diff --git a/policy-20080509.patch b/policy-20080509.patch index 8b5d4b7..85f3e50 100644 --- a/policy-20080509.patch +++ b/policy-20080509.patch @@ -1584,7 +1584,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.4.2/policy/modules/admin/tmpreaper.te --- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2008-06-12 23:25:08.000000000 -0400 -+++ serefpolicy-3.4.2/policy/modules/admin/tmpreaper.te 2008-07-02 08:47:04.000000000 -0400 ++++ serefpolicy-3.4.2/policy/modules/admin/tmpreaper.te 2008-07-08 15:18:50.000000000 -0400 @@ -22,12 +22,14 @@ dev_read_urand(tmpreaper_t) @@ -1608,7 +1608,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreap +userdom_delete_all_users_home_content_files(tmpreaper_t) +userdom_delete_all_users_home_content_symlinks(tmpreaper_t) + -+files_delete_isid_type_dirs(tmpreaper_t) ++files_manage_isid_type_dirs(tmpreaper_t) +files_delete_isid_type_files(tmpreaper_t) + +optional_policy(` @@ -6632,7 +6632,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files. # /emul diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.4.2/policy/modules/kernel/files.if --- nsaserefpolicy/policy/modules/kernel/files.if 2008-06-12 23:25:02.000000000 -0400 -+++ serefpolicy-3.4.2/policy/modules/kernel/files.if 2008-07-02 14:59:18.000000000 -0400 ++++ serefpolicy-3.4.2/policy/modules/kernel/files.if 2008-07-08 15:17:08.000000000 -0400 @@ -110,6 +110,11 @@ ## # @@ -33478,7 +33478,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo +/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.4.2/policy/modules/system/userdomain.if --- nsaserefpolicy/policy/modules/system/userdomain.if 2008-06-12 23:25:07.000000000 -0400 -+++ serefpolicy-3.4.2/policy/modules/system/userdomain.if 2008-07-07 11:47:08.000000000 -0400 ++++ serefpolicy-3.4.2/policy/modules/system/userdomain.if 2008-07-08 15:19:54.000000000 -0400 @@ -28,10 +28,14 @@ class context contains; ') diff --git a/selinux-policy.spec b/selinux-policy.spec index 843adf6..8c81954 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.4.2 -Release: 12%{?dist} +Release: 13%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -375,6 +375,9 @@ exit 0 %endif %changelog +* Tue Jul 8 2008 Dan Walsh 3.4.2-13 +- Allow unconfined_t to setfcap + * Mon Jul 7 2008 Dan Walsh 3.4.2-12 - Allow amanda to read tape - Allow prewikka cgi to use syslog, allow audisp_t to signal cgi