diff --git a/policy-20080710.patch b/policy-20080710.patch index f30df6b..a3a9458 100644 --- a/policy-20080710.patch +++ b/policy-20080710.patch @@ -17541,7 +17541,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetc diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.5.13/policy/modules/services/ftp.te --- nsaserefpolicy/policy/modules/services/ftp.te 2008-10-17 14:49:13.000000000 +0200 -+++ serefpolicy-3.5.13/policy/modules/services/ftp.te 2009-05-15 09:30:07.000000000 +0200 ++++ serefpolicy-3.5.13/policy/modules/services/ftp.te 2009-07-03 11:05:13.000000000 +0200 @@ -26,7 +26,7 @@ ## ##

@@ -17575,15 +17575,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp. type ftpd_t; type ftpd_exec_t; init_daemon_domain(ftpd_t, ftpd_exec_t) -@@ -92,6 +100,7 @@ +@@ -92,6 +100,8 @@ allow ftpd_t self:unix_stream_socket create_stream_socket_perms; allow ftpd_t self:tcp_socket create_stream_socket_perms; allow ftpd_t self:udp_socket create_socket_perms; ++allow ftpd_t self:shm create_shm_perms; +allow ftpd_t self:key manage_key_perms; allow ftpd_t ftpd_etc_t:file read_file_perms; -@@ -158,8 +167,10 @@ +@@ -158,8 +168,10 @@ files_read_etc_runtime_files(ftpd_t) files_search_var_lib(ftpd_t) @@ -17594,7 +17595,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp. auth_use_nsswitch(ftpd_t) auth_domtrans_chk_passwd(ftpd_t) -@@ -226,8 +237,16 @@ +@@ -226,8 +238,16 @@ userdom_manage_all_users_home_content_dirs(ftpd_t) userdom_manage_all_users_home_content_files(ftpd_t) userdom_manage_all_users_home_content_symlinks(ftpd_t) @@ -17611,7 +17612,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp. tunable_policy(`ftp_home_dir && use_nfs_home_dirs',` fs_manage_nfs_files(ftpd_t) fs_read_nfs_symlinks(ftpd_t) -@@ -238,6 +257,11 @@ +@@ -238,6 +258,11 @@ fs_read_cifs_symlinks(ftpd_t) ') @@ -17623,7 +17624,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp. optional_policy(` tunable_policy(`ftp_home_dir',` apache_search_sys_content(ftpd_t) -@@ -245,6 +269,18 @@ +@@ -245,6 +270,18 @@ ') optional_policy(` @@ -17642,7 +17643,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp. corecmd_exec_shell(ftpd_t) files_read_usr_files(ftpd_t) -@@ -261,7 +297,9 @@ +@@ -261,7 +298,9 @@ ') optional_policy(` @@ -17653,7 +17654,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp. ') optional_policy(` -@@ -273,6 +311,14 @@ +@@ -273,6 +312,14 @@ ') optional_policy(` @@ -33826,7 +33827,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi. allow iscsid_t iscsi_tmp_t:dir manage_dir_perms; diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.5.13/policy/modules/system/libraries.fc --- nsaserefpolicy/policy/modules/system/libraries.fc 2008-10-17 14:49:13.000000000 +0200 -+++ serefpolicy-3.5.13/policy/modules/system/libraries.fc 2009-06-11 12:23:47.000000000 +0200 ++++ serefpolicy-3.5.13/policy/modules/system/libraries.fc 2009-06-29 15:07:26.000000000 +0200 @@ -60,12 +60,15 @@ # # /opt @@ -33978,7 +33979,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar # Jai, Sun Microsystems (Jpackage SPRM) /usr/lib(64)?/libmlib_jai\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/libdivxdecore\.so\.0 -- gen_context(system_u:object_r:textrel_shlib_t,s0) -@@ -267,6 +293,9 @@ +@@ -263,10 +289,14 @@ + /usr/lib(64)?/python2.4/site-packages/M2Crypto/__m2crypto\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) + + # vmware ++HOME_DIR/\.mozilla(/.*)?/plugins/np-vmware-vmrc-.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) + /usr/lib(64)?/vmware/lib(/.*)?/libgdk-x11-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/vmware/lib(/.*)?/HConfig\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/vmware/(.*/)?VmPerl\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -33988,7 +33994,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar # Java, Sun Microsystems (JPackage SRPM) /usr/(.*/)?jre.*/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/local/(.*/)?jre.*/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -@@ -283,6 +312,7 @@ +@@ -283,6 +313,7 @@ /usr/(local/)?matlab.*/bin/glnx86/libmwlapack\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/(local/)?matlab.*/bin/glnx86/(libmw(lapack|mathutil|services)|lapack|libmkl)\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/(local/)?matlab.*/sys/os/glnx86/libtermcap\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -33996,7 +34002,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar /usr/(.*/)?intellinux/SPPlugins/ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0) -@@ -291,6 +321,8 @@ +@@ -291,6 +322,8 @@ /usr/lib/acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/acroread/.+\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/acroread/(.*/)?ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -34005,7 +34011,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar ') dnl end distro_redhat # -@@ -307,6 +339,36 @@ +@@ -307,6 +340,36 @@ /var/lib/samba/bin/.+\.so(\.[^/]*)* -l gen_context(system_u:object_r:lib_t,s0) ') diff --git a/selinux-policy.spec b/selinux-policy.spec index 3e01c6f..5f49d29 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -20,7 +20,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.5.13 -Release: 65%{?dist} +Release: 66%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -462,6 +462,9 @@ exit 0 %endif %changelog +* Fri Jul 3 2009 Miroslav Grepl 3.5.13-66 +- Allow ftpd to create shm + * Wed Jun 24 2009 Miroslav Grepl 3.5.13-65 - Dontaudit dhcpc to access sys_ptrace