From 8bc824d749fa374d0abc26e22b5ba8b0e60a2677 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Jul 16 2009 11:24:55 +0000 Subject: - Update to upstream --- diff --git a/policy-F12.patch b/policy-F12.patch index 32842ae..0debeb3 100644 --- a/policy-F12.patch +++ b/policy-F12.patch @@ -18509,7 +18509,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.6.22/policy/modules/services/rsync.te --- nsaserefpolicy/policy/modules/services/rsync.te 2009-07-14 14:19:57.000000000 -0400 -+++ serefpolicy-3.6.22/policy/modules/services/rsync.te 2009-07-15 14:06:36.000000000 -0400 ++++ serefpolicy-3.6.22/policy/modules/services/rsync.te 2009-07-16 07:21:18.000000000 -0400 @@ -8,6 +8,13 @@ ## @@ -18524,7 +18524,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ## Allow rsync to export any files/directories read only. ##

## -@@ -126,4 +133,16 @@ +@@ -126,4 +133,19 @@ auth_read_all_symlinks_except_shadow(rsync_t) auth_tunable_read_shadow(rsync_t) ') @@ -18535,7 +18535,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol + manage_dirs_pattern(rsync_t, rsync_data_t, rsync_data_t) + manage_files_pattern(rsync_t, rsync_data_t, rsync_data_t) + manage_lnk_files_pattern(rsync_t, rsync_data_t, rsync_data_t) -+ optional_policy(` ++') ++ ++optional_policy(` ++ tunable_policy(`rsync_client',` + ssh_exec(rsync_t) + ') +') @@ -23821,12 +23824,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol + diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.6.22/policy/modules/system/authlogin.if --- nsaserefpolicy/policy/modules/system/authlogin.if 2009-07-14 14:19:57.000000000 -0400 -+++ serefpolicy-3.6.22/policy/modules/system/authlogin.if 2009-07-15 14:06:36.000000000 -0400 -@@ -40,17 +40,77 @@ ++++ serefpolicy-3.6.22/policy/modules/system/authlogin.if 2009-07-16 07:17:46.000000000 -0400 +@@ -40,17 +40,76 @@ ## ## # +interface(`auth_use_pam',` ++ + # for SSP/ProPolice + dev_read_urand($1) + # for encrypted homedir @@ -23895,12 +23899,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol + allow $1 self:key manage_key_perms; + userdom_manage_all_users_keys($1) + -+ auth_use_pam($1) -+ files_list_var_lib($1) manage_files_pattern($1, var_auth_t, var_auth_t) -@@ -62,8 +122,6 @@ +@@ -62,8 +121,6 @@ manage_sock_files_pattern($1, auth_cache_t, auth_cache_t) files_var_filetrans($1, auth_cache_t, dir) @@ -23909,7 +23911,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol # for fingerprint readers dev_rw_input_dev($1) dev_rw_generic_usb_dev($1) -@@ -86,27 +144,45 @@ +@@ -86,27 +143,44 @@ mls_process_set_level($1) mls_fd_share_all_levels($1) @@ -23923,6 +23925,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol - auth_exec_pam($1) - auth_use_nsswitch($1) + auth_manage_pam_pid($1) ++ auth_use_pam($1) init_rw_utmp($1) @@ -23945,10 +23948,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol + ') + + optional_policy(` -+ optional_policy(` -+ oddjob_dbus_chat($1) -+ oddjob_domtrans_mkhomedir($1) -+ ') ++ oddjob_dbus_chat($1) ++ oddjob_domtrans_mkhomedir($1) + ') + + optional_policy(` @@ -23968,7 +23969,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ') ') -@@ -305,19 +381,16 @@ +@@ -305,19 +379,16 @@ dev_read_rand($1) dev_read_urand($1) @@ -23993,7 +23994,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ') optional_policy(` -@@ -328,6 +401,29 @@ +@@ -328,6 +399,29 @@ optional_policy(` samba_stream_connect_winbind($1) ') @@ -24023,7 +24024,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ') ######################################## -@@ -352,6 +448,7 @@ +@@ -352,6 +446,7 @@ auth_domtrans_chk_passwd($1) role $2 types chkpwd_t; @@ -24031,7 +24032,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ') ######################################## -@@ -1129,6 +1226,32 @@ +@@ -1129,6 +1224,32 @@ ######################################## ## @@ -24064,7 +24065,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ## Manage all files on the filesystem, except ## the shadow passwords and listed exceptions. ## -@@ -1254,6 +1377,25 @@ +@@ -1254,6 +1375,25 @@ ######################################## ## @@ -24090,7 +24091,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ## Do not audit attempts to write to ## login records files. ## -@@ -1395,6 +1537,14 @@ +@@ -1395,6 +1535,14 @@ ') optional_policy(` @@ -24105,7 +24106,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol nis_use_ypbind($1) ') -@@ -1403,8 +1553,17 @@ +@@ -1403,8 +1551,17 @@ ') optional_policy(`