From 40243d944fccb389a569d38dc22ed45373114952 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Aug 18 2009 22:43:34 +0000 Subject: - Allow cupsd_config_t to be started by dbus - Add smoltclient policy --- diff --git a/.cvsignore b/.cvsignore index 99c09d4..ab0b3cd 100644 --- a/.cvsignore +++ b/.cvsignore @@ -183,3 +183,4 @@ serefpolicy-3.6.24.tgz serefpolicy-3.6.25.tgz serefpolicy-3.6.26.tgz serefpolicy-3.6.27.tgz +serefpolicy-3.6.28.tgz diff --git a/modules-minimum.conf b/modules-minimum.conf index 25c7f3e..66fa677 100644 --- a/modules-minimum.conf +++ b/modules-minimum.conf @@ -1337,6 +1337,13 @@ slocate = module # smartmon = module +# Layer: admin +# Module: smoltclient +# +# The Fedora hardware profiler client +# +smoltclient = module + # Layer: services # Module: snmp # diff --git a/modules-targeted.conf b/modules-targeted.conf index 25c7f3e..66fa677 100644 --- a/modules-targeted.conf +++ b/modules-targeted.conf @@ -1337,6 +1337,13 @@ slocate = module # smartmon = module +# Layer: admin +# Module: smoltclient +# +# The Fedora hardware profiler client +# +smoltclient = module + # Layer: services # Module: snmp # diff --git a/nsadiff b/nsadiff index 1baef24..3ce5a4b 100755 --- a/nsadiff +++ b/nsadiff @@ -1 +1 @@ -diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.6.27 > /tmp/diff +diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.6.28 > /tmp/diff diff --git a/policy-F12.patch b/policy-F12.patch index 8f3d4db..a773c6f 100644 --- a/policy-F12.patch +++ b/policy-F12.patch @@ -1,12 +1,3 @@ -diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Changelog serefpolicy-3.6.28/Changelog ---- nsaserefpolicy/Changelog 2009-08-18 11:41:14.000000000 -0400 -+++ serefpolicy-3.6.28/Changelog 2009-08-18 13:23:29.000000000 -0400 -@@ -1,5 +1,3 @@ --- Debian policykit fixes from Martin Orr. --- Fix unconfined_r use of unconfined_java_t. - - Add missing x_device rules for XI2 functions, from Eamon Walsh. - - Add missing rules to make unconfined_cronjob_t a valid cron job domain. - - Add btrfs and ext4 to labeling targets. diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.6.28/config/appconfig-mcs/default_contexts --- nsaserefpolicy/config/appconfig-mcs/default_contexts 2009-07-14 14:19:57.000000000 -0400 +++ serefpolicy-3.6.28/config/appconfig-mcs/default_contexts 2009-08-18 13:23:29.000000000 -0400 @@ -639,9 +630,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ') diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/portage.te serefpolicy-3.6.28/policy/modules/admin/portage.te ---- nsaserefpolicy/policy/modules/admin/portage.te 2009-08-14 16:14:31.000000000 -0400 +--- nsaserefpolicy/policy/modules/admin/portage.te 2009-08-18 18:39:50.000000000 -0400 +++ serefpolicy-3.6.28/policy/modules/admin/portage.te 2009-08-18 13:23:29.000000000 -0400 -@@ -195,7 +195,7 @@ +@@ -196,7 +195,7 @@ # - for rsync and distfile fetching # @@ -1485,8 +1476,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol +') diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/awstats.te serefpolicy-3.6.28/policy/modules/apps/awstats.te --- nsaserefpolicy/policy/modules/apps/awstats.te 2009-08-14 16:14:31.000000000 -0400 -+++ serefpolicy-3.6.28/policy/modules/apps/awstats.te 2009-08-18 13:23:29.000000000 -0400 -@@ -51,6 +51,8 @@ ++++ serefpolicy-3.6.28/policy/modules/apps/awstats.te 2009-08-18 18:38:21.000000000 -0400 +@@ -28,6 +28,8 @@ + awstats_rw_pipes(awstats_t) + awstats_cgi_exec(awstats_t) + ++can_exec(awstats_t, awstats_exec_t) ++ + manage_dirs_pattern(awstats_t, awstats_tmp_t, awstats_tmp_t) + manage_files_pattern(awstats_t, awstats_tmp_t, awstats_tmp_t) + files_tmp_filetrans(awstats_t, awstats_tmp_t, { dir file }) +@@ -51,6 +53,8 @@ libs_read_lib_files(awstats_t) @@ -10804,7 +10804,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ## ## diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.6.28/policy/modules/services/dbus.te ---- nsaserefpolicy/policy/modules/services/dbus.te 2009-08-14 16:14:31.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/dbus.te 2009-08-18 18:39:50.000000000 -0400 +++ serefpolicy-3.6.28/policy/modules/services/dbus.te 2009-08-18 13:23:29.000000000 -0400 @@ -86,6 +86,7 @@ dev_read_sysfs(system_dbusd_t) @@ -13587,7 +13587,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol /var/run/PolicyKit(/.*)? gen_context(system_u:object_r:policykit_var_run_t,s0) diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.if serefpolicy-3.6.28/policy/modules/services/policykit.if ---- nsaserefpolicy/policy/modules/services/policykit.if 2009-07-23 14:11:04.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/policykit.if 2009-08-18 18:39:50.000000000 -0400 +++ serefpolicy-3.6.28/policy/modules/services/policykit.if 2009-08-18 13:23:29.000000000 -0400 @@ -17,6 +17,8 @@ class dbus send_msg; @@ -13598,23 +13598,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol allow $1 policykit_t:dbus send_msg; allow policykit_t $1:dbus send_msg; ') -@@ -41,7 +43,6 @@ - - ######################################## - ## --## Execute a policy_auth in the policy_auth domain, and - ## allow the specified role the policy_auth domain, - ## - ## -@@ -167,7 +168,7 @@ - - domtrans_pattern($1, policykit_resolve_exec_t, policykit_resolve_t) - -- ps_process_pattern(policykit_resolve_t $1) -+ ps_process_pattern(policykit_resolve_t, $1) - ') - - ######################################## @@ -206,4 +207,47 @@ files_search_var_lib($1) diff --git a/selinux-policy.spec b/selinux-policy.spec index 84dfbc1..513db90 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -19,7 +19,7 @@ %define CHECKPOLICYVER 2.0.16-3 Summary: SELinux policy configuration Name: selinux-policy -Version: 3.6.27 +Version: 3.6.28 Release: 1%{?dist} License: GPLv2+ Group: System Environment/Base @@ -475,6 +475,10 @@ exit 0 %endif %changelog +* Tue Aug 18 2009 Dan Walsh 3.6.28-1 +- Allow cupsd_config_t to be started by dbus +- Add smoltclient policy + * Fri Aug 14 2009 Dan Walsh 3.6.27-1 - Add policycoreutils-python to pre install diff --git a/sources b/sources index b827ae9..1c4afdd 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -7539a9e100f4f48bcd47dd870e03e2c6 serefpolicy-3.6.27.tgz +7ce2872c7c331710af3741606add5664 serefpolicy-3.6.28.tgz