Removing the SELinux 2.20101213 policies

Package-Manager: portage-2.1.10.11/cvs/Linux x86_64
author: Sven Vermeulen <swift@gentoo.org> 2011-11-12 20:53:53 +0000
committer: Sven Vermeulen <swift@gentoo.org> 2011-11-12 20:53:53 +0000
commit: 8c739c586452cfbca10752f293742c0fb33b51e8 (patch)
tree: e6eaa489e1d2dace8add9228b59a5ea8093dbd30 /sec-policy/selinux-xserver
parent: whitespace (diff)
download: historical-8c739c586452cfbca10752f293742c0fb33b51e8.tar.gz
historical-8c739c586452cfbca10752f293742c0fb33b51e8.tar.bz2
historical-8c739c586452cfbca10752f293742c0fb33b51e8.zip
5 files changed, 6 insertions, 156 deletions
diff --git a/sec-policy/selinux-xserver/ChangeLog b/sec-policy/selinux-xserver/ChangeLog
index 0cd6f5382a94..cc62b1e4193a 100644
--- a/sec-policy/selinux-xserver/ChangeLog
+++ b/sec-policy/selinux-xserver/ChangeLog
@@ -1,6 +1,11 @@
 # ChangeLog for sec-policy/selinux-xserver
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-xserver/ChangeLog,v 1.5 2011/10/23 12:42:50 swift Exp $
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-xserver/ChangeLog,v 1.6 2011/11/12 20:53:15 swift Exp $
+
+  12 Nov 2011; <swift@gentoo.org> -files/fix-services-xserver-r1.patch,
+  -files/fix-services-xserver-r2.patch, -selinux-xserver-2.20101213-r2.ebuild,
+  -files/fix-xserver.patch:
+  Removing old policies
 
   23 Oct 2011; <swift@gentoo.org> selinux-xserver-2.20110726.ebuild:
   Stabilization (tracker #384231)
diff --git a/sec-policy/selinux-xserver/files/fix-services-xserver-r1.patch b/sec-policy/selinux-xserver/files/fix-services-xserver-r1.patch
deleted file mode 100644
index 75046d36a321..000000000000
--- a/sec-policy/selinux-xserver/files/fix-services-xserver-r1.patch
+++ /dev/null
@@ -1,50 +0,0 @@
---- services/xserver.te	2010-12-13 15:11:02.000000000 +0100
-+++ services/xserver.te	2011-01-30 15:04:32.722000186 +0100
-@@ -234,9 +234,11 @@
- 
- allow xdm_t iceauth_home_t:file read_file_perms;
- 
-+files_search_tmp(iceauth_t)
- fs_search_auto_mountpoints(iceauth_t)
- 
- userdom_use_user_terminals(iceauth_t)
-+userdom_read_user_tmp_files(iceauth_t)
- 
- tunable_policy(`use_nfs_home_dirs',`
- 	fs_manage_nfs_files(iceauth_t)
-@@ -279,6 +281,7 @@
- 
- userdom_use_user_terminals(xauth_t)
- userdom_read_user_tmp_files(xauth_t)
-+userdom_read_user_tmp_files(xserver_t)
- 
- xserver_rw_xdm_tmp_files(xauth_t)
- 
-@@ -588,6 +591,9 @@
- allow xserver_t { root_xdrawable_t x_domain }:x_drawable send;
- allow xserver_t input_xevent_t:x_event send;
- 
-+# Allow X to process keyboard events
-+udev_read_db(xserver_t)
-+
- # setuid/setgid for the wrapper program to change UID
- # sys_rawio is for iopl access - should not be needed for frame-buffer
- # sys_admin, locking shared mem?  chowning IPC message queues or semaphores?
-@@ -610,6 +616,7 @@
- allow xserver_t self:unix_stream_socket { create_stream_socket_perms connectto };
- allow xserver_t self:tcp_socket create_stream_socket_perms;
- allow xserver_t self:udp_socket create_socket_perms;
-+allow xserver_t self:netlink_kobject_uevent_socket create_socket_perms;
- 
- manage_dirs_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t)
- manage_files_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t)
---- services/xserver.fc	2010-08-03 15:11:09.000000000 +0200
-+++ services/xserver.fc	2011-01-03 23:07:16.852000013 +0100
-@@ -5,6 +5,7 @@
- HOME_DIR/\.fonts(/.*)?		gen_context(system_u:object_r:user_fonts_t,s0)
- HOME_DIR/\.fonts/auto(/.*)?	gen_context(system_u:object_r:user_fonts_cache_t,s0)
- HOME_DIR/\.fonts\.cache-.* --	gen_context(system_u:object_r:user_fonts_cache_t,s0)
-+HOME_DIR/\.fontconfig(/.*)?	gen_context(system_u:object_r:user_fonts_cache_t,s0)
- HOME_DIR/\.ICEauthority.* --	gen_context(system_u:object_r:iceauth_home_t,s0)
- HOME_DIR/\.xauth.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
- HOME_DIR/\.Xauthority.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
diff --git a/sec-policy/selinux-xserver/files/fix-services-xserver-r2.patch b/sec-policy/selinux-xserver/files/fix-services-xserver-r2.patch
deleted file mode 100644
index 3c73d86c19f8..000000000000
--- a/sec-policy/selinux-xserver/files/fix-services-xserver-r2.patch
+++ /dev/null
@@ -1,52 +0,0 @@
---- services/xserver.te	2010-12-13 15:11:02.000000000 +0100
-+++ services/xserver.te	2011-02-01 18:16:07.421000056 +0100
-@@ -234,9 +234,13 @@
- 
- allow xdm_t iceauth_home_t:file read_file_perms;
- 
-+files_search_tmp(iceauth_t)
- fs_search_auto_mountpoints(iceauth_t)
- 
- userdom_use_user_terminals(iceauth_t)
-+userdom_read_user_tmp_files(iceauth_t)
-+
-+getty_use_fds(iceauth_t)
- 
- tunable_policy(`use_nfs_home_dirs',`
- 	fs_manage_nfs_files(iceauth_t)
-@@ -279,6 +283,7 @@
- 
- userdom_use_user_terminals(xauth_t)
- userdom_read_user_tmp_files(xauth_t)
-+userdom_read_user_tmp_files(xserver_t)
- 
- xserver_rw_xdm_tmp_files(xauth_t)
- 
-@@ -588,6 +593,9 @@
- allow xserver_t { root_xdrawable_t x_domain }:x_drawable send;
- allow xserver_t input_xevent_t:x_event send;
- 
-+# Allow X to process keyboard events
-+udev_read_db(xserver_t)
-+
- # setuid/setgid for the wrapper program to change UID
- # sys_rawio is for iopl access - should not be needed for frame-buffer
- # sys_admin, locking shared mem?  chowning IPC message queues or semaphores?
-@@ -610,6 +618,7 @@
- allow xserver_t self:unix_stream_socket { create_stream_socket_perms connectto };
- allow xserver_t self:tcp_socket create_stream_socket_perms;
- allow xserver_t self:udp_socket create_socket_perms;
-+allow xserver_t self:netlink_kobject_uevent_socket create_socket_perms;
- 
- manage_dirs_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t)
- manage_files_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t)
---- services/xserver.fc	2010-08-03 15:11:09.000000000 +0200
-+++ services/xserver.fc	2011-01-03 23:07:16.852000013 +0100
-@@ -5,6 +5,7 @@
- HOME_DIR/\.fonts(/.*)?		gen_context(system_u:object_r:user_fonts_t,s0)
- HOME_DIR/\.fonts/auto(/.*)?	gen_context(system_u:object_r:user_fonts_cache_t,s0)
- HOME_DIR/\.fonts\.cache-.* --	gen_context(system_u:object_r:user_fonts_cache_t,s0)
-+HOME_DIR/\.fontconfig(/.*)?	gen_context(system_u:object_r:user_fonts_cache_t,s0)
- HOME_DIR/\.ICEauthority.* --	gen_context(system_u:object_r:iceauth_home_t,s0)
- HOME_DIR/\.xauth.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
- HOME_DIR/\.Xauthority.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
diff --git a/sec-policy/selinux-xserver/files/fix-xserver.patch b/sec-policy/selinux-xserver/files/fix-xserver.patch
deleted file mode 100644
index 4f6edf3def21..000000000000
--- a/sec-policy/selinux-xserver/files/fix-xserver.patch
+++ /dev/null
@@ -1,38 +0,0 @@
---- services/xserver.te	2010-12-13 15:11:02.000000000 +0100
-+++ ../../../refpolicy/policy/modules/services/xserver.te	2011-01-02 18:21:17.682000037 +0100
-@@ -279,6 +279,7 @@
- 
- userdom_use_user_terminals(xauth_t)
- userdom_read_user_tmp_files(xauth_t)
-+userdom_read_user_tmp_files(xserver_t)
- 
- xserver_rw_xdm_tmp_files(xauth_t)
- 
-@@ -588,6 +589,9 @@
- allow xserver_t { root_xdrawable_t x_domain }:x_drawable send;
- allow xserver_t input_xevent_t:x_event send;
- 
-+# Allow X to process keyboard events
-+udev_read_db(xserver_t)
-+
- # setuid/setgid for the wrapper program to change UID
- # sys_rawio is for iopl access - should not be needed for frame-buffer
- # sys_admin, locking shared mem?  chowning IPC message queues or semaphores?
-@@ -610,6 +614,7 @@
- allow xserver_t self:unix_stream_socket { create_stream_socket_perms connectto };
- allow xserver_t self:tcp_socket create_stream_socket_perms;
- allow xserver_t self:udp_socket create_socket_perms;
-+allow xserver_t self:netlink_kobject_uevent_socket create_socket_perms;
- 
- manage_dirs_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t)
- manage_files_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t)
---- services/xserver.fc	2010-08-03 15:11:09.000000000 +0200
-+++ ../../../refpolicy/policy/modules/services/xserver.fc	2011-01-03 23:07:16.852000013 +0100
-@@ -5,6 +5,7 @@
- HOME_DIR/\.fonts(/.*)?		gen_context(system_u:object_r:user_fonts_t,s0)
- HOME_DIR/\.fonts/auto(/.*)?	gen_context(system_u:object_r:user_fonts_cache_t,s0)
- HOME_DIR/\.fonts\.cache-.* --	gen_context(system_u:object_r:user_fonts_cache_t,s0)
-+HOME_DIR/\.fontconfig(/.*)?	gen_context(system_u:object_r:user_fonts_cache_t,s0)
- HOME_DIR/\.ICEauthority.* --	gen_context(system_u:object_r:iceauth_home_t,s0)
- HOME_DIR/\.xauth.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
- HOME_DIR/\.Xauthority.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
diff --git a/sec-policy/selinux-xserver/selinux-xserver-2.20101213-r2.ebuild b/sec-policy/selinux-xserver/selinux-xserver-2.20101213-r2.ebuild
deleted file mode 100644
index 63c392c1dcaa..000000000000
--- a/sec-policy/selinux-xserver/selinux-xserver-2.20101213-r2.ebuild
+++ /dev/null
@@ -1,15 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-xserver/selinux-xserver-2.20101213-r2.ebuild,v 1.2 2011/06/02 13:12:17 blueness Exp $
-
-IUSE=""
-
-MODS="xserver"
-
-inherit selinux-policy-2
-
-DESCRIPTION="SELinux policy for general applications"
-
-KEYWORDS="amd64 x86"
-
-POLICY_PATCH="${FILESDIR}/fix-services-xserver-r2.patch"
author	Sven Vermeulen <swift@gentoo.org>	2011-11-12 20:53:53 +0000
committer	Sven Vermeulen <swift@gentoo.org>	2011-11-12 20:53:53 +0000
commit	8c739c586452cfbca10752f293742c0fb33b51e8 (patch)
tree	e6eaa489e1d2dace8add9228b59a5ea8093dbd30 /sec-policy/selinux-xserver
parent	whitespace (diff)
download	historical-8c739c586452cfbca10752f293742c0fb33b51e8.tar.gz historical-8c739c586452cfbca10752f293742c0fb33b51e8.tar.bz2 historical-8c739c586452cfbca10752f293742c0fb33b51e8.zip