rsynccmd should run outside of execcon
This commit is contained in:
parent
be38aa471e
commit
1da0399e25
@ -12745,7 +12745,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.p
|
||||
+
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.85/gui/templates/network.py
|
||||
--- nsapolicycoreutils/gui/templates/network.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/network.py 2011-02-23 14:40:42.636005375 -0500
|
||||
+++ policycoreutils-2.0.85/gui/templates/network.py 2011-03-16 17:00:52.485669534 -0400
|
||||
@@ -0,0 +1,80 @@
|
||||
+te_port_types="""
|
||||
+type TEMPLATETYPE_port_t;
|
||||
@ -12759,13 +12759,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py
|
||||
+
|
||||
+te_tcp="""\
|
||||
+allow TEMPLATETYPE_t self:tcp_socket create_stream_socket_perms;
|
||||
+corenet_tcp_sendrecv_all_if(TEMPLATETYPE_t)
|
||||
+corenet_tcp_sendrecv_all_nodes(TEMPLATETYPE_t)
|
||||
+corenet_tcp_sendrecv_generic_if(TEMPLATETYPE_t)
|
||||
+corenet_tcp_sendrecv_generic_node(TEMPLATETYPE_t)
|
||||
+corenet_tcp_sendrecv_all_ports(TEMPLATETYPE_t)
|
||||
+"""
|
||||
+
|
||||
+te_in_tcp="""\
|
||||
+corenet_tcp_bind_all_nodes(TEMPLATETYPE_t)
|
||||
+corenet_tcp_bind_generic_node(TEMPLATETYPE_t)
|
||||
+"""
|
||||
+
|
||||
+te_in_need_port_tcp="""\
|
||||
@ -12778,13 +12778,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py
|
||||
+
|
||||
+te_udp="""\
|
||||
+allow TEMPLATETYPE_t self:udp_socket { create_socket_perms listen };
|
||||
+corenet_udp_sendrecv_all_if(TEMPLATETYPE_t)
|
||||
+corenet_udp_sendrecv_all_nodes(TEMPLATETYPE_t)
|
||||
+corenet_udp_sendrecv_generic_if(TEMPLATETYPE_t)
|
||||
+corenet_udp_sendrecv_generic_node(TEMPLATETYPE_t)
|
||||
+corenet_udp_sendrecv_all_ports(TEMPLATETYPE_t)
|
||||
+"""
|
||||
+
|
||||
+te_in_udp="""\
|
||||
+corenet_udp_bind_all_nodes(TEMPLATETYPE_t)
|
||||
+corenet_udp_bind_generic_node(TEMPLATETYPE_t)
|
||||
+"""
|
||||
+
|
||||
+te_in_need_port_udp="""\
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,5 +1,5 @@
|
||||
%define libauditver 1.4.2-1
|
||||
%define libsepolver 2.0.41-3
|
||||
%define libsepolver 2.0.42-3
|
||||
%define libsemanagever 2.0.43-4
|
||||
%define libselinuxver 2.0.90-3
|
||||
%define sepolgenver 1.0.23
|
||||
@ -7,7 +7,7 @@
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.0.85
|
||||
Release: 12%{?dist}
|
||||
Release: 28%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
# Based on git repository with tag 20101221
|
||||
@ -119,6 +119,7 @@ Requires: /usr/bin/make
|
||||
Requires(pre): python >= 2.6
|
||||
Obsoletes: policycoreutils < 2.0.61-2
|
||||
Requires: setools-libs-python >= 3.3.7-6
|
||||
Requires: python-IPy
|
||||
|
||||
%description python
|
||||
The policycoreutils-python package contains the management tools use to manage an SELinux environment.
|
||||
@ -156,7 +157,7 @@ exit 0
|
||||
Summary: SELinux sandbox utilities
|
||||
Group: System Environment/Base
|
||||
Requires: policycoreutils-python = %{version}-%{release}
|
||||
Requires: xorg-x11-server-Xephyr
|
||||
Requires: xorg-x11-server-Xephyr /usr/bin/rsync /usr/bin/xmodmap
|
||||
Requires: matchbox-window-manager
|
||||
Requires(post): /sbin/chkconfig
|
||||
BuildRequires: libcap-ng-devel
|
||||
@ -168,7 +169,7 @@ The policycoreutils-python package contains the scripts to create graphical sand
|
||||
%defattr(-,root,root,-)
|
||||
%{_datadir}/sandbox/sandboxX.sh
|
||||
%{_datadir}/sandbox/start
|
||||
%attr(0755,root,root) %caps(cap_setpcap,cap_fowner,cap_dac_override,cap_sys_admin,cap_sys_nice=pe) %{_sbindir}/seunshare
|
||||
%attr(0755,root,root) %caps(cap_setpcap,cap_setuid,cap_fowner,cap_dac_override,cap_sys_admin,cap_sys_nice=pe) %{_sbindir}/seunshare
|
||||
%{_mandir}/man8/seunshare.8*
|
||||
%{_mandir}/man5/sandbox.conf.5*
|
||||
|
||||
@ -180,6 +181,7 @@ exit 0
|
||||
if [ $1 -eq 1 ]; then
|
||||
/sbin/chkconfig sandbox --add
|
||||
fi
|
||||
|
||||
%preun sandbox
|
||||
if [ $1 -eq 0 ]; then
|
||||
/sbin/chkconfig sandbox --del
|
||||
@ -329,8 +331,67 @@ fi
|
||||
exit 0
|
||||
|
||||
%changelog
|
||||
* Wed Feb 23 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-12
|
||||
* Tue Mar 29 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-28
|
||||
- rsynccmd should run outside of execcon
|
||||
|
||||
* Thu Mar 24 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-27
|
||||
- Fix semange node handling of ipv6 addresses
|
||||
|
||||
* Wed Mar 23 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-26
|
||||
- Fix sepolgen-ifgen call, add -p option
|
||||
|
||||
* Wed Mar 23 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-25
|
||||
- Fix sepolgen-ifgen call
|
||||
|
||||
* Fri Mar 18 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-24
|
||||
- Fix rsync command to work if the directory is old.
|
||||
- Fix all tests
|
||||
|
||||
* Wed Mar 16 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-23
|
||||
- Fix sepolgen to generate network polcy using generic_if and genric_node versus all_if and all_node
|
||||
|
||||
* Wed Mar 16 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-22
|
||||
- Return to original seunshare man page
|
||||
|
||||
* Fri Mar 11 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-21
|
||||
- change default location of HOMEDIR in sandbox to /tmp/.sandbox_home_*
|
||||
- This will allow default sandboxes to work on NFS homedirs without allowing
|
||||
access to homedir data
|
||||
|
||||
* Fri Mar 11 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-20
|
||||
- Change sepolgen-ifgen to search all available policy files
|
||||
- Exit in restorecond if it can not find a UID in the passwd database
|
||||
|
||||
* Wed Mar 9 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-19
|
||||
- Fix portspage in system-config-selinux to not crash
|
||||
- More fixes for seunshare from Tomas Hoger
|
||||
|
||||
* Tue Mar 8 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-18
|
||||
- put back in old handling of -T in sandbox command
|
||||
- Put back setsid in seunshare
|
||||
- Fix rsync to maintain times
|
||||
|
||||
* Tue Mar 8 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-17
|
||||
- Use rewritten seunshare from thoger
|
||||
|
||||
* Mon Mar 7 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-16
|
||||
- Require python-IPy for policycoreutils-python package
|
||||
- Fixes for sepologen
|
||||
- Usage statement needs -n name
|
||||
- Names with _ are being prevented
|
||||
- dbus apps should get _chat interface
|
||||
|
||||
* Thu Mar 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-15
|
||||
- Fix error message in seunshare, check for tmpdir existance before unlink.
|
||||
|
||||
* Fri Feb 25 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-13
|
||||
- Rewrite seunshare to make sure /tmp is mounted stickybit owned by root
|
||||
- Only allow names in polgengui that contain letters and numbers
|
||||
- Fix up node handling in semanage command
|
||||
- Update translations
|
||||
|
||||
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.85-12
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
||||
|
||||
* Thu Feb 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-11
|
||||
- Fix sandbox policy creation with udp connect ports
|
||||
|
Loading…
Reference in New Issue
Block a user