[COMMIT]refpolicy branch, master, updated. RELEASE_2_20120215-32-g9b0b33a

Reference Policy commits mail list refpolicy-commits at oss.tresys.com
Fri May 4 06:33:13 CDT 2012 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "refpolicy".

The branch, master has been updated
       via  9b0b33ac4c492122dfcee5a59c6c68925022d730 (commit)
       via  a9cd7ff45f1662598c02f3f10ab4e24e1869726a (commit)
       via  a5fc78b88a081ddcaac5fea6ceb288b4a195260f (commit)
       via  d5a23304c3aa16ba2c5be6b30b3cfe8f8173d892 (commit)
       via  1fe3d0929e2fdf428949c72757951787eda21ff7 (commit)
      from  2e83467903333a3e355cba43618d7e6a86b91519 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 9b0b33ac4c492122dfcee5a59c6c68925022d730
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri May 4 08:43:41 2012 -0400

    Update contrib.

commit a9cd7ff45f1662598c02f3f10ab4e24e1869726a
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri May 4 08:43:27 2012 -0400

    Module version bump for patches from Sven Vermeulen.
    
    * Dontaudit in xserver
    * Create user keys in sudo

commit a5fc78b88a081ddcaac5fea6ceb288b4a195260f
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri May 4 08:35:24 2012 -0400

    Move domain call in xserver.

commit d5a23304c3aa16ba2c5be6b30b3cfe8f8173d892
Author: Sven Vermeulen <sven.vermeulen at siphos.be>
Date:   Sat Apr 21 18:17:43 2012 +0200

    Adding dontaudits for xserver
    
    Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>

commit 1fe3d0929e2fdf428949c72757951787eda21ff7
Author: Sven Vermeulen <sven.vermeulen at siphos.be>
Date:   Wed Apr 11 20:42:59 2012 +0200

    sudo with SELinux support requires key handling
    
    When using sudo with SELinux integrated support, the sudo domains need to be able to create user keys. Without this
    privilege, any command invoked like "sudo /etc/init.d/local status" will run within the sudo domain (sysadm_sudo_t)
    instead of the sysadm_t domain (or whatever domain is mentioned in the sudoers file).
    
    Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>

-----------------------------------------------------------------------

Summary of changes:
 policy/modules/admin/sudo.if       |    1 +
 policy/modules/admin/sudo.te       |    2 +-
 policy/modules/contrib             |    2 +-
 policy/modules/services/xserver.te |    4 +++-
 4 files changed, 6 insertions(+), 3 deletions(-)

Detailed diffset:
:100644 100644 095a505... 0960199... M	policy/modules/admin/sudo.if
:100644 100644 6f4dd55... 1bd7d84... M	policy/modules/admin/sudo.te
:160000 160000 6c192c7... 4670530... M	policy/modules/contrib
:100644 100644 e92dddf... d11181c... M	policy/modules/services/xserver.te

diff --git a/policy/modules/admin/sudo.if b/policy/modules/admin/sudo.if
index 095a505..0960199 100644
--- a/policy/modules/admin/sudo.if
+++ b/policy/modules/admin/sudo.if
@@ -129,6 +129,7 @@ template(`sudo_role_template',`
 	seutil_libselinux_linked($1_sudo_t)
 
 	userdom_spec_domtrans_all_users($1_sudo_t)
+	userdom_create_all_users_keys($1_sudo_t)
 	userdom_manage_user_home_content_files($1_sudo_t)
 	userdom_manage_user_home_content_symlinks($1_sudo_t)
 	userdom_manage_user_tmp_files($1_sudo_t)
diff --git a/policy/modules/admin/sudo.te b/policy/modules/admin/sudo.te
index 6f4dd55..1bd7d84 100644
--- a/policy/modules/admin/sudo.te
+++ b/policy/modules/admin/sudo.te
@@ -1,4 +1,4 @@
-policy_module(sudo, 1.9.1)
+policy_module(sudo, 1.9.2)
 
 ########################################
 #
diff --git a/policy/modules/contrib b/policy/modules/contrib
index 6c192c7..4670530 160000
--- a/policy/modules/contrib
+++ b/policy/modules/contrib
@@ -1 +1 @@
-Subproject commit 6c192c747802a866038f470f8f60d5d664507a4f
+Subproject commit 4670530024cc8d5ada3026b47b0f0c1e330fce95
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index e92dddf..d11181c 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -1,4 +1,4 @@
-policy_module(xserver, 3.7.0)
+policy_module(xserver, 3.7.1)
 
 gen_require(`
 	class x_drawable all_x_drawable_perms;
@@ -679,6 +679,8 @@ dev_rw_xserver_misc(xserver_t)
 dev_rw_input_dev(xserver_t)
 dev_rwx_zero(xserver_t)
 
+domain_dontaudit_search_all_domains_state(xserver_t)
+
 files_read_etc_files(xserver_t)
 files_read_etc_runtime_files(xserver_t)
 files_read_usr_files(xserver_t)


hooks/post-receive
--
refpolicy

More information about the Refpolicy-commits mailing list