diff --git a/policy-20070501.patch b/policy-20070501.patch index 8c31f84..0623f88 100644 --- a/policy-20070501.patch +++ b/policy-20070501.patch @@ -6868,7 +6868,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim --- nsaserefpolicy/policy/modules/services/exim.fc 1969-12-31 19:00:00.000000000 -0500 +++ serefpolicy-2.6.4/policy/modules/services/exim.fc 2007-10-05 09:28:27.000000000 -0400 @@ -0,0 +1,16 @@ -+# $Id: policy-20070501.patch,v 1.83 2007/12/13 15:59:13 dwalsh Exp $ ++# $Id: policy-20070501.patch,v 1.84 2007/12/21 07:58:15 dwalsh Exp $ +# Draft SELinux refpolicy module for the Exim MTA +# +# Devin Carraway @@ -7049,7 +7049,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim --- nsaserefpolicy/policy/modules/services/exim.te 1969-12-31 19:00:00.000000000 -0500 +++ serefpolicy-2.6.4/policy/modules/services/exim.te 2007-10-30 16:46:45.000000000 -0400 @@ -0,0 +1,231 @@ -+# $Id: policy-20070501.patch,v 1.83 2007/12/13 15:59:13 dwalsh Exp $ ++# $Id: policy-20070501.patch,v 1.84 2007/12/21 07:58:15 dwalsh Exp $ +# Draft SELinux refpolicy module for the Exim MTA +# +# Devin Carraway @@ -12715,7 +12715,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.6.4/policy/modules/system/fstools.te --- nsaserefpolicy/policy/modules/system/fstools.te 2007-05-07 14:51:02.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/fstools.te 2007-09-04 10:57:17.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/fstools.te 2007-12-20 16:22:24.000000000 -0500 @@ -9,6 +9,7 @@ type fsadm_t; type fsadm_exec_t; @@ -12734,7 +12734,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool #RedHat bug #201164 corecmd_exec_shell(fsadm_t) -@@ -184,3 +184,9 @@ +@@ -125,6 +125,8 @@ + files_read_etc_files(fsadm_t) + files_manage_lost_found(fsadm_t) + files_manage_isid_type_dirs(fsadm_t) ++files_manage_isid_type_files(fsadm_t) ++ + # Write to /etc/mtab. + files_manage_etc_runtime_files(fsadm_t) + files_etc_filetrans_etc_runtime(fsadm_t,file) +@@ -184,3 +186,12 @@ fs_dontaudit_write_ramfs_pipes(fsadm_t) rhgb_stub(fsadm_t) ') @@ -12744,6 +12753,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool + xen_rw_image_files(fsadm_t) +') + ++optional_policy(` ++ unconfined_domain(fsadm_t) ++') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fusermount.fc serefpolicy-2.6.4/policy/modules/system/fusermount.fc --- nsaserefpolicy/policy/modules/system/fusermount.fc 1969-12-31 19:00:00.000000000 -0500 +++ serefpolicy-2.6.4/policy/modules/system/fusermount.fc 2007-08-07 09:42:35.000000000 -0400 @@ -14054,7 +14066,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount. -/usr/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.6.4/policy/modules/system/mount.te --- nsaserefpolicy/policy/modules/system/mount.te 2007-05-07 14:51:02.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/mount.te 2007-10-30 16:18:14.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/mount.te 2007-12-21 02:33:51.000000000 -0500 @@ -9,6 +9,13 @@ ifdef(`targeted_policy',` ## @@ -14184,9 +14196,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount. +# +# ntfs local policy +# -+allow mount_t self:fifo_file { read write }; ++allow mount_t self:fifo_file rw_fifo_file_perms; +allow mount_t self:unix_stream_socket create_stream_socket_perms; -+allow mount_t self:unix_dgram_socket { connect create }; ++allow mount_t self:unix_dgram_socket create_socket_perms; + +corecmd_exec_shell(mount_t) + diff --git a/selinux-policy.spec b/selinux-policy.spec index 32ffba3..d68171c 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 2.6.4 -Release: 63%{?dist} +Release: 64%{?dist} License: GPL Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -363,6 +363,9 @@ semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init %endif %changelog +* Thu Dec 20 2007 Dan Walsh 2.6.4-64 +- Allow fsadm_t to read file_t + * Thu Dec 13 2007 Dan Walsh 2.6.4-63 - Fix labeling on /var/spool/cups