2011-10-20 16:24:32 +00:00
|
|
|
diff -up serefpolicy-3.10.0/policy/modules/admin/rpm.te.execmem serefpolicy-3.10.0/policy/modules/admin/rpm.te
|
|
|
|
--- serefpolicy-3.10.0/policy/modules/admin/rpm.te.execmem 2011-10-20 11:53:35.312262063 -0400
|
|
|
|
+++ serefpolicy-3.10.0/policy/modules/admin/rpm.te 2011-10-20 11:53:35.825261313 -0400
|
2011-10-04 14:50:39 +00:00
|
|
|
@@ -416,14 +416,6 @@ optional_policy(`
|
|
|
|
unconfined_domain_noaudit(rpm_script_t)
|
|
|
|
unconfined_domtrans(rpm_script_t)
|
|
|
|
unconfined_execmem_domtrans(rpm_script_t)
|
|
|
|
-
|
|
|
|
- optional_policy(`
|
|
|
|
- java_domtrans_unconfined(rpm_script_t)
|
|
|
|
- ')
|
|
|
|
-
|
|
|
|
- optional_policy(`
|
|
|
|
- mono_domtrans(rpm_script_t)
|
|
|
|
- ')
|
|
|
|
')
|
|
|
|
|
|
|
|
optional_policy(`
|
2011-10-20 16:24:32 +00:00
|
|
|
diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.fc.execmem serefpolicy-3.10.0/policy/modules/apps/execmem.fc
|
|
|
|
--- serefpolicy-3.10.0/policy/modules/apps/execmem.fc.execmem 2011-10-20 11:53:35.331262035 -0400
|
|
|
|
+++ serefpolicy-3.10.0/policy/modules/apps/execmem.fc 2011-10-20 11:53:54.447234072 -0400
|
|
|
|
@@ -47,3 +47,56 @@ ifdef(`distro_gentoo',`
|
2011-10-04 14:50:39 +00:00
|
|
|
/opt/Komodo-Edit-5/lib/mozilla/komodo-bin -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
/opt/Adobe/Reader9/Reader/intellinux/bin/acroread -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
/usr/local/Wolfram/Mathematica(/.*)?MathKernel -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+
|
|
|
|
+#
|
|
|
|
+# /opt
|
|
|
|
+#
|
|
|
|
+/opt/(.*/)?bin/java[^/]* -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+/opt/ibm/java.*/(bin|javaws)(/.*)? -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+/opt/local/matlab.*/bin.*/MATLAB.* -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+/opt/matlab.*/bin.*/MATLAB.* -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+/opt/local/MATLAB.*/bin.*/MATLAB.* -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+/opt/MATLAB.*/bin.*/MATLAB.* -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+
|
|
|
|
+#
|
|
|
|
+# /usr
|
|
|
|
+#
|
|
|
|
+/usr/Aptana[^/]*/AptanaStudio -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+/usr/(.*/)?bin/java.* -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+/usr/bin/fastjar -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+/usr/bin/frysk -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+/usr/bin/gappletviewer -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+/usr/bin/gcj-dbtool -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+/usr/bin/gij -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+/usr/bin/gjarsigner -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+/usr/bin/gkeytool -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+/usr/bin/grmic -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+/usr/bin/grmiregistry -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+/usr/bin/jv-convert -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+/usr/bin/octave-[^/]* -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+
|
|
|
|
+/usr/lib(.*/)?bin/java[^/]* -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+/usr/lib/eclipse/eclipse -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+/usr/lib/jvm/java(.*/)bin(/.*)? -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+/usr/lib/opera(/.*)?/opera -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+/usr/lib/opera(/.*)?/works -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+
|
|
|
|
+/usr/local/matlab.*/bin.*/MATLAB.* -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+
|
|
|
|
+/usr/matlab.*/bin.*/MATLAB.* -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+
|
|
|
|
+/opt/ibm/lotus/Symphony/framework/rcp/eclipse/plugins(/.*)? -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+/opt/ibm(/.*)?/eclipse/plugins(/.*)? -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+
|
|
|
|
+ifdef(`distro_redhat',`
|
|
|
|
+/usr/java/eclipse[^/]*/eclipse -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+')
|
|
|
|
+/usr/bin/mono.* -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
2011-10-20 16:24:32 +00:00
|
|
|
+
|
|
|
|
+#
|
|
|
|
+# Conflicts with ada domain
|
|
|
|
+#
|
|
|
|
+/usr/bin/gnatbind -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+/usr/bin/gnatls -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+/usr/bin/gnatmake -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
+/usr/libexec/gcc(/.*)?/gnat1 -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
|
|
|
diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.if.execmem serefpolicy-3.10.0/policy/modules/apps/execmem.if
|
|
|
|
--- serefpolicy-3.10.0/policy/modules/apps/execmem.if.execmem 2011-10-20 11:53:35.332262034 -0400
|
|
|
|
+++ serefpolicy-3.10.0/policy/modules/apps/execmem.if 2011-10-20 11:53:35.826261312 -0400
|
2011-10-04 14:50:39 +00:00
|
|
|
@@ -129,4 +129,3 @@ interface(`execmem_execmod',`
|
|
|
|
|
|
|
|
allow $1 execmem_exec_t:file execmod;
|
|
|
|
')
|
|
|
|
-
|
2011-10-20 16:24:32 +00:00
|
|
|
diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.te.execmem serefpolicy-3.10.0/policy/modules/apps/execmem.te
|
|
|
|
--- serefpolicy-3.10.0/policy/modules/apps/execmem.te.execmem 2011-10-20 11:53:35.332262034 -0400
|
|
|
|
+++ serefpolicy-3.10.0/policy/modules/apps/execmem.te 2011-10-20 11:53:35.827261310 -0400
|
2011-10-04 14:50:39 +00:00
|
|
|
@@ -4,7 +4,25 @@ policy_module(execmem, 1.0.0)
|
|
|
|
#
|
|
|
|
# Declarations
|
|
|
|
#
|
|
|
|
+attribute execmem_type;
|
|
|
|
|
|
|
|
-type execmem_exec_t alias unconfined_execmem_exec_t;
|
|
|
|
+type execmem_exec_t;
|
|
|
|
+typealias execmem_exec_t alias { unconfined_execmem_exec_t mono_exec_t java_exec_t };
|
|
|
|
application_executable_file(execmem_exec_t)
|
|
|
|
|
|
|
|
+allow execmem_type self:process { execmem execstack };
|
|
|
|
+files_execmod_tmp(execmem_type)
|
|
|
|
+execmem_execmod(execmem_type)
|
|
|
|
+
|
|
|
|
+optional_policy(`
|
|
|
|
+ gnome_read_usr_config(execmem_type)
|
|
|
|
+')
|
|
|
|
+
|
|
|
|
+optional_policy(`
|
|
|
|
+ mozilla_execmod_user_home_files(execmem_type)
|
|
|
|
+')
|
|
|
|
+
|
|
|
|
+optional_policy(`
|
|
|
|
+ nsplugin_rw_shm(execmem_type)
|
|
|
|
+ nsplugin_rw_semaphores(execmem_type)
|
|
|
|
+')
|
2011-10-20 16:24:32 +00:00
|
|
|
diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.te.execmem serefpolicy-3.10.0/policy/modules/apps/mozilla.te
|
|
|
|
--- serefpolicy-3.10.0/policy/modules/apps/mozilla.te.execmem 2011-10-20 11:53:35.350262007 -0400
|
|
|
|
+++ serefpolicy-3.10.0/policy/modules/apps/mozilla.te 2011-10-20 11:53:35.827261310 -0400
|
2011-10-04 14:50:39 +00:00
|
|
|
@@ -273,10 +273,6 @@ optional_policy(`
|
|
|
|
')
|
|
|
|
|
|
|
|
optional_policy(`
|
|
|
|
- java_domtrans(mozilla_t)
|
|
|
|
-')
|
|
|
|
-
|
|
|
|
-optional_policy(`
|
|
|
|
lpd_domtrans_lpr(mozilla_t)
|
|
|
|
')
|
|
|
|
|
|
|
|
@@ -456,7 +452,7 @@ optional_policy(`
|
|
|
|
')
|
|
|
|
|
|
|
|
optional_policy(`
|
|
|
|
- java_exec(mozilla_plugin_t)
|
|
|
|
+ execmem_exec(mozilla_plugin_t)
|
|
|
|
')
|
|
|
|
|
|
|
|
optional_policy(`
|
2011-10-20 16:24:32 +00:00
|
|
|
diff -up serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.execmem serefpolicy-3.10.0/policy/modules/apps/podsleuth.te
|
|
|
|
--- serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.execmem 2011-06-27 14:18:04.000000000 -0400
|
|
|
|
+++ serefpolicy-3.10.0/policy/modules/apps/podsleuth.te 2011-10-20 11:53:35.828261308 -0400
|
2011-10-04 14:50:39 +00:00
|
|
|
@@ -85,5 +85,5 @@ optional_policy(`
|
|
|
|
')
|
|
|
|
|
|
|
|
optional_policy(`
|
|
|
|
- mono_exec(podsleuth_t)
|
|
|
|
+ execmem_exec(podsleuth_t)
|
|
|
|
')
|
2011-10-20 16:24:32 +00:00
|
|
|
diff -up serefpolicy-3.10.0/policy/modules/roles/staff.te.execmem serefpolicy-3.10.0/policy/modules/roles/staff.te
|
|
|
|
--- serefpolicy-3.10.0/policy/modules/roles/staff.te.execmem 2011-10-20 11:53:35.411261918 -0400
|
|
|
|
+++ serefpolicy-3.10.0/policy/modules/roles/staff.te 2011-10-20 11:53:35.829261306 -0400
|
2011-10-04 14:50:39 +00:00
|
|
|
@@ -268,10 +268,6 @@ ifndef(`distro_redhat',`
|
|
|
|
')
|
|
|
|
|
|
|
|
optional_policy(`
|
|
|
|
- java_role(staff_r, staff_t)
|
|
|
|
- ')
|
|
|
|
-
|
|
|
|
- optional_policy(`
|
|
|
|
lockdev_role(staff_r, staff_t)
|
|
|
|
')
|
|
|
|
|
2011-10-20 16:24:32 +00:00
|
|
|
diff -up serefpolicy-3.10.0/policy/modules/roles/sysadm.te.execmem serefpolicy-3.10.0/policy/modules/roles/sysadm.te
|
|
|
|
--- serefpolicy-3.10.0/policy/modules/roles/sysadm.te.execmem 2011-10-20 11:53:35.412261917 -0400
|
|
|
|
+++ serefpolicy-3.10.0/policy/modules/roles/sysadm.te 2011-10-20 11:53:35.829261306 -0400
|
|
|
|
@@ -520,10 +520,6 @@ ifndef(`distro_redhat',`
|
2011-10-04 14:50:39 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
optional_policy(`
|
|
|
|
- java_role(sysadm_r, sysadm_t)
|
|
|
|
- ')
|
|
|
|
-
|
|
|
|
- optional_policy(`
|
|
|
|
lockdev_role(sysadm_r, sysadm_t)
|
|
|
|
')
|
|
|
|
|
2011-10-20 16:24:32 +00:00
|
|
|
diff -up serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.execmem serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te
|
|
|
|
--- serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.execmem 2011-10-20 11:53:35.820261320 -0400
|
|
|
|
+++ serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te 2011-10-20 11:53:35.830261305 -0400
|
|
|
|
@@ -342,10 +342,6 @@ optional_policy(`
|
2011-10-04 14:50:39 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
optional_policy(`
|
|
|
|
- java_run_unconfined(unconfined_t, unconfined_r)
|
|
|
|
-')
|
|
|
|
-
|
|
|
|
-optional_policy(`
|
|
|
|
kerberos_filetrans_named_content(unconfined_t)
|
|
|
|
')
|
|
|
|
|
2011-10-20 16:24:32 +00:00
|
|
|
@@ -366,13 +362,6 @@ optional_policy(`
|
2011-10-04 14:50:39 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
optional_policy(`
|
|
|
|
- mono_role_template(unconfined, unconfined_r, unconfined_t)
|
|
|
|
- unconfined_domain_noaudit(unconfined_mono_t)
|
|
|
|
- role system_r types unconfined_mono_t;
|
|
|
|
-')
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-optional_policy(`
|
|
|
|
mozilla_role_plugin(unconfined_r)
|
|
|
|
|
|
|
|
tunable_policy(`unconfined_mozilla_plugin_transition', `
|
2011-10-20 16:24:32 +00:00
|
|
|
diff -up serefpolicy-3.10.0/policy/modules/roles/unprivuser.te.execmem serefpolicy-3.10.0/policy/modules/roles/unprivuser.te
|
|
|
|
--- serefpolicy-3.10.0/policy/modules/roles/unprivuser.te.execmem 2011-10-20 11:53:35.414261914 -0400
|
|
|
|
+++ serefpolicy-3.10.0/policy/modules/roles/unprivuser.te 2011-10-20 11:53:35.831261304 -0400
|
2011-10-04 14:50:39 +00:00
|
|
|
@@ -148,10 +148,6 @@ ifndef(`distro_redhat',`
|
|
|
|
')
|
|
|
|
|
|
|
|
optional_policy(`
|
|
|
|
- java_role(user_r, user_t)
|
|
|
|
- ')
|
|
|
|
-
|
|
|
|
- optional_policy(`
|
|
|
|
lockdev_role(user_r, user_t)
|
|
|
|
')
|
|
|
|
|
2011-10-20 16:24:32 +00:00
|
|
|
diff -up serefpolicy-3.10.0/policy/modules/roles/xguest.te.execmem serefpolicy-3.10.0/policy/modules/roles/xguest.te
|
|
|
|
--- serefpolicy-3.10.0/policy/modules/roles/xguest.te.execmem 2011-10-20 11:53:35.415261912 -0400
|
|
|
|
+++ serefpolicy-3.10.0/policy/modules/roles/xguest.te 2011-10-20 11:53:35.831261304 -0400
|
2011-10-04 14:50:39 +00:00
|
|
|
@@ -107,14 +107,6 @@ optional_policy(`
|
|
|
|
')
|
|
|
|
|
|
|
|
optional_policy(`
|
|
|
|
- java_role_template(xguest, xguest_r, xguest_t)
|
|
|
|
-')
|
|
|
|
-
|
|
|
|
-optional_policy(`
|
|
|
|
- mono_role_template(xguest, xguest_r, xguest_t)
|
|
|
|
-')
|
|
|
|
-
|
|
|
|
-optional_policy(`
|
|
|
|
mozilla_run_plugin(xguest_usertype, xguest_r)
|
|
|
|
')
|
|
|
|
|
2011-10-20 16:24:32 +00:00
|
|
|
diff -up serefpolicy-3.10.0/policy/modules/services/boinc.te.execmem serefpolicy-3.10.0/policy/modules/services/boinc.te
|
|
|
|
--- serefpolicy-3.10.0/policy/modules/services/boinc.te.execmem 2011-10-20 11:53:35.445261869 -0400
|
|
|
|
+++ serefpolicy-3.10.0/policy/modules/services/boinc.te 2011-10-20 11:53:35.832261303 -0400
|
|
|
|
@@ -170,5 +170,5 @@ miscfiles_read_fonts(boinc_project_t)
|
2011-10-04 14:50:39 +00:00
|
|
|
miscfiles_read_localization(boinc_project_t)
|
|
|
|
|
|
|
|
optional_policy(`
|
|
|
|
- java_exec(boinc_project_t)
|
|
|
|
+ execmem_exec(boinc_project_t)
|
|
|
|
')
|
2011-10-20 16:24:32 +00:00
|
|
|
diff -up serefpolicy-3.10.0/policy/modules/services/cron.te.execmem serefpolicy-3.10.0/policy/modules/services/cron.te
|
|
|
|
--- serefpolicy-3.10.0/policy/modules/services/cron.te.execmem 2011-10-20 11:53:35.479261819 -0400
|
|
|
|
+++ serefpolicy-3.10.0/policy/modules/services/cron.te 2011-10-20 11:53:35.833261301 -0400
|
2011-10-04 14:50:39 +00:00
|
|
|
@@ -299,10 +299,6 @@ optional_policy(`
|
|
|
|
')
|
|
|
|
|
|
|
|
optional_policy(`
|
|
|
|
- mono_domtrans(crond_t)
|
|
|
|
-')
|
|
|
|
-
|
|
|
|
-optional_policy(`
|
|
|
|
amanda_search_var_lib(crond_t)
|
|
|
|
')
|
|
|
|
|
|
|
|
@@ -553,10 +549,6 @@ optional_policy(`
|
|
|
|
')
|
|
|
|
|
|
|
|
optional_policy(`
|
|
|
|
- mono_domtrans(system_cronjob_t)
|
|
|
|
-')
|
|
|
|
-
|
|
|
|
-optional_policy(`
|
|
|
|
mrtg_append_create_logs(system_cronjob_t)
|
|
|
|
')
|
|
|
|
|
2011-10-20 16:24:32 +00:00
|
|
|
@@ -710,11 +702,6 @@ tunable_policy(`fcron_crond',`
|
2011-10-04 14:50:39 +00:00
|
|
|
allow crond_t user_cron_spool_t:file manage_file_perms;
|
|
|
|
')
|
|
|
|
|
|
|
|
-# need a per-role version of this:
|
|
|
|
-#optional_policy(`
|
|
|
|
-# mono_domtrans(cronjob_t)
|
|
|
|
-#')
|
|
|
|
-
|
|
|
|
optional_policy(`
|
|
|
|
nis_use_ypbind(cronjob_t)
|
|
|
|
')
|
2011-10-20 16:24:32 +00:00
|
|
|
diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.if.execmem serefpolicy-3.10.0/policy/modules/services/hadoop.if
|
|
|
|
--- serefpolicy-3.10.0/policy/modules/services/hadoop.if.execmem 2011-10-20 11:53:35.529261745 -0400
|
|
|
|
+++ serefpolicy-3.10.0/policy/modules/services/hadoop.if 2011-10-20 11:53:35.834261299 -0400
|
2011-10-04 14:50:39 +00:00
|
|
|
@@ -127,7 +127,7 @@ template(`hadoop_domain_template',`
|
|
|
|
|
|
|
|
hadoop_exec_config(hadoop_$1_t)
|
|
|
|
|
|
|
|
- java_exec(hadoop_$1_t)
|
|
|
|
+ execmem_exec(hadoop_$1_t)
|
|
|
|
|
|
|
|
kerberos_use(hadoop_$1_t)
|
|
|
|
|
2011-10-20 16:24:32 +00:00
|
|
|
diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.te.execmem serefpolicy-3.10.0/policy/modules/services/hadoop.te
|
|
|
|
--- serefpolicy-3.10.0/policy/modules/services/hadoop.te.execmem 2011-10-20 11:53:35.530261744 -0400
|
|
|
|
+++ serefpolicy-3.10.0/policy/modules/services/hadoop.te 2011-10-20 11:53:35.835261297 -0400
|
2011-10-04 14:50:39 +00:00
|
|
|
@@ -167,7 +167,7 @@ miscfiles_read_localization(hadoop_t)
|
|
|
|
|
|
|
|
userdom_use_inherited_user_terminals(hadoop_t)
|
|
|
|
|
|
|
|
-java_exec(hadoop_t)
|
|
|
|
+execmem_exec(hadoop_t)
|
|
|
|
|
|
|
|
kerberos_use(hadoop_t)
|
|
|
|
|
|
|
|
@@ -342,7 +342,7 @@ sysnet_read_config(zookeeper_t)
|
|
|
|
userdom_use_inherited_user_terminals(zookeeper_t)
|
|
|
|
userdom_dontaudit_search_user_home_dirs(zookeeper_t)
|
|
|
|
|
|
|
|
-java_exec(zookeeper_t)
|
|
|
|
+execmem_exec(zookeeper_t)
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
2011-10-20 16:24:32 +00:00
|
|
|
@@ -427,4 +427,4 @@ miscfiles_read_localization(zookeeper_se
|
2011-10-04 14:50:39 +00:00
|
|
|
|
|
|
|
sysnet_read_config(zookeeper_server_t)
|
|
|
|
|
|
|
|
-java_exec(zookeeper_server_t)
|
|
|
|
+execmem_exec(zookeeper_server_t)
|
2011-10-20 16:24:32 +00:00
|
|
|
diff -up serefpolicy-3.10.0/policy/modules/services/xserver.te.execmem serefpolicy-3.10.0/policy/modules/services/xserver.te
|
|
|
|
--- serefpolicy-3.10.0/policy/modules/services/xserver.te.execmem 2011-10-20 11:53:35.719261468 -0400
|
|
|
|
+++ serefpolicy-3.10.0/policy/modules/services/xserver.te 2011-10-20 11:53:35.837261295 -0400
|
2011-10-04 14:50:39 +00:00
|
|
|
@@ -1247,10 +1247,6 @@ optional_policy(`
|
|
|
|
')
|
|
|
|
|
|
|
|
optional_policy(`
|
|
|
|
- mono_rw_shm(xserver_t)
|
|
|
|
-')
|
|
|
|
-
|
|
|
|
-optional_policy(`
|
|
|
|
rhgb_rw_shm(xserver_t)
|
|
|
|
rhgb_rw_tmpfs_files(xserver_t)
|
|
|
|
')
|
2011-10-20 16:24:32 +00:00
|
|
|
diff -up serefpolicy-3.10.0/policy/modules/system/init.te.execmem serefpolicy-3.10.0/policy/modules/system/init.te
|
|
|
|
--- serefpolicy-3.10.0/policy/modules/system/init.te.execmem 2011-10-20 11:53:35.738261440 -0400
|
|
|
|
+++ serefpolicy-3.10.0/policy/modules/system/init.te 2011-10-20 11:53:35.838261294 -0400
|
|
|
|
@@ -1192,10 +1192,6 @@ optional_policy(`
|
2011-10-04 14:50:39 +00:00
|
|
|
unconfined_dontaudit_rw_pipes(daemon)
|
|
|
|
')
|
|
|
|
|
|
|
|
- optional_policy(`
|
|
|
|
- mono_domtrans(initrc_t)
|
|
|
|
- ')
|
|
|
|
-
|
|
|
|
# Allow SELinux aware applications to request rpm_script_t execution
|
|
|
|
rpm_transition_script(initrc_t)
|
|
|
|
|
2011-10-20 16:24:32 +00:00
|
|
|
diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.execmem serefpolicy-3.10.0/policy/modules/system/userdomain.if
|
|
|
|
--- serefpolicy-3.10.0/policy/modules/system/userdomain.if.execmem 2011-10-20 11:53:35.775261386 -0400
|
|
|
|
+++ serefpolicy-3.10.0/policy/modules/system/userdomain.if 2011-10-20 11:53:35.840261291 -0400
|
|
|
|
@@ -1281,14 +1281,6 @@ template(`userdom_unpriv_user_template',
|
2011-10-04 14:50:39 +00:00
|
|
|
')
|
|
|
|
|
|
|
|
optional_policy(`
|
|
|
|
- java_role_template($1, $1_r, $1_t)
|
|
|
|
- ')
|
|
|
|
-
|
|
|
|
- optional_policy(`
|
|
|
|
- mono_role_template($1, $1_r, $1_t)
|
|
|
|
- ')
|
|
|
|
-
|
|
|
|
- optional_policy(`
|
|
|
|
mount_run_fusermount($1_t, $1_r)
|
|
|
|
mount_read_pid_files($1_t)
|
|
|
|
')
|
2011-10-21 20:44:31 +00:00
|
|
|
diff --git a/policy/modules/admin/bootloader.fc b/policy/modules/admin/bootloader.fc
|
|
|
|
index e117271..58b782e 100644
|
|
|
|
--- a/policy/modules/admin/bootloader.fc
|
|
|
|
+++ b/policy/modules/admin/bootloader.fc
|
|
|
|
@@ -3,9 +3,7 @@
|
|
|
|
/etc/yaboot\.conf.* -- gen_context(system_u:object_r:bootloader_etc_t,s0)
|
|
|
|
|
|
|
|
/sbin/grub.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
|
|
|
|
-/sbin/installkernel -- gen_context(system_u:object_r:bootloader_exec_t,s0)
|
|
|
|
/sbin/lilo.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
|
|
|
|
-/sbin/new-kernel-pkg -- gen_context(system_u:object_r:bootloader_exec_t,s0)
|
|
|
|
/sbin/ybin.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
|
|
|
|
|
|
|
|
/usr/sbin/grub -- gen_context(system_u:object_r:bootloader_exec_t,s0)
|