diff --git a/policy-20071130.patch b/policy-20071130.patch index 2846bc8..e689974 100644 --- a/policy-20071130.patch +++ b/policy-20071130.patch @@ -1456,7 +1456,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda. diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-3.3.1/policy/modules/admin/amanda.te --- nsaserefpolicy/policy/modules/admin/amanda.te 2008-06-12 23:38:01.000000000 -0400 -+++ serefpolicy-3.3.1/policy/modules/admin/amanda.te 2008-07-02 08:47:10.000000000 -0400 ++++ serefpolicy-3.3.1/policy/modules/admin/amanda.te 2008-07-07 11:14:55.000000000 -0400 @@ -82,8 +82,9 @@ allow amanda_t amanda_config_t:file { getattr read }; @@ -1478,7 +1478,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda. manage_dirs_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t) manage_files_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t) -@@ -220,6 +221,7 @@ +@@ -146,6 +147,8 @@ + fs_list_all(amanda_t) + + storage_raw_read_fixed_disk(amanda_t) ++storage_read_tape(amanda_t) ++storage_write_tape(amanda_t) + + # Added for targeted policy + term_use_unallocated_ttys(amanda_t) +@@ -220,6 +223,7 @@ auth_use_nsswitch(amanda_recover_t) fstools_domtrans(amanda_t) @@ -8863,7 +8872,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.3.1/policy/modules/kernel/filesystem.te --- nsaserefpolicy/policy/modules/kernel/filesystem.te 2008-06-12 23:38:02.000000000 -0400 -+++ serefpolicy-3.3.1/policy/modules/kernel/filesystem.te 2008-07-02 08:47:10.000000000 -0400 ++++ serefpolicy-3.3.1/policy/modules/kernel/filesystem.te 2008-07-07 12:19:17.000000000 -0400 @@ -21,10 +21,11 @@ # Use xattrs for the following filesystem types. @@ -8909,12 +8918,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy # # iso9660_t is the type for CD filesystems -@@ -231,6 +243,9 @@ +@@ -231,6 +243,10 @@ genfscon hfs / gen_context(system_u:object_r:nfs_t,s0) genfscon hfsplus / gen_context(system_u:object_r:nfs_t,s0) genfscon reiserfs / gen_context(system_u:object_r:nfs_t,s0) +genfscon lustre / gen_context(system_u:object_r:nfs_t,s0) +genfscon panfs / gen_context(system_u:object_r:nfs_t,s0) ++genfscon ncpfs / gen_context(system_u:object_r:nfs_t,s0) + ######################################## @@ -21511,8 +21521,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prel +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.3.1/policy/modules/services/prelude.te --- nsaserefpolicy/policy/modules/services/prelude.te 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-3.3.1/policy/modules/services/prelude.te 2008-07-02 08:47:10.000000000 -0400 -@@ -0,0 +1,249 @@ ++++ serefpolicy-3.3.1/policy/modules/services/prelude.te 2008-07-07 11:27:35.000000000 -0400 +@@ -0,0 +1,251 @@ + +policy_module(prelude, 1.0.0) + @@ -21753,6 +21763,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prel + + can_exec(httpd_prewikka_script_t, httpd_prewikka_script_exec_t) + ++ logging_send_syslog_msg(httpd_prewikka_script_t) ++ + optional_policy(` + mysql_search_db(httpd_prewikka_script_t) + mysql_stream_connect(httpd_prewikka_script_t) @@ -30860,7 +30872,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin +/var/cfengine/outputs(/.*)? gen_context(system_u:object_r:var_log_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.3.1/policy/modules/system/logging.if --- nsaserefpolicy/policy/modules/system/logging.if 2008-06-12 23:38:01.000000000 -0400 -+++ serefpolicy-3.3.1/policy/modules/system/logging.if 2008-07-02 08:47:10.000000000 -0400 ++++ serefpolicy-3.3.1/policy/modules/system/logging.if 2008-07-07 11:26:21.000000000 -0400 @@ -213,12 +213,7 @@ ## # @@ -30956,7 +30968,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin ') ######################################## -@@ -804,3 +838,128 @@ +@@ -804,3 +838,129 @@ logging_admin_audit($1, $2, $3) logging_admin_syslog($1, $2, $3) ') @@ -31062,6 +31074,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin + role system_r types $1; + + domtrans_pattern(audisp_t,$2,$1) ++ allow $1 audisp_t:process signal; + + allow audisp_t $2:file getattr; + allow $1 audisp_t:unix_stream_socket rw_socket_perms; diff --git a/selinux-policy.spec b/selinux-policy.spec index 4f6304b..1ba8e12 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.3.1 -Release: 76%{?dist} +Release: 77%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -385,6 +385,11 @@ exit 0 %endif %changelog +* Mon Jul 7 2008 Dan Walsh 3.3.1-77 +- Allow amanda to read tape +- Allow prewikka cgi to use syslog, allow audisp_t to signal cgi +- Add support for netware file systems + * Thu Jul 3 2008 Dan Walsh 3.3.1-76 - Allow ypbind apps to net_bind_service