From ff5e7c397dc0813ec593476437e564d75636a326 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: May 14 2013 21:01:16 +0000 Subject: Make sure users and unconfined domains create .hushlogin with the correct label - Allow pegaus to chat with realmd over DBus - Allow cobblerd to read network state - Allow boicn-client to stat on /dev/input/mice - Allow certwatch to read net_config_t when it executes apache - Allow readahead to create /run/systemd and then create its own directory with the correct label --- diff --git a/selinux-policy.spec b/selinux-policy.spec index decbd3a..1f0db40 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -19,7 +19,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.12.1 -Release: 43%{?dist} +Release: 44%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -55,7 +55,7 @@ Source30: booleans.subs_dist Url: http://oss.tresys.com/repos/refpolicy/ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildArch: noarch -BuildRequires: python gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 +BuildRequires: python gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2 gzip Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} Requires(post): /bin/awk /usr/bin/sha512sum @@ -351,6 +351,8 @@ install -m 644 doc/example.* %{buildroot}%{_usr}/share/selinux/devel/ install -m 644 doc/policy.* %{buildroot}%{_usr}/share/selinux/devel/ echo "xdg-open file:///usr/share/doc/selinux-policy-%{version}/html/index.html"> %{buildroot}%{_usr}/share/selinux/devel/policyhelp chmod +x %{buildroot}%{_usr}/share/selinux/devel/policyhelp +gzip %{buildroot}/%{_usr}/share/selinux/devel/policy.xml +mv %{buildroot}/%{_usr}/share/selinux/devel/policy.xml.gz %{buildroot}/%{_usr}/share/selinux/devel/policy.xml /usr/bin/sepolicy manpage -a -p %{buildroot}/usr/share/man/man8/ -w -r %{buildroot} mkdir %{buildroot}%{_usr}/share/selinux/devel/html htmldir=`compgen -d %{buildroot}%{_usr}/share/man/man8/` @@ -530,7 +532,15 @@ SELinux Reference policy mls base module. %endif %changelog -* Mon May 10 2013 Miroslav Grepl 3.12.1-43 +* Mon May 13 2013 Miroslav Grepl 3.12.1-44 +- Make sure users and unconfined domains create .hushlogin with the correct label +- Allow pegaus to chat with realmd over DBus +- Allow cobblerd to read network state +- Allow boicn-client to stat on /dev/input/mice +- Allow certwatch to read net_config_t when it executes apache +- Allow readahead to create /run/systemd and then create its own directory with the correct label + +* Mon May 13 2013 Miroslav Grepl 3.12.1-43 - Transition directories and files when in a user_tmp_t directory - Change certwatch to domtrans to apache instead of just execute - Allow virsh_t to read xen lib files