diff --git a/policy-20070703.patch b/policy-20070703.patch index f24d080..0eb8f2a 100644 --- a/policy-20070703.patch +++ b/policy-20070703.patch @@ -15579,7 +15579,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool /sbin/partx -- gen_context(system_u:object_r:fsadm_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-3.0.8/policy/modules/system/fstools.te --- nsaserefpolicy/policy/modules/system/fstools.te 2007-10-22 13:21:40.000000000 -0400 -+++ serefpolicy-3.0.8/policy/modules/system/fstools.te 2007-12-02 21:15:34.000000000 -0500 ++++ serefpolicy-3.0.8/policy/modules/system/fstools.te 2007-12-20 16:21:38.000000000 -0500 @@ -109,8 +109,7 @@ term_use_console(fsadm_t) @@ -15590,7 +15590,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool #RedHat bug #201164 corecmd_exec_shell(fsadm_t) -@@ -183,4 +182,9 @@ +@@ -126,6 +125,7 @@ + files_read_etc_files(fsadm_t) + files_manage_lost_found(fsadm_t) + files_manage_isid_type_dirs(fsadm_t) ++files_manage_isid_type_files(fsadm_t) + # Write to /etc/mtab. + files_manage_etc_runtime_files(fsadm_t) + files_etc_filetrans_etc_runtime(fsadm_t,file) +@@ -183,4 +183,13 @@ optional_policy(` xen_append_log(fsadm_t) @@ -15599,6 +15607,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool + +tunable_policy(`xen_use_nfs',` + fs_manage_nfs_files(fsadm_t) ++') ++ ++optional_policy(` ++ unconfined_domain(fsadm_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fusermount.fc serefpolicy-3.0.8/policy/modules/system/fusermount.fc --- nsaserefpolicy/policy/modules/system/fusermount.fc 1969-12-31 19:00:00.000000000 -0500 @@ -17434,7 +17446,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount. -/usr/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.0.8/policy/modules/system/mount.te --- nsaserefpolicy/policy/modules/system/mount.te 2007-10-22 13:21:40.000000000 -0400 -+++ serefpolicy-3.0.8/policy/modules/system/mount.te 2007-12-02 21:15:34.000000000 -0500 ++++ serefpolicy-3.0.8/policy/modules/system/mount.te 2007-12-21 02:36:44.000000000 -0500 @@ -8,6 +8,13 @@ ## @@ -17549,33 +17561,44 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount. ') optional_policy(` -@@ -189,10 +204,6 @@ - samba_domtrans_smbmount(mount_t) +@@ -180,17 +195,17 @@ + ') ') --optional_policy(` +-# for kernel package installation + optional_policy(` +- rpm_rw_pipes(mount_t) ++ lvm_domtrans(mount_t) + ') + ++# for kernel package installation + optional_policy(` +- samba_domtrans_smbmount(mount_t) ++ rpm_rw_pipes(mount_t) + ') + + optional_policy(` - nscd_socket_use(mount_t) --') -- ++ samba_domtrans_smbmount(mount_t) + ') + ######################################## - # - # Unconfined mount local policy -@@ -201,4 +212,29 @@ +@@ -201,4 +216,29 @@ optional_policy(` files_etc_filetrans_etc_runtime(unconfined_mount_t,file) unconfined_domain(unconfined_mount_t) + optional_policy(` + hal_dbus_chat(unconfined_mount_t) + ') -+') + ') + +######################################## +# +# ntfs local policy +# -+allow mount_t self:fifo_file { read write }; ++allow mount_t self:fifo_file rw_fifo_file_perms; +allow mount_t self:unix_stream_socket create_stream_socket_perms; -+allow mount_t self:unix_dgram_socket { connect create }; ++allow mount_t self:unix_dgram_socket create_socket_perms; + +corecmd_exec_shell(mount_t) + @@ -17588,7 +17611,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount. + hal_write_log(mount_t) + hal_use_fds(mount_t) + hal_rw_pipes(mount_t) - ') ++') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.0.8/policy/modules/system/raid.te --- nsaserefpolicy/policy/modules/system/raid.te 2007-10-22 13:21:39.000000000 -0400 diff --git a/selinux-policy.spec b/selinux-policy.spec index 690fece..47cfcd7 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.0.8 -Release: 69%{?dist} +Release: 70%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz