rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Update to upstream

Browse Source 
cleanup
Fri Jun 19 2009 Dan Walsh <dwalsh@redhat.com> 3.6.17-1
- Update to upstream
- Additional mail ports
- Add virt_use_usb boolean for svirt
This commit is contained in:
Daniel J Walsh 2009-06-20 13:59:00 +00:00
parent 5e42caf5fb
commit 8866315d40
6 changed files with 169 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.cvsignore
View File

@ -172,3 +172,4 @@ serefpolicy-3.6.14.tgz
serefpolicy-3.6.15.tgz serefpolicy-3.6.15.tgz
serefpolicy-3.6.16.tgz serefpolicy-3.6.16.tgz
serefpolicy-3.6.17.tgz serefpolicy-3.6.17.tgz
serefpolicy-3.6.18.tgz

7
modules-targeted.conf
View File

@ -412,6 +412,13 @@ domain = base
# #
dovecot = module dovecot = module
# Layer: apps
# Module: gitosis
#
# Policy for gitosis
#
gitosis = module
# Layer: apps # Layer: apps
# Module: gpg # Module: gpg
# #

2
nsadiff
View File

@ -1 +1 @@
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.6.16 > /tmp/diff diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.6.18 > /tmp/diff

157
policy-F12.patch
View File

@ -1686,6 +1686,159 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+') +')
+ +
+permissive cpufreqselector_t; +permissive cpufreqselector_t;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.fc serefpolicy-3.6.18/policy/modules/apps/gitosis.fc
--- nsaserefpolicy/policy/modules/apps/gitosis.fc 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.6.18/policy/modules/apps/gitosis.fc 2009-06-20 07:15:46.000000000 -0400
@@ -0,0 +1,4 @@
+
+/usr/bin/gitosis-serve -- gen_context(system_u:object_r:gitosis_exec_t,s0)
+
+/var/lib/gitosis(/.*)? gen_context(system_u:object_r:gitosis_var_lib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.if serefpolicy-3.6.18/policy/modules/apps/gitosis.if
--- nsaserefpolicy/policy/modules/apps/gitosis.if 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.6.18/policy/modules/apps/gitosis.if 2009-06-20 07:15:46.000000000 -0400
@@ -0,0 +1,94 @@
+## <summary>gitosis interface</summary>
+
+#######################################
+## <summary>
+## Execute a domain transition to run gitosis.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`gitosis_domtrans',`
+ gen_require(`
+ type gitosis_t, gitosis_exec_t;
+ ')
+
+ domtrans_pattern($1, gitosis_exec_t, gitosis_t)
+')
+
+#######################################
+## <summary>
+## Execute gitosis-serve in the gitosis domain, and
+## allow the specified role the gitosis domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access
+## </summary>
+## </param>
+## <param name="role">
+## <summary>
+## The role to be allowed the gpsd domain.
+## </summary>
+## </param>
+## <param name="terminal">
+## <summary>
+## The type of the role's terminal.
+## </summary>
+## </param>
+#
+interface(`gitosis_run',`
+ gen_require(`
+ type gitosis_t;
+ ')
+
+ gitosis_domtrans($1)
+ role $2 types gitosis_t;
+ allow gitosis_t $3:chr_file rw_term_perms;
+')
+
+#######################################
+## <summary>
+## Allow the specified domain to read
+## gitosis lib files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`gitosis_read_var_lib',`
+ gen_require(`
+ type gitosis_var_lib_t;
+
+ ')
+
+ read_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
+ read_lnk_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
+ list_dirs_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
+')
+
+######################################
+## <summary>
+## Allow the specified domain to manage
+## gitosis lib files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`gitosis_manage_var_lib',`
+ gen_require(`
+ type gitosis_var_lib_t;
+
+ ')
+
+ manage_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
+ manage_lnk_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
+ manage_dirs_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.te serefpolicy-3.6.18/policy/modules/apps/gitosis.te
--- nsaserefpolicy/policy/modules/apps/gitosis.te 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.6.18/policy/modules/apps/gitosis.te 2009-06-20 07:15:46.000000000 -0400
@@ -0,0 +1,43 @@
+policy_module(gitosis,1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type gitosis_t;
+type gitosis_exec_t;
+application_domain(gitosis_t, gitosis_exec_t)
+role system_r types gitosis_t;
+
+type gitosis_var_lib_t;
+files_type(gitosis_var_lib_t)
+
+########################################
+#
+# gitosis local policy
+#
+
+allow gitosis_t self:fifo_file rw_fifo_file_perms;
+
+exec_files_pattern(gitosis_t,gitosis_var_lib_t,gitosis_var_lib_t)
+manage_files_pattern(gitosis_t,gitosis_var_lib_t,gitosis_var_lib_t)
+manage_lnk_files_pattern(gitosis_t,gitosis_var_lib_t,gitosis_var_lib_t)
+manage_dirs_pattern(gitosis_t,gitosis_var_lib_t,gitosis_var_lib_t)
+
+corecmd_exec_bin(gitosis_t)
+corecmd_exec_shell(gitosis_t)
+
+kernel_read_system_state(gitosis_t)
+
+files_read_usr_files(gitosis_t)
+files_search_var_lib(gitosis_t)
+
+libs_use_ld_so(gitosis_t)
+libs_use_shared_libs(gitosis_t)
+
+miscfiles_read_localization(gitosis_t)
+
+optional_policy(`
+ ssh_rw_pipes(gitosis_t)
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc serefpolicy-3.6.18/policy/modules/apps/gnome.fc diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc serefpolicy-3.6.18/policy/modules/apps/gnome.fc
--- nsaserefpolicy/policy/modules/apps/gnome.fc 2008-11-11 16:13:42.000000000 -0500 --- nsaserefpolicy/policy/modules/apps/gnome.fc 2008-11-11 16:13:42.000000000 -0500
+++ serefpolicy-3.6.18/policy/modules/apps/gnome.fc 2009-06-20 06:49:47.000000000 -0400 +++ serefpolicy-3.6.18/policy/modules/apps/gnome.fc 2009-06-20 06:49:47.000000000 -0400
@ -28016,7 +28169,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+') +')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.6.18/policy/modules/system/sysnetwork.te diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.6.18/policy/modules/system/sysnetwork.te
--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2009-06-20 06:26:20.000000000 -0400 --- nsaserefpolicy/policy/modules/system/sysnetwork.te 2009-06-20 06:26:20.000000000 -0400
+++ serefpolicy-3.6.18/policy/modules/system/sysnetwork.te 2009-06-20 06:49:47.000000000 -0400 +++ serefpolicy-3.6.18/policy/modules/system/sysnetwork.te 2009-06-20 09:54:49.000000000 -0400
@@ -20,6 +20,9 @@ @@ -20,6 +20,9 @@
init_daemon_domain(dhcpc_t,dhcpc_exec_t) init_daemon_domain(dhcpc_t,dhcpc_exec_t)
role system_r types dhcpc_t; role system_r types dhcpc_t;
@ -28045,7 +28198,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow dhcpc_t self:udp_socket create_socket_perms; allow dhcpc_t self:udp_socket create_socket_perms;
allow dhcpc_t self:packet_socket create_socket_perms; allow dhcpc_t self:packet_socket create_socket_perms;
-allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read nlmsg_write }; -allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read nlmsg_write };
+allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read nlmsg_relay }; +allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read };
allow dhcpc_t dhcp_etc_t:dir list_dir_perms; allow dhcpc_t dhcp_etc_t:dir list_dir_perms;
read_lnk_files_pattern(dhcpc_t,dhcp_etc_t,dhcp_etc_t) read_lnk_files_pattern(dhcpc_t,dhcp_etc_t,dhcp_etc_t)

5
selinux-policy.spec
View File

@ -19,7 +19,7 @@
%define CHECKPOLICYVER 2.0.16-3 %define CHECKPOLICYVER 2.0.16-3
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.6.17 Version: 3.6.18
Release: 1%{?dist} Release: 1%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
@ -473,6 +473,9 @@ exit 0
%endif %endif
%changelog %changelog
* Sat Jun 20 2009 Dan Walsh <dwalsh@redhat.com> 3.6.18-1
- Update to upstream
* cleanup
* Fri Jun 19 2009 Dan Walsh <dwalsh@redhat.com> 3.6.17-1 * Fri Jun 19 2009 Dan Walsh <dwalsh@redhat.com> 3.6.17-1
- Update to upstream - Update to upstream
- Additional mail ports - Additional mail ports

2
sources
View File

@ -1 +1 @@
ff26e4c0c4b5057f2fae0ecc28f2c5fa serefpolicy-3.6.17.tgz 2513cf1675a62086dbd60387d6a74861 serefpolicy-3.6.18.tgz