diff --git a/policy-20071130.patch b/policy-20071130.patch index e1b7d9b..1afdae3 100644 --- a/policy-20071130.patch +++ b/policy-20071130.patch @@ -2865,7 +2865,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.3.1/policy/modules/admin/rpm.te --- nsaserefpolicy/policy/modules/admin/rpm.te 2008-06-12 23:38:01.000000000 -0400 -+++ serefpolicy-3.3.1/policy/modules/admin/rpm.te 2008-09-16 09:14:37.000000000 -0400 ++++ serefpolicy-3.3.1/policy/modules/admin/rpm.te 2008-09-16 13:34:33.000000000 -0400 @@ -31,6 +31,9 @@ files_type(rpm_var_lib_t) typealias rpm_var_lib_t alias var_lib_rpm_t; @@ -2960,7 +2960,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te files_tmp_filetrans(rpm_script_t, rpm_script_tmp_t, { file dir }) manage_dirs_pattern(rpm_script_t,rpm_script_tmpfs_t,rpm_script_tmpfs_t) -@@ -298,6 +320,7 @@ +@@ -285,6 +307,7 @@ + auth_use_nsswitch(rpm_script_t) + # ideally we would not need this + auth_manage_all_files_except_shadow(rpm_script_t) ++auth_relabel_shadow(rpm_script_t) + + corecmd_exec_all_executables(rpm_script_t) + +@@ -298,6 +321,7 @@ files_exec_etc_files(rpm_script_t) files_read_etc_runtime_files(rpm_script_t) files_exec_usr_files(rpm_script_t) @@ -2968,7 +2976,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te init_domtrans_script(rpm_script_t) -@@ -317,6 +340,7 @@ +@@ -317,6 +341,7 @@ seutil_domtrans_loadpolicy(rpm_script_t) seutil_domtrans_setfiles(rpm_script_t) seutil_domtrans_semanage(rpm_script_t) @@ -2976,7 +2984,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te userdom_use_all_users_fds(rpm_script_t) -@@ -335,6 +359,10 @@ +@@ -335,6 +360,10 @@ ') optional_policy(` @@ -2987,7 +2995,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te tzdata_domtrans(rpm_t) tzdata_domtrans(rpm_script_t) ') -@@ -342,6 +370,7 @@ +@@ -342,6 +371,7 @@ optional_policy(` unconfined_domain(rpm_script_t) unconfined_domtrans(rpm_script_t) @@ -2995,7 +3003,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te optional_policy(` java_domtrans(rpm_script_t) -@@ -353,6 +382,11 @@ +@@ -353,6 +383,11 @@ ') optional_policy(` @@ -31794,7 +31802,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo +/var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.3.1/policy/modules/system/authlogin.if --- nsaserefpolicy/policy/modules/system/authlogin.if 2008-06-12 23:38:01.000000000 -0400 -+++ serefpolicy-3.3.1/policy/modules/system/authlogin.if 2008-09-08 11:45:13.000000000 -0400 ++++ serefpolicy-3.3.1/policy/modules/system/authlogin.if 2008-09-16 13:33:53.000000000 -0400 @@ -56,10 +56,6 @@ miscfiles_read_localization($1_chkpwd_t) diff --git a/selinux-policy.spec b/selinux-policy.spec index f58083f..82b1e46 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.3.1 -Release: 90%{?dist} +Release: 91%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -386,6 +386,9 @@ exit 0 %endif %changelog +* Mon Sep 15 2008 Dan Walsh 3.3.1-91 +- Allow nsplugin_cong dac capabilities. + * Tue Sep 2 2008 Dan Walsh 3.3.1-90 - Add rpcbind to mls policy - Fix up policy so permissive domains will work