From 89666420e68f1716e7f037e6d1e8e9382318402a Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: May 03 2013 15:43:43 +0000 Subject: * Fri May 3 2013 Miroslav Grepl 3.12.1-40 - Fix realmd cache interfaces --- diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch index 9b103be..bdc5d2b 100644 --- a/policy-rawhide-contrib.patch +++ b/policy-rawhide-contrib.patch @@ -63868,7 +63868,7 @@ index 04babe3..3b92679 100644 + +/var/lib/ipa-client(/.*)? gen_context(system_u:object_r:realmd_var_lib_t,s0) diff --git a/realmd.if b/realmd.if -index bff31df..041893c 100644 +index bff31df..13ad9e5 100644 --- a/realmd.if +++ b/realmd.if @@ -1,8 +1,9 @@ @@ -63883,7 +63883,7 @@ index bff31df..041893c 100644 ## ## ## -@@ -39,3 +40,86 @@ interface(`realmd_dbus_chat',` +@@ -39,3 +40,87 @@ interface(`realmd_dbus_chat',` allow $1 realmd_t:dbus send_msg; allow realmd_t $1:dbus send_msg; ') @@ -63900,10 +63900,10 @@ index bff31df..041893c 100644 +# +interface(`realmd_search_cache',` + gen_require(` -+ type realmd_cache_t; ++ type realmd_var_cache_t; + ') + -+ allow $1 realmd_cache_t:dir search_dir_perms; ++ allow $1 realmd_var_cache_t:dir search_dir_perms; + files_search_var($1) +') + @@ -63919,11 +63919,11 @@ index bff31df..041893c 100644 +# +interface(`realmd_read_cache_files',` + gen_require(` -+ type realmd_cache_t; ++ type realmd_var_cache_t; + ') + + files_search_var($1) -+ read_files_pattern($1, realmd_cache_t, realmd_cache_t) ++ read_files_pattern($1, realmd_var_cache_t, realmd_var_cache_t) +') + +######################################## @@ -63939,11 +63939,11 @@ index bff31df..041893c 100644 +# +interface(`realmd_manage_cache_files',` + gen_require(` -+ type realmd_cache_t; ++ type realmd_var_cache_t; + ') + + files_search_var($1) -+ manage_files_pattern($1, realmd_cache_t, realmd_cache_t) ++ manage_files_pattern($1, realmd_var_cache_t, realmd_var_cache_t) +') + +######################################## @@ -63958,18 +63958,19 @@ index bff31df..041893c 100644 +# +interface(`realmd_manage_cache_dirs',` + gen_require(` -+ type realmd_cache_t; ++ type realmd_var_cache_t; + ') + + files_search_var($1) -+ manage_dirs_pattern($1, realmd_cache_t, realmd_cache_t) ++ manage_dirs_pattern($1, realmd_var_cache_t, realmd_var_cache_t) +') + + -+manage_dirs_pattern(realmd_t, realmd_cache_t, realmd_cache_t) -+manage_files_pattern(realmd_t, realmd_cache_t, realmd_cache_t) -+manage_lnk_files_pattern(realmd_t, realmd_cache_t, realmd_cache_t) -+files_var_filetrans(realmd_t, realmd_cache_t, { dir file lnk_file }) ++manage_dirs_pattern(realmd_t, realmd_var_cache_t, realmd_var_cache_t) ++manage_files_pattern(realmd_t, realmd_var_cache_t, realmd_var_cache_t) ++manage_lnk_files_pattern(realmd_t, realmd_var_cache_t, realmd_var_cache_t) ++files_var_filetrans(realmd_t, realmd_var_cache_t, { dir file lnk_file }) ++') diff --git a/realmd.te b/realmd.te index 9a8f052..c558c79 100644 --- a/realmd.te diff --git a/selinux-policy.spec b/selinux-policy.spec index 5ed207f..0d8d8ec 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -19,7 +19,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.12.1 -Release: 39%{?dist} +Release: 40%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -530,6 +530,9 @@ SELinux Reference policy mls base module. %endif %changelog +* Fri May 3 2013 Miroslav Grepl 3.12.1-40 +- Fix realmd cache interfaces + * Fri May 3 2013 Miroslav Grepl 3.12.1-39 - Allow tcpd to execute leafnode - Allow samba-net to read realmd cache files