From de67749970b0d878d38c92adc76cbd2a2a328e47 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Feb 18 2009 19:45:29 +0000 Subject: - add virtual_image_context and virtual_domain_context files --- diff --git a/policy-20090105.patch b/policy-20090105.patch index b427fd6..024557b 100644 --- a/policy-20090105.patch +++ b/policy-20090105.patch @@ -118,6 +118,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con - +system_r:initrc_su_t:s0 user_r:user_t:s0 +user_r:user_t:s0 user_r:user_t:s0 +diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/virtual_domain_context serefpolicy-3.6.6/config/appconfig-mcs/virtual_domain_context +--- nsaserefpolicy/config/appconfig-mcs/virtual_domain_context 1969-12-31 19:00:00.000000000 -0500 ++++ serefpolicy-3.6.6/config/appconfig-mcs/virtual_domain_context 2009-02-18 13:57:20.000000000 -0500 +@@ -0,0 +1 @@ ++system_u:system_r:qemu_t:s0 +diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/virtual_image_context serefpolicy-3.6.6/config/appconfig-mcs/virtual_image_context +--- nsaserefpolicy/config/appconfig-mcs/virtual_image_context 1969-12-31 19:00:00.000000000 -0500 ++++ serefpolicy-3.6.6/config/appconfig-mcs/virtual_image_context 2009-02-18 13:57:52.000000000 -0500 +@@ -0,0 +1 @@ ++system_u:object_r:virt_image_t:s0 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.6.6/config/appconfig-mcs/xguest_u_default_contexts --- nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500 +++ serefpolicy-3.6.6/config/appconfig-mcs/xguest_u_default_contexts 2009-02-16 13:18:06.000000000 -0500 @@ -182,6 +192,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con # -#system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 +#system_r:sshd_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 +diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/virtual_domain_context serefpolicy-3.6.6/config/appconfig-mls/virtual_domain_context +--- nsaserefpolicy/config/appconfig-mls/virtual_domain_context 1969-12-31 19:00:00.000000000 -0500 ++++ serefpolicy-3.6.6/config/appconfig-mls/virtual_domain_context 2009-02-18 13:58:20.000000000 -0500 +@@ -0,0 +1 @@ ++system_u:system_r:qemu_t:s0 +diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/virtual_image_context serefpolicy-3.6.6/config/appconfig-mls/virtual_image_context +--- nsaserefpolicy/config/appconfig-mls/virtual_image_context 1969-12-31 19:00:00.000000000 -0500 ++++ serefpolicy-3.6.6/config/appconfig-mls/virtual_image_context 2009-02-18 13:58:20.000000000 -0500 +@@ -0,0 +1 @@ ++system_u:object_r:virt_image_t:s0 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/xguest_u_default_contexts serefpolicy-3.6.6/config/appconfig-mls/xguest_u_default_contexts --- nsaserefpolicy/config/appconfig-mls/xguest_u_default_contexts 1969-12-31 19:00:00.000000000 -0500 +++ serefpolicy-3.6.6/config/appconfig-mls/xguest_u_default_contexts 2009-02-16 13:18:06.000000000 -0500 @@ -195,7 +215,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con +xguest_r:xguest_t:s0 xguest_r:xguest_t:s0 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.6.6/Makefile --- nsaserefpolicy/Makefile 2009-01-19 11:07:35.000000000 -0500 -+++ serefpolicy-3.6.6/Makefile 2009-02-16 13:18:06.000000000 -0500 ++++ serefpolicy-3.6.6/Makefile 2009-02-18 14:17:28.000000000 -0500 +@@ -241,7 +241,7 @@ + appdir := $(contextpath) + user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts) + user_default_contexts_names := $(addprefix $(contextpath)/users/,$(subst _default_contexts,,$(notdir $(user_default_contexts)))) +-appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts x_contexts customizable_types securetty_types) $(contextpath)/files/media $(user_default_contexts_names) ++appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts x_contexts customizable_types securetty_types virtual_image_context virtual_domain_context) $(contextpath)/files/media $(user_default_contexts_names) + net_contexts := $(builddir)net_contexts + + all_layers := $(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d) @@ -315,20 +315,22 @@ # parse-rolemap modulename,outputfile @@ -26132,7 +26161,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol allow iscsid_t iscsi_tmp_t:dir manage_dir_perms; diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.6/policy/modules/system/libraries.fc --- nsaserefpolicy/policy/modules/system/libraries.fc 2009-01-05 15:39:43.000000000 -0500 -+++ serefpolicy-3.6.6/policy/modules/system/libraries.fc 2009-02-17 08:47:24.000000000 -0500 ++++ serefpolicy-3.6.6/policy/modules/system/libraries.fc 2009-02-18 09:32:59.000000000 -0500 @@ -60,12 +60,15 @@ # # /opt @@ -26277,7 +26306,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ifdef(`distro_suse',` /var/lib/samba/bin/.+\.so(\.[^/]*)* -l gen_context(system_u:object_r:lib_t,s0) ') -@@ -310,3 +335,21 @@ +@@ -310,3 +335,25 @@ /var/spool/postfix/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0) /var/spool/postfix/usr(/.*)? gen_context(system_u:object_r:lib_t,s0) /var/spool/postfix/lib(64)?/ld.*\.so.* -- gen_context(system_u:object_r:ld_so_t,s0) @@ -26299,6 +26328,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol +/opt/google-earth/.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) + +/usr/lib(64)?/nspluginwrapper/np.*\.so -- gen_context(system_u:object_r:lib_t,s0) ++ ++/usr/lib/oracle/.*/lib/libnnz.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) ++ ++/opt/(.*/)?oracle/(.*/)?libnnz.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.6.6/policy/modules/system/libraries.te --- nsaserefpolicy/policy/modules/system/libraries.te 2009-01-05 15:39:43.000000000 -0500 +++ serefpolicy-3.6.6/policy/modules/system/libraries.te 2009-02-16 13:18:06.000000000 -0500 diff --git a/selinux-policy.spec b/selinux-policy.spec index d228f1f..469d389 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,4 +1,4 @@ - %define distro redhat +%define distro redhat %define polyinstatiate n %define monolithic n %if %{?BUILD_TARGETED:0}%{!?BUILD_TARGETED:1} @@ -20,7 +20,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.6.6 -Release: 4%{?dist} +Release: 5%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -137,6 +137,8 @@ bzip2 %{buildroot}/%{_usr}/share/selinux/%1/*.pp %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/dbus_contexts \ %config %{_sysconfdir}/selinux/%1/contexts/x_contexts \ %config %{_sysconfdir}/selinux/%1/contexts/default_contexts \ +%config %{_sysconfdir}/selinux/%1/contexts/virtual_domain_context \ +%config %{_sysconfdir}/selinux/%1/contexts/virtual_image_context \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/default_type \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/failsafe_context \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/initrc_context \ @@ -444,6 +446,9 @@ exit 0 %endif %changelog +* Wed Feb 18 2009 Dan Walsh 3.6.6-5 +- add virtual_image_context and virtual_domain_context files + * Tue Feb 17 2009 Dan Walsh 3.6.6-4 - Allow rpcd_t to send signal to mount_t - Allow libvirtd to run ranged