Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy

2012-02-07 17:17:54 -05:00 · 2012-02-07 17:17:54 -05:00 · 5c28b0512d
parent 76d9bfedb6 81894dfe50
commit 5c28b0512d
4 changed files with 794 additions and 208 deletions
--- a/modules-mls.conf
+++ b/modules-mls.conf
@ -1861,6 +1861,13 @@ staff = module
 # 
 sysadm = module

+# Layer:role
+# Module: sysadm_secadm
+#
+# System Administrator with Security Admin rules
+# 
+sysadm_secadm = module
+
 # Layer: role
 # Module: unprivuser
 #
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@ -2161,6 +2161,21 @@ dbadm = module
 # 
 logadm = module

+# Layer: role
+# Module: secadm
+#
+# secadm account on tty logins
+# 
+secadm = module
+
+# Layer: role
+# Module: auditadm
+#
+# auditadm account on tty logins
+# 
+auditadm = module
+
+
 # Layer: role
 # Module: webadm
 #
@ -2232,6 +2247,13 @@ staff = module
 # 
 sysadm = module

+# Layer:role
+# Module: sysadm_secadm
+#
+# System Administrator with Security Admin rules
+# 
+sysadm_secadm = module
+
 # Layer: role
 # Module: unprivuser
 #
@ -2444,3 +2466,10 @@ cloudform = module
 #  policy for obex-data-server 
 #
 obex = module
+
+# Layer: services
+# Module: sge
+# 
+#  policy for grindengine MPI jobs
+#
+sge = module
--- a/policy-F16.patch
+++ b/policy-F16.patch
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -3,9 +3,6 @@
 %define monolithic n
 %if %{?BUILD_DOC:0}%{!?BUILD_DOC:1}
 %define BUILD_DOC 1
-%define docs-target install-docs
-%else
-%define docs-target %nil
 %endif
 %if %{?BUILD_TARGETED:0}%{!?BUILD_TARGETED:1}
 %define BUILD_TARGETED 1
@ -22,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.10.0
-Release: 82%{?dist}
+Release: 84%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@ -290,7 +287,11 @@ make clean
 %installCmds mls mls n deny
 %endif

-make UNK_PERMS=allow NAME=targeted TYPE=mcs DISTRO=%{distro} UBAC=n DIRECT_INITRC=n MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} MLS_CATS=1024 MCS_CATS=1024 install-headers %{docs-target}
+%if %{BUILD_DOC}
+make UNK_PERMS=allow NAME=targeted TYPE=mcs DISTRO=%{distro} UBAC=n DIRECT_INITRC=n MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} MLS_CATS=1024 MCS_CATS=1024 install-docs
+%endif
+
+make UNK_PERMS=allow NAME=targeted TYPE=mcs DISTRO=%{distro} UBAC=n DIRECT_INITRC=n MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} MLS_CATS=1024 MCS_CATS=1024 install-headers

 mkdir %{buildroot}%{_usr}/share/selinux/devel/
 mkdir %{buildroot}%{_usr}/share/selinux/packages/
@ -482,6 +483,20 @@ SELinux Reference policy mls base module.
 %endif

 %changelog
+* Tue Feb 7 2012 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-84
+- Add policy for grindengine MPI jobs
+
+* Mon Feb 6 2012 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-83
+- Add new sysadm_secadm.pp module
+	* contains secadm definition for sysadm_t
+- Move user_mail_domain access out of the interface into the te file
+- Allow httpd_t to create httpd_var_lib_t directories as well as files
+- Allow snmpd to connect to the ricci_modcluster stream
+- Allow firewalld to read /etc/passwd
+- Add auth_use_nsswitch for colord
+- Allow smartd to read network state
+- smartdnotify needs to read /etc/group
+
 * Fri Feb 3 2012 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-82
 - Allow gpg and gpg_agent to store sock_file in gpg_secret_t directory
 - lxdm startup scripts should be labeled bin_t, so confined users will work