diff --git a/policy-20070501.patch b/policy-20070501.patch index 199ad94..c46978f 100644 --- a/policy-20070501.patch +++ b/policy-20070501.patch @@ -2850,7 +2850,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.6.4/policy/modules/services/apache.te --- nsaserefpolicy/policy/modules/services/apache.te 2007-05-07 14:51:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/apache.te 2007-07-23 10:49:04.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/apache.te 2007-07-23 16:18:32.000000000 -0400 @@ -30,6 +30,13 @@ ## @@ -3009,19 +3009,21 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac tunable_policy(`httpd_ssi_exec',` corecmd_shell_domtrans(httpd_t,httpd_sys_script_t) allow httpd_sys_script_t httpd_t:fd use; -@@ -445,6 +512,11 @@ +@@ -445,6 +512,13 @@ allow httpd_sys_script_t httpd_t:process sigchld; ') -+tunable_policy(`allow_httpd_dbus_avahi',` -+ avahi_dbus_chat(httpd_t) ++optional_policy(` + dbus_system_bus_client_template(httpd,httpd_t) ++ tunable_policy(`allow_httpd_dbus_avahi',` ++ avahi_dbus_chat(httpd_t) ++ ') +') + # When the admin starts the server, the server wants to access # the TTY or PTY associated with the session. The httpd appears # to run correctly without this permission, so the permission -@@ -668,6 +740,12 @@ +@@ -668,6 +742,12 @@ fs_exec_nfs_files(httpd_suexec_t) ') @@ -3034,7 +3036,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',` fs_read_cifs_files(httpd_suexec_t) fs_read_cifs_symlinks(httpd_suexec_t) -@@ -706,7 +784,8 @@ +@@ -706,7 +786,8 @@ dontaudit httpd_sys_script_t httpd_config_t:dir search; @@ -3044,7 +3046,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac allow httpd_sys_script_t squirrelmail_spool_t:dir list_dir_perms; read_files_pattern(httpd_sys_script_t,squirrelmail_spool_t,squirrelmail_spool_t) -@@ -720,6 +799,8 @@ +@@ -720,6 +801,8 @@ # Should we add a boolean? apache_domtrans_rotatelogs(httpd_sys_script_t) @@ -3053,7 +3055,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac ifdef(`distro_redhat',` allow httpd_sys_script_t httpd_log_t:file { getattr append }; ') -@@ -730,11 +811,21 @@ +@@ -730,11 +813,21 @@ ') ') @@ -3075,7 +3077,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',` fs_read_cifs_files(httpd_sys_script_t) fs_read_cifs_symlinks(httpd_sys_script_t) -@@ -788,3 +879,19 @@ +@@ -788,3 +881,19 @@ term_dontaudit_use_generic_ptys(httpd_rotatelogs_t) term_dontaudit_use_unallocated_ttys(httpd_rotatelogs_t) ') diff --git a/selinux-policy.spec b/selinux-policy.spec index 0edb251..2ae4c52 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 2.6.4 -Release: 28%{?dist} +Release: 29%{?dist} License: GPL Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -361,6 +361,9 @@ semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init %endif %changelog +* Mon Jul 23 2007 Dan Walsh 2.6.4-29 +- + * Fri Jul 13 2007 Dan Walsh 2.6.4-28 - Additional rules for openvpn reading homedirs