From d7904ba6b807e1d01c830dc13a1d43c4d0f5bdf9 Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Sep 27 2012 15:40:08 +0000 Subject: * Thu Sep 27 2012 Miroslav Grepl 3.11.1-28 - Fixes for tomcat_domain template interface --- diff --git a/policy_contrib-rawhide.patch b/policy_contrib-rawhide.patch index 170c14a..1979977 100644 --- a/policy_contrib-rawhide.patch +++ b/policy_contrib-rawhide.patch @@ -63141,10 +63141,10 @@ index 0000000..a8385bc +/var/run/tomcat6?\.pid -- gen_context(system_u:object_r:tomcat_var_run_t,s0) diff --git a/tomcat.if b/tomcat.if new file mode 100644 -index 0000000..226293f +index 0000000..e797c0e --- /dev/null +++ b/tomcat.if -@@ -0,0 +1,395 @@ +@@ -0,0 +1,400 @@ + +## policy for tomcat + @@ -63195,15 +63195,18 @@ index 0000000..226293f + + manage_dirs_pattern($1_t, $1_log_t, $1_log_t) + manage_files_pattern($1_t, $1_log_t, $1_log_t) ++ manage_lnk_files_pattern($1_t, $1_log_t, $1_log_t) + logging_log_filetrans($1_t, $1_log_t, { dir file }) + + manage_dirs_pattern($1_t, $1_var_lib_t, $1_var_lib_t) + manage_files_pattern($1_t, $1_var_lib_t, $1_var_lib_t) -+ files_var_lib_filetrans($1_t, $1_var_lib_t, { dir file }) ++ manage_lnk_files_pattern($1_t, $1_var_lib_t, $1_var_lib_t) ++ files_var_lib_filetrans($1_t, $1_var_lib_t, { dir file lnk_file }) + + manage_dirs_pattern($1_t, $1_var_run_t, $1_var_run_t) + manage_files_pattern($1_t, $1_var_run_t, $1_var_run_t) -+ files_pid_filetrans($1_t, $1_var_run_t, { dir file }) ++ manage_lnk_files_pattern($1_t, $1_var_run_t, $1_var_run_t) ++ files_pid_filetrans($1_t, $1_var_run_t, { dir file lnk_file }) + + manage_dirs_pattern($1_t, $1_tmp_t, $1_tmp_t) + manage_files_pattern($1_t, $1_tmp_t, $1_tmp_t) @@ -63213,6 +63216,8 @@ index 0000000..226293f + can_exec($1_t, $1_exec_t) + + kernel_read_system_state($1_t) ++ ++ loggin_send_syslog_msgs($1_t) +') + +######################################## diff --git a/selinux-policy.spec b/selinux-policy.spec index 4768ecb..f032e78 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -19,7 +19,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.11.1 -Release: 27%{?dist} +Release: 28%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -521,6 +521,9 @@ SELinux Reference policy mls base module. %endif %changelog +* Thu Sep 27 2012 Miroslav Grepl 3.11.1-28 +- Fixes for tomcat_domain template interface + * Thu Sep 27 2012 Miroslav Grepl 3.11.1-27 - Remove init_systemd and init_upstart boolean, Move init_daemon_domain and init_system_domain to use attributes - Add attribute to all base os types. Allow all domains to read all ro base OS types