From 03041f0bec8bd79afe6462246f5d3d0c74e81854 Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Apr 14 2009 15:54:46 +0000 Subject: - Fix iptables labeling --- diff --git a/policy-20080710.patch b/policy-20080710.patch index 2f8809d..b1d6a5d 100644 --- a/policy-20080710.patch +++ b/policy-20080710.patch @@ -25651,9 +25651,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radv allow radvd_t self:unix_dgram_socket create_socket_perms; diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.fc serefpolicy-3.5.13/policy/modules/services/razor.fc --- nsaserefpolicy/policy/modules/services/razor.fc 2008-10-17 14:49:13.000000000 +0200 -+++ serefpolicy-3.5.13/policy/modules/services/razor.fc 2009-02-10 15:07:15.000000000 +0100 -@@ -1,4 +1,4 @@ ++++ serefpolicy-3.5.13/policy/modules/services/razor.fc 2009-04-14 17:49:39.000000000 +0200 +@@ -1,4 +1,6 @@ -HOME_DIR/\.razor(/.*)? gen_context(system_u:object_r:ROLE_razor_home_t,s0) ++/root/\.razor(/.*)? gen_context(system_u:object_r:spamc_home_t,s0) ++ +HOME_DIR/\.razor(/.*)? gen_context(system_u:object_r:razor_home_t,s0) /etc/razor(/.*)? gen_context(system_u:object_r:razor_etc_t,s0) @@ -28048,13 +28050,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snor ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.5.13/policy/modules/services/spamassassin.fc --- nsaserefpolicy/policy/modules/services/spamassassin.fc 2008-10-17 14:49:11.000000000 +0200 -+++ serefpolicy-3.5.13/policy/modules/services/spamassassin.fc 2009-04-14 10:34:25.000000000 +0200 -@@ -1,16 +1,26 @@ ++++ serefpolicy-3.5.13/policy/modules/services/spamassassin.fc 2009-04-14 17:49:28.000000000 +0200 +@@ -1,16 +1,24 @@ -HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:ROLE_spamassassin_home_t,s0) +HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:spamc_home_t,s0) + -+/root/\.razor(/.*)? gen_context(system_u:object_r:spamc_home_t,s0) -+ +/etc/rc\.d/init\.d/spamd -- gen_context(system_u:object_r:spamd_initrc_exec_t,s0) +/etc/rc\.d/init\.d/mimedefang.* -- gen_context(system_u:object_r:spamd_initrc_exec_t,s0) @@ -33416,11 +33416,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec. allow setkey_t ipsec_conf_file_t:dir list_dir_perms; diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.fc serefpolicy-3.5.13/policy/modules/system/iptables.fc --- nsaserefpolicy/policy/modules/system/iptables.fc 2008-10-17 14:49:13.000000000 +0200 -+++ serefpolicy-3.5.13/policy/modules/system/iptables.fc 2009-03-25 22:38:51.000000000 +0100 -@@ -6,3 +6,4 @@ - /usr/sbin/ip6tables.* -- gen_context(system_u:object_r:iptables_exec_t,s0) - /usr/sbin/ipchains.* -- gen_context(system_u:object_r:iptables_exec_t,s0) - /usr/sbin/iptables.* -- gen_context(system_u:object_r:iptables_exec_t,s0) ++++ serefpolicy-3.5.13/policy/modules/system/iptables.fc 2009-04-14 17:49:05.000000000 +0200 +@@ -1,8 +1,6 @@ + +-/sbin/ip6tables.* -- gen_context(system_u:object_r:iptables_exec_t,s0) +-/sbin/ipchains.* -- gen_context(system_u:object_r:iptables_exec_t,s0) +-/sbin/iptables.* -- gen_context(system_u:object_r:iptables_exec_t,s0) ++/sbin/ip6?tables -- gen_context(system_u:object_r:iptables_exec_t,s0) ++/sbin/ip6?tables-restore -- gen_context(system_u:object_r:iptables_exec_t,s0) ++/sbin/ip6?tables-multi -- gen_context(system_u:object_r:iptables_exec_t,s0) + +-/usr/sbin/ip6tables.* -- gen_context(system_u:object_r:iptables_exec_t,s0) +-/usr/sbin/ipchains.* -- gen_context(system_u:object_r:iptables_exec_t,s0) +-/usr/sbin/iptables.* -- gen_context(system_u:object_r:iptables_exec_t,s0) +/var/lib/shorewall(/.*)? -- gen_context(system_u:object_r:iptables_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.5.13/policy/modules/system/iptables.te --- nsaserefpolicy/policy/modules/system/iptables.te 2008-10-17 14:49:13.000000000 +0200 diff --git a/selinux-policy.spec b/selinux-policy.spec index 8dc8d02..4399160 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -463,6 +463,7 @@ exit 0 * Tue Apr 14 2009 Miroslav Grepl 3.5.13-56 - Fix fail2ban policy - Allow sendmail to read fail2ban_var_lib_t +- Fix iptables labeling * Tue Apr 7 2009 Miroslav Grepl 3.5.13-55 - Allow swat_t domtrans to smbd_t