diff --git a/policy-20070501.patch b/policy-20070501.patch index 67b0bb4..ef83b6b 100644 --- a/policy-20070501.patch +++ b/policy-20070501.patch @@ -3003,7 +3003,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.te serefpolicy-2.6.4/policy/modules/services/apcupsd.te --- nsaserefpolicy/policy/modules/services/apcupsd.te 2007-05-07 14:51:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/apcupsd.te 2007-06-19 09:29:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/apcupsd.te 2007-06-25 06:31:10.000000000 -0400 @@ -16,6 +16,9 @@ type apcupsd_log_t; logging_log_file(apcupsd_log_t) @@ -3673,7 +3673,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-2.6.4/policy/modules/services/cups.fc --- nsaserefpolicy/policy/modules/services/cups.fc 2007-05-07 14:50:57.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/cups.fc 2007-06-18 10:18:55.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/cups.fc 2007-06-25 06:30:05.000000000 -0400 @@ -8,6 +8,7 @@ /etc/cups/ppd/.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0) /etc/cups/ppds\.dat -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0) @@ -3682,9 +3682,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups /etc/cups/certs -d gen_context(system_u:object_r:cupsd_rw_etc_t,s0) /etc/cups/certs/.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0) +@@ -52,3 +53,4 @@ + /var/run/ptal-mlcd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0) + + /var/spool/cups(/.*)? gen_context(system_u:object_r:print_spool_t,mls_systemhigh) ++/usr/local/Brother/inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,mls_systemhigh) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.6.4/policy/modules/services/cups.te --- nsaserefpolicy/policy/modules/services/cups.te 2007-05-07 14:51:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/cups.te 2007-06-19 09:01:44.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/cups.te 2007-06-25 06:32:44.000000000 -0400 @@ -93,8 +93,6 @@ # generic socket here until appletalk socket is available in kernels allow cupsd_t self:socket create_socket_perms; @@ -3714,7 +3719,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups auth_dontaudit_read_pam_pid(cupsd_t) # Filter scripts may be shell scripts, and may invoke progs like /bin/mktemp -@@ -214,6 +215,7 @@ +@@ -207,6 +208,7 @@ + selinux_compute_access_vector(cupsd_t) + + init_exec_script_files(cupsd_t) ++init_dontaudit_rw_utmp(cupsd_t) + + libs_use_ld_so(cupsd_t) + libs_use_shared_libs(cupsd_t) +@@ -214,6 +216,7 @@ libs_read_lib_files(cupsd_t) logging_send_syslog_msg(cupsd_t) @@ -3722,7 +3735,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups miscfiles_read_localization(cupsd_t) # invoking ghostscript needs to read fonts -@@ -223,6 +225,7 @@ +@@ -223,6 +226,7 @@ sysnet_read_config(cupsd_t) @@ -3730,7 +3743,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups userdom_dontaudit_use_unpriv_user_fds(cupsd_t) userdom_dontaudit_search_all_users_home_content(cupsd_t) -@@ -284,6 +287,10 @@ +@@ -284,6 +288,10 @@ ') optional_policy(` @@ -3741,7 +3754,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups nscd_socket_use(cupsd_t) ') -@@ -294,6 +301,10 @@ +@@ -294,6 +302,10 @@ ') optional_policy(` @@ -5825,6 +5838,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radi +optional_policy(` + samba_read_var_files(radiusd_t) +') +diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.te serefpolicy-2.6.4/policy/modules/services/radvd.te +--- nsaserefpolicy/policy/modules/services/radvd.te 2007-05-07 14:50:57.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/radvd.te 2007-06-25 05:49:58.000000000 -0400 +@@ -34,7 +34,7 @@ + files_pid_filetrans(radvd_t,radvd_var_run_t,file) + + kernel_read_kernel_sysctls(radvd_t) +-kernel_read_net_sysctls(radvd_t) ++kernel_rw_net_sysctls(radvd_t) + kernel_read_network_state(radvd_t) + kernel_read_system_state(radvd_t) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb.te serefpolicy-2.6.4/policy/modules/services/rhgb.te --- nsaserefpolicy/policy/modules/services/rhgb.te 2007-05-07 14:51:01.000000000 -0400 +++ serefpolicy-2.6.4/policy/modules/services/rhgb.te 2007-06-18 10:18:55.000000000 -0400 @@ -8113,8 +8138,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec. manage_files_pattern(racoon_t,ipsec_var_run_t,ipsec_var_run_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-2.6.4/policy/modules/system/iptables.te --- nsaserefpolicy/policy/modules/system/iptables.te 2007-05-07 14:51:02.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/iptables.te 2007-06-18 10:18:55.000000000 -0400 -@@ -56,6 +56,7 @@ ++++ serefpolicy-2.6.4/policy/modules/system/iptables.te 2007-06-25 06:53:48.000000000 -0400 +@@ -56,11 +56,13 @@ domain_use_interactive_fds(iptables_t) files_read_etc_files(iptables_t) @@ -8122,7 +8147,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl init_use_fds(iptables_t) init_use_script_ptys(iptables_t) -@@ -112,3 +113,7 @@ + # to allow rules to be saved on reboot: + init_rw_script_tmp_files(iptables_t) ++init_rw_script_stream_sockets(iptables_t) + + libs_use_ld_so(iptables_t) + libs_use_shared_libs(iptables_t) +@@ -112,3 +114,7 @@ optional_policy(` udev_read_db(iptables_t) ') @@ -8132,7 +8163,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.6.4/policy/modules/system/libraries.fc --- nsaserefpolicy/policy/modules/system/libraries.fc 2007-05-07 14:51:02.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/libraries.fc 2007-06-22 09:06:18.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/libraries.fc 2007-06-26 06:05:01.000000000 -0400 @@ -81,8 +81,8 @@ /opt/cisco-vpnclient/lib/libvpnapi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /opt/netbeans(.*/)?jdk.*/linux/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -8165,8 +8196,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar /usr/(local/)?lib(64)?/(sse2/)?libfame-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/NX/lib/libXcomp\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/NX/lib/libjpeg\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -+/usr/lib/NX/libXcomp\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -+/usr/lib/NX/libjpeg\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) ++/usr/lib/nx/libXcomp\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) ++/usr/lib/nx/libjpeg\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/X11R6/lib/libGL\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/X11R6/lib/libXvMCNVIDIA\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) diff --git a/selinux-policy.spec b/selinux-policy.spec index eee173b..f9735e5 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 2.6.4 -Release: 22%{?dist} +Release: 23%{?dist} License: GPL Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -360,7 +360,8 @@ semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init %endif %changelog -* Thu Jun 21 2007 Dan Walsh 2.6.4-22 +* Tue Jun 26 2007 Dan Walsh 2.6.4-23 +- Fix libXComp location * Wed Jun 20 2007 Dan Walsh 2.6.4-21 - Still fixing cron