From e86957d88a5e1852966e7d032cce82e3d1fb64a8 Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Feb 03 2010 22:25:44 +0000 Subject: - Add label for /root/.Xdefaults - Allow xauth to read symbolic links on a NFS filesystem - Add label for /var/run/slim.lock - Add mcelog policy --- diff --git a/modules-minimum.conf b/modules-minimum.conf index e9325ed..7b89489 100644 --- a/modules-minimum.conf +++ b/modules-minimum.conf @@ -884,6 +884,13 @@ lvm = base # mailman = module +# Layer: admin +# Module: mcelog +# +# mcelog is a daemon that collects and decodes Machine Check Exception data on x86-64 machines. +# +mcelog = base + # Layer: kernel # Module: mcs # Required in base diff --git a/modules-mls.conf b/modules-mls.conf index 9eaf94a..94c1969 100644 --- a/modules-mls.conf +++ b/modules-mls.conf @@ -785,6 +785,13 @@ lpd = module # lvm = base +# Layer: admin +# Module: mcelog +# +# mcelog is a daemon that collects and decodes Machine Check Exception data on x86-64 machines. +# +mcelog = base + # Layer: services # Module: mailman # diff --git a/modules-targeted.conf b/modules-targeted.conf index e9325ed..7b89489 100644 --- a/modules-targeted.conf +++ b/modules-targeted.conf @@ -884,6 +884,13 @@ lvm = base # mailman = module +# Layer: admin +# Module: mcelog +# +# mcelog is a daemon that collects and decodes Machine Check Exception data on x86-64 machines. +# +mcelog = base + # Layer: kernel # Module: mcs # Required in base diff --git a/policy-20100106.patch b/policy-20100106.patch index b1ecaa3..c6611ad 100644 --- a/policy-20100106.patch +++ b/policy-20100106.patch @@ -2058,7 +2058,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol miscfiles_read_localization(openvpn_t) diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouth.te serefpolicy-3.6.32/policy/modules/services/plymouth.te --- nsaserefpolicy/policy/modules/services/plymouth.te 2010-01-18 18:24:22.847540282 +0100 -+++ serefpolicy-3.6.32/policy/modules/services/plymouth.te 2010-01-27 16:41:36.145614526 +0100 ++++ serefpolicy-3.6.32/policy/modules/services/plymouth.te 2010-02-03 23:23:09.612821595 +0100 @@ -41,6 +41,19 @@ allow plymouthd_t self:fifo_file rw_fifo_file_perms; allow plymouthd_t self:unix_stream_socket create_stream_socket_perms; @@ -2079,8 +2079,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol kernel_read_system_state(plymouthd_t) kernel_request_load_module(plymouthd_t) kernel_change_ring_buffer_level(plymouthd_t) -@@ -58,18 +71,6 @@ +@@ -56,21 +69,9 @@ + files_read_usr_files(plymouthd_t) + miscfiles_read_localization(plymouthd_t) ++miscfiles_manage_fonts_cache(plymouthd_t) miscfiles_read_fonts(plymouthd_t) -manage_dirs_pattern(plymouthd_t, plymouthd_var_run_t, plymouthd_var_run_t) @@ -2095,9 +2098,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol -manage_files_pattern(plymouthd_t, plymouthd_spool_t, plymouthd_spool_t) -manage_sock_files_pattern(plymouthd_t, plymouthd_spool_t, plymouthd_spool_t) -files_spool_filetrans(plymouthd_t,plymouthd_spool_t, { file dir sock_file }) - +- ######################################## # + # Plymouth private policy @@ -80,8 +81,11 @@ allow plymouth_t self:fifo_file rw_file_perms; allow plymouth_t self:unix_stream_socket create_stream_socket_perms; diff --git a/selinux-policy.spec b/selinux-policy.spec index de1197d..4368629 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -20,7 +20,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.6.32 -Release: 81%{?dist} +Release: 82%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -454,6 +454,12 @@ exit 0 %endif %changelog +* Wed Feb 3 2010 Miroslav Grepl 3.6.32-82 +- Add label for /root/.Xdefaults +- Allow xauth to read symbolic links on a NFS filesystem +- Add label for /var/run/slim.lock +- Add mcelog policy + * Tue Feb 2 2010 Miroslav Grepl 3.6.32-81 - Allow policykit-auth to set attributes on fonts cache directory - Add label for RealPlayer plugins