diff --git a/policy-20070703.patch b/policy-20070703.patch index c45a31b..69570d4 100644 --- a/policy-20070703.patch +++ b/policy-20070703.patch @@ -4287,7 +4287,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups +/usr/local/Brother/inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,mls_systemhigh) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.0.3/policy/modules/services/cups.te --- nsaserefpolicy/policy/modules/services/cups.te 2007-07-03 07:06:27.000000000 -0400 -+++ serefpolicy-3.0.3/policy/modules/services/cups.te 2007-07-19 10:33:00.000000000 -0400 ++++ serefpolicy-3.0.3/policy/modules/services/cups.te 2007-07-20 09:22:00.000000000 -0400 @@ -81,12 +81,11 @@ # /usr/lib/cups/backend/serial needs sys_admin(?!) allow cupsd_t self:capability { sys_admin dac_override dac_read_search kill setgid setuid fsetid net_bind_service fowner chown dac_override sys_resource sys_tty_config }; @@ -4302,7 +4302,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups allow cupsd_t self:tcp_socket create_stream_socket_perms; allow cupsd_t self:udp_socket create_socket_perms; allow cupsd_t self:appletalk_socket create_socket_perms; -@@ -150,14 +149,16 @@ +@@ -150,14 +149,17 @@ corenet_tcp_bind_reserved_port(cupsd_t) corenet_dontaudit_tcp_bind_all_reserved_ports(cupsd_t) corenet_tcp_connect_all_ports(cupsd_t) @@ -4316,11 +4316,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups dev_read_urand(cupsd_t) dev_read_sysfs(cupsd_t) -dev_read_usbfs(cupsd_t) ++dev_rw_generic_usb_dev(cupsd_t) +dev_rw_usbfs(cupsd_t) dev_getattr_printer_dev(cupsd_t) domain_read_all_domains_state(cupsd_t) -@@ -176,6 +177,7 @@ +@@ -176,6 +178,7 @@ term_search_ptys(cupsd_t) auth_domtrans_chk_passwd(cupsd_t) @@ -4328,7 +4329,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups auth_dontaudit_read_pam_pid(cupsd_t) # Filter scripts may be shell scripts, and may invoke progs like /bin/mktemp -@@ -223,21 +225,45 @@ +@@ -223,21 +226,45 @@ sysnet_read_config(cupsd_t) @@ -4374,7 +4375,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups cron_system_entry(cupsd_t, cupsd_exec_t) ') -@@ -250,6 +276,10 @@ +@@ -250,6 +277,10 @@ optional_policy(` hal_dbus_chat(cupsd_t) ') @@ -4385,7 +4386,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups ') optional_policy(` -@@ -265,16 +295,16 @@ +@@ -265,16 +296,16 @@ ') optional_policy(` @@ -4406,7 +4407,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups seutil_sigchld_newrole(cupsd_t) ') -@@ -379,6 +409,14 @@ +@@ -379,6 +410,14 @@ ') optional_policy(` @@ -4421,7 +4422,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups cron_system_entry(cupsd_config_t, cupsd_config_exec_t) ') -@@ -562,7 +600,7 @@ +@@ -562,7 +601,7 @@ dev_read_urand(hplip_t) dev_read_rand(hplip_t) dev_rw_generic_usb_dev(hplip_t) @@ -4430,7 +4431,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups fs_getattr_all_fs(hplip_t) fs_search_auto_mountpoints(hplip_t) -@@ -589,8 +627,6 @@ +@@ -589,8 +628,6 @@ userdom_dontaudit_search_sysadm_home_dirs(hplip_t) userdom_dontaudit_search_all_users_home_content(hplip_t) @@ -5072,7 +5073,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal. +dev_rw_input_dev(hald_keymap_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.te serefpolicy-3.0.3/policy/modules/services/inetd.te --- nsaserefpolicy/policy/modules/services/inetd.te 2007-07-03 07:06:26.000000000 -0400 -+++ serefpolicy-3.0.3/policy/modules/services/inetd.te 2007-07-19 17:08:18.000000000 -0400 ++++ serefpolicy-3.0.3/policy/modules/services/inetd.te 2007-07-20 09:21:48.000000000 -0400 @@ -80,16 +80,21 @@ corenet_udp_bind_comsat_port(inetd_t) corenet_tcp_bind_dbskkd_port(inetd_t) @@ -7548,7 +7549,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.0.3/policy/modules/system/authlogin.if --- nsaserefpolicy/policy/modules/system/authlogin.if 2007-06-15 14:54:34.000000000 -0400 -+++ serefpolicy-3.0.3/policy/modules/system/authlogin.if 2007-07-19 10:36:40.000000000 -0400 ++++ serefpolicy-3.0.3/policy/modules/system/authlogin.if 2007-07-20 11:12:25.000000000 -0400 @@ -27,7 +27,8 @@ domain_type($1_chkpwd_t) domain_entry_file($1_chkpwd_t,chkpwd_exec_t) @@ -7591,7 +7592,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo # for SSP/ProPolice dev_read_urand($1) -@@ -197,22 +207,26 @@ +@@ -197,22 +207,27 @@ mls_fd_share_all_levels($1) auth_domtrans_chk_passwd($1) @@ -7603,6 +7604,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo - auth_append_faillog($1) + auth_rw_faillog($1) auth_exec_pam($1) ++ auth_use_nsswitch($1) init_rw_utmp($1) @@ -7619,7 +7621,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo ') ') -@@ -310,9 +324,6 @@ +@@ -310,9 +325,6 @@ type system_chkpwd_t, chkpwd_exec_t, shadow_t; ') @@ -7629,7 +7631,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo corecmd_search_bin($1) domtrans_pattern($1,chkpwd_exec_t,system_chkpwd_t) -@@ -348,6 +359,37 @@ +@@ -348,6 +360,37 @@ ######################################## ## @@ -7667,7 +7669,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo ## Get the attributes of the shadow passwords file. ## ## -@@ -696,6 +738,24 @@ +@@ -696,6 +739,24 @@ ######################################## ## @@ -7692,7 +7694,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo ## Execute pam programs in the PAM domain. ## ## -@@ -1319,14 +1379,9 @@ +@@ -1319,14 +1380,9 @@ ## # interface(`auth_use_nsswitch',` @@ -7707,7 +7709,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo files_list_var_lib($1) miscfiles_read_certs($1) -@@ -1382,3 +1437,114 @@ +@@ -1382,3 +1438,114 @@ typeattribute $1 can_write_shadow_passwords; typeattribute $1 can_relabelto_shadow_passwords; ') diff --git a/selinux-policy.spec b/selinux-policy.spec index 77e5830..c6d9072 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.0.3 -Release: 2%{?dist} +Release: 3%{?dist} License: GPL Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -359,6 +359,10 @@ exit 0 %endif %changelog +* Fri Jul 20 2007 Dan Walsh 3.0.3-3 +- Allow cups to use generic usb +- fix inetd to be able to run random apps (git) + * Thu Jul 19 2007 Dan Walsh 3.0.3-2 - Add proper contexts for rsyslogd