diff --git a/modules-minimum.conf b/modules-minimum.conf index 7e698e0..1dcf933 100644 --- a/modules-minimum.conf +++ b/modules-minimum.conf @@ -182,6 +182,13 @@ cdrecord = module # certwatch = module +# Layer: admin +# Module: certmaster +# +# Digital Certificate Tracking +# +certmanager = module + # Layer: services # Module: cipe # diff --git a/modules-targeted.conf b/modules-targeted.conf index 7e698e0..1dcf933 100644 --- a/modules-targeted.conf +++ b/modules-targeted.conf @@ -182,6 +182,13 @@ cdrecord = module # certwatch = module +# Layer: admin +# Module: certmaster +# +# Digital Certificate Tracking +# +certmanager = module + # Layer: services # Module: cipe # diff --git a/policy-20080710.patch b/policy-20080710.patch index 31c2d9a..beb93c9 100644 --- a/policy-20080710.patch +++ b/policy-20080710.patch @@ -12178,8 +12178,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol +/var/log/certmaster(/.*)? gen_context(system_u:object_r:certmaster_var_log_t,s0) diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.if serefpolicy-3.5.13/policy/modules/services/certmaster.if --- nsaserefpolicy/policy/modules/services/certmaster.if 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-3.5.13/policy/modules/services/certmaster.if 2008-10-30 14:44:58.000000000 -0400 -@@ -0,0 +1,133 @@ ++++ serefpolicy-3.5.13/policy/modules/services/certmaster.if 2008-11-03 15:55:54.000000000 -0500 +@@ -0,0 +1,132 @@ +## policy for certmaster + +######################################## @@ -12205,15 +12205,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol +') + +####################################### -+### -+### read -+### certmaster logs. -+### -+### -+### -+### Domain allowed access. -+### -+### ++## ++## read ++## certmaster logs. ++## ++## ++## ++## Domain allowed access. ++## ++## +## +# +interface(`certmaster_read_log',` @@ -12225,14 +12225,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol +') + +####################################### -+### -+### Append to certmaster logs. -+### -+### -+### -+### Domain allowed access. -+### -+### ++## ++## Append to certmaster logs. ++## ++## ++## ++## Domain allowed access. ++## ++## +## +# +interface(`certmaster_append_log',` @@ -12244,15 +12244,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol +') + +####################################### -+### -+### Create, read, write, and delete -+### certmaster logs. -+### -+### -+### -+### Domain allowed access. -+### -+### ++## ++## Create, read, write, and delete ++## certmaster logs. ++## ++## ++## ++## Domain allowed access. ++## ++## +## +# +interface(`certmaster_manage_log',` @@ -12265,22 +12265,22 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol +') + +######################################## -+### -+### All of the rules required to administrate -+### an snort environment -+### -+### -+### -+### Domain allowed access. -+### -+### -+### -+### -+### The role to be allowed to manage the syslog domain. -+### -+### -+### -+## ++## ++## All of the rules required to administrate ++## an snort environment ++## ++## ++## ++## Domain allowed access. ++## ++## ++## ++## ++## The role to be allowed to manage the syslog domain. ++## ++## ++## ++# + +interface(`certmaster_admin',` + gen_require(` @@ -12312,7 +12312,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol + files_list_var_lib($1) + admin_pattern($1, certmaster_var_lib_t) +') -+ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.te serefpolicy-3.5.13/policy/modules/services/certmaster.te --- nsaserefpolicy/policy/modules/services/certmaster.te 1969-12-31 19:00:00.000000000 -0500 +++ serefpolicy-3.5.13/policy/modules/services/certmaster.te 2008-10-30 14:48:03.000000000 -0400 diff --git a/selinux-policy.spec b/selinux-policy.spec index a77565b..36b5b72 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -20,7 +20,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.5.13 -Release: 11%{?dist} +Release: 13%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -457,6 +457,13 @@ exit 0 %endif %changelog +* Mon Nov 3 2008 Dan Walsh 3.5.13-13 +- Allow dhcpc to restart ypbind +- Fixup labeling in /var/run + +* Thu Oct 30 2008 Dan Walsh 3.5.13-12 +- Add certmaster policy + * Wed Oct 29 2008 Dan Walsh 3.5.13-11 - Fix confined users - Allow xguest to read/write xguest_dbusd_t