- Upgrade to upstream to grab postgressql changes

2007-08-23 13:31:59 +00:00 · 2007-08-23 13:31:59 +00:00 · e92bb82e8a
commit e92bb82e8a
parent 77a22067be
1 changed files with 7 additions and 36 deletions
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@ -2518,8 +2518,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.0.6/policy/modules/kernel/domain.te
 --- nsaserefpolicy/policy/modules/kernel/domain.te	2007-07-25 10:37:36.000000000 -0400
-+++ serefpolicy-3.0.6/policy/modules/kernel/domain.te	2007-08-22 08:03:53.000000000 -0400
+++ serefpolicy-3.0.6/policy/modules/kernel/domain.te	2007-08-23 09:30:52.000000000 -0400
-@@ -6,6 +6,29 @@
+@@ -6,6 +6,15 @@
 # Declarations
 #
@ -2530,26 +2530,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
 +## </p>
 +## </desc>
 +gen_tunable(allow_netlabel,true)
 +
 +## <desc>
 +## <p>
 +## Allow all domains to use ipsec labeled packets
 +## </p>
 +## </desc>
 +gen_tunable(allow_ipsec_label,true)
 +')
 +
 +## <desc>
 +## <p>
 +## Allow unlabeled packets to work on system
 +## </p>
 +## </desc>
 +gen_tunable(allow_unlabeled_packets,true)
 +
 # Mark process types as domains
 attribute domain;
-@@ -134,3 +157,25 @@
+@@ -134,3 +143,22 @@
 # act on all domains keys
 allow unconfined_domain_type domain:key *;
@ -2571,9 +2557,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
 +		kernel_tcp_recvfrom_unlabeled(domain)
 +		kernel_udp_recvfrom_unlabeled(domain)
 +	')
 +	tunable_policy(`allow_ipsec_label',`
 +		ipsec_labeled(domain)
 +	')
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.0.6/policy/modules/kernel/files.if
 --- nsaserefpolicy/policy/modules/kernel/files.if	2007-07-03 07:05:38.000000000 -0400
@ -4063,7 +4046,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
 +/var/named/chroot/var/log/named.*	--	gen_context(system_u:object_r:named_log_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-3.0.6/policy/modules/services/bind.te
 --- nsaserefpolicy/policy/modules/services/bind.te	2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.6/policy/modules/services/bind.te	2007-08-22 08:03:53.000000000 -0400
+++ serefpolicy-3.0.6/policy/modules/services/bind.te	2007-08-22 17:35:04.000000000 -0400
@@ -66,7 +66,6 @@
 allow named_t self:unix_dgram_socket create_socket_perms;
 allow named_t self:tcp_socket create_stream_socket_perms;
@ -4081,19 +4064,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
 # read zone files
 allow named_t named_zone_t:dir list_dir_perms;
 read_files_pattern(named_t,named_zone_t,named_zone_t)
-@@ -119,6 +120,11 @@
+@@ -175,6 +176,10 @@
 corenet_sendrecv_dns_client_packets(named_t)
 corenet_sendrecv_rndc_server_packets(named_t)
 corenet_sendrecv_rndc_client_packets(named_t)
 +corenet_udp_bind_all_unreserved_ports(named_t)
 +
 +#dnsmasq 
 +corenet_tcp_bind_dhcpd_port(named_t)
 +corenet_udp_bind_dhcpd_port(named_t)
 dev_read_sysfs(named_t)
 dev_read_rand(named_t)
@@ -175,6 +181,10 @@
 ')
 optional_policy(`
@ -4104,7 +4075,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
 	# this seems like fds that arent being
 	# closed.  these should probably be
 	# dontaudits instead.
-@@ -184,14 +194,6 @@
+@@ -184,14 +189,6 @@
 ')
 optional_policy(`
@ -4119,7 +4090,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
 	seutil_sigchld_newrole(named_t)
 ')
-@@ -232,6 +234,7 @@
+@@ -232,6 +229,7 @@
 corenet_tcp_sendrecv_all_nodes(ndc_t)
 corenet_tcp_sendrecv_all_ports(ndc_t)
 corenet_tcp_connect_rndc_port(ndc_t)