diff --git a/modules-mls.conf b/modules-mls.conf index 7e5ccb2..330c3bc 100644 --- a/modules-mls.conf +++ b/modules-mls.conf @@ -570,7 +570,7 @@ rdisc = base # # X windows login display manager # -xserver = off +xserver = base # Layer: services # Module: nscd diff --git a/modules-targeted.conf b/modules-targeted.conf index 73bf665..060c7a4 100644 --- a/modules-targeted.conf +++ b/modules-targeted.conf @@ -275,7 +275,14 @@ cvs = base # # cyphesis game server # -cyphesis +cyphesis = module + +# Layer: services +# Module: gamin +# +# FAM File Alteration Monitor API +# +gamin = module # Layer: services # Module: cyrus diff --git a/policy-20071130.patch b/policy-20071130.patch index 255f748..29972b4 100644 --- a/policy-20071130.patch +++ b/policy-20071130.patch @@ -23256,7 +23256,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser /var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.3.1/policy/modules/services/xserver.if --- nsaserefpolicy/policy/modules/services/xserver.if 2007-12-04 11:02:50.000000000 -0500 -+++ serefpolicy-3.3.1/policy/modules/services/xserver.if 2008-03-06 13:07:32.000000000 -0500 ++++ serefpolicy-3.3.1/policy/modules/services/xserver.if 2008-03-06 17:09:27.000000000 -0500 @@ -12,9 +12,15 @@ ## ## @@ -23720,7 +23720,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser # for when /tmp/.X11-unix is created by the system allow $2 xdm_t:fd use; -@@ -542,25 +540,473 @@ +@@ -542,25 +540,474 @@ allow $2 xdm_tmp_t:sock_file { read write }; dontaudit $2 xdm_t:tcp_socket { read write }; @@ -23918,6 +23918,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser + attribute x_server_domain, x_domain; + attribute xproperty_type; + attribute xevent_type, xextension_type; ++ attribute xserver_unconfined_type; + class x_drawable all_x_drawable_perms; + class x_screen all_x_screen_perms; + class x_gc all_x_gc_perms; @@ -24200,7 +24201,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser ') ') -@@ -593,26 +1039,44 @@ +@@ -593,26 +1040,44 @@ # template(`xserver_use_user_fonts',` gen_require(` @@ -24252,7 +24253,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser ## Transition to a user Xauthority domain. ## ## -@@ -638,10 +1102,77 @@ +@@ -638,10 +1103,77 @@ # template(`xserver_domtrans_user_xauth',` gen_require(` @@ -24332,7 +24333,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser ') ######################################## -@@ -671,10 +1202,10 @@ +@@ -671,10 +1203,10 @@ # template(`xserver_user_home_dir_filetrans_user_xauth',` gen_require(` @@ -24345,7 +24346,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser ') ######################################## -@@ -760,7 +1291,7 @@ +@@ -760,7 +1292,7 @@ type xconsole_device_t; ') @@ -24354,7 +24355,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser ') ######################################## -@@ -860,6 +1391,25 @@ +@@ -860,6 +1392,25 @@ ######################################## ## @@ -24380,7 +24381,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser ## Read xdm-writable configuration files. ## ## -@@ -914,6 +1464,7 @@ +@@ -914,6 +1465,7 @@ files_search_tmp($1) allow $1 xdm_tmp_t:dir list_dir_perms; create_sock_files_pattern($1,xdm_tmp_t,xdm_tmp_t) @@ -24388,7 +24389,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser ') ######################################## -@@ -955,6 +1506,24 @@ +@@ -955,6 +1507,24 @@ ######################################## ## @@ -24413,7 +24414,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser ## Execute the X server in the XDM X server domain. ## ## -@@ -965,15 +1534,47 @@ +@@ -965,15 +1535,47 @@ # interface(`xserver_domtrans_xdm_xserver',` gen_require(` @@ -24462,7 +24463,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser ## Make an X session script an entrypoint for the specified domain. ## ## -@@ -1123,7 +1724,7 @@ +@@ -1123,7 +1725,7 @@ type xdm_xserver_tmp_t; ') @@ -24471,7 +24472,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser ') ######################################## -@@ -1312,3 +1913,82 @@ +@@ -1312,3 +1914,82 @@ files_search_tmp($1) stream_connect_pattern($1,xdm_xserver_tmp_t,xdm_xserver_tmp_t,xdm_xserver_t) ') diff --git a/selinux-policy.spec b/selinux-policy.spec index 03f719a..470e628 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.3.1 -Release: 11%{?dist} +Release: 12%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -388,6 +388,9 @@ exit 0 %endif %changelog +* Thu Mar 6 2008 Dan Walsh 3.3.1-12 +- Fix initrc_context generation for MLS + * Mon Mar 3 2008 Dan Walsh 3.3.1-11 - Fixes for libvirt