rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Allow udev to send audit messages

Browse Source
This commit is contained in:
Daniel J Walsh 2008-02-14 20:25:46 +00:00
parent 9870c64ba7
commit 14892547e5
1 changed files with 19 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
policy-20071130.patch
View File

@ -5590,7 +5590,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
type lvm_control_t; type lvm_control_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.2.7/policy/modules/kernel/domain.te diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.2.7/policy/modules/kernel/domain.te
--- nsaserefpolicy/policy/modules/kernel/domain.te 2007-12-19 05:32:07.000000000 -0500 --- nsaserefpolicy/policy/modules/kernel/domain.te 2007-12-19 05:32:07.000000000 -0500
+++ serefpolicy-3.2.7/policy/modules/kernel/domain.te 2008-02-13 16:57:15.000000000 -0500 +++ serefpolicy-3.2.7/policy/modules/kernel/domain.te 2008-02-14 15:03:13.000000000 -0500
@@ -5,6 +5,13 @@ @@ -5,6 +5,13 @@
# #
# Declarations # Declarations
@ -5622,7 +5622,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
allow unconfined_domain_type domain:lnk_file { read_lnk_file_perms ioctl lock }; allow unconfined_domain_type domain:lnk_file { read_lnk_file_perms ioctl lock };
# act on all domains keys # act on all domains keys
@@ -148,3 +156,25 @@ @@ -148,3 +156,26 @@
# receive from all domains over labeled networking # receive from all domains over labeled networking
domain_all_recvfrom_all_domains(unconfined_domain_type) domain_all_recvfrom_all_domains(unconfined_domain_type)
@ -5647,6 +5647,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
+ +
+optional_policy(` +optional_policy(`
+ unconfined_dontaudit_rw_pipes(domain) + unconfined_dontaudit_rw_pipes(domain)
+ unconfined_sigchld(domain)
+') +')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.2.7/policy/modules/kernel/files.if diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.2.7/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2007-10-29 18:02:31.000000000 -0400 --- nsaserefpolicy/policy/modules/kernel/files.if 2007-10-29 18:02:31.000000000 -0400
@ -15371,8 +15372,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polk
+ +
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.te serefpolicy-3.2.7/policy/modules/services/polkit.te diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.te serefpolicy-3.2.7/policy/modules/services/polkit.te
--- nsaserefpolicy/policy/modules/services/polkit.te 1969-12-31 19:00:00.000000000 -0500 --- nsaserefpolicy/policy/modules/services/polkit.te 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.2.7/policy/modules/services/polkit.te 2008-02-13 16:57:15.000000000 -0500 +++ serefpolicy-3.2.7/policy/modules/services/polkit.te 2008-02-14 09:29:19.000000000 -0500
@@ -0,0 +1,156 @@ @@ -0,0 +1,157 @@
+policy_module(polkit_auth,1.0.0) +policy_module(polkit_auth,1.0.0)
+ +
+######################################## +########################################
@ -15476,6 +15477,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polk
+files_pid_filetrans(polkit_auth_t,polkit_var_run_t, { file dir }) +files_pid_filetrans(polkit_auth_t,polkit_var_run_t, { file dir })
+ +
+userdom_append_unpriv_users_home_content_files(polkit_auth_t) +userdom_append_unpriv_users_home_content_files(polkit_auth_t)
+userdom_dontaudit_read_unpriv_users_home_content_files(polkit_auth_t)
+ +
+optional_policy(` +optional_policy(`
+ dbus_system_bus_client_template(polkit_auth, polkit_auth_t) + dbus_system_bus_client_template(polkit_auth, polkit_auth_t)
@ -25667,7 +25669,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
xen_append_log(ifconfig_t) xen_append_log(ifconfig_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.2.7/policy/modules/system/udev.te diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.2.7/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2007-12-19 05:32:17.000000000 -0500 --- nsaserefpolicy/policy/modules/system/udev.te 2007-12-19 05:32:17.000000000 -0500
+++ serefpolicy-3.2.7/policy/modules/system/udev.te 2008-02-13 16:57:16.000000000 -0500 +++ serefpolicy-3.2.7/policy/modules/system/udev.te 2008-02-14 14:30:05.000000000 -0500
@@ -83,6 +83,7 @@ @@ -83,6 +83,7 @@
kernel_rw_unix_dgram_sockets(udev_t) kernel_rw_unix_dgram_sockets(udev_t)
kernel_dgram_send(udev_t) kernel_dgram_send(udev_t)
@ -25686,7 +25688,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t
domain_read_all_domains_state(udev_t) domain_read_all_domains_state(udev_t)
domain_dontaudit_ptrace_all_domains(udev_t) #pidof triggers these domain_dontaudit_ptrace_all_domains(udev_t) #pidof triggers these
@@ -189,6 +187,7 @@ @@ -142,6 +140,7 @@
logging_search_logs(udev_t)
logging_send_syslog_msg(udev_t)
+logging_send_audit_msgs(udev_t)
miscfiles_read_localization(udev_t)
@@ -189,6 +188,7 @@
optional_policy(` optional_policy(`
alsa_domtrans(udev_t) alsa_domtrans(udev_t)
@ -25694,7 +25704,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t
alsa_read_rw_config(udev_t) alsa_read_rw_config(udev_t)
') ')
@@ -197,6 +196,10 @@ @@ -197,6 +197,10 @@
') ')
optional_policy(` optional_policy(`
@ -25732,7 +25742,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
+/usr/sbin/sysreport -- gen_context(system_u:object_r:unconfined_notrans_exec_t,s0) +/usr/sbin/sysreport -- gen_context(system_u:object_r:unconfined_notrans_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.2.7/policy/modules/system/unconfined.if diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.2.7/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2007-11-16 15:30:49.000000000 -0500 --- nsaserefpolicy/policy/modules/system/unconfined.if 2007-11-16 15:30:49.000000000 -0500
+++ serefpolicy-3.2.7/policy/modules/system/unconfined.if 2008-02-13 16:57:16.000000000 -0500 +++ serefpolicy-3.2.7/policy/modules/system/unconfined.if 2008-02-14 15:02:03.000000000 -0500
@@ -12,14 +12,13 @@ @@ -12,14 +12,13 @@
# #
interface(`unconfined_domain_noaudit',` interface(`unconfined_domain_noaudit',`
@ -26319,7 +26329,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0) +/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.2.7/policy/modules/system/userdomain.if diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.2.7/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-11-29 13:29:35.000000000 -0500 --- nsaserefpolicy/policy/modules/system/userdomain.if 2007-11-29 13:29:35.000000000 -0500
+++ serefpolicy-3.2.7/policy/modules/system/userdomain.if 2008-02-13 16:57:16.000000000 -0500 +++ serefpolicy-3.2.7/policy/modules/system/userdomain.if 2008-02-14 09:29:10.000000000 -0500
@@ -29,9 +29,14 @@ @@ -29,9 +29,14 @@
') ')