rsynccmd should run outside of execcon
This commit is contained in:
parent
be38aa471e
commit
1da0399e25
@ -12745,7 +12745,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.p
|
|||||||
+
|
+
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.85/gui/templates/network.py
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.85/gui/templates/network.py
|
||||||
--- nsapolicycoreutils/gui/templates/network.py 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/gui/templates/network.py 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.85/gui/templates/network.py 2011-02-23 14:40:42.636005375 -0500
|
+++ policycoreutils-2.0.85/gui/templates/network.py 2011-03-16 17:00:52.485669534 -0400
|
||||||
@@ -0,0 +1,80 @@
|
@@ -0,0 +1,80 @@
|
||||||
+te_port_types="""
|
+te_port_types="""
|
||||||
+type TEMPLATETYPE_port_t;
|
+type TEMPLATETYPE_port_t;
|
||||||
@ -12759,13 +12759,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py
|
|||||||
+
|
+
|
||||||
+te_tcp="""\
|
+te_tcp="""\
|
||||||
+allow TEMPLATETYPE_t self:tcp_socket create_stream_socket_perms;
|
+allow TEMPLATETYPE_t self:tcp_socket create_stream_socket_perms;
|
||||||
+corenet_tcp_sendrecv_all_if(TEMPLATETYPE_t)
|
+corenet_tcp_sendrecv_generic_if(TEMPLATETYPE_t)
|
||||||
+corenet_tcp_sendrecv_all_nodes(TEMPLATETYPE_t)
|
+corenet_tcp_sendrecv_generic_node(TEMPLATETYPE_t)
|
||||||
+corenet_tcp_sendrecv_all_ports(TEMPLATETYPE_t)
|
+corenet_tcp_sendrecv_all_ports(TEMPLATETYPE_t)
|
||||||
+"""
|
+"""
|
||||||
+
|
+
|
||||||
+te_in_tcp="""\
|
+te_in_tcp="""\
|
||||||
+corenet_tcp_bind_all_nodes(TEMPLATETYPE_t)
|
+corenet_tcp_bind_generic_node(TEMPLATETYPE_t)
|
||||||
+"""
|
+"""
|
||||||
+
|
+
|
||||||
+te_in_need_port_tcp="""\
|
+te_in_need_port_tcp="""\
|
||||||
@ -12778,13 +12778,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py
|
|||||||
+
|
+
|
||||||
+te_udp="""\
|
+te_udp="""\
|
||||||
+allow TEMPLATETYPE_t self:udp_socket { create_socket_perms listen };
|
+allow TEMPLATETYPE_t self:udp_socket { create_socket_perms listen };
|
||||||
+corenet_udp_sendrecv_all_if(TEMPLATETYPE_t)
|
+corenet_udp_sendrecv_generic_if(TEMPLATETYPE_t)
|
||||||
+corenet_udp_sendrecv_all_nodes(TEMPLATETYPE_t)
|
+corenet_udp_sendrecv_generic_node(TEMPLATETYPE_t)
|
||||||
+corenet_udp_sendrecv_all_ports(TEMPLATETYPE_t)
|
+corenet_udp_sendrecv_all_ports(TEMPLATETYPE_t)
|
||||||
+"""
|
+"""
|
||||||
+
|
+
|
||||||
+te_in_udp="""\
|
+te_in_udp="""\
|
||||||
+corenet_udp_bind_all_nodes(TEMPLATETYPE_t)
|
+corenet_udp_bind_generic_node(TEMPLATETYPE_t)
|
||||||
+"""
|
+"""
|
||||||
+
|
+
|
||||||
+te_in_need_port_udp="""\
|
+te_in_need_port_udp="""\
|
||||||
|
File diff suppressed because it is too large
Load Diff
@ -1,5 +1,5 @@
|
|||||||
%define libauditver 1.4.2-1
|
%define libauditver 1.4.2-1
|
||||||
%define libsepolver 2.0.41-3
|
%define libsepolver 2.0.42-3
|
||||||
%define libsemanagever 2.0.43-4
|
%define libsemanagever 2.0.43-4
|
||||||
%define libselinuxver 2.0.90-3
|
%define libselinuxver 2.0.90-3
|
||||||
%define sepolgenver 1.0.23
|
%define sepolgenver 1.0.23
|
||||||
@ -7,7 +7,7 @@
|
|||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.0.85
|
Version: 2.0.85
|
||||||
Release: 12%{?dist}
|
Release: 28%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
# Based on git repository with tag 20101221
|
# Based on git repository with tag 20101221
|
||||||
@ -119,6 +119,7 @@ Requires: /usr/bin/make
|
|||||||
Requires(pre): python >= 2.6
|
Requires(pre): python >= 2.6
|
||||||
Obsoletes: policycoreutils < 2.0.61-2
|
Obsoletes: policycoreutils < 2.0.61-2
|
||||||
Requires: setools-libs-python >= 3.3.7-6
|
Requires: setools-libs-python >= 3.3.7-6
|
||||||
|
Requires: python-IPy
|
||||||
|
|
||||||
%description python
|
%description python
|
||||||
The policycoreutils-python package contains the management tools use to manage an SELinux environment.
|
The policycoreutils-python package contains the management tools use to manage an SELinux environment.
|
||||||
@ -156,7 +157,7 @@ exit 0
|
|||||||
Summary: SELinux sandbox utilities
|
Summary: SELinux sandbox utilities
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Requires: policycoreutils-python = %{version}-%{release}
|
Requires: policycoreutils-python = %{version}-%{release}
|
||||||
Requires: xorg-x11-server-Xephyr
|
Requires: xorg-x11-server-Xephyr /usr/bin/rsync /usr/bin/xmodmap
|
||||||
Requires: matchbox-window-manager
|
Requires: matchbox-window-manager
|
||||||
Requires(post): /sbin/chkconfig
|
Requires(post): /sbin/chkconfig
|
||||||
BuildRequires: libcap-ng-devel
|
BuildRequires: libcap-ng-devel
|
||||||
@ -168,7 +169,7 @@ The policycoreutils-python package contains the scripts to create graphical sand
|
|||||||
%defattr(-,root,root,-)
|
%defattr(-,root,root,-)
|
||||||
%{_datadir}/sandbox/sandboxX.sh
|
%{_datadir}/sandbox/sandboxX.sh
|
||||||
%{_datadir}/sandbox/start
|
%{_datadir}/sandbox/start
|
||||||
%attr(0755,root,root) %caps(cap_setpcap,cap_fowner,cap_dac_override,cap_sys_admin,cap_sys_nice=pe) %{_sbindir}/seunshare
|
%attr(0755,root,root) %caps(cap_setpcap,cap_setuid,cap_fowner,cap_dac_override,cap_sys_admin,cap_sys_nice=pe) %{_sbindir}/seunshare
|
||||||
%{_mandir}/man8/seunshare.8*
|
%{_mandir}/man8/seunshare.8*
|
||||||
%{_mandir}/man5/sandbox.conf.5*
|
%{_mandir}/man5/sandbox.conf.5*
|
||||||
|
|
||||||
@ -180,6 +181,7 @@ exit 0
|
|||||||
if [ $1 -eq 1 ]; then
|
if [ $1 -eq 1 ]; then
|
||||||
/sbin/chkconfig sandbox --add
|
/sbin/chkconfig sandbox --add
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%preun sandbox
|
%preun sandbox
|
||||||
if [ $1 -eq 0 ]; then
|
if [ $1 -eq 0 ]; then
|
||||||
/sbin/chkconfig sandbox --del
|
/sbin/chkconfig sandbox --del
|
||||||
@ -329,8 +331,67 @@ fi
|
|||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Wed Feb 23 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-12
|
* Tue Mar 29 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-28
|
||||||
|
- rsynccmd should run outside of execcon
|
||||||
|
|
||||||
|
* Thu Mar 24 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-27
|
||||||
|
- Fix semange node handling of ipv6 addresses
|
||||||
|
|
||||||
|
* Wed Mar 23 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-26
|
||||||
|
- Fix sepolgen-ifgen call, add -p option
|
||||||
|
|
||||||
|
* Wed Mar 23 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-25
|
||||||
|
- Fix sepolgen-ifgen call
|
||||||
|
|
||||||
|
* Fri Mar 18 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-24
|
||||||
|
- Fix rsync command to work if the directory is old.
|
||||||
|
- Fix all tests
|
||||||
|
|
||||||
|
* Wed Mar 16 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-23
|
||||||
|
- Fix sepolgen to generate network polcy using generic_if and genric_node versus all_if and all_node
|
||||||
|
|
||||||
|
* Wed Mar 16 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-22
|
||||||
|
- Return to original seunshare man page
|
||||||
|
|
||||||
|
* Fri Mar 11 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-21
|
||||||
|
- change default location of HOMEDIR in sandbox to /tmp/.sandbox_home_*
|
||||||
|
- This will allow default sandboxes to work on NFS homedirs without allowing
|
||||||
|
access to homedir data
|
||||||
|
|
||||||
|
* Fri Mar 11 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-20
|
||||||
|
- Change sepolgen-ifgen to search all available policy files
|
||||||
|
- Exit in restorecond if it can not find a UID in the passwd database
|
||||||
|
|
||||||
|
* Wed Mar 9 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-19
|
||||||
|
- Fix portspage in system-config-selinux to not crash
|
||||||
|
- More fixes for seunshare from Tomas Hoger
|
||||||
|
|
||||||
|
* Tue Mar 8 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-18
|
||||||
|
- put back in old handling of -T in sandbox command
|
||||||
|
- Put back setsid in seunshare
|
||||||
|
- Fix rsync to maintain times
|
||||||
|
|
||||||
|
* Tue Mar 8 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-17
|
||||||
|
- Use rewritten seunshare from thoger
|
||||||
|
|
||||||
|
* Mon Mar 7 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-16
|
||||||
|
- Require python-IPy for policycoreutils-python package
|
||||||
|
- Fixes for sepologen
|
||||||
|
- Usage statement needs -n name
|
||||||
|
- Names with _ are being prevented
|
||||||
|
- dbus apps should get _chat interface
|
||||||
|
|
||||||
|
* Thu Mar 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-15
|
||||||
|
- Fix error message in seunshare, check for tmpdir existance before unlink.
|
||||||
|
|
||||||
|
* Fri Feb 25 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-13
|
||||||
- Rewrite seunshare to make sure /tmp is mounted stickybit owned by root
|
- Rewrite seunshare to make sure /tmp is mounted stickybit owned by root
|
||||||
|
- Only allow names in polgengui that contain letters and numbers
|
||||||
|
- Fix up node handling in semanage command
|
||||||
|
- Update translations
|
||||||
|
|
||||||
|
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.85-12
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
||||||
|
|
||||||
* Thu Feb 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-11
|
* Thu Feb 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-11
|
||||||
- Fix sandbox policy creation with udp connect ports
|
- Fix sandbox policy creation with udp connect ports
|
||||||
|
Loading…
Reference in New Issue
Block a user