diff --git a/modules-targeted.conf b/modules-targeted.conf index 12f1400..c576ffd 100644 --- a/modules-targeted.conf +++ b/modules-targeted.conf @@ -1681,4 +1681,4 @@ livecd = module # # Snort network intrusion detection system # -snort = base +snort = module diff --git a/policy-20080710.patch b/policy-20080710.patch index cac8643..07c9e40 100644 --- a/policy-20080710.patch +++ b/policy-20080710.patch @@ -358,18 +358,26 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol init_use_fds(consoletype_t) diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-3.5.5/policy/modules/admin/firstboot.te --- nsaserefpolicy/policy/modules/admin/firstboot.te 2008-08-25 09:12:31.000000000 -0400 -+++ serefpolicy-3.5.5/policy/modules/admin/firstboot.te 2008-08-25 10:50:15.000000000 -0400 -@@ -118,6 +118,10 @@ ++++ serefpolicy-3.5.5/policy/modules/admin/firstboot.te 2008-08-29 15:12:36.000000000 -0400 +@@ -118,15 +118,7 @@ usermanage_domtrans_admin_passwd(firstboot_t) ') +-ifdef(`TODO',` +-allow firstboot_t proc_t:file write; +- +-ifdef(`printconf.te', ` +- can_exec(firstboot_t, printconf_t) +-') +- +-ifdef(`userhelper.te', ` +- role system_r types sysadm_userhelper_t; +- domain_auto_trans(firstboot_t, userhelper_exec_t, sysadm_userhelper_t) +optional_policy(` + xserver_xdm_rw_shm(firstboot_t) -+') -+ - ifdef(`TODO',` - allow firstboot_t proc_t:file write; - ++ xserver_unconfined(firstboot_t) + ') +-') dnl end TODO diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-3.5.5/policy/modules/admin/kudzu.te --- nsaserefpolicy/policy/modules/admin/kudzu.te 2008-08-14 13:08:27.000000000 -0400 +++ serefpolicy-3.5.5/policy/modules/admin/kudzu.te 2008-08-25 10:50:15.000000000 -0400 @@ -13492,7 +13500,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol + diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.5.5/policy/modules/services/cups.te --- nsaserefpolicy/policy/modules/services/cups.te 2008-08-07 11:15:11.000000000 -0400 -+++ serefpolicy-3.5.5/policy/modules/services/cups.te 2008-08-29 12:52:54.000000000 -0400 ++++ serefpolicy-3.5.5/policy/modules/services/cups.te 2008-08-29 15:23:04.000000000 -0400 @@ -48,6 +48,9 @@ type hplip_t; type hplip_exec_t; @@ -13705,7 +13713,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol # -allow cupsd_config_t self:capability { chown sys_tty_config }; -+allow cupsd_config_t self:capability { chown dav_override sys_tty_config }; ++allow cupsd_config_t self:capability { chown dac_override sys_tty_config }; dontaudit cupsd_config_t self:capability sys_tty_config; allow cupsd_config_t self:process signal_perms; allow cupsd_config_t self:fifo_file rw_fifo_file_perms; @@ -24745,7 +24753,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol +') diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.5.5/policy/modules/services/snort.te --- nsaserefpolicy/policy/modules/services/snort.te 2008-08-07 11:15:11.000000000 -0400 -+++ serefpolicy-3.5.5/policy/modules/services/snort.te 2008-08-25 10:50:15.000000000 -0400 ++++ serefpolicy-3.5.5/policy/modules/services/snort.te 2008-08-29 15:22:50.000000000 -0400 @@ -10,8 +10,11 @@ type snort_exec_t; init_daemon_domain(snort_t, snort_exec_t) @@ -24784,7 +24792,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol sysadm_dontaudit_search_home_dirs(snort_t) optional_policy(` -+ prelude_rw_spool(snort_t) ++ prelude_manage_spool(snort_t) +') + +optional_policy(` diff --git a/selinux-policy.spec b/selinux-policy.spec index 64c382f..58c87d9 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.5.5 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -380,6 +380,10 @@ exit 0 %endif %changelog +* Tue Aug 26 2008 Dan Walsh 3.5.5-2 +- Update to upstream +- Fix crontab use by unconfined user + * Tue Aug 12 2008 Dan Walsh 3.5.4-2 - Allow ifconfig_t to read dhcpc_state_t