Make sure users and unconfined domains create .hushlogin with the correct label

- Allow pegaus to chat with realmd over DBus
- Allow cobblerd to read network state
- Allow boicn-client to stat on /dev/input/mice
- Allow certwatch to read net_config_t when it executes apache
- Allow readahead to create /run/systemd and then create its own directory with the correct label
This commit is contained in:
Dan Walsh 2013-05-14 17:01:16 -04:00
parent bdd37e8965
commit ff5e7c397d

View File

@ -19,7 +19,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.12.1 Version: 3.12.1
Release: 43%{?dist} Release: 44%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Source: serefpolicy-%{version}.tgz Source: serefpolicy-%{version}.tgz
@ -55,7 +55,7 @@ Source30: booleans.subs_dist
Url: http://oss.tresys.com/repos/refpolicy/ Url: http://oss.tresys.com/repos/refpolicy/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch BuildArch: noarch
BuildRequires: python gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 BuildRequires: python gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gzip
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
Requires(post): /bin/awk /usr/bin/sha512sum Requires(post): /bin/awk /usr/bin/sha512sum
@ -351,6 +351,8 @@ install -m 644 doc/example.* %{buildroot}%{_usr}/share/selinux/devel/
install -m 644 doc/policy.* %{buildroot}%{_usr}/share/selinux/devel/ install -m 644 doc/policy.* %{buildroot}%{_usr}/share/selinux/devel/
echo "xdg-open file:///usr/share/doc/selinux-policy-%{version}/html/index.html"> %{buildroot}%{_usr}/share/selinux/devel/policyhelp echo "xdg-open file:///usr/share/doc/selinux-policy-%{version}/html/index.html"> %{buildroot}%{_usr}/share/selinux/devel/policyhelp
chmod +x %{buildroot}%{_usr}/share/selinux/devel/policyhelp chmod +x %{buildroot}%{_usr}/share/selinux/devel/policyhelp
gzip %{buildroot}/%{_usr}/share/selinux/devel/policy.xml
mv %{buildroot}/%{_usr}/share/selinux/devel/policy.xml.gz %{buildroot}/%{_usr}/share/selinux/devel/policy.xml
/usr/bin/sepolicy manpage -a -p %{buildroot}/usr/share/man/man8/ -w -r %{buildroot} /usr/bin/sepolicy manpage -a -p %{buildroot}/usr/share/man/man8/ -w -r %{buildroot}
mkdir %{buildroot}%{_usr}/share/selinux/devel/html mkdir %{buildroot}%{_usr}/share/selinux/devel/html
htmldir=`compgen -d %{buildroot}%{_usr}/share/man/man8/` htmldir=`compgen -d %{buildroot}%{_usr}/share/man/man8/`
@ -530,7 +532,15 @@ SELinux Reference policy mls base module.
%endif %endif
%changelog %changelog
* Mon May 10 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-43 * Mon May 13 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-44
- Make sure users and unconfined domains create .hushlogin with the correct label
- Allow pegaus to chat with realmd over DBus
- Allow cobblerd to read network state
- Allow boicn-client to stat on /dev/input/mice
- Allow certwatch to read net_config_t when it executes apache
- Allow readahead to create /run/systemd and then create its own directory with the correct label
* Mon May 13 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-43
- Transition directories and files when in a user_tmp_t directory - Transition directories and files when in a user_tmp_t directory
- Change certwatch to domtrans to apache instead of just execute - Change certwatch to domtrans to apache instead of just execute
- Allow virsh_t to read xen lib files - Allow virsh_t to read xen lib files