|
||||||
|
- Allow qpidd to list /tmp. Needed by ssl
|
||||||
|
- Only allow init_t to transition to rsync_t domain, not initrc_t. This should be back ported to F17, F18
|
||||||
|
- - Added systemd support for ksmtuned
|
||||||
|
- Added booleans
|
||||||
|
ksmtuned_use_nfs
|
||||||
|
ksmtuned_use_cifs
|
||||||
|
- firewalld seems to be creating mmap files which it needs to execute in /run /tmp and /dev/shm. Would like to clean this up but for now we will allow
|
||||||
|
- Looks like qpidd_t needs to read /dev/random
|
||||||
|
- Lots of probing avc's caused by execugting gpg from staff_t
|
||||||
|
- Dontaudit senmail triggering a net_admin avc
|
||||||
|
- Change thumb_role to use thumb_run, not sure why we have a thumb_role, needs back port
|
||||||
|
- Logwatch does access check on mdadm binary
|
||||||
|
- Add raid_access_check_mdadm() iterface
|
||||||
|
|
||||||
* Wed Jan 16 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-5
|
* Wed Jan 16 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-5
|
||||||
- Fix systemd_manage_unit_symlinks() interface
|
- Fix systemd_manage_unit_symlinks() interface
|
||||||
- Call systemd_manage_unit_symlinks(() which is correct interface
|
- Call systemd_manage_unit_symlinks(() which is correct interface
|
||||||
@ -541,6 +599,15 @@ SELinux Reference policy mls base module.
|
|||||||
- mythtv policy
|
- mythtv policy
|
||||||
- Update mandb_admin() interface
|
- Update mandb_admin() interface
|
||||||
- Allow dsspam to listen on own tpc_socket
|
- Allow dsspam to listen on own tpc_socket
|
||||||
|
- seutil_filetrans_named_content needs to be optional
|
||||||
|
- Allow sysadm_t to execute content in his homedir
|
||||||
|
- Add attach_queue to tun_socket, new patch from Paul Moore
|
||||||
|
- Change most of selinux configuration types to security_file_type.
|
||||||
|
- Add filename transition rules for selinux configuration
|
||||||
|
- ssh into a box with -X -Y requires ssh_use_ptys
|
||||||
|
- Dontaudit thumb drives trying to bind to udp sockets if nis_enabled is turned on
|
||||||
|
- Allow all unpriv userdomains to send dbus messages to hostnamed and timedated
|
||||||
|
- New allow rules found by Tom London for systemd_hostnamed
|
||||||
|
|
||||||
* Mon Jan 14 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-4
|
* Mon Jan 14 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-4
|
||||||
- Allow systemd-tmpfiles to relabel lpd spool files
|
- Allow systemd-tmpfiles to relabel lpd spool files
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user