Make sure users and unconfined domains create .hushlogin with the correct label
- Allow pegaus to chat with realmd over DBus - Allow cobblerd to read network state - Allow boicn-client to stat on /dev/input/mice - Allow certwatch to read net_config_t when it executes apache - Allow readahead to create /run/systemd and then create its own directory with the correct label
This commit is contained in:
parent
bdd37e8965
commit
ff5e7c397d
@ -19,7 +19,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.12.1
|
Version: 3.12.1
|
||||||
Release: 43%{?dist}
|
Release: 44%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -55,7 +55,7 @@ Source30: booleans.subs_dist
|
|||||||
Url: http://oss.tresys.com/repos/refpolicy/
|
Url: http://oss.tresys.com/repos/refpolicy/
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
BuildRequires: python gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2
|
BuildRequires: python gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gzip
|
||||||
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
|
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
|
||||||
Requires(post): /bin/awk /usr/bin/sha512sum
|
Requires(post): /bin/awk /usr/bin/sha512sum
|
||||||
|
|
||||||
@ -351,6 +351,8 @@ install -m 644 doc/example.* %{buildroot}%{_usr}/share/selinux/devel/
|
|||||||
install -m 644 doc/policy.* %{buildroot}%{_usr}/share/selinux/devel/
|
install -m 644 doc/policy.* %{buildroot}%{_usr}/share/selinux/devel/
|
||||||
echo "xdg-open file:///usr/share/doc/selinux-policy-%{version}/html/index.html"> %{buildroot}%{_usr}/share/selinux/devel/policyhelp
|
echo "xdg-open file:///usr/share/doc/selinux-policy-%{version}/html/index.html"> %{buildroot}%{_usr}/share/selinux/devel/policyhelp
|
||||||
chmod +x %{buildroot}%{_usr}/share/selinux/devel/policyhelp
|
chmod +x %{buildroot}%{_usr}/share/selinux/devel/policyhelp
|
||||||
|
gzip %{buildroot}/%{_usr}/share/selinux/devel/policy.xml
|
||||||
|
mv %{buildroot}/%{_usr}/share/selinux/devel/policy.xml.gz %{buildroot}/%{_usr}/share/selinux/devel/policy.xml
|
||||||
/usr/bin/sepolicy manpage -a -p %{buildroot}/usr/share/man/man8/ -w -r %{buildroot}
|
/usr/bin/sepolicy manpage -a -p %{buildroot}/usr/share/man/man8/ -w -r %{buildroot}
|
||||||
mkdir %{buildroot}%{_usr}/share/selinux/devel/html
|
mkdir %{buildroot}%{_usr}/share/selinux/devel/html
|
||||||
htmldir=`compgen -d %{buildroot}%{_usr}/share/man/man8/`
|
htmldir=`compgen -d %{buildroot}%{_usr}/share/man/man8/`
|
||||||
@ -530,7 +532,15 @@ SELinux Reference policy mls base module.
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Mon May 10 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-43
|
* Mon May 13 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-44
|
||||||
|
- Make sure users and unconfined domains create .hushlogin with the correct label
|
||||||
|
- Allow pegaus to chat with realmd over DBus
|
||||||
|
- Allow cobblerd to read network state
|
||||||
|
- Allow boicn-client to stat on /dev/input/mice
|
||||||
|
- Allow certwatch to read net_config_t when it executes apache
|
||||||
|
- Allow readahead to create /run/systemd and then create its own directory with the correct label
|
||||||
|
|
||||||
|
* Mon May 13 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-43
|
||||||
- Transition directories and files when in a user_tmp_t directory
|
- Transition directories and files when in a user_tmp_t directory
|
||||||
- Change certwatch to domtrans to apache instead of just execute
|
- Change certwatch to domtrans to apache instead of just execute
|
||||||
- Allow virsh_t to read xen lib files
|
- Allow virsh_t to read xen lib files
|
||||||
|
Loading…
Reference in New Issue
Block a user