diff --git a/policy-20070501.patch b/policy-20070501.patch index b7a7ef4..51ce8bc 100644 --- a/policy-20070501.patch +++ b/policy-20070501.patch @@ -173,6 +173,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc +/etc/asound(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0) /usr/bin/ainit -- gen_context(system_u:object_r:alsa_exec_t,s0) +diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-2.6.4/policy/modules/admin/alsa.te +--- nsaserefpolicy/policy/modules/admin/alsa.te 2007-01-02 12:57:51.000000000 -0500 ++++ serefpolicy-2.6.4/policy/modules/admin/alsa.te 2007-05-16 17:09:24.000000000 -0400 +@@ -48,3 +48,8 @@ + optional_policy(` + nscd_socket_use(alsa_t) + ') ++ ++optional_policy(` ++ hal_write_log(alsa_t) ++') ++ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.fc serefpolicy-2.6.4/policy/modules/admin/amtu.fc --- nsaserefpolicy/policy/modules/admin/amtu.fc 1969-12-31 19:00:00.000000000 -0500 +++ serefpolicy-2.6.4/policy/modules/admin/amtu.fc 2007-05-08 09:59:33.000000000 -0400 @@ -411,7 +423,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatc fs_dontaudit_list_auto_mountpoints(logwatch_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-2.6.4/policy/modules/admin/netutils.te --- nsaserefpolicy/policy/modules/admin/netutils.te 2007-04-30 10:41:38.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/admin/netutils.te 2007-05-08 09:59:33.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/admin/netutils.te 2007-05-16 13:16:15.000000000 -0400 @@ -31,6 +31,7 @@ type traceroute_t; type traceroute_exec_t; @@ -1658,7 +1670,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.6.4/policy/modules/kernel/filesystem.te --- nsaserefpolicy/policy/modules/kernel/filesystem.te 2007-04-23 09:35:56.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/kernel/filesystem.te 2007-05-16 09:21:57.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/kernel/filesystem.te 2007-05-16 11:07:59.000000000 -0400 @@ -54,17 +54,29 @@ type capifs_t; @@ -6801,7 +6813,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-2.6.4/policy/modules/system/modutils.te --- nsaserefpolicy/policy/modules/system/modutils.te 2007-05-02 15:04:46.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/modutils.te 2007-05-08 09:59:33.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/modutils.te 2007-05-16 17:09:16.000000000 -0400 @@ -102,6 +102,7 @@ init_use_fds(insmod_t) init_use_script_fds(insmod_t) @@ -6810,7 +6822,22 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti libs_use_ld_so(insmod_t) libs_use_shared_libs(insmod_t) -@@ -155,6 +156,7 @@ +@@ -123,6 +124,14 @@ + ') + + optional_policy(` ++ alsa_domtrans(insmod_t) ++') ++ ++optional_policy(` ++ hal_write_log(insmod_t) ++') ++ ++optional_policy(` + hotplug_search_config(insmod_t) + ') + +@@ -155,6 +164,7 @@ optional_policy(` rpm_rw_pipes(insmod_t) @@ -6818,7 +6845,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti ') optional_policy(` -@@ -185,6 +187,7 @@ +@@ -185,6 +195,7 @@ files_read_kernel_symbol_table(depmod_t) files_read_kernel_modules(depmod_t) @@ -8418,7 +8445,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/misc_patterns allow $1 $2:{ file lnk_file } { read getattr }; diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-2.6.4/policy/support/obj_perm_sets.spt --- nsaserefpolicy/policy/support/obj_perm_sets.spt 2007-05-04 12:19:23.000000000 -0400 -+++ serefpolicy-2.6.4/policy/support/obj_perm_sets.spt 2007-05-08 09:59:33.000000000 -0400 ++++ serefpolicy-2.6.4/policy/support/obj_perm_sets.spt 2007-05-16 14:13:26.000000000 -0400 @@ -203,7 +203,6 @@ define(`add_entry_dir_perms',`{ getattr search lock ioctl write add_name }') define(`del_entry_dir_perms',`{ getattr search lock ioctl write remove_name }') diff --git a/selinux-policy.spec b/selinux-policy.spec index ad67dc3..dd3339e 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 2.6.4 -Release: 2%{?dist} +Release: 3%{?dist} License: GPL Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -359,6 +359,11 @@ semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init %endif %changelog +* Wed May 16 2007 Dan Walsh 2.6.4-3 +- Fixes for suspend resume. + - insmod domtrans to alsactl + - insmod writes to hal log + * Wed May 16 2007 Dan Walsh 2.6.4-2 - Allow unconfined_t to transition to NetworkManager_t - Fix netlabel policy