From eac7db531b12660da8baaaf53f8d299e2c9b3017 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sep 23 2008 14:04:56 +0000 Subject: - Add /dev/msp* support - Update prewikka support --- diff --git a/policy-20071130.patch b/policy-20071130.patch index 2b116e0..5fe051e 100644 --- a/policy-20071130.patch +++ b/policy-20071130.patch @@ -2267,7 +2267,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatc ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te serefpolicy-3.3.1/policy/modules/admin/mrtg.te --- nsaserefpolicy/policy/modules/admin/mrtg.te 2008-06-12 23:38:01.000000000 -0400 -+++ serefpolicy-3.3.1/policy/modules/admin/mrtg.te 2008-09-08 11:45:12.000000000 -0400 ++++ serefpolicy-3.3.1/policy/modules/admin/mrtg.te 2008-09-23 10:04:40.000000000 -0400 @@ -78,6 +78,7 @@ dev_read_urand(mrtg_t) @@ -2276,7 +2276,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te files_read_usr_files(mrtg_t) files_search_var(mrtg_t) -@@ -101,6 +102,8 @@ +@@ -92,6 +93,7 @@ + + fs_search_auto_mountpoints(mrtg_t) + fs_getattr_xattr_fs(mrtg_t) ++fs_list_inotifyfs(mrtg_t) + + term_dontaudit_use_console(mrtg_t) + +@@ -101,6 +103,8 @@ init_read_utmp(mrtg_t) init_dontaudit_write_utmp(mrtg_t) @@ -2285,7 +2293,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te libs_read_lib_files(mrtg_t) libs_use_ld_so(mrtg_t) libs_use_shared_libs(mrtg_t) -@@ -111,11 +114,9 @@ +@@ -111,11 +115,9 @@ selinux_dontaudit_getattr_dir(mrtg_t) @@ -2298,7 +2306,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te ifdef(`enable_mls',` corenet_udp_sendrecv_lo_if(mrtg_t) -@@ -139,14 +140,6 @@ +@@ -139,14 +141,6 @@ ') optional_policy(` @@ -2313,7 +2321,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te seutil_sigchld_newrole(mrtg_t) ') -@@ -162,9 +155,3 @@ +@@ -162,9 +156,3 @@ udev_read_db(mrtg_t) ') @@ -9271,7 +9279,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy # diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.3.1/policy/modules/kernel/kernel.if --- nsaserefpolicy/policy/modules/kernel/kernel.if 2008-06-12 23:38:02.000000000 -0400 -+++ serefpolicy-3.3.1/policy/modules/kernel/kernel.if 2008-09-12 10:26:53.000000000 -0400 ++++ serefpolicy-3.3.1/policy/modules/kernel/kernel.if 2008-09-23 09:46:59.000000000 -0400 @@ -330,6 +330,11 @@ allow $1 self:capability sys_module; @@ -9431,8 +9439,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1032,7 +1036,7 @@ +@@ -1030,9 +1034,10 @@ + interface(`kernel_search_network_state',` + gen_require(` type proc_net_t; ++ type proc_t; ') - search_dirs_pattern($1,proc_t,proc_net_t) @@ -9440,7 +9451,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1051,10 +1055,10 @@ +@@ -1051,10 +1056,10 @@ type proc_t, proc_net_t; ') @@ -9454,7 +9465,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1072,9 +1076,9 @@ +@@ -1072,9 +1077,9 @@ type proc_t, proc_net_t; ') @@ -9466,7 +9477,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1093,7 +1097,7 @@ +@@ -1093,7 +1098,7 @@ type proc_t, proc_xen_t; ') @@ -9475,7 +9486,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1132,10 +1136,10 @@ +@@ -1132,10 +1137,10 @@ type proc_t, proc_xen_t; ') @@ -9489,7 +9500,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1154,9 +1158,9 @@ +@@ -1154,9 +1159,9 @@ type proc_t, proc_xen_t; ') @@ -9501,7 +9512,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1175,7 +1179,7 @@ +@@ -1175,7 +1180,7 @@ type proc_t, proc_xen_t; ') @@ -9510,7 +9521,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1194,6 +1198,7 @@ +@@ -1194,6 +1199,7 @@ ') dontaudit $1 proc_type:dir list_dir_perms; @@ -9518,8 +9529,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1232,7 +1237,7 @@ +@@ -1230,9 +1236,10 @@ + interface(`kernel_read_sysctl',` + gen_require(` type sysctl_t; ++ type proc_t; ') - list_dirs_pattern($1,proc_t,sysctl_t) @@ -9527,7 +9541,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1251,9 +1256,9 @@ +@@ -1251,9 +1258,9 @@ type proc_t, sysctl_t, sysctl_dev_t; ') @@ -9539,7 +9553,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1272,9 +1277,9 @@ +@@ -1272,9 +1279,9 @@ type proc_t, sysctl_t, sysctl_dev_t; ') @@ -9551,7 +9565,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1292,7 +1297,7 @@ +@@ -1292,7 +1299,7 @@ type proc_t, sysctl_t, sysctl_vm_t; ') @@ -9560,7 +9574,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1311,9 +1316,9 @@ +@@ -1311,9 +1318,9 @@ type proc_t, sysctl_t, sysctl_vm_t; ') @@ -9572,7 +9586,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1332,8 +1337,8 @@ +@@ -1332,8 +1339,8 @@ type proc_t, sysctl_t, sysctl_vm_t; ') @@ -9583,7 +9597,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel # hal needs this allow $1 sysctl_vm_t:dir write; -@@ -1354,7 +1359,7 @@ +@@ -1354,7 +1361,7 @@ type proc_t, sysctl_t, sysctl_net_t; ') @@ -9592,7 +9606,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1391,9 +1396,9 @@ +@@ -1391,9 +1398,9 @@ type proc_t, sysctl_t, sysctl_net_t; ') @@ -9604,7 +9618,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1412,9 +1417,9 @@ +@@ -1412,9 +1419,9 @@ type proc_t, sysctl_t, sysctl_net_t; ') @@ -9616,7 +9630,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1434,9 +1439,9 @@ +@@ -1434,9 +1441,9 @@ type proc_t, sysctl_t, sysctl_net_t, sysctl_net_unix_t; ') @@ -9628,7 +9642,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1456,9 +1461,9 @@ +@@ -1456,9 +1463,9 @@ type proc_t, sysctl_t, sysctl_net_t, sysctl_net_unix_t; ') @@ -9640,7 +9654,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1477,9 +1482,9 @@ +@@ -1477,9 +1484,9 @@ type proc_t, sysctl_t, sysctl_kernel_t, sysctl_hotplug_t; ') @@ -9652,7 +9666,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1498,9 +1503,9 @@ +@@ -1498,9 +1505,9 @@ type proc_t, sysctl_t, sysctl_kernel_t, sysctl_hotplug_t; ') @@ -9664,7 +9678,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1519,9 +1524,9 @@ +@@ -1519,9 +1526,9 @@ type proc_t, sysctl_t, sysctl_kernel_t, sysctl_modprobe_t; ') @@ -9676,7 +9690,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1540,9 +1545,9 @@ +@@ -1540,9 +1547,9 @@ type proc_t, sysctl_t, sysctl_kernel_t, sysctl_modprobe_t; ') @@ -9688,7 +9702,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1578,9 +1583,9 @@ +@@ -1578,9 +1585,9 @@ type proc_t, sysctl_t, sysctl_kernel_t; ') @@ -9700,7 +9714,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1617,9 +1622,9 @@ +@@ -1617,9 +1624,9 @@ type proc_t, sysctl_t, sysctl_kernel_t; ') @@ -9712,7 +9726,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1638,9 +1643,9 @@ +@@ -1638,9 +1645,9 @@ type proc_t, sysctl_t, sysctl_fs_t; ') @@ -9724,7 +9738,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1659,9 +1664,9 @@ +@@ -1659,9 +1666,9 @@ type proc_t, sysctl_t, sysctl_fs_t; ') @@ -9736,7 +9750,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1680,9 +1685,9 @@ +@@ -1680,9 +1687,9 @@ type proc_t, sysctl_irq_t; ') @@ -9748,7 +9762,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1701,9 +1706,9 @@ +@@ -1701,9 +1708,9 @@ type proc_t, sysctl_irq_t; ') @@ -9760,7 +9774,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1722,9 +1727,9 @@ +@@ -1722,9 +1729,9 @@ type proc_t, proc_net_t, sysctl_rpc_t; ') @@ -9772,7 +9786,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1743,9 +1748,9 @@ +@@ -1743,9 +1750,9 @@ type proc_t, proc_net_t, sysctl_rpc_t; ') @@ -9784,7 +9798,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1764,6 +1769,7 @@ +@@ -1764,6 +1771,7 @@ ') dontaudit $1 sysctl_type:dir list_dir_perms; @@ -9792,7 +9806,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1784,9 +1790,9 @@ +@@ -1784,9 +1792,9 @@ ') # proc_net_t for /proc/net/rpc sysctls @@ -9804,7 +9818,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') ######################################## -@@ -1807,7 +1813,7 @@ +@@ -1807,7 +1815,7 @@ ') # proc_net_t for /proc/net/rpc sysctls @@ -9813,7 +9827,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel allow $1 sysctl_type:dir list_dir_perms; # why is setattr needed? -@@ -1938,8 +1944,8 @@ +@@ -1938,8 +1946,8 @@ ') allow $1 unlabeled_t:dir list_dir_perms; @@ -9824,7 +9838,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ') -@@ -2493,6 +2499,109 @@ +@@ -2493,6 +2501,109 @@ ######################################## ## diff --git a/selinux-policy.spec b/selinux-policy.spec index 60e65cf..ec8f449 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.3.1 -Release: 92%{?dist} +Release: 93%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -386,6 +386,10 @@ exit 0 %endif %changelog +* Mon Sep 22 2008 Dan Walsh 3.3.1-93 +- Add /dev/msp* support +- Update prewikka support + * Tue Sep 18 2008 Dan Walsh 3.3.1-92 - Dontaudit attempts to write user_tmp_t by gssd_t