rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Update to upstream

Browse Source
This commit is contained in:
Daniel J Walsh 2010-01-18 22:40:25 +00:00
parent d89970bc6a
commit faec5c2a14
5 changed files with 43 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.cvsignore
View File

@ -198,3 +198,4 @@ serefpolicy-3.7.4.tgz
serefpolicy-3.7.5.tgz serefpolicy-3.7.5.tgz
serefpolicy-3.7.6.tgz serefpolicy-3.7.6.tgz
serefpolicy-3.7.7.tgz serefpolicy-3.7.7.tgz
serefpolicy-3.7.8.tgz

2
nsadiff
View File

@ -1 +1 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.7.7 > /tmp/diff diff --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.7.8 > /tmp/diff

46
policy-F13.patch
View File

@ -4794,8 +4794,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.
+# No types are sandbox_exec_t +# No types are sandbox_exec_t
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.if serefpolicy-3.7.8/policy/modules/apps/sandbox.if diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.if serefpolicy-3.7.8/policy/modules/apps/sandbox.if
--- nsaserefpolicy/policy/modules/apps/sandbox.if 1969-12-31 19:00:00.000000000 -0500 --- nsaserefpolicy/policy/modules/apps/sandbox.if 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.7.8/policy/modules/apps/sandbox.if 2010-01-18 15:18:03.000000000 -0500 +++ serefpolicy-3.7.8/policy/modules/apps/sandbox.if 2010-01-18 17:36:16.000000000 -0500
@@ -0,0 +1,223 @@ @@ -0,0 +1,225 @@
+ +
+## <summary>policy for sandbox</summary> +## <summary>policy for sandbox</summary>
+ +
@ -4922,7 +4922,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.
+ manage_sock_files_pattern($1_t, $1_file_t, $1_file_t) + manage_sock_files_pattern($1_t, $1_file_t, $1_file_t)
+ +
+ # window manager + # window manager
+ miscfiles_setattr_fonts_dirs($1_t) + miscfiles_setattr_fonts_cache_dirs($1_t)
+ allow $1_t self:capability setuid; + allow $1_t self:capability setuid;
+ +
+ type $1_client_t, sandbox_x_domain; + type $1_client_t, sandbox_x_domain;
@ -4956,6 +4956,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.
+ ps_process_pattern(sandbox_xserver_t, $1_t) + ps_process_pattern(sandbox_xserver_t, $1_t)
+ allow sandbox_xserver_t $1_client_t:shm rw_shm_perms; + allow sandbox_xserver_t $1_client_t:shm rw_shm_perms;
+ allow sandbox_xserver_t $1_t:shm rw_shm_perms; + allow sandbox_xserver_t $1_t:shm rw_shm_perms;
+ allow $1_client_t $1_t:unix_stream_socket connectto;
+ allow $1_t $1_client_t:unix_stream_socket connectto;
+ +
+ can_exec($1_client_t, $1_file_t) + can_exec($1_client_t, $1_file_t)
+ manage_dirs_pattern($1_client_t, $1_file_t, $1_file_t) + manage_dirs_pattern($1_client_t, $1_file_t, $1_file_t)
@ -5021,8 +5023,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.
+') +')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.te serefpolicy-3.7.8/policy/modules/apps/sandbox.te diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.te serefpolicy-3.7.8/policy/modules/apps/sandbox.te
--- nsaserefpolicy/policy/modules/apps/sandbox.te 1969-12-31 19:00:00.000000000 -0500 --- nsaserefpolicy/policy/modules/apps/sandbox.te 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.7.8/policy/modules/apps/sandbox.te 2010-01-18 15:18:03.000000000 -0500 +++ serefpolicy-3.7.8/policy/modules/apps/sandbox.te 2010-01-18 17:35:39.000000000 -0500
@@ -0,0 +1,343 @@ @@ -0,0 +1,346 @@
+policy_module(sandbox,1.0.0) +policy_module(sandbox,1.0.0)
+dbus_stub() +dbus_stub()
+attribute sandbox_domain; +attribute sandbox_domain;
@ -5190,7 +5192,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.
+init_dontaudit_write_utmp(sandbox_x_domain) +init_dontaudit_write_utmp(sandbox_x_domain)
+ +
+miscfiles_read_localization(sandbox_x_domain) +miscfiles_read_localization(sandbox_x_domain)
+miscfiles_dontaudit_setattr_fonts_dirs(sandbox_x_domain) +miscfiles_dontaudit_setattr_fonts_cache_dirs(sandbox_x_domain)
+ +
+term_getattr_pty_fs(sandbox_x_domain) +term_getattr_pty_fs(sandbox_x_domain)
+term_use_ptmx(sandbox_x_domain) +term_use_ptmx(sandbox_x_domain)
@ -5206,6 +5208,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.
+') +')
+ +
+optional_policy(` +optional_policy(`
+ dbus_system_bus_client(sandbox_x_domain)
+')
+
+optional_policy(`
+ gnome_read_gconf_config(sandbox_x_domain) + gnome_read_gconf_config(sandbox_x_domain)
+') +')
+ +
@ -5239,7 +5245,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.
+ +
+auth_use_nsswitch(sandbox_x_client_t) +auth_use_nsswitch(sandbox_x_client_t)
+ +
+dbus_system_bus_client(sandbox_x_client_t)
+dbus_read_config(sandbox_x_client_t) +dbus_read_config(sandbox_x_client_t)
+selinux_get_fs_mount(sandbox_x_client_t) +selinux_get_fs_mount(sandbox_x_client_t)
+selinux_validate_context(sandbox_x_client_t) +selinux_validate_context(sandbox_x_client_t)
@ -14996,7 +15001,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
+/usr/local/linuxprinter/ppd(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0) +/usr/local/linuxprinter/ppd(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.7.8/policy/modules/services/cups.te diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.7.8/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2009-08-14 16:14:31.000000000 -0400 --- nsaserefpolicy/policy/modules/services/cups.te 2009-08-14 16:14:31.000000000 -0400
+++ serefpolicy-3.7.8/policy/modules/services/cups.te 2010-01-18 15:18:03.000000000 -0500 +++ serefpolicy-3.7.8/policy/modules/services/cups.te 2010-01-18 17:30:30.000000000 -0500
@@ -23,6 +23,9 @@ @@ -23,6 +23,9 @@
type cupsd_initrc_exec_t; type cupsd_initrc_exec_t;
init_script_file(cupsd_initrc_exec_t) init_script_file(cupsd_initrc_exec_t)
@ -15079,7 +15084,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
miscfiles_read_localization(cupsd_t) miscfiles_read_localization(cupsd_t)
# invoking ghostscript needs to read fonts # invoking ghostscript needs to read fonts
miscfiles_read_fonts(cupsd_t) miscfiles_read_fonts(cupsd_t)
+miscfiles_setattr_fonts_dirs(cupsd_t) +miscfiles_setattr_fonts_cache_dirs(cupsd_t)
seutil_read_config(cupsd_t) seutil_read_config(cupsd_t)
sysnet_exec_ifconfig(cupsd_t) sysnet_exec_ifconfig(cupsd_t)
@ -30625,7 +30630,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-3.7.8/policy/modules/system/miscfiles.if diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-3.7.8/policy/modules/system/miscfiles.if
--- nsaserefpolicy/policy/modules/system/miscfiles.if 2009-11-25 11:47:19.000000000 -0500 --- nsaserefpolicy/policy/modules/system/miscfiles.if 2009-11-25 11:47:19.000000000 -0500
+++ serefpolicy-3.7.8/policy/modules/system/miscfiles.if 2010-01-18 15:18:03.000000000 -0500 +++ serefpolicy-3.7.8/policy/modules/system/miscfiles.if 2010-01-18 17:31:02.000000000 -0500
@@ -73,7 +73,8 @@ @@ -73,7 +73,8 @@
# #
interface(`miscfiles_read_fonts',` interface(`miscfiles_read_fonts',`
@ -30647,7 +30652,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
') ')
######################################## ########################################
@@ -167,6 +172,51 @@ @@ -167,6 +172,70 @@
manage_dirs_pattern($1, fonts_t, fonts_t) manage_dirs_pattern($1, fonts_t, fonts_t)
manage_files_pattern($1, fonts_t, fonts_t) manage_files_pattern($1, fonts_t, fonts_t)
manage_lnk_files_pattern($1, fonts_t, fonts_t) manage_lnk_files_pattern($1, fonts_t, fonts_t)
@ -30675,6 +30680,25 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
+ +
+######################################## +########################################
+## <summary> +## <summary>
+## Dontaudit attempts to set the attributes on a fonts cache directory.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`miscfiles_dontaudit_setattr_fonts_cache_dirs',`
+ gen_require(`
+ type fonts_cache_t;
+ ')
+
+ allow $1 fonts_cache_t:dir setattr;
+')
+
+########################################
+## <summary>
+## Create, read, write, and delete fonts cache. +## Create, read, write, and delete fonts cache.
+## </summary> +## </summary>
+## <param name="domain"> +## <param name="domain">

7
selinux-policy.spec
View File

@ -19,8 +19,8 @@
%define CHECKPOLICYVER 2.0.21-1 %define CHECKPOLICYVER 2.0.21-1
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.7.7 Version: 3.7.8
Release: 3%{?dist} Release: 1%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Source: serefpolicy-%{version}.tgz Source: serefpolicy-%{version}.tgz
@ -459,6 +459,9 @@ exit 0
%endif %endif
%changelog %changelog
* Mon Jan 18 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-1
- Update to upstream
* Fri Jan 15 2010 Dan Walsh <dwalsh@redhat.com> 3.7.7-3 * Fri Jan 15 2010 Dan Walsh <dwalsh@redhat.com> 3.7.7-3
- Fix git - Fix git

2
sources
View File

@ -1,2 +1,2 @@
3651679c4b12a31d2ba5f4305bba5540 config.tgz 3651679c4b12a31d2ba5f4305bba5540 config.tgz
2cec5f31faaf708d21bbcffabde5533d serefpolicy-3.7.7.tgz 6ed233bfd5c6a20877d98e74f967ce0f serefpolicy-3.7.8.tgz