Merge branch 'master' of ssh://git.fedorahosted.org/git/selinux-policy

diff --git a/policy/modules/admin/rpm.if b/policy/modules/admin/rpm.if
index c76708e69771991710f3969f791387aed8532e5f..8ba0f8609373d002449d802b98cc9d54d3a049a9 100644 (file)
--- a/policy/modules/admin/rpm.if
+++ b/policy/modules/admin/rpm.if
@@ -320,8 +320,7 @@ interface(`rpm_append_log',`
                type rpm_log_t;
        ')
 
-       logging_search_logs($1)
-       append_files_pattern($1, rpm_log_t, rpm_log_t)
+       allow $1 rpm_log_t:file append_inherited_file_perms;
 ')
 
 ########################################
@@ -399,8 +398,7 @@ interface(`rpm_append_tmp_files',`
                type rpm_tmp_t;
        ')
 
-       files_search_tmp($1)
-       append_files_pattern($1, rpm_tmp_t, rpm_tmp_t)
+       allow $1 rpm_tmp_t:file append_inherited_file_perms;
 ')
 
 ########################################

diff --git a/policy/modules/admin/sosreport.if b/policy/modules/admin/sosreport.if
index 94c01b54b9f0431e1a324eee32d5688611de2e4f..f64bd9302b29b8a0f8278d6c6dbe908fffc279b4 100644 (file)
--- a/policy/modules/admin/sosreport.if
+++ b/policy/modules/admin/sosreport.if
@@ -106,7 +106,7 @@ interface(`sosreport_append_tmp_files',`
                type sosreport_tmp_t;
        ')
 
-       append_files_pattern($1, sosreport_tmp_t, sosreport_tmp_t)
+       allow $1 sosreport_tmp_t:file append_inherited_file_perms;
 ')
 
 ########################################

diff --git a/policy/modules/apps/gnome.if b/policy/modules/apps/gnome.if
index b7bb827d4752b7a1d7975533899763a7f861afc1..718b7ffca9aff6e9e84ec9ec7e024057c8442eae 100644 (file)
--- a/policy/modules/apps/gnome.if
+++ b/policy/modules/apps/gnome.if
@@ -105,6 +105,7 @@ interface(`gnome_role_gkeyringd',`
 
                optional_policy(`
                        telepathy_mission_control_read_state($1_gkeyringd_t)
+                       telepathy_dbus_chat($1_gkeyringd_t)
                ')
        ')
 ')

diff --git a/policy/modules/apps/telepathy.if b/policy/modules/apps/telepathy.if
index 4a4cba62905fa7ac1283ced5e9f0403ff10414ad..632c30c9da6553fa62c597d79bc1de0b54af988a 100644 (file)
--- a/policy/modules/apps/telepathy.if
+++ b/policy/modules/apps/telepathy.if
@@ -81,9 +81,7 @@ template(`telepathy_role',`
        dbus_session_domain($3, telepathy_stream_engine_exec_t, telepathy_stream_engine_t)
        dbus_session_domain($3, telepathy_msn_exec_t, telepathy_msn_t)
 
-       optional_policy(`
-               telepathy_dbus_chat($2)
-       ')
+       telepathy_dbus_chat($2)
 ')
 
 ########################################

diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te
index 6650c05862cb39a9c4e371813fa53555afd8cb52..a079c51968792721ab100c669e7ec47279735881 100644 (file)
--- a/policy/modules/services/apache.te
+++ b/policy/modules/services/apache.te
@@ -460,7 +460,7 @@ corenet_tcp_bind_ntop_port(httpd_t)
 corenet_tcp_bind_jboss_management_port(httpd_t)
 corenet_sendrecv_http_server_packets(httpd_t)
 # Signal self for shutdown
-corenet_tcp_connect_http_port(httpd_t)
+#corenet_tcp_connect_http_port(httpd_t)
 
 dev_read_sysfs(httpd_t)
 dev_read_rand(httpd_t)

diff --git a/policy/modules/services/virt.te b/policy/modules/services/virt.te
index a8367793fd662b7f8d0b5f60b67bd684d88c994b..e137a51c9cce6fdb8897bf48277e26f30f80ead5 100644 (file)
--- a/policy/modules/services/virt.te
+++ b/policy/modules/services/virt.te
@@ -609,7 +609,7 @@ init_system_domain(virsh_t, virsh_exec_t)
 typealias virsh_t alias xm_t;
 typealias virsh_exec_t alias xm_exec_t;
 
-allow virsh_t self:capability { setpcap dac_override ipc_lock sys_tty_config };
+allow virsh_t self:capability { setpcap setsched dac_override ipc_lock sys_tty_config };
 allow virsh_t self:process { getcap getsched setcap signal };
 allow virsh_t self:fifo_file rw_fifo_file_perms;
 allow virsh_t self:unix_stream_socket { create_stream_socket_perms connectto };