diff --git a/policy-20090105.patch b/policy-20090105.patch index 9c0874b..3fd94ce 100644 --- a/policy-20090105.patch +++ b/policy-20090105.patch @@ -28096,7 +28096,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol +/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0) diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.6.6/policy/modules/system/sysnetwork.if --- nsaserefpolicy/policy/modules/system/sysnetwork.if 2009-01-19 11:07:34.000000000 -0500 -+++ serefpolicy-3.6.6/policy/modules/system/sysnetwork.if 2009-02-16 17:51:03.000000000 -0500 ++++ serefpolicy-3.6.6/policy/modules/system/sysnetwork.if 2009-02-17 11:02:02.000000000 -0500 @@ -43,6 +43,39 @@ sysnet_domtrans_dhcpc($1) @@ -28173,16 +28173,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ') ####################################### -@@ -323,7 +374,7 @@ +@@ -323,7 +374,8 @@ type net_conf_t; ') - allow $1 net_conf_t:file manage_file_perms; ++ allow $1 net_conf_t:dir list_dir_perms; + manage_files_pattern($1, net_conf_t, net_conf_t) ') ####################################### -@@ -541,6 +592,7 @@ +@@ -541,6 +593,7 @@ type net_conf_t; ') @@ -28190,7 +28191,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol allow $1 self:tcp_socket create_socket_perms; allow $1 self:udp_socket create_socket_perms; -@@ -557,6 +609,14 @@ +@@ -557,6 +610,14 @@ files_search_etc($1) allow $1 net_conf_t:file read_file_perms; @@ -28205,7 +28206,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ') ######################################## -@@ -586,6 +646,8 @@ +@@ -586,6 +647,8 @@ files_search_etc($1) allow $1 net_conf_t:file read_file_perms; @@ -28214,7 +28215,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ') ######################################## -@@ -620,3 +682,49 @@ +@@ -620,3 +683,49 @@ files_search_etc($1) allow $1 net_conf_t:file read_file_perms; ') @@ -28266,7 +28267,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol +') diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.6.6/policy/modules/system/sysnetwork.te --- nsaserefpolicy/policy/modules/system/sysnetwork.te 2009-01-19 11:07:34.000000000 -0500 -+++ serefpolicy-3.6.6/policy/modules/system/sysnetwork.te 2009-02-16 17:27:59.000000000 -0500 ++++ serefpolicy-3.6.6/policy/modules/system/sysnetwork.te 2009-02-17 11:14:42.000000000 -0500 @@ -20,6 +20,9 @@ init_daemon_domain(dhcpc_t,dhcpc_exec_t) role system_r types dhcpc_t; @@ -28304,6 +28305,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol manage_files_pattern(dhcpc_t,dhcpc_state_t,dhcpc_state_t) filetrans_pattern(dhcpc_t,dhcp_state_t,dhcpc_state_t,file) +@@ -65,7 +69,7 @@ + + # Allow read/write to /etc/resolv.conf and /etc/ntp.conf. Note that any files + # in /etc created by dhcpcd will be labelled net_conf_t. +-allow dhcpc_t net_conf_t:file manage_file_perms; ++sysnet_manage_config(dhcpc_t) + files_etc_filetrans(dhcpc_t,net_conf_t,file) + + # create temp files @@ -116,7 +120,7 @@ corecmd_exec_shell(dhcpc_t) diff --git a/selinux-policy.spec b/selinux-policy.spec index ef21ad6..12a5653 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -20,7 +20,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.6.6 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -444,6 +444,9 @@ exit 0 %endif %changelog +* Tue Feb 17 2009 Dan Walsh 3.6.6-3 +- Fix sysnet/net_conf_t + * Tue Feb 17 2009 Dan Walsh 3.6.6-2 - Fix squidGuard labeling