diff --git a/policy-20080710.patch b/policy-20080710.patch index d3da088..ad91089 100644 --- a/policy-20080710.patch +++ b/policy-20080710.patch @@ -4394,8 +4394,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol +') diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.5.13/policy/modules/apps/nsplugin.te --- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-3.5.13/policy/modules/apps/nsplugin.te 2008-10-28 10:58:06.000000000 -0400 -@@ -0,0 +1,256 @@ ++++ serefpolicy-3.5.13/policy/modules/apps/nsplugin.te 2008-10-29 12:10:02.000000000 -0400 +@@ -0,0 +1,257 @@ + +policy_module(nsplugin, 1.0.0) + @@ -4494,6 +4494,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol +kernel_read_kernel_sysctls(nsplugin_t) +kernel_read_system_state(nsplugin_t) + ++files_dontaudit_getattr_lost_found_dirs(nsplugin_t) +files_dontaudit_list_home(nsplugin_t) +files_read_usr_files(nsplugin_t) +files_read_etc_files(nsplugin_t) @@ -7133,7 +7134,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol /etc/localtime -l gen_context(system_u:object_r:etc_t,s0) diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.5.13/policy/modules/kernel/files.if --- nsaserefpolicy/policy/modules/kernel/files.if 2008-08-07 11:15:01.000000000 -0400 -+++ serefpolicy-3.5.13/policy/modules/kernel/files.if 2008-10-28 10:56:19.000000000 -0400 ++++ serefpolicy-3.5.13/policy/modules/kernel/files.if 2008-10-29 12:09:50.000000000 -0400 @@ -110,6 +110,11 @@ ## # @@ -8589,8 +8590,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol +logging_admin(logadm_t, logadm_r, { logadm_devpts_t logadm_tty_device_t }) diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.5.13/policy/modules/roles/staff.te --- nsaserefpolicy/policy/modules/roles/staff.te 2008-08-07 11:15:11.000000000 -0400 -+++ serefpolicy-3.5.13/policy/modules/roles/staff.te 2008-10-28 11:14:35.000000000 -0400 -@@ -4,27 +4,63 @@ ++++ serefpolicy-3.5.13/policy/modules/roles/staff.te 2008-10-29 12:02:31.000000000 -0400 +@@ -4,27 +4,68 @@ ######################################## # # Declarations @@ -8656,6 +8657,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol +optional_policy(` + webadm_role_change_template(staff) +') ++ ++optional_policy(` ++ cron_admin_template(sysadm) ++') ++ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.if serefpolicy-3.5.13/policy/modules/roles/sysadm.if --- nsaserefpolicy/policy/modules/roles/sysadm.if 2008-08-07 11:15:11.000000000 -0400 +++ serefpolicy-3.5.13/policy/modules/roles/sysadm.if 2008-10-28 11:21:02.000000000 -0400 @@ -8856,7 +8862,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.5.13/policy/modules/roles/sysadm.te --- nsaserefpolicy/policy/modules/roles/sysadm.te 2008-08-07 11:15:11.000000000 -0400 -+++ serefpolicy-3.5.13/policy/modules/roles/sysadm.te 2008-10-29 12:00:43.000000000 -0400 ++++ serefpolicy-3.5.13/policy/modules/roles/sysadm.te 2008-10-29 12:02:23.000000000 -0400 @@ -15,7 +14,7 @@ role sysadm_r; @@ -8866,20 +8872,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ifndef(`enable_mls',` userdom_security_admin_template(sysadm_t, sysadm_r, { sysadm_tty_device_t sysadm_devpts_t }) -@@ -109,9 +108,9 @@ - consoletype_run(sysadm_t, sysadm_r, { sysadm_tty_device_t sysadm_devpts_t }) +@@ -110,10 +109,6 @@ ') --optional_policy(` + optional_policy(` - cron_admin_template(sysadm) -') -+#optional_policy(` -+# cron_admin_template(sysadm) -+#') - - optional_policy(` +- +-optional_policy(` cvs_exec(sysadm_t) -@@ -171,6 +170,10 @@ + ') + +@@ -171,6 +166,10 @@ ') optional_policy(` @@ -8890,7 +8894,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol kudzu_run(sysadm_t, sysadm_r, { sysadm_tty_device_t sysadm_devpts_t }) ') -@@ -215,8 +218,8 @@ +@@ -215,8 +214,8 @@ optional_policy(` netutils_run(sysadm_t, sysadm_r, { sysadm_tty_device_t sysadm_devpts_t }) @@ -8901,7 +8905,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ') optional_policy(` -@@ -328,3 +331,5 @@ +@@ -328,3 +327,5 @@ optional_policy(` yam_run(sysadm_t, sysadm_r, { sysadm_tty_device_t sysadm_devpts_t }) ') diff --git a/selinux-policy.spec b/selinux-policy.spec index 63ade9d..a89de51 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -20,7 +20,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.5.13 -Release: 9%{?dist} +Release: 10%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -457,6 +457,10 @@ exit 0 %endif %changelog +* Wed Oct 29 2008 Dan Walsh 3.5.13-10 +- Fix confined users +- Allow xguest to read/write xguest_dbusd_t + * Mon Oct 27 2008 Dan Walsh 3.5.13-9 - Allow openoffice execstack/execmem privs