From 6768ce1bf9485f0bc4f50278769b1c91a6b31300 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Oct 21 2008 18:32:06 +0000 Subject: - Remove mod_fcgid-selinux package --- diff --git a/policy-20071130.patch b/policy-20071130.patch index 5825877..34bd537 100644 --- a/policy-20071130.patch +++ b/policy-20071130.patch @@ -11329,7 +11329,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.3.1/policy/modules/services/apache.te --- nsaserefpolicy/policy/modules/services/apache.te 2008-06-12 23:38:01.000000000 -0400 -+++ serefpolicy-3.3.1/policy/modules/services/apache.te 2008-10-14 11:43:20.000000000 -0400 ++++ serefpolicy-3.3.1/policy/modules/services/apache.te 2008-10-21 09:36:20.000000000 -0400 @@ -20,6 +20,8 @@ # Declarations # @@ -11434,17 +11434,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac # httpd_modules_t is the type given to module files (libraries) # that come with Apache /etc/httpd/modules and /usr/lib/apache type httpd_modules_t; -@@ -180,6 +220,9 @@ +@@ -180,6 +220,12 @@ # setup the system domain for system CGI scripts apache_content_template(sys) ++typealias httpd_sys_script_exec_t alias httpd_fastcgi_script_exec_t; ++typealias httpd_sys_content_t alias httpd_fastcgi_content_t; ++typealias httpd_sys_content_rw_t alias httpd_fastcgi_content_rw_t; +typeattribute httpd_sys_content_t httpdcontent, httpd_ro_content; # customizable +typeattribute httpd_sys_content_rw_t httpdcontent, httpd_rw_content; # customizable +typeattribute httpd_sys_content_ra_t httpdcontent; # customizable type httpd_tmp_t; files_tmp_file(httpd_tmp_t) -@@ -202,12 +245,16 @@ +@@ -202,12 +248,16 @@ prelink_object_file(httpd_modules_t) ') @@ -11462,7 +11465,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac dontaudit httpd_t self:capability { net_admin sys_tty_config }; allow httpd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap }; allow httpd_t self:fd use; -@@ -249,6 +296,7 @@ +@@ -249,6 +299,7 @@ allow httpd_t httpd_modules_t:dir list_dir_perms; mmap_files_pattern(httpd_t,httpd_modules_t,httpd_modules_t) read_files_pattern(httpd_t,httpd_modules_t,httpd_modules_t) @@ -11470,7 +11473,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac apache_domtrans_rotatelogs(httpd_t) # Apache-httpd needs to be able to send signals to the log rotate procs. -@@ -260,9 +308,9 @@ +@@ -260,9 +311,9 @@ allow httpd_t httpd_suexec_exec_t:file { getattr read }; @@ -11483,7 +11486,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac manage_dirs_pattern(httpd_t,httpd_tmp_t,httpd_tmp_t) manage_files_pattern(httpd_t,httpd_tmp_t,httpd_tmp_t) -@@ -289,6 +337,7 @@ +@@ -289,6 +340,7 @@ kernel_read_kernel_sysctls(httpd_t) # for modules that want to access /proc/meminfo kernel_read_system_state(httpd_t) @@ -11491,7 +11494,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac corenet_all_recvfrom_unlabeled(httpd_t) corenet_all_recvfrom_netlabel(httpd_t) -@@ -299,6 +348,7 @@ +@@ -299,6 +351,7 @@ corenet_tcp_sendrecv_all_ports(httpd_t) corenet_udp_sendrecv_all_ports(httpd_t) corenet_tcp_bind_all_nodes(httpd_t) @@ -11499,7 +11502,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac corenet_tcp_bind_http_port(httpd_t) corenet_tcp_bind_http_cache_port(httpd_t) corenet_sendrecv_http_server_packets(httpd_t) -@@ -315,9 +365,7 @@ +@@ -315,9 +368,7 @@ auth_use_nsswitch(httpd_t) @@ -11510,7 +11513,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac domain_use_interactive_fds(httpd_t) -@@ -335,6 +383,10 @@ +@@ -335,6 +386,10 @@ files_read_var_lib_symlinks(httpd_t) fs_search_auto_mountpoints(httpd_sys_script_t) @@ -11521,7 +11524,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac libs_use_ld_so(httpd_t) libs_use_shared_libs(httpd_t) -@@ -351,25 +403,50 @@ +@@ -351,25 +406,50 @@ userdom_use_unpriv_users_fds(httpd_t) @@ -11576,7 +11579,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac tunable_policy(`httpd_can_network_relay',` # allow httpd to work as a relay corenet_tcp_connect_gopher_port(httpd_t) -@@ -382,12 +459,26 @@ +@@ -382,12 +462,26 @@ corenet_sendrecv_http_cache_client_packets(httpd_t) ') @@ -11608,7 +11611,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac ') tunable_policy(`httpd_enable_ftp_server',` -@@ -399,11 +490,21 @@ +@@ -399,11 +493,21 @@ fs_read_nfs_symlinks(httpd_t) ') @@ -11630,7 +11633,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac tunable_policy(`httpd_ssi_exec',` corecmd_shell_domtrans(httpd_t,httpd_sys_script_t) allow httpd_sys_script_t httpd_t:fd use; -@@ -437,8 +538,13 @@ +@@ -437,8 +541,13 @@ ') optional_policy(` @@ -11646,7 +11649,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac ') optional_policy(` -@@ -450,19 +556,13 @@ +@@ -450,19 +559,13 @@ ') optional_policy(` @@ -11667,7 +11670,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac ') optional_policy(` -@@ -472,13 +572,23 @@ +@@ -472,13 +575,23 @@ openca_kill(httpd_t) ') @@ -11695,7 +11698,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac ') optional_policy(` -@@ -486,6 +596,7 @@ +@@ -486,6 +599,7 @@ ') optional_policy(` @@ -11703,7 +11706,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac snmp_dontaudit_read_snmp_var_lib_files(httpd_t) snmp_dontaudit_write_snmp_var_lib_files(httpd_t) ') -@@ -521,6 +632,22 @@ +@@ -521,6 +635,22 @@ userdom_use_sysadm_terms(httpd_helper_t) ') @@ -11726,7 +11729,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac ######################################## # # Apache PHP script local policy -@@ -550,18 +677,26 @@ +@@ -550,18 +680,26 @@ fs_search_auto_mountpoints(httpd_php_t) @@ -11756,7 +11759,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac ') ######################################## -@@ -585,6 +720,8 @@ +@@ -585,6 +723,8 @@ manage_files_pattern(httpd_suexec_t,httpd_suexec_tmp_t,httpd_suexec_tmp_t) files_tmp_filetrans(httpd_suexec_t, httpd_suexec_tmp_t, { file dir }) @@ -11765,7 +11768,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac kernel_read_kernel_sysctls(httpd_suexec_t) kernel_list_proc(httpd_suexec_t) kernel_read_proc_symlinks(httpd_suexec_t) -@@ -593,9 +730,7 @@ +@@ -593,9 +733,7 @@ fs_search_auto_mountpoints(httpd_suexec_t) @@ -11776,7 +11779,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac files_read_etc_files(httpd_suexec_t) files_read_usr_files(httpd_suexec_t) -@@ -628,6 +763,7 @@ +@@ -628,6 +766,7 @@ corenet_sendrecv_all_client_packets(httpd_suexec_t) ') @@ -11784,7 +11787,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac tunable_policy(`httpd_enable_cgi && httpd_unified',` domtrans_pattern(httpd_suexec_t, httpdcontent, httpd_sys_script_t) ') -@@ -638,6 +774,12 @@ +@@ -638,6 +777,12 @@ fs_exec_nfs_files(httpd_suexec_t) ') @@ -11797,7 +11800,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',` fs_read_cifs_files(httpd_suexec_t) fs_read_cifs_symlinks(httpd_suexec_t) -@@ -655,10 +797,6 @@ +@@ -655,10 +800,6 @@ dontaudit httpd_suexec_t httpd_t:unix_stream_socket { read write }; ') @@ -11808,7 +11811,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac ######################################## # # Apache system script local policy -@@ -668,7 +806,8 @@ +@@ -668,7 +809,8 @@ dontaudit httpd_sys_script_t httpd_config_t:dir search; @@ -11818,7 +11821,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac allow httpd_sys_script_t squirrelmail_spool_t:dir list_dir_perms; read_files_pattern(httpd_sys_script_t,squirrelmail_spool_t,squirrelmail_spool_t) -@@ -682,15 +821,46 @@ +@@ -682,15 +824,46 @@ # Should we add a boolean? apache_domtrans_rotatelogs(httpd_sys_script_t) @@ -11866,7 +11869,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',` fs_read_cifs_files(httpd_sys_script_t) fs_read_cifs_symlinks(httpd_sys_script_t) -@@ -703,6 +873,10 @@ +@@ -703,6 +876,10 @@ optional_policy(` mysql_stream_connect(httpd_sys_script_t) mysql_rw_db_sockets(httpd_sys_script_t) @@ -11877,7 +11880,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac ') ######################################## -@@ -724,3 +898,71 @@ +@@ -724,3 +901,71 @@ logging_search_logs(httpd_rotatelogs_t) miscfiles_read_localization(httpd_rotatelogs_t) @@ -22854,7 +22857,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.3.1/policy/modules/services/postfix.te --- nsaserefpolicy/policy/modules/services/postfix.te 2008-06-12 23:38:02.000000000 -0400 -+++ serefpolicy-3.3.1/policy/modules/services/postfix.te 2008-10-14 11:43:20.000000000 -0400 ++++ serefpolicy-3.3.1/policy/modules/services/postfix.te 2008-10-21 11:22:47.000000000 -0400 @@ -6,6 +6,14 @@ # Declarations # @@ -23056,17 +23059,21 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post uucp_domtrans_uux(postfix_pipe_t) ') -@@ -436,8 +489,7 @@ +@@ -436,8 +489,11 @@ ') optional_policy(` - ppp_use_fds(postfix_postqueue_t) - ppp_sigchld(postfix_postqueue_t) ++ sendmail_rw_unix_stream_sockets(postfix_postdrop_t) ++') ++ ++optional_policy(` + uucp_manage_spool(postfix_postdrop_t) ') ####################################### -@@ -463,6 +515,15 @@ +@@ -463,6 +519,15 @@ init_sigchld_script(postfix_postqueue_t) init_use_script_fds(postfix_postqueue_t) @@ -23082,7 +23089,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post ######################################## # # Postfix qmgr local policy -@@ -532,9 +593,6 @@ +@@ -532,9 +597,6 @@ # connect to master process stream_connect_pattern(postfix_smtpd_t,{ postfix_private_t postfix_public_t },{ postfix_private_t postfix_public_t },postfix_master_t) @@ -23092,7 +23099,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post # for prng_exch allow postfix_smtpd_t postfix_spool_t:file rw_file_perms; allow postfix_smtpd_t postfix_prng_t:file rw_file_perms; -@@ -557,6 +615,10 @@ +@@ -557,6 +619,10 @@ sasl_connect(postfix_smtpd_t) ') @@ -23103,7 +23110,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post ######################################## # # Postfix virtual local policy -@@ -572,7 +634,7 @@ +@@ -572,7 +638,7 @@ files_tmp_filetrans(postfix_virtual_t, postfix_virtual_tmp_t, { file dir }) # connect to master process diff --git a/selinux-policy.spec b/selinux-policy.spec index 4c7229a..5c3d7f8 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.3.1 -Release: 103%{?dist} +Release: 104%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -278,6 +278,7 @@ Obsoletes: selinux-policy-targeted-sources < 2 Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} Requires(pre): coreutils Requires(pre): selinux-policy = %{version}-%{release} +Obsoletes: mod_fcgid-selinux %description targeted SELinux Reference policy targeted base module. @@ -386,6 +387,9 @@ exit 0 %endif %changelog +* Mon Oct 20 2008 Dan Walsh 3.3.1-104 +- Remove mod_fcgid-selinux package + * Mon Oct 20 2008 Dan Walsh 3.3.1-103 - More fixes for new netoworkmanager - Fixes for MLS initrc scripts