commit selinux-policy for openSUSE:Factory

h_root Wed, 12 Aug 2015 06:14:03 -0700

Hello community,

here is the log from the commit of package selinux-policy for openSUSE:Factory 
checked in at 2015-08-12 15:13:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/selinux-policy (Old)
 and      /work/SRC/openSUSE:Factory/.selinux-policy.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "selinux-policy"

Changes:
--------
--- /work/SRC/openSUSE:Factory/selinux-policy/selinux-policy.changes    
2015-08-05 19:17:27.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.selinux-policy.new/selinux-policy.changes       
2015-08-12 15:13:36.000000000 +0200
@@ -1,0 +2,6 @@
+Tue Aug 11 08:36:17 UTC 2015 - jseg...@novell.com
+
+- Updated suse_modifications_ipsec.patch, removed dontaudits for 
+  ipsec_mgmt_t and granted matching permissions
+
+-------------------------------------------------------------------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ suse_modifications_ipsec.patch ++++++
--- /var/tmp/diff_new_pack.I7eJ6A/_old  2015-08-12 15:13:38.000000000 +0200
+++ /var/tmp/diff_new_pack.I7eJ6A/_new  2015-08-12 15:13:38.000000000 +0200
@@ -1,7 +1,7 @@
 Index: serefpolicy-20140730/policy/modules/system/ipsec.te
 ===================================================================
---- serefpolicy-20140730.orig/policy/modules/system/ipsec.te   2015-08-05 
13:56:18.127343378 +0200
-+++ serefpolicy-20140730/policy/modules/system/ipsec.te        2015-08-05 
15:13:33.360764030 +0200
+--- serefpolicy-20140730.orig/policy/modules/system/ipsec.te   2015-08-10 
12:55:56.098645940 +0200
++++ serefpolicy-20140730/policy/modules/system/ipsec.te        2015-08-10 
14:32:28.542764339 +0200
 @@ -209,14 +209,18 @@ optional_policy(`
  # ipsec_mgmt Local policy
  #
@@ -17,9 +17,9 @@
  allow ipsec_mgmt_t self:key_socket create_socket_perms;
  allow ipsec_mgmt_t self:fifo_file rw_fifo_file_perms;
 +allow ipsec_mgmt_t self:netlink_route_socket nlmsg_write;
-+allow ipsec_mgmt_t self:packet_socket { setopt create };
-+allow ipsec_mgmt_t self:socket { bind create };
-+allow ipsec_mgmt_t self:netlink_xfrm_socket { bind create };
++allow ipsec_mgmt_t self:packet_socket { setopt create read write };
++allow ipsec_mgmt_t self:socket { bind create read write };
++allow ipsec_mgmt_t self:netlink_xfrm_socket { nlmsg_write write read bind 
create };
  
  allow ipsec_mgmt_t ipsec_mgmt_lock_t:file manage_file_perms;
  files_lock_filetrans(ipsec_mgmt_t, ipsec_mgmt_lock_t, file)
@@ -51,3 +51,15 @@
  
  dev_read_rand(ipsec_mgmt_t)
  dev_read_urand(ipsec_mgmt_t)
+@@ -297,10 +308,7 @@ dev_read_urand(ipsec_mgmt_t)
+ domain_use_interactive_fds(ipsec_mgmt_t)
+ # denials when ps tries to search /proc. Do not audit these denials.
+ domain_dontaudit_read_all_domains_state(ipsec_mgmt_t)
+-# suppress audit messages about unnecessary socket access
+-# cjp: this seems excessive
+-domain_dontaudit_rw_all_udp_sockets(ipsec_mgmt_t)
+-domain_dontaudit_rw_all_key_sockets(ipsec_mgmt_t)
++#  domain_dontaudit_rw_all_key_sockets(ipsec_mgmt_t)
+ 
+ files_read_etc_files(ipsec_mgmt_t)
+ files_exec_etc_files(ipsec_mgmt_t)

commit selinux-policy for openSUSE:Factory

Reply via email to