[COMMIT]refpolicy-contrib branch, master, updated. RELEASE_2_20120215-30-gfe49082

Fri May 4 07:00:31 CDT 2012

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "refpolicy-contrib".

The branch, master has been updated
       via  fe4908224dd959a249be02126d16564e22aa19d2 (commit)
       via  6a26a939bcb5bc4d7ef7eafbab9044ce37109f1f (commit)
      from  4670530024cc8d5ada3026b47b0f0c1e330fce95 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit fe4908224dd959a249be02126d16564e22aa19d2
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri May 4 08:50:51 2012 -0400

    Module version bump for non-auth file attribute from James Carter.

commit 6a26a939bcb5bc4d7ef7eafbab9044ce37109f1f
Author: James Carter <jwcart2 at tycho.nsa.gov>
Date:   Wed Apr 25 10:25:52 2012 -0400

    Changed contrib policy to use the new non_auth_file_type interfaces
    
    Replaced calls to interfaces allowing access to all files except
    auth_file_type files with calls to interfaces allowing access to
    non_auth_file_type files.
    
    Signed-off-by: James Carter <jwcart2 at tycho.nsa.gov>

-----------------------------------------------------------------------

Summary of changes:
 dpkg.te      |    8 ++++----
 ftp.te       |    6 +++---
 portage.if   |    6 +++---
 portage.te   |    2 +-
 puppet.te    |    4 ++--
 rgmanager.te |    4 ++--
 rpc.te       |    8 ++++----
 rpm.te       |    8 ++++----
 rsync.te     |    8 ++++----
 samba.te     |   14 +++++++-------
 snmp.te      |    4 ++--
 sosreport.te |    4 ++--
 sxid.te      |    4 ++--
 13 files changed, 40 insertions(+), 40 deletions(-)

Detailed diffset:
:100644 100644 20ee3f5... a1b8f92... M	dpkg.te
:100644 100644 02ffdfb... 4285c83... M	ftp.te
:100644 100644 ce69a52... b4bb48a... M	portage.if
:100644 100644 e1974dc... be4054c... M	portage.te
:100644 100644 b3e7665... d792d53... M	puppet.te
:100644 100644 c537000... 07333db... M	rgmanager.te
:100644 100644 62fca97... 19bb611... M	rpc.te
:100644 100644 e9f1f16... 1f95a33... M	rpm.te
:100644 100644 5c17e84... ba98794... M	rsync.te
:100644 100644 fff6675... fc22785... M	samba.te
:100644 100644 eb3c1d0... 595942d... M	snmp.te
:100644 100644 ebaff2f... b66e657... M	sosreport.te
:100644 100644 045fb86... 32822ab... M	sxid.te

diff --git a/dpkg.te b/dpkg.te
index 20ee3f5..a1b8f92 100644
--- a/dpkg.te
+++ b/dpkg.te
@@ -1,4 +1,4 @@
-policy_module(dpkg, 1.9.0)
+policy_module(dpkg, 1.9.1)
 
 ########################################
 #
@@ -143,8 +143,8 @@ storage_raw_write_fixed_disk(dpkg_t)
 # for installing kernel packages
 storage_raw_read_fixed_disk(dpkg_t)
 
-auth_relabel_all_files_except_auth_files(dpkg_t)
-auth_manage_all_files_except_auth_files(dpkg_t)
+files_relabel_non_auth_files(dpkg_t)
+files_manage_non_auth_files(dpkg_t)
 auth_dontaudit_read_shadow(dpkg_t)
 
 files_exec_etc_files(dpkg_t)
@@ -289,7 +289,7 @@ term_use_all_terms(dpkg_script_t)
 
 auth_dontaudit_getattr_shadow(dpkg_script_t)
 # ideally we would not need this
-auth_manage_all_files_except_auth_files(dpkg_script_t)
+files_manage_non_auth_files(dpkg_script_t)
 
 init_domtrans_script(dpkg_script_t)
 init_use_script_fds(dpkg_script_t)
diff --git a/ftp.te b/ftp.te
index 02ffdfb..4285c83 100644
--- a/ftp.te
+++ b/ftp.te
@@ -1,4 +1,4 @@
-policy_module(ftp, 1.13.0)
+policy_module(ftp, 1.13.1)
 
 ########################################
 #
@@ -261,7 +261,7 @@ tunable_policy(`allow_ftpd_use_nfs && allow_ftpd_anon_write',`
 
 tunable_policy(`allow_ftpd_full_access',`
 	allow ftpd_t self:capability { dac_override dac_read_search };
-	auth_manage_all_files_except_auth_files(ftpd_t)
+	files_manage_non_auth_files(ftpd_t)
 ')
 
 tunable_policy(`ftp_home_dir',`
@@ -394,7 +394,7 @@ tunable_policy(`sftpd_enable_homedirs && use_samba_home_dirs',`
 tunable_policy(`sftpd_full_access',`
 	allow sftpd_t self:capability { dac_override dac_read_search };
 	fs_read_noxattr_fs_files(sftpd_t)
-	auth_manage_all_files_except_auth_files(sftpd_t)
+	files_manage_non_auth_files(sftpd_t)
 ')
 
 tunable_policy(`use_samba_home_dirs',`
diff --git a/portage.if b/portage.if
index ce69a52..b4bb48a 100644
--- a/portage.if
+++ b/portage.if
@@ -174,9 +174,9 @@ interface(`portage_compile_domain',`
 	# needed for merging dbus:
 	selinux_compute_access_vector($1)
 
-	auth_read_all_dirs_except_auth_files($1)
-	auth_read_all_files_except_auth_files($1)
-	auth_read_all_symlinks_except_auth_files($1)
+	files_list_non_auth_dirs($1)
+	files_read_non_auth_files($1)
+	files_read_non_auth_symlinks($1)
 
 	libs_exec_lib_files($1)
 	# some config scripts use ldd
diff --git a/portage.te b/portage.te
index e1974dc..be4054c 100644
--- a/portage.te
+++ b/portage.te
@@ -1,4 +1,4 @@
-policy_module(portage, 1.12.2)
+policy_module(portage, 1.12.3)
 
 ########################################
 #
diff --git a/puppet.te b/puppet.te
index b3e7665..d792d53 100644
--- a/puppet.te
+++ b/puppet.te
@@ -1,4 +1,4 @@
-policy_module(puppet, 1.2.0)
+policy_module(puppet, 1.2.1)
 
 ########################################
 #
@@ -134,7 +134,7 @@ sysnet_dns_name_resolve(puppet_t)
 sysnet_run_ifconfig(puppet_t, system_r)
 
 tunable_policy(`puppet_manage_all_files',`
-	auth_manage_all_files_except_auth_files(puppet_t)
+	files_manage_non_auth_files(puppet_t)
 ')
 
 optional_policy(`
diff --git a/rgmanager.te b/rgmanager.te
index c537000..07333db 100644
--- a/rgmanager.te
+++ b/rgmanager.te
@@ -1,4 +1,4 @@
-policy_module(rgmanager, 1.1.0)
+policy_module(rgmanager, 1.1.1)
 
 ########################################
 #
@@ -92,7 +92,7 @@ term_getattr_pty_fs(rgmanager_t)
 #term_use_ptmx(rgmanager_t)
 
 # needed by resources scripts
-auth_read_all_files_except_auth_files(rgmanager_t)
+files_read_non_auth_files(rgmanager_t)
 auth_dontaudit_getattr_shadow(rgmanager_t)
 auth_use_nsswitch(rgmanager_t)
 
diff --git a/rpc.te b/rpc.te
index 62fca97..19bb611 100644
--- a/rpc.te
+++ b/rpc.te
@@ -1,4 +1,4 @@
-policy_module(rpc, 1.13.0)
+policy_module(rpc, 1.13.1)
 
 ########################################
 #
@@ -158,7 +158,7 @@ tunable_policy(`nfs_export_all_rw',`
 	dev_getattr_all_chr_files(nfsd_t)
 
 	fs_read_noxattr_fs_files(nfsd_t)
-	auth_manage_all_files_except_auth_files(nfsd_t)
+	files_manage_non_auth_files(nfsd_t)
 ')
 
 tunable_policy(`nfs_export_all_ro',`
@@ -170,8 +170,8 @@ tunable_policy(`nfs_export_all_ro',`
 
 	fs_read_noxattr_fs_files(nfsd_t)
 
-	auth_read_all_dirs_except_auth_files(nfsd_t)
-	auth_read_all_files_except_auth_files(nfsd_t)
+	files_list_non_auth_dirs(nfsd_t)
+	files_read_non_auth_files(nfsd_t)
 ')
 
 ########################################
diff --git a/rpm.te b/rpm.te
index e9f1f16..1f95a33 100644
--- a/rpm.te
+++ b/rpm.te
@@ -1,4 +1,4 @@
-policy_module(rpm, 1.14.0)
+policy_module(rpm, 1.14.1)
 
 ########################################
 #
@@ -158,8 +158,8 @@ storage_raw_read_fixed_disk(rpm_t)
 
 term_list_ptys(rpm_t)
 
-auth_relabel_all_files_except_auth_files(rpm_t)
-auth_manage_all_files_except_auth_files(rpm_t)
+files_relabel_non_auth_files(rpm_t)
+files_manage_non_auth_files(rpm_t)
 auth_dontaudit_read_shadow(rpm_t)
 auth_use_nsswitch(rpm_t)
 
@@ -308,7 +308,7 @@ term_use_all_terms(rpm_script_t)
 auth_dontaudit_getattr_shadow(rpm_script_t)
 auth_use_nsswitch(rpm_script_t)
 # ideally we would not need this
-auth_manage_all_files_except_auth_files(rpm_script_t)
+files_manage_non_auth_files(rpm_script_t)
 auth_relabel_shadow(rpm_script_t)
 
 corecmd_exec_all_executables(rpm_script_t)
diff --git a/rsync.te b/rsync.te
index 5c17e84..ba98794 100644
--- a/rsync.te
+++ b/rsync.te
@@ -1,4 +1,4 @@
-policy_module(rsync, 1.11.0)
+policy_module(rsync, 1.11.1)
 
 ########################################
 #
@@ -125,9 +125,9 @@ tunable_policy(`rsync_export_all_ro',`
 	fs_read_noxattr_fs_files(rsync_t)
 	fs_read_nfs_files(rsync_t)
 	fs_read_cifs_files(rsync_t)
-	auth_read_all_dirs_except_auth_files(rsync_t)
-	auth_read_all_files_except_auth_files(rsync_t)
-	auth_read_all_symlinks_except_auth_files(rsync_t)
+	files_list_non_auth_dirs(rsync_t)
+	files_read_non_auth_files(rsync_t)
+	files_read_non_auth_symlinks(rsync_t)
 	auth_tunable_read_shadow(rsync_t)
 ')
 auth_can_read_shadow_passwords(rsync_t)
diff --git a/samba.te b/samba.te
index fff6675..fc22785 100644
--- a/samba.te
+++ b/samba.te
@@ -1,4 +1,4 @@
-policy_module(samba, 1.14.0)
+policy_module(samba, 1.14.1)
 
 #################################
 #
@@ -449,18 +449,18 @@ tunable_policy(`samba_create_home_dirs',`
 
 tunable_policy(`samba_export_all_ro',`
 	fs_read_noxattr_fs_files(smbd_t)
-	auth_read_all_dirs_except_auth_files(smbd_t)
-	auth_read_all_files_except_auth_files(smbd_t)
+	files_list_non_auth_dirs(smbd_t)
+	files_read_non_auth_files(smbd_t)
 	fs_read_noxattr_fs_files(nmbd_t)
-	auth_read_all_dirs_except_auth_files(nmbd_t)
-	auth_read_all_files_except_auth_files(nmbd_t)
+	files_list_non_auth_dirs(nmbd_t)
+	files_read_non_auth_files(nmbd_t)
 ')
 
 tunable_policy(`samba_export_all_rw',`
 	fs_read_noxattr_fs_files(smbd_t)
-	auth_manage_all_files_except_auth_files(smbd_t)
+	files_manage_non_auth_files(smbd_t)
 	fs_read_noxattr_fs_files(nmbd_t)
-	auth_manage_all_files_except_auth_files(nmbd_t)
+	files_manage_non_auth_files(nmbd_t)
 	userdom_user_home_dir_filetrans_user_home_content(nmbd_t, { file dir })
 ')
 
diff --git a/snmp.te b/snmp.te
index eb3c1d0..595942d 100644
--- a/snmp.te
+++ b/snmp.te
@@ -1,4 +1,4 @@
-policy_module(snmp, 1.12.0)
+policy_module(snmp, 1.12.1)
 
 ########################################
 #
@@ -99,7 +99,7 @@ storage_dontaudit_read_fixed_disk(snmpd_t)
 storage_dontaudit_read_removable_device(snmpd_t)
 
 auth_use_nsswitch(snmpd_t)
-auth_read_all_dirs_except_auth_files(snmpd_t)
+files_list_non_auth_dirs(snmpd_t)
 
 init_read_utmp(snmpd_t)
 init_dontaudit_write_utmp(snmpd_t)
diff --git a/sosreport.te b/sosreport.te
index ebaff2f..b66e657 100644
--- a/sosreport.te
+++ b/sosreport.te
@@ -1,4 +1,4 @@
-policy_module(sosreport, 1.1.0)
+policy_module(sosreport, 1.1.1)
 
 ########################################
 #
@@ -80,7 +80,7 @@ fs_list_inotifyfs(sosreport_t)
 
 # some config files do not have configfile attribute
 # sosreport needs to read various files on system
-auth_read_all_files_except_auth_files(sosreport_t)
+files_read_non_auth_files(sosreport_t)
 auth_use_nsswitch(sosreport_t)
 
 init_domtrans_script(sosreport_t)
diff --git a/sxid.te b/sxid.te
index 045fb86..32822ab 100644
--- a/sxid.te
+++ b/sxid.te
@@ -1,4 +1,4 @@
-policy_module(sxid, 1.6.0)
+policy_module(sxid, 1.6.1)
 
 ########################################
 #
@@ -66,7 +66,7 @@ fs_list_all(sxid_t)
 
 term_dontaudit_use_console(sxid_t)
 
-auth_read_all_files_except_auth_files(sxid_t)
+files_read_non_auth_files(sxid_t)
 auth_dontaudit_getattr_shadow(sxid_t)
 
 init_use_fds(sxid_t)


hooks/post-receive
--
refpolicy-contrib
