From 908512cccce2bd6b90acdcc214e4e36e60280b16 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Jul 19 2007 20:55:20 +0000 Subject: - Add proper contexts for rsyslogd --- diff --git a/policy-20070703.patch b/policy-20070703.patch index 3162c92..59e916a 100644 --- a/policy-20070703.patch +++ b/policy-20070703.patch @@ -8546,16 +8546,25 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locall # Sulogin local policy diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.0.3/policy/modules/system/logging.fc --- nsaserefpolicy/policy/modules/system/logging.fc 2007-05-29 14:10:58.000000000 -0400 -+++ serefpolicy-3.0.3/policy/modules/system/logging.fc 2007-07-17 15:46:25.000000000 -0400 -@@ -1,6 +1,6 @@ ++++ serefpolicy-3.0.3/policy/modules/system/logging.fc 2007-07-19 11:20:26.000000000 -0400 +@@ -1,12 +1,15 @@ - /dev/log -s gen_context(system_u:object_r:devlog_t,s0) ++/etc/rsyslog.conf gen_context(system_u:object_r:syslog_conf_t,s0) +/etc/syslog.conf gen_context(system_u:object_r:syslog_conf_t,s0) /etc/audit(/.*)? gen_context(system_u:object_r:auditd_etc_t,mls_systemhigh) /sbin/auditctl -- gen_context(system_u:object_r:auditctl_exec_t,s0) -@@ -43,3 +43,5 @@ + /sbin/auditd -- gen_context(system_u:object_r:auditd_exec_t,s0) ++/sbin/rklogd -- gen_context(system_u:object_r:klogd_exec_t,s0) + /sbin/klogd -- gen_context(system_u:object_r:klogd_exec_t,s0) + /sbin/minilogd -- gen_context(system_u:object_r:syslogd_exec_t,s0) ++/sbin/rsyslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0) + /sbin/syslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0) + /sbin/syslog-ng -- gen_context(system_u:object_r:syslogd_exec_t,s0) + +@@ -43,3 +46,5 @@ /var/spool/postfix/pid -d gen_context(system_u:object_r:var_run_t,s0) /var/tinydns/log/main(/.*)? gen_context(system_u:object_r:var_log_t,s0) diff --git a/selinux-policy.spec b/selinux-policy.spec index 6e60eb6..77e5830 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.0.3 -Release: 1%{?dist} +Release: 2%{?dist} License: GPL Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -293,10 +293,12 @@ semodule -r moilscanner 2>/dev/null %relabel targeted exit 0 -%triggerpostun targeted -- selinux-policy-targeted < 3.0.1 +%triggerpostun targeted -- selinux-policy-targeted < 3.0.3.2 setsebool -P use_nfs_home_dirs=1 semanage login -m -s "system_u" __default__ 2> /dev/null semanage user -a -P unconfined -R "unconfined_r system_r" unconfined_u 2> /dev/null +semanage user -a -P guest -R guest_r guest_u +semanage user -a -P xguest -R xguest_r xguest_u restorecon -R /root 2> /dev/null exit 0 @@ -357,6 +359,12 @@ exit 0 %endif %changelog +* Thu Jul 19 2007 Dan Walsh 3.0.3-2 +- Add proper contexts for rsyslogd + +* Thu Jul 19 2007 Dan Walsh 3.0.3-1 +- Fixes for xguest policy + * Tue Jul 17 2007 Dan Walsh 3.0.2-9 - Allow execution of gconf