From 4c8d070b7b6c293d24a9645d28d22add7b466688 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Apr 09 2010 11:46:55 +0000 Subject: - Update to upstream - Fix label for /opt/google/chrome/chrome-sandbox - Allow modemmanager to dbus with policykit --- diff --git a/.cvsignore b/.cvsignore index f046603..e92b491 100644 --- a/.cvsignore +++ b/.cvsignore @@ -208,3 +208,4 @@ serefpolicy-3.7.14.tgz serefpolicy-3.7.15.tgz serefpolicy-3.7.16.tgz serefpolicy-3.7.17.tgz +serefpolicy-3.7.18.tgz diff --git a/policy-F13.patch b/policy-F13.patch index 7f72c13..f66b7b1 100644 --- a/policy-F13.patch +++ b/policy-F13.patch @@ -12858,6 +12858,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aste + udev_read_db(asterisk_t) ') + +diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.7.18/policy/modules/services/automount.te +--- nsaserefpolicy/policy/modules/services/automount.te 2010-02-22 08:30:53.000000000 -0500 ++++ serefpolicy-3.7.18/policy/modules/services/automount.te 2010-04-09 07:42:22.000000000 -0400 +@@ -146,6 +146,7 @@ + + # Run mount in the mount_t domain. + mount_domtrans(automount_t) ++mount_domtrans_showmount(automount_t) + mount_signal(automount_t) + + userdom_dontaudit_use_unpriv_user_fds(automount_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.if serefpolicy-3.7.18/policy/modules/services/avahi.if --- nsaserefpolicy/policy/modules/services/avahi.if 2009-07-14 14:19:57.000000000 -0400 +++ serefpolicy-3.7.18/policy/modules/services/avahi.if 2010-04-08 15:25:24.000000000 -0400 @@ -25734,8 +25745,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tgtd logging_send_syslog_msg(tgtd_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tuned.te serefpolicy-3.7.18/policy/modules/services/tuned.te --- nsaserefpolicy/policy/modules/services/tuned.te 2010-03-23 10:55:15.000000000 -0400 -+++ serefpolicy-3.7.18/policy/modules/services/tuned.te 2010-04-08 15:25:24.000000000 -0400 -@@ -59,6 +59,10 @@ ++++ serefpolicy-3.7.18/policy/modules/services/tuned.te 2010-04-09 07:10:02.000000000 -0400 +@@ -25,6 +25,7 @@ + # + + dontaudit tuned_t self:capability { dac_override sys_tty_config }; ++allow tuned_t self:fifo_file rw_fifo_file_perms; + + manage_dirs_pattern(tuned_t, tuned_log_t, tuned_log_t) + manage_files_pattern(tuned_t, tuned_log_t, tuned_log_t) +@@ -59,6 +60,10 @@ fstools_domtrans(tuned_t) ') @@ -29464,7 +29483,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount. +/var/run/davfs2(/.*)? gen_context(system_u:object_r:mount_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.7.18/policy/modules/system/mount.if --- nsaserefpolicy/policy/modules/system/mount.if 2009-07-29 15:15:33.000000000 -0400 -+++ serefpolicy-3.7.18/policy/modules/system/mount.if 2010-04-08 15:25:24.000000000 -0400 ++++ serefpolicy-3.7.18/policy/modules/system/mount.if 2010-04-09 07:42:01.000000000 -0400 @@ -16,6 +16,14 @@ ') @@ -31137,7 +31156,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.7.18/policy/modules/system/sysnetwork.te --- nsaserefpolicy/policy/modules/system/sysnetwork.te 2010-03-23 10:55:15.000000000 -0400 -+++ serefpolicy-3.7.18/policy/modules/system/sysnetwork.te 2010-04-08 15:25:24.000000000 -0400 ++++ serefpolicy-3.7.18/policy/modules/system/sysnetwork.te 2010-04-09 07:10:02.000000000 -0400 @@ -20,6 +20,9 @@ init_daemon_domain(dhcpc_t, dhcpc_exec_t) role system_r types dhcpc_t; @@ -31186,7 +31205,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet ') optional_policy(` -@@ -277,6 +290,8 @@ +@@ -277,8 +290,11 @@ domain_use_interactive_fds(ifconfig_t) @@ -31194,8 +31213,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet + files_read_etc_files(ifconfig_t) files_read_etc_runtime_files(ifconfig_t) ++files_read_usr_files(ifconfig_t) -@@ -306,6 +321,8 @@ + fs_getattr_xattr_fs(ifconfig_t) + fs_search_auto_mountpoints(ifconfig_t) +@@ -306,6 +322,8 @@ seutil_use_runinit_fds(ifconfig_t) diff --git a/sources b/sources index cc69b50..5fbbb6a 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ 4c7d323036f1662a06a7a4f2a7da57a5 config.tgz -f97ab4db6dfd60803e711e2e09b292c6 serefpolicy-3.7.17.tgz +1bbba34650bf34332d241c5d1b97c5d0 serefpolicy-3.7.18.tgz