From b4ed6dbce0e309336479a76553d0cb0da5a42e08 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Oct 17 2007 03:51:04 +0000 Subject: - Allow rpm to chat with networkmanager --- diff --git a/policy-20070703.patch b/policy-20070703.patch index fd7d76d..8c19691 100644 --- a/policy-20070703.patch +++ b/policy-20070703.patch @@ -751,8 +751,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables seref + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc serefpolicy-3.0.8/policy/modules/admin/alsa.fc --- nsaserefpolicy/policy/modules/admin/alsa.fc 2007-05-29 14:10:59.000000000 -0400 -+++ serefpolicy-3.0.8/policy/modules/admin/alsa.fc 2007-10-03 11:10:24.000000000 -0400 -@@ -1,4 +1,10 @@ ++++ serefpolicy-3.0.8/policy/modules/admin/alsa.fc 2007-10-16 23:50:36.000000000 -0400 +@@ -1,4 +1,11 @@ +/etc/alsa/asound\.state -- gen_context(system_u:object_r:alsa_etc_rw_t,s0) /etc/alsa/pcm(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0) @@ -763,6 +763,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc +/sbin/alsactl -- gen_context(system_u:object_r:alsa_exec_t,s0) +/sbin/salsa -- gen_context(system_u:object_r:alsa_exec_t,s0) +/var/lib/alsa(/.*)? gen_context(system_u:object_r:alsa_var_lib_t,s0) ++/bin/alsaunmute -- gen_context(system_u:object_r:alsa_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.if serefpolicy-3.0.8/policy/modules/admin/alsa.if --- nsaserefpolicy/policy/modules/admin/alsa.if 2007-05-29 14:10:59.000000000 -0400 +++ serefpolicy-3.0.8/policy/modules/admin/alsa.if 2007-10-03 11:10:24.000000000 -0400 @@ -808,7 +809,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.if +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-3.0.8/policy/modules/admin/alsa.te --- nsaserefpolicy/policy/modules/admin/alsa.te 2007-07-25 10:37:43.000000000 -0400 -+++ serefpolicy-3.0.8/policy/modules/admin/alsa.te 2007-10-11 10:45:18.000000000 -0400 ++++ serefpolicy-3.0.8/policy/modules/admin/alsa.te 2007-10-16 23:47:06.000000000 -0400 @@ -8,31 +8,47 @@ type alsa_t; @@ -847,7 +848,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te +manage_dirs_pattern(alsa_t,alsa_var_lib_t,alsa_var_lib_t) +manage_files_pattern(alsa_t,alsa_var_lib_t,alsa_var_lib_t) + -+corecmd_search_bin(alsa_t) ++corecmd_exec_bin(alsa_t) +can_exec(alsa_t, alsa_exec_t) + +files_search_home(alsa_t) diff --git a/selinux-policy.spec b/selinux-policy.spec index 2aa72ec..8910030 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.0.8 -Release: 22%{?dist} +Release: 24%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -288,10 +288,12 @@ semodule -s targeted -r moilscanner 2>/dev/null %loadpolicy targeted if [ $1 = 1 ]; then -semanage login -m -s "system_u" __default__ 2> /dev/null semanage user -a -P unconfined -R "unconfined_r system_r" unconfined_u +semanage login -m -s "unconfined_u" __default__ 2> /dev/null +semanage login -m -s "system_u" root 2> /dev/null semanage user -a -P guest -R guest_r guest_u semanage user -a -P xguest -R xguest_r xguest_u +restorecon -R /root /var/log /var/run 2> /dev/null else %relabel targeted fi @@ -371,6 +373,13 @@ exit 0 %endif %changelog +* Tue Oct 16 2007 Dan Walsh 3.0.8-24 +- Allow rpm to chat with networkmanager + +* Mon Oct 15 2007 Dan Walsh 3.0.8-23 +- Fixes for ipsec and exim mail +- Change default to unconfined user + * Fri Oct 12 2007 Dan Walsh 3.0.8-22 - Pass the UNK_PERMS param to makefile - Fix gdm location