- allow hplip to talk dbus
- Fix context on ~/.local dir
This commit is contained in:
Daniel J Walsh
parent
fe0d467c2b
commit
1746ec93cf
@ -6511,7 +6511,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
|
||||
# /emul
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.4.2/policy/modules/kernel/files.if
|
||||
--- nsaserefpolicy/policy/modules/kernel/files.if 2008-06-12 23:25:02.000000000 -0400
|
||||
+++ serefpolicy-3.4.2/policy/modules/kernel/files.if 2008-06-13 11:31:13.000000000 -0400
|
||||
+++ serefpolicy-3.4.2/policy/modules/kernel/files.if 2008-06-22 08:58:08.000000000 -0400
|
||||
@@ -110,6 +110,11 @@
|
||||
## </param>
|
||||
#
|
||||
@ -12302,7 +12302,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cour
|
||||
+')
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.4.2/policy/modules/services/courier.te
|
||||
--- nsaserefpolicy/policy/modules/services/courier.te 2008-06-12 23:25:05.000000000 -0400
|
||||
+++ serefpolicy-3.4.2/policy/modules/services/courier.te 2008-06-12 23:37:52.000000000 -0400
|
||||
+++ serefpolicy-3.4.2/policy/modules/services/courier.te 2008-06-22 08:34:20.000000000 -0400
|
||||
@@ -9,7 +9,10 @@
|
||||
courier_domain_template(authdaemon)
|
||||
|
||||
@ -12315,7 +12315,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cour
|
||||
|
||||
courier_domain_template(pcp)
|
||||
|
||||
@@ -97,12 +100,12 @@
|
||||
@@ -25,6 +28,7 @@
|
||||
|
||||
type courier_exec_t;
|
||||
files_type(courier_exec_t)
|
||||
+mta_mailclient(courier_exec_t)
|
||||
|
||||
courier_domain_template(sqwebmail)
|
||||
typealias courier_sqwebmail_exec_t alias sqwebmail_cron_exec_t;
|
||||
@@ -97,12 +101,12 @@
|
||||
courier_domtrans_authdaemon(courier_pop_t)
|
||||
|
||||
# do the actual work (read the Maildir)
|
||||
@ -18536,7 +18544,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
|
||||
+
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.4.2/policy/modules/services/networkmanager.te
|
||||
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2008-06-12 23:25:06.000000000 -0400
|
||||
+++ serefpolicy-3.4.2/policy/modules/services/networkmanager.te 2008-06-16 07:09:40.000000000 -0400
|
||||
+++ serefpolicy-3.4.2/policy/modules/services/networkmanager.te 2008-06-22 08:58:20.000000000 -0400
|
||||
@@ -13,6 +13,13 @@
|
||||
type NetworkManager_var_run_t;
|
||||
files_pid_file(NetworkManager_var_run_t)
|
||||
@ -18559,7 +18567,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
|
||||
+allow NetworkManager_t self:capability { chown fsetid kill setgid setuid sys_nice dac_override net_admin net_raw net_bind_service ipc_lock };
|
||||
dontaudit NetworkManager_t self:capability { sys_tty_config sys_ptrace };
|
||||
-allow NetworkManager_t self:process { ptrace setcap setpgid getsched signal_perms };
|
||||
+allow NetworkManager_t self:process { ptrace getcap setcap setpgid getsched signal_perms };
|
||||
+allow NetworkManager_t self:process { ptrace getcap setcap setpgid getsched setsched signal_perms };
|
||||
allow NetworkManager_t self:fifo_file rw_fifo_file_perms;
|
||||
allow NetworkManager_t self:unix_dgram_socket { sendto create_socket_perms };
|
||||
allow NetworkManager_t self:unix_stream_socket create_stream_socket_perms;
|
||||
@ -18590,12 +18598,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
|
||||
|
||||
mls_file_read_all_levels(NetworkManager_t)
|
||||
|
||||
@@ -83,9 +96,14 @@
|
||||
@@ -82,10 +95,16 @@
|
||||
files_read_etc_files(NetworkManager_t)
|
||||
files_read_etc_runtime_files(NetworkManager_t)
|
||||
files_read_usr_files(NetworkManager_t)
|
||||
|
||||
+storage_getattr_fixed_disk_dev(NetworkManager_t)
|
||||
+files_list_tmp(NetworkManager_t)
|
||||
+
|
||||
+storage_getattr_fixed_disk_dev(NetworkManager_t)
|
||||
|
||||
init_read_utmp(NetworkManager_t)
|
||||
+init_dontaudit_write_utmp(NetworkManager_t)
|
||||
init_domtrans_script(NetworkManager_t)
|
||||
@ -18605,7 +18615,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
|
||||
libs_use_ld_so(NetworkManager_t)
|
||||
libs_use_shared_libs(NetworkManager_t)
|
||||
|
||||
@@ -112,9 +130,12 @@
|
||||
@@ -112,9 +131,12 @@
|
||||
userdom_dontaudit_use_unpriv_users_ttys(NetworkManager_t)
|
||||
# Read gnome-keyring
|
||||
userdom_read_unpriv_users_home_content_files(NetworkManager_t)
|
||||
@ -18618,7 +18628,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
|
||||
optional_policy(`
|
||||
bind_domtrans(NetworkManager_t)
|
||||
bind_manage_cache(NetworkManager_t)
|
||||
@@ -130,21 +151,21 @@
|
||||
@@ -130,21 +152,21 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -18645,7 +18655,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -156,22 +177,24 @@
|
||||
@@ -156,22 +178,24 @@
|
||||
ppp_domtrans(NetworkManager_t)
|
||||
ppp_read_pid_files(NetworkManager_t)
|
||||
ppp_signal(NetworkManager_t)
|
||||
@ -30265,7 +30275,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.f
|
||||
+/usr/bin/qemu-kvm -- gen_context(system_u:object_r:qemu_exec_t,s0)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.if serefpolicy-3.4.2/policy/modules/system/qemu.if
|
||||
--- nsaserefpolicy/policy/modules/system/qemu.if 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ serefpolicy-3.4.2/policy/modules/system/qemu.if 2008-06-22 08:17:59.000000000 -0400
|
||||
+++ serefpolicy-3.4.2/policy/modules/system/qemu.if 2008-06-22 08:27:37.000000000 -0400
|
||||
@@ -0,0 +1,336 @@
|
||||
+
|
||||
+## <summary>policy for qemu</summary>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user