diff --git a/policy-20071130.patch b/policy-20071130.patch index bd7e535..3d8af6f 100644 --- a/policy-20071130.patch +++ b/policy-20071130.patch @@ -2107,8 +2107,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te +typealias user_gconf_tmp_t alias unconfined_gconf_tmp_t; diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc serefpolicy-3.2.6/policy/modules/apps/gpg.fc --- nsaserefpolicy/policy/modules/apps/gpg.fc 2007-10-12 08:56:02.000000000 -0400 -+++ serefpolicy-3.2.6/policy/modules/apps/gpg.fc 2008-02-01 16:01:42.000000000 -0500 -@@ -1,6 +1,6 @@ ++++ serefpolicy-3.2.6/policy/modules/apps/gpg.fc 2008-02-04 15:34:00.000000000 -0500 +@@ -1,9 +1,9 @@ -HOME_DIR/\.gnupg(/.+)? gen_context(system_u:object_r:ROLE_gpg_secret_t,s0) +HOME_DIR/\.gnupg(/.+)? gen_context(system_u:object_r:user_gpg_secret_t,s0) @@ -2117,6 +2117,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc s /usr/bin/gpg-agent -- gen_context(system_u:object_r:gpg_agent_exec_t,s0) /usr/bin/kgpg -- gen_context(system_u:object_r:gpg_exec_t,s0) /usr/bin/pinentry.* -- gen_context(system_u:object_r:pinentry_exec_t,s0) + +-/usr/lib/gnupg/.* -- gen_context(system_u:object_r:gpg_exec_t,s0) +-/usr/lib/gnupg/gpgkeys.* -- gen_context(system_u:object_r:gpg_helper_exec_t,s0) ++/usr/lib(64)?/gnupg/.* -- gen_context(system_u:object_r:gpg_exec_t,s0) ++/usr/lib(64)?/gnupg/gpgkeys.* -- gen_context(system_u:object_r:gpg_helper_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if serefpolicy-3.2.6/policy/modules/apps/gpg.if --- nsaserefpolicy/policy/modules/apps/gpg.if 2007-07-23 10:20:12.000000000 -0400 +++ serefpolicy-3.2.6/policy/modules/apps/gpg.if 2008-02-01 16:01:42.000000000 -0500 @@ -5677,7 +5682,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy files_mountpoint(vxfs_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.2.6/policy/modules/kernel/kernel.if --- nsaserefpolicy/policy/modules/kernel/kernel.if 2007-10-29 18:02:31.000000000 -0400 -+++ serefpolicy-3.2.6/policy/modules/kernel/kernel.if 2008-02-01 16:01:42.000000000 -0500 ++++ serefpolicy-3.2.6/policy/modules/kernel/kernel.if 2008-02-04 15:09:55.000000000 -0500 @@ -851,9 +851,8 @@ type proc_t, proc_afs_t; ') @@ -5846,7 +5851,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storag /dev/gscd -b gen_context(system_u:object_r:removable_device_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-3.2.6/policy/modules/kernel/storage.if --- nsaserefpolicy/policy/modules/kernel/storage.if 2007-10-29 18:02:31.000000000 -0400 -+++ serefpolicy-3.2.6/policy/modules/kernel/storage.if 2008-02-01 16:01:42.000000000 -0500 ++++ serefpolicy-3.2.6/policy/modules/kernel/storage.if 2008-02-04 15:32:13.000000000 -0500 @@ -81,6 +81,26 @@ ######################################## @@ -15678,12 +15683,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/priv # Local Policy diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.fc serefpolicy-3.2.6/policy/modules/services/procmail.fc --- nsaserefpolicy/policy/modules/services/procmail.fc 2006-11-16 17:15:21.000000000 -0500 -+++ serefpolicy-3.2.6/policy/modules/services/procmail.fc 2008-02-01 16:01:42.000000000 -0500 ++++ serefpolicy-3.2.6/policy/modules/services/procmail.fc 2008-02-04 13:41:13.000000000 -0500 @@ -1,2 +1,5 @@ /usr/bin/procmail -- gen_context(system_u:object_r:procmail_exec_t,s0) + -+/var/log/procmail\.log -- gen_context(system_u:object_r:procmail_log_t,s0) ++/var/log/procmail\.log.* -- gen_context(system_u:object_r:procmail_log_t,s0) +/var/log/procmail(/.*)? gen_context(system_u:object_r:procmail_log_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.if serefpolicy-3.2.6/policy/modules/services/procmail.if --- nsaserefpolicy/policy/modules/services/procmail.if 2007-01-02 12:57:43.000000000 -0500 @@ -18271,7 +18276,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.2.6/policy/modules/services/snmp.te --- nsaserefpolicy/policy/modules/services/snmp.te 2007-12-19 05:32:17.000000000 -0500 -+++ serefpolicy-3.2.6/policy/modules/services/snmp.te 2008-02-01 16:01:42.000000000 -0500 ++++ serefpolicy-3.2.6/policy/modules/services/snmp.te 2008-02-04 16:34:35.000000000 -0500 @@ -18,6 +18,9 @@ type snmpd_var_lib_t; files_type(snmpd_var_lib_t) @@ -18282,7 +18287,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp ######################################## # # Local policy -@@ -81,8 +84,7 @@ +@@ -45,6 +48,7 @@ + + kernel_read_device_sysctls(snmpd_t) + kernel_read_kernel_sysctls(snmpd_t) ++kernel_read_fs_sysctls(snmpd_t) + kernel_read_net_sysctls(snmpd_t) + kernel_read_proc_symlinks(snmpd_t) + kernel_read_system_state(snmpd_t) +@@ -81,8 +85,7 @@ files_read_usr_files(snmpd_t) files_read_etc_runtime_files(snmpd_t) files_search_home(snmpd_t) @@ -23613,8 +23626,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.i +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.te serefpolicy-3.2.6/policy/modules/system/qemu.te --- nsaserefpolicy/policy/modules/system/qemu.te 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-3.2.6/policy/modules/system/qemu.te 2008-02-02 17:19:03.000000000 -0500 -@@ -0,0 +1,58 @@ ++++ serefpolicy-3.2.6/policy/modules/system/qemu.te 2008-02-04 15:32:35.000000000 -0500 +@@ -0,0 +1,60 @@ +policy_module(qemu,1.0.0) + +######################################## @@ -23662,7 +23675,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.t +files_search_all(qemu_t) + +fs_rw_anon_inodefs_files(qemu_t) -+fs_rw_removable_blk_files(qemu_t) ++ ++storage_raw_write_removable_device(qemu_t) ++storage_raw_read_removable_device(qemu_t) + +term_use_ptmx(qemu_t) +term_getattr_pty_fs(qemu_t) @@ -25107,7 +25122,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo +/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.2.6/policy/modules/system/userdomain.if --- nsaserefpolicy/policy/modules/system/userdomain.if 2007-11-29 13:29:35.000000000 -0500 -+++ serefpolicy-3.2.6/policy/modules/system/userdomain.if 2008-02-04 08:23:21.000000000 -0500 ++++ serefpolicy-3.2.6/policy/modules/system/userdomain.if 2008-02-04 15:10:20.000000000 -0500 @@ -29,9 +29,14 @@ ') @@ -25124,7 +25139,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo corecmd_shell_entry_type($1_t) corecmd_bin_entry_type($1_t) domain_user_exemption_target($1_t) -@@ -45,66 +50,71 @@ +@@ -45,66 +50,73 @@ type $1_tty_device_t; term_user_tty($1_t,$1_tty_device_t) @@ -25178,6 +25193,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo + application_exec_all($1_usertype) + + kernel_read_kernel_sysctls($1_usertype) ++ kernel_read_all_sysctls($1_usertype) ++ + kernel_dontaudit_list_unlabeled($1_usertype) + kernel_dontaudit_getattr_unlabeled_files($1_usertype) + kernel_dontaudit_getattr_unlabeled_symlinks($1_usertype) @@ -25249,7 +25266,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo tunable_policy(`allow_execmem',` # Allow loading DSOs that require executable stack. -@@ -115,6 +125,10 @@ +@@ -115,6 +127,10 @@ # Allow making the stack executable via mprotect. allow $1_t self:process execstack; ') @@ -25260,7 +25277,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ####################################### -@@ -141,33 +155,13 @@ +@@ -141,33 +157,13 @@ # template(`userdom_ro_home_template',` gen_require(` @@ -25299,7 +25316,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ############################## # -@@ -175,13 +169,13 @@ +@@ -175,13 +171,13 @@ # # read-only home directory @@ -25320,7 +25337,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo files_list_home($1_t) tunable_policy(`use_nfs_home_dirs',` -@@ -231,30 +225,14 @@ +@@ -231,30 +227,14 @@ # template(`userdom_manage_home_template',` gen_require(` @@ -25357,7 +25374,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ############################## # -@@ -262,43 +240,44 @@ +@@ -262,43 +242,44 @@ # # full control of the home directory @@ -25430,7 +25447,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ') -@@ -316,14 +295,20 @@ +@@ -316,14 +297,20 @@ ## # template(`userdom_exec_home_template',` @@ -25456,7 +25473,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ') -@@ -341,11 +326,10 @@ +@@ -341,11 +328,10 @@ ## # template(`userdom_poly_home_template',` @@ -25472,7 +25489,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ####################################### -@@ -369,18 +353,18 @@ +@@ -369,18 +355,18 @@ # template(`userdom_manage_tmp_template',` gen_require(` @@ -25501,7 +25518,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ####################################### -@@ -396,7 +380,13 @@ +@@ -396,7 +382,13 @@ ## # template(`userdom_exec_tmp_template',` @@ -25516,7 +25533,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ####################################### -@@ -510,10 +500,6 @@ +@@ -510,10 +502,6 @@ ## # template(`userdom_exec_generic_pgms_template',` @@ -25527,7 +25544,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo corecmd_exec_bin($1_t) ') -@@ -531,9 +517,6 @@ +@@ -531,9 +519,6 @@ ## # template(`userdom_basic_networking_template',` @@ -25537,7 +25554,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo allow $1_t self:tcp_socket create_stream_socket_perms; allow $1_t self:udp_socket create_socket_perms; -@@ -548,10 +531,6 @@ +@@ -548,10 +533,6 @@ corenet_udp_sendrecv_all_ports($1_t) corenet_tcp_connect_all_ports($1_t) corenet_sendrecv_all_client_packets($1_t) @@ -25548,7 +25565,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ####################################### -@@ -568,30 +547,29 @@ +@@ -568,30 +549,29 @@ # template(`userdom_xwindows_client_template',` gen_require(` @@ -25595,7 +25612,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ####################################### -@@ -686,183 +664,192 @@ +@@ -686,183 +666,192 @@ dontaudit $1_t self:netlink_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown }; dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write }; @@ -25869,7 +25886,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') optional_policy(` -@@ -889,6 +876,8 @@ +@@ -889,6 +878,8 @@ ## # template(`userdom_login_user_template', ` @@ -25878,7 +25895,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo userdom_base_user_template($1) userdom_manage_home_template($1) -@@ -917,26 +906,26 @@ +@@ -917,26 +908,26 @@ allow $1_t self:context contains; @@ -25919,7 +25936,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo auth_dontaudit_write_login_records($1_t) -@@ -944,43 +933,43 @@ +@@ -944,43 +935,43 @@ # The library functions always try to open read-write first, # then fall back to read-only if it fails. @@ -25981,7 +25998,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ') -@@ -1014,9 +1003,6 @@ +@@ -1014,9 +1005,6 @@ domain_interactive_fd($1_t) typeattribute $1_devpts_t user_ptynode; @@ -25991,7 +26008,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo typeattribute $1_tty_device_t user_ttynode; ############################## -@@ -1025,16 +1011,29 @@ +@@ -1025,16 +1013,29 @@ # # privileged home directory writers @@ -26027,7 +26044,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ####################################### -@@ -1062,6 +1061,13 @@ +@@ -1062,6 +1063,13 @@ userdom_restricted_user_template($1) @@ -26041,7 +26058,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo userdom_xwindows_client_template($1) ############################## -@@ -1070,14 +1076,14 @@ +@@ -1070,14 +1078,14 @@ # authlogin_per_role_template($1, $1_t, $1_r) @@ -26061,7 +26078,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo logging_dontaudit_send_audit_msgs($1_t) # Need to to this just so screensaver will work. Should be moved to screensaver domain -@@ -1085,32 +1091,17 @@ +@@ -1085,32 +1093,17 @@ selinux_get_enforce_mode($1_t) optional_policy(` @@ -26101,7 +26118,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ') -@@ -1121,10 +1112,10 @@ +@@ -1121,10 +1114,10 @@ ## ## ##

@@ -26116,7 +26133,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ## This template creates a user domain, types, and ## rules for the user's tty, pty, home directories, ## tmp, and tmpfs files. -@@ -1187,12 +1178,11 @@ +@@ -1187,12 +1180,11 @@ # and may change other protocols tunable_policy(`user_tcp_server',` corenet_tcp_bind_all_nodes($1_t) @@ -26131,7 +26148,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') # Run pppd in pppd_t by default for user -@@ -1201,7 +1191,7 @@ +@@ -1201,7 +1193,7 @@ ') optional_policy(` @@ -26140,7 +26157,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ') -@@ -1278,8 +1268,6 @@ +@@ -1278,8 +1270,6 @@ # Manipulate other users crontab. allow $1_t self:passwd crontab; @@ -26149,7 +26166,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo kernel_read_software_raid_state($1_t) kernel_getattr_core_if($1_t) kernel_getattr_message_if($1_t) -@@ -1357,13 +1345,6 @@ +@@ -1357,13 +1347,6 @@ # But presently necessary for installing the file_contexts file. seutil_manage_bin_policy($1_t) @@ -26163,7 +26180,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo optional_policy(` userhelper_exec($1_t) ') -@@ -1416,6 +1397,7 @@ +@@ -1416,6 +1399,7 @@ dev_relabel_all_dev_nodes($1) files_create_boot_flag($1) @@ -26171,7 +26188,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo # Necessary for managing /boot/efi fs_manage_dos_files($1) -@@ -1781,10 +1763,14 @@ +@@ -1781,10 +1765,14 @@ template(`userdom_user_home_content',` gen_require(` attribute $1_file_type; @@ -26187,7 +26204,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -1880,11 +1866,11 @@ +@@ -1880,11 +1868,11 @@ # template(`userdom_search_user_home_dirs',` gen_require(` @@ -26201,7 +26218,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -1914,11 +1900,11 @@ +@@ -1914,11 +1902,11 @@ # template(`userdom_list_user_home_dirs',` gen_require(` @@ -26215,7 +26232,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -1962,12 +1948,12 @@ +@@ -1962,12 +1950,12 @@ # template(`userdom_user_home_domtrans',` gen_require(` @@ -26231,7 +26248,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -1997,10 +1983,10 @@ +@@ -1997,10 +1985,10 @@ # template(`userdom_dontaudit_list_user_home_dirs',` gen_require(` @@ -26244,7 +26261,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -2032,11 +2018,47 @@ +@@ -2032,11 +2020,47 @@ # template(`userdom_manage_user_home_content_dirs',` gen_require(` @@ -26294,7 +26311,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -2068,10 +2090,10 @@ +@@ -2068,10 +2092,10 @@ # template(`userdom_dontaudit_setattr_user_home_content_files',` gen_require(` @@ -26307,7 +26324,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -2101,11 +2123,11 @@ +@@ -2101,11 +2125,11 @@ # template(`userdom_read_user_home_content_files',` gen_require(` @@ -26321,7 +26338,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -2135,11 +2157,11 @@ +@@ -2135,11 +2159,11 @@ # template(`userdom_dontaudit_read_user_home_content_files',` gen_require(` @@ -26336,7 +26353,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -2169,10 +2191,10 @@ +@@ -2169,10 +2193,10 @@ # template(`userdom_dontaudit_write_user_home_content_files',` gen_require(` @@ -26349,7 +26366,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -2202,11 +2224,11 @@ +@@ -2202,11 +2226,11 @@ # template(`userdom_read_user_home_content_symlinks',` gen_require(` @@ -26363,7 +26380,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -2236,11 +2258,11 @@ +@@ -2236,11 +2260,11 @@ # template(`userdom_exec_user_home_content_files',` gen_require(` @@ -26377,7 +26394,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -2270,10 +2292,10 @@ +@@ -2270,10 +2294,10 @@ # template(`userdom_dontaudit_exec_user_home_content_files',` gen_require(` @@ -26390,7 +26407,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -2305,12 +2327,12 @@ +@@ -2305,12 +2329,12 @@ # template(`userdom_manage_user_home_content_files',` gen_require(` @@ -26406,7 +26423,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -2342,10 +2364,10 @@ +@@ -2342,10 +2366,10 @@ # template(`userdom_dontaudit_manage_user_home_content_dirs',` gen_require(` @@ -26419,7 +26436,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -2377,12 +2399,12 @@ +@@ -2377,12 +2401,12 @@ # template(`userdom_manage_user_home_content_symlinks',` gen_require(` @@ -26435,7 +26452,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -2414,12 +2436,12 @@ +@@ -2414,12 +2438,12 @@ # template(`userdom_manage_user_home_content_pipes',` gen_require(` @@ -26451,7 +26468,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -2451,12 +2473,12 @@ +@@ -2451,12 +2475,12 @@ # template(`userdom_manage_user_home_content_sockets',` gen_require(` @@ -26467,7 +26484,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -2501,11 +2523,11 @@ +@@ -2501,11 +2525,11 @@ # template(`userdom_user_home_dir_filetrans',` gen_require(` @@ -26481,7 +26498,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -2550,11 +2572,11 @@ +@@ -2550,11 +2574,11 @@ # template(`userdom_user_home_content_filetrans',` gen_require(` @@ -26495,7 +26512,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -2594,11 +2616,11 @@ +@@ -2594,11 +2618,11 @@ # template(`userdom_user_home_dir_filetrans_user_home_content',` gen_require(` @@ -26509,7 +26526,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -2628,11 +2650,11 @@ +@@ -2628,11 +2652,11 @@ # template(`userdom_write_user_tmp_sockets',` gen_require(` @@ -26523,7 +26540,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -2662,11 +2684,11 @@ +@@ -2662,11 +2686,11 @@ # template(`userdom_list_user_tmp',` gen_require(` @@ -26537,7 +26554,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -2698,10 +2720,10 @@ +@@ -2698,10 +2722,10 @@ # template(`userdom_dontaudit_list_user_tmp',` gen_require(` @@ -26550,7 +26567,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -2733,10 +2755,10 @@ +@@ -2733,10 +2757,10 @@ # template(`userdom_dontaudit_manage_user_tmp_dirs',` gen_require(` @@ -26563,7 +26580,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -2766,12 +2788,12 @@ +@@ -2766,12 +2790,12 @@ # template(`userdom_read_user_tmp_files',` gen_require(` @@ -26579,7 +26596,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -2803,10 +2825,10 @@ +@@ -2803,10 +2827,10 @@ # template(`userdom_dontaudit_read_user_tmp_files',` gen_require(` @@ -26592,7 +26609,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -2838,10 +2860,48 @@ +@@ -2838,10 +2862,48 @@ # template(`userdom_dontaudit_append_user_tmp_files',` gen_require(` @@ -26643,7 +26660,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -2871,12 +2931,12 @@ +@@ -2871,12 +2933,12 @@ # template(`userdom_rw_user_tmp_files',` gen_require(` @@ -26659,7 +26676,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -2908,10 +2968,10 @@ +@@ -2908,10 +2970,10 @@ # template(`userdom_dontaudit_manage_user_tmp_files',` gen_require(` @@ -26672,7 +26689,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -2943,12 +3003,12 @@ +@@ -2943,12 +3005,12 @@ # template(`userdom_read_user_tmp_symlinks',` gen_require(` @@ -26688,7 +26705,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -2980,11 +3040,11 @@ +@@ -2980,11 +3042,11 @@ # template(`userdom_manage_user_tmp_dirs',` gen_require(` @@ -26702,7 +26719,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -3016,11 +3076,11 @@ +@@ -3016,11 +3078,11 @@ # template(`userdom_manage_user_tmp_files',` gen_require(` @@ -26716,7 +26733,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -3052,11 +3112,11 @@ +@@ -3052,11 +3114,11 @@ # template(`userdom_manage_user_tmp_symlinks',` gen_require(` @@ -26730,7 +26747,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -3088,11 +3148,11 @@ +@@ -3088,11 +3150,11 @@ # template(`userdom_manage_user_tmp_pipes',` gen_require(` @@ -26744,7 +26761,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -3124,11 +3184,11 @@ +@@ -3124,11 +3186,11 @@ # template(`userdom_manage_user_tmp_sockets',` gen_require(` @@ -26758,7 +26775,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -3173,10 +3233,10 @@ +@@ -3173,10 +3235,10 @@ # template(`userdom_user_tmp_filetrans',` gen_require(` @@ -26771,7 +26788,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo files_search_tmp($2) ') -@@ -3217,10 +3277,10 @@ +@@ -3217,10 +3279,10 @@ # template(`userdom_tmp_filetrans_user_tmp',` gen_require(` @@ -26784,7 +26801,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -3248,6 +3308,42 @@ +@@ -3248,6 +3310,42 @@ ## ## # @@ -26827,7 +26844,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo template(`userdom_rw_user_tmpfs_files',` gen_require(` type $1_tmpfs_t; -@@ -4225,11 +4321,11 @@ +@@ -4225,11 +4323,11 @@ # interface(`userdom_search_staff_home_dirs',` gen_require(` @@ -26841,7 +26858,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -4245,10 +4341,10 @@ +@@ -4245,10 +4343,10 @@ # interface(`userdom_dontaudit_search_staff_home_dirs',` gen_require(` @@ -26854,7 +26871,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -4264,11 +4360,11 @@ +@@ -4264,11 +4362,11 @@ # interface(`userdom_manage_staff_home_dirs',` gen_require(` @@ -26868,7 +26885,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -4283,16 +4379,16 @@ +@@ -4283,16 +4381,16 @@ # interface(`userdom_relabelto_staff_home_dirs',` gen_require(` @@ -26888,7 +26905,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ## users home directory. ## ## -@@ -4301,12 +4397,27 @@ +@@ -4301,12 +4399,27 @@ ## ## # @@ -26919,7 +26936,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -4321,13 +4432,13 @@ +@@ -4321,13 +4434,13 @@ # interface(`userdom_read_staff_home_content_files',` gen_require(` @@ -26937,7 +26954,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -4525,10 +4636,10 @@ +@@ -4525,10 +4638,10 @@ # interface(`userdom_getattr_sysadm_home_dirs',` gen_require(` @@ -26950,7 +26967,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -4545,10 +4656,10 @@ +@@ -4545,10 +4658,10 @@ # interface(`userdom_dontaudit_getattr_sysadm_home_dirs',` gen_require(` @@ -26963,7 +26980,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -4563,10 +4674,10 @@ +@@ -4563,10 +4676,10 @@ # interface(`userdom_search_sysadm_home_dirs',` gen_require(` @@ -26976,7 +26993,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -4582,10 +4693,10 @@ +@@ -4582,10 +4695,10 @@ # interface(`userdom_dontaudit_search_sysadm_home_dirs',` gen_require(` @@ -26989,7 +27006,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -4600,10 +4711,10 @@ +@@ -4600,10 +4713,10 @@ # interface(`userdom_list_sysadm_home_dirs',` gen_require(` @@ -27002,7 +27019,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -4619,10 +4730,10 @@ +@@ -4619,10 +4732,10 @@ # interface(`userdom_dontaudit_list_sysadm_home_dirs',` gen_require(` @@ -27015,7 +27032,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -4638,12 +4749,11 @@ +@@ -4638,12 +4751,11 @@ # interface(`userdom_dontaudit_read_sysadm_home_content_files',` gen_require(` @@ -27031,7 +27048,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -4670,10 +4780,10 @@ +@@ -4670,10 +4782,10 @@ # interface(`userdom_sysadm_home_dir_filetrans',` gen_require(` @@ -27044,7 +27061,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -4688,10 +4798,10 @@ +@@ -4688,10 +4800,10 @@ # interface(`userdom_search_sysadm_home_content_dirs',` gen_require(` @@ -27057,7 +27074,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -4706,13 +4816,13 @@ +@@ -4706,13 +4818,13 @@ # interface(`userdom_read_sysadm_home_content_files',` gen_require(` @@ -27075,7 +27092,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -4748,11 +4858,49 @@ +@@ -4748,11 +4860,49 @@ # interface(`userdom_search_all_users_home_dirs',` gen_require(` @@ -27126,7 +27143,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -4772,6 +4920,14 @@ +@@ -4772,6 +4922,14 @@ files_list_home($1) allow $1 home_dir_type:dir list_dir_perms; @@ -27141,7 +27158,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') ######################################## -@@ -4833,6 +4989,26 @@ +@@ -4833,6 +4991,26 @@ ######################################## ##

@@ -27168,7 +27185,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ## Create, read, write, and delete all directories ## in all users home directories. ## -@@ -4853,6 +5029,25 @@ +@@ -4853,6 +5031,25 @@ ######################################## ## @@ -27194,7 +27211,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ## Create, read, write, and delete all files ## in all users home directories. ## -@@ -4873,6 +5068,26 @@ +@@ -4873,6 +5070,26 @@ ######################################## ## @@ -27221,7 +27238,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ## Create, read, write, and delete all symlinks ## in all users home directories. ## -@@ -5109,7 +5324,7 @@ +@@ -5109,7 +5326,7 @@ # interface(`userdom_relabelto_generic_user_home_dirs',` gen_require(` @@ -27230,7 +27247,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ') files_search_home($1) -@@ -5298,6 +5513,50 @@ +@@ -5298,6 +5515,50 @@ ######################################## ## @@ -27281,7 +27298,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ## Create, read, write, and delete directories in ## unprivileged users home directories. ## -@@ -5503,6 +5762,42 @@ +@@ -5503,6 +5764,42 @@ ######################################## ## @@ -27324,7 +27341,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ## Read and write unprivileged user ttys. ## ## -@@ -5668,6 +5963,42 @@ +@@ -5668,6 +5965,42 @@ ######################################## ## @@ -27367,7 +27384,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo ## Send a dbus message to all user domains. ## ## -@@ -5698,3 +6029,277 @@ +@@ -5698,3 +6031,277 @@ interface(`userdom_unconfined',` refpolicywarn(`$0($*) has been deprecated.') ') diff --git a/selinux-policy.spec b/selinux-policy.spec index 3d46d9b..fcec733 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.2.6 -Release: 4%{?dist} +Release: 5%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -387,6 +387,9 @@ exit 0 %endif %changelog +* Mon Feb 4 2008 Dan Walsh 3.2.6-5 +- Fixes for libvirt + * Sun Feb 3 2008 Dan Walsh 3.2.6-4 - Fixes for nsplugin