rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity
1a2b4d14f1
selinux-policy/default_trans.patch

26 lines
946 B
Diff
Raw Normal View History

Allow svirt_lxc_domain to chr_file and blk_file devices if they are in the domain Allow init process to setrlimit on itself Take away transition rules for users executing ssh-keygen Allow setroubleshoot_fixit_t to read /dev/urand Allow sshd to relbale tunnel sockets Allow fail2ban domtrans to shorewall in the same way as with iptables Add support for lnk files in the /var/lib/sssd directory Allow system mail to connect to courier-authdaemon over an unix stream socket
2011-10-19 12:29:33 +00:00
diff --git a/policy/mcs b/policy/mcs
index ed7a0c1..90d0b1e 100644
--- a/policy/mcs
+++ b/policy/mcs
@@ -1,4 +1,6 @@
ifdef(`enable_mcs',`
+default_trans level dir_file_class_set parent;
+
#
# Define sensitivities
#
Turn on mock_t and thumb_t for unconfined domains
2011-10-21 20:44:31 +00:00
diff --git a/policy/modules/admin/bootloader.fc b/policy/modules/admin/bootloader.fc
index e117271..58b782e 100644
--- a/policy/modules/admin/bootloader.fc
+++ b/policy/modules/admin/bootloader.fc
@@ -3,9 +3,7 @@
/etc/yaboot\.conf.* -- gen_context(system_u:object_r:bootloader_etc_t,s0)
/sbin/grub.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
-/sbin/installkernel -- gen_context(system_u:object_r:bootloader_exec_t,s0)
/sbin/lilo.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
-/sbin/new-kernel-pkg -- gen_context(system_u:object_r:bootloader_exec_t,s0)
/sbin/ybin.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
/usr/sbin/grub -- gen_context(system_u:object_r:bootloader_exec_t,s0)
Reference in New Issue Copy Permalink