diff --git a/policy-20080710.patch b/policy-20080710.patch index ca456d7..f45f40d 100644 --- a/policy-20080710.patch +++ b/policy-20080710.patch @@ -26259,7 +26259,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol allow iscsid_t self:unix_stream_socket { create_stream_socket_perms connectto }; diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.5.12/policy/modules/system/libraries.fc --- nsaserefpolicy/policy/modules/system/libraries.fc 2008-08-13 15:24:56.000000000 -0400 -+++ serefpolicy-3.5.12/policy/modules/system/libraries.fc 2008-10-15 08:59:49.000000000 -0400 ++++ serefpolicy-3.5.12/policy/modules/system/libraries.fc 2008-10-16 10:30:51.000000000 -0400 @@ -60,12 +61,15 @@ # # /opt @@ -26286,15 +26286,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol /opt/cisco-vpnclient/lib/libvpnapi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /opt/cxoffice/lib/wine/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /opt/f-secure/fspms/libexec/librapi\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -@@ -123,6 +128,7 @@ - /usr/lib(64)?/libsipphoneapi\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) - /usr/lib(64)?/ati-fglrx/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0) - /usr/lib(64)?/(nvidia/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -+/usr/lib(64)?/xorg/libGL\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) - /usr/lib(64)?/fglrx/libGL\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) - /usr/lib(64)?/libGLU\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) - /usr/lib(64)?/libjs\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -@@ -133,6 +139,7 @@ +@@ -133,6 +138,7 @@ /usr/lib(64)?/nvidia-graphics(-[^/]*/)?libnvidia.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/nvidia-graphics(-[^/]*/)?libXvMCNVIDIA\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/xorg/libGL\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -26302,7 +26294,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol /usr/lib(64)?/xulrunner-[^/]*/libgtkembedmoz\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/xulrunner-[^/]*/libxul\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) -@@ -168,7 +175,8 @@ +@@ -168,7 +174,8 @@ # Fedora Core packages: gstreamer-plugins, compat-libstdc++, Glide3, libdv # HelixPlayer, SDL, xorg-x11, xorg-x11-libs, Hermes, valgrind, openoffice.org-libs, httpd - php /usr/lib(64)?/gstreamer-.*/[^/]*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -26312,7 +26304,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol /usr/lib/firefox-[^/]*/plugins/nppdf.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/libFLAC\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -@@ -187,6 +195,7 @@ +@@ -187,6 +194,7 @@ /usr/lib(64)?/libdv\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/helix/plugins/[^/]*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/helix/codecs/[^/]*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -26320,7 +26312,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol /usr/lib(64)?/libSDL-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/xorg/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/X11R6/lib/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) -@@ -246,7 +255,7 @@ +@@ -246,7 +254,7 @@ # Flash plugin, Macromedia HOME_DIR/\.mozilla(/.*)?/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -26329,7 +26321,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol /usr/lib(64)?/.*/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/local/(.*/)?libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) HOME_DIR/.*/plugins/nprhapengine\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -@@ -267,6 +276,8 @@ +@@ -267,6 +275,8 @@ /usr/lib(64)?/vmware/lib(/.*)?/HConfig\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/vmware/(.*/)?VmPerl\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -26338,7 +26330,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol # Java, Sun Microsystems (JPackage SRPM) /usr/(.*/)?jre.*/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/local/(.*/)?jre.*/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -@@ -291,6 +302,8 @@ +@@ -291,6 +301,8 @@ /usr/lib/acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/acroread/.+\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/acroread/(.*/)?ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -26347,7 +26339,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ') dnl end distro_redhat # -@@ -310,3 +323,15 @@ +@@ -310,3 +322,15 @@ /var/spool/postfix/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0) /var/spool/postfix/usr(/.*)? gen_context(system_u:object_r:lib_t,s0) /var/spool/postfix/lib(64)?/ld.*\.so.* -- gen_context(system_u:object_r:ld_so_t,s0) @@ -32078,3 +32070,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol - gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats) -') +gen_user(root, user, unconfined_r sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats) +diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-3.5.12/support/Makefile.devel +--- nsaserefpolicy/support/Makefile.devel 2008-08-07 11:15:14.000000000 -0400 ++++ serefpolicy-3.5.12/support/Makefile.devel 2008-10-16 10:33:22.000000000 -0400 +@@ -181,7 +181,7 @@ + tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te + @$(EINFO) "Compiling $(NAME) $(basename $(@F)) module" + @test -d $(@D) || mkdir -p $(@D) +- $(call peruser-expansion,$(basename $(@F)),$@.role) ++# $(call peruser-expansion,$(basename $(@F)),$@.role) + $(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp) + $(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@ + diff --git a/selinux-policy.spec b/selinux-policy.spec index d218ee5..0123514 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -20,7 +20,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.5.12 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -91,6 +91,9 @@ make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=% make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 conf \ cp -f $RPM_SOURCE_DIR/modules-%1.conf ./policy/modules.conf \ cp -f $RPM_SOURCE_DIR/booleans-%1.conf ./policy/booleans.conf \ +# Always create policy module package directories +mkdir -p %{buildroot}%{_usr}/share/selinux/%1 +ln -s %{_usr}/share/selinux/devel/include %{buildroot}%{_usr}/share/selinux/%1/include %define moduleList() %([ -f %{_sourcedir}/modules-%{1}.conf ] && \ awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "-i %%s.pp ", $1 }' %{_sourcedir}/modules-%{1}.conf ) @@ -124,6 +127,7 @@ bzip2 %{buildroot}/%{_usr}/share/selinux/%1/*.pp %defattr(-,root,root) \ %dir %{_usr}/share/selinux/%1 \ %{_usr}/share/selinux/%1/*.pp.bz2 \ +%{_usr}/share/selinux/%1/include \ %dir %{_sysconfdir}/selinux/%1 \ %config(noreplace) %{_sysconfdir}/selinux/%1/setrans.conf \ %ghost %{_sysconfdir}/selinux/%1/seusers \ @@ -213,9 +217,6 @@ mkdir -p %{buildroot}%{_sysconfdir}/sysconfig touch %{buildroot}%{_sysconfdir}/selinux/config touch %{buildroot}%{_sysconfdir}/sysconfig/selinux -# Always create policy module package directories -mkdir -p %{buildroot}%{_usr}/share/selinux/{targeted,mls}/ - # Install devel make clean %if %{BUILD_TARGETED} @@ -460,6 +461,11 @@ exit 0 %endif %changelog +* Thu Oct 16 2008 Dan Walsh 3.5.12-3 +- Remove Multiple spec +- Add include +- Fix makefile to not call per_role_expansion + * Wed Oct 15 2008 Dan Walsh 3.5.12-2 - Fix labeling of libGL