* Fri Oct 1 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-96
- Add missing permission checks for nscd
This commit is contained in:
parent
d11521e32b
commit
18a1acac8d
@ -689,7 +689,7 @@ index 3a45f23..f4754f0 100644
|
|||||||
# fork
|
# fork
|
||||||
# setexec
|
# setexec
|
||||||
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
|
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
|
||||||
index 28802c5..ee01d6e 100644
|
index 28802c5..88519a9 100644
|
||||||
--- a/policy/flask/access_vectors
|
--- a/policy/flask/access_vectors
|
||||||
+++ b/policy/flask/access_vectors
|
+++ b/policy/flask/access_vectors
|
||||||
@@ -329,6 +329,7 @@ class process
|
@@ -329,6 +329,7 @@ class process
|
||||||
@ -728,7 +728,16 @@ index 28802c5..ee01d6e 100644
|
|||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
@@ -827,6 +837,9 @@ class kernel_service
|
@@ -690,6 +700,8 @@ class nscd
|
||||||
|
shmemhost
|
||||||
|
getserv
|
||||||
|
shmemserv
|
||||||
|
+ getnetgrp
|
||||||
|
+ shmemnetgrp
|
||||||
|
}
|
||||||
|
|
||||||
|
# Define the access vector interpretation for controlling
|
||||||
|
@@ -827,6 +839,9 @@ class kernel_service
|
||||||
|
|
||||||
class tun_socket
|
class tun_socket
|
||||||
inherits socket
|
inherits socket
|
||||||
@ -738,7 +747,7 @@ index 28802c5..ee01d6e 100644
|
|||||||
|
|
||||||
class x_pointer
|
class x_pointer
|
||||||
inherits x_device
|
inherits x_device
|
||||||
@@ -862,3 +875,20 @@ inherits database
|
@@ -862,3 +877,20 @@ inherits database
|
||||||
implement
|
implement
|
||||||
execute
|
execute
|
||||||
}
|
}
|
||||||
@ -28014,7 +28023,7 @@ index 24e7804..76da5dd 100644
|
|||||||
+ files_etc_filetrans($1, machineid_t, file, "machine-id" )
|
+ files_etc_filetrans($1, machineid_t, file, "machine-id" )
|
||||||
+')
|
+')
|
||||||
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
|
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
|
||||||
index dd3be8d..e9ab9ba 100644
|
index dd3be8d..d145ffc 100644
|
||||||
--- a/policy/modules/system/init.te
|
--- a/policy/modules/system/init.te
|
||||||
+++ b/policy/modules/system/init.te
|
+++ b/policy/modules/system/init.te
|
||||||
@@ -11,10 +11,31 @@ gen_require(`
|
@@ -11,10 +11,31 @@ gen_require(`
|
||||||
@ -28202,7 +28211,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
# file descriptors inherited from the rootfs:
|
# file descriptors inherited from the rootfs:
|
||||||
files_dontaudit_rw_root_files(init_t)
|
files_dontaudit_rw_root_files(init_t)
|
||||||
files_dontaudit_rw_root_chr_files(init_t)
|
files_dontaudit_rw_root_chr_files(init_t)
|
||||||
@@ -156,28 +230,51 @@ fs_list_inotifyfs(init_t)
|
@@ -156,28 +230,52 @@ fs_list_inotifyfs(init_t)
|
||||||
fs_write_ramfs_sockets(init_t)
|
fs_write_ramfs_sockets(init_t)
|
||||||
|
|
||||||
mcs_process_set_categories(init_t)
|
mcs_process_set_categories(init_t)
|
||||||
@ -28230,6 +28239,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
+term_use_unallocated_ttys(init_t)
|
+term_use_unallocated_ttys(init_t)
|
||||||
+term_use_console(init_t)
|
+term_use_console(init_t)
|
||||||
+term_use_all_inherited_terms(init_t)
|
+term_use_all_inherited_terms(init_t)
|
||||||
|
+term_use_generic_ptys(init_t)
|
||||||
|
|
||||||
# Run init scripts.
|
# Run init scripts.
|
||||||
init_domtrans_script(init_t)
|
init_domtrans_script(init_t)
|
||||||
@ -28257,7 +28267,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
|
|
||||||
ifdef(`distro_gentoo',`
|
ifdef(`distro_gentoo',`
|
||||||
allow init_t self:process { getcap setcap };
|
allow init_t self:process { getcap setcap };
|
||||||
@@ -186,29 +283,204 @@ ifdef(`distro_gentoo',`
|
@@ -186,29 +284,204 @@ ifdef(`distro_gentoo',`
|
||||||
')
|
')
|
||||||
|
|
||||||
ifdef(`distro_redhat',`
|
ifdef(`distro_redhat',`
|
||||||
@ -28287,19 +28297,19 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
+
|
+
|
||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
+ chronyd_read_keys(init_t)
|
+ chronyd_read_keys(init_t)
|
||||||
')
|
+')
|
||||||
|
+
|
||||||
optional_policy(`
|
+optional_policy(`
|
||||||
- auth_rw_login_records(init_t)
|
|
||||||
+ kdump_read_crash(init_t)
|
+ kdump_read_crash(init_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
- auth_rw_login_records(init_t)
|
||||||
+ gnome_filetrans_home_content(init_t)
|
+ gnome_filetrans_home_content(init_t)
|
||||||
+ gnome_manage_data(init_t)
|
+ gnome_manage_data(init_t)
|
||||||
+')
|
')
|
||||||
+
|
|
||||||
+optional_policy(`
|
optional_policy(`
|
||||||
+ iscsi_read_lib_files(init_t)
|
+ iscsi_read_lib_files(init_t)
|
||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
@ -28470,7 +28480,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -216,7 +488,30 @@ optional_policy(`
|
@@ -216,7 +489,30 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -28501,7 +28511,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -225,8 +520,9 @@ optional_policy(`
|
@@ -225,8 +521,9 @@ optional_policy(`
|
||||||
#
|
#
|
||||||
|
|
||||||
allow initrc_t self:process { getpgid setsched setpgid setrlimit getsched };
|
allow initrc_t self:process { getpgid setsched setpgid setrlimit getsched };
|
||||||
@ -28513,7 +28523,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
allow initrc_t self:passwd rootok;
|
allow initrc_t self:passwd rootok;
|
||||||
allow initrc_t self:key manage_key_perms;
|
allow initrc_t self:key manage_key_perms;
|
||||||
|
|
||||||
@@ -257,12 +553,16 @@ manage_fifo_files_pattern(initrc_t, initrc_state_t, initrc_state_t)
|
@@ -257,12 +554,16 @@ manage_fifo_files_pattern(initrc_t, initrc_state_t, initrc_state_t)
|
||||||
|
|
||||||
allow initrc_t initrc_var_run_t:file manage_file_perms;
|
allow initrc_t initrc_var_run_t:file manage_file_perms;
|
||||||
files_pid_filetrans(initrc_t, initrc_var_run_t, file)
|
files_pid_filetrans(initrc_t, initrc_var_run_t, file)
|
||||||
@ -28530,7 +28540,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
|
|
||||||
manage_dirs_pattern(initrc_t, initrc_var_log_t, initrc_var_log_t)
|
manage_dirs_pattern(initrc_t, initrc_var_log_t, initrc_var_log_t)
|
||||||
manage_files_pattern(initrc_t, initrc_var_log_t, initrc_var_log_t)
|
manage_files_pattern(initrc_t, initrc_var_log_t, initrc_var_log_t)
|
||||||
@@ -278,23 +578,36 @@ kernel_change_ring_buffer_level(initrc_t)
|
@@ -278,23 +579,36 @@ kernel_change_ring_buffer_level(initrc_t)
|
||||||
kernel_clear_ring_buffer(initrc_t)
|
kernel_clear_ring_buffer(initrc_t)
|
||||||
kernel_get_sysvipc_info(initrc_t)
|
kernel_get_sysvipc_info(initrc_t)
|
||||||
kernel_read_all_sysctls(initrc_t)
|
kernel_read_all_sysctls(initrc_t)
|
||||||
@ -28573,7 +28583,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
corenet_tcp_sendrecv_all_ports(initrc_t)
|
corenet_tcp_sendrecv_all_ports(initrc_t)
|
||||||
corenet_udp_sendrecv_all_ports(initrc_t)
|
corenet_udp_sendrecv_all_ports(initrc_t)
|
||||||
corenet_tcp_connect_all_ports(initrc_t)
|
corenet_tcp_connect_all_ports(initrc_t)
|
||||||
@@ -302,9 +615,11 @@ corenet_sendrecv_all_client_packets(initrc_t)
|
@@ -302,9 +616,11 @@ corenet_sendrecv_all_client_packets(initrc_t)
|
||||||
|
|
||||||
dev_read_rand(initrc_t)
|
dev_read_rand(initrc_t)
|
||||||
dev_read_urand(initrc_t)
|
dev_read_urand(initrc_t)
|
||||||
@ -28585,7 +28595,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
dev_rw_sysfs(initrc_t)
|
dev_rw_sysfs(initrc_t)
|
||||||
dev_list_usbfs(initrc_t)
|
dev_list_usbfs(initrc_t)
|
||||||
dev_read_framebuffer(initrc_t)
|
dev_read_framebuffer(initrc_t)
|
||||||
@@ -312,8 +627,10 @@ dev_write_framebuffer(initrc_t)
|
@@ -312,8 +628,10 @@ dev_write_framebuffer(initrc_t)
|
||||||
dev_read_realtime_clock(initrc_t)
|
dev_read_realtime_clock(initrc_t)
|
||||||
dev_read_sound_mixer(initrc_t)
|
dev_read_sound_mixer(initrc_t)
|
||||||
dev_write_sound_mixer(initrc_t)
|
dev_write_sound_mixer(initrc_t)
|
||||||
@ -28596,7 +28606,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
dev_delete_lvm_control_dev(initrc_t)
|
dev_delete_lvm_control_dev(initrc_t)
|
||||||
dev_manage_generic_symlinks(initrc_t)
|
dev_manage_generic_symlinks(initrc_t)
|
||||||
dev_manage_generic_files(initrc_t)
|
dev_manage_generic_files(initrc_t)
|
||||||
@@ -321,8 +638,7 @@ dev_manage_generic_files(initrc_t)
|
@@ -321,8 +639,7 @@ dev_manage_generic_files(initrc_t)
|
||||||
dev_delete_generic_symlinks(initrc_t)
|
dev_delete_generic_symlinks(initrc_t)
|
||||||
dev_getattr_all_blk_files(initrc_t)
|
dev_getattr_all_blk_files(initrc_t)
|
||||||
dev_getattr_all_chr_files(initrc_t)
|
dev_getattr_all_chr_files(initrc_t)
|
||||||
@ -28606,7 +28616,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
|
|
||||||
domain_kill_all_domains(initrc_t)
|
domain_kill_all_domains(initrc_t)
|
||||||
domain_signal_all_domains(initrc_t)
|
domain_signal_all_domains(initrc_t)
|
||||||
@@ -331,7 +647,6 @@ domain_sigstop_all_domains(initrc_t)
|
@@ -331,7 +648,6 @@ domain_sigstop_all_domains(initrc_t)
|
||||||
domain_sigchld_all_domains(initrc_t)
|
domain_sigchld_all_domains(initrc_t)
|
||||||
domain_read_all_domains_state(initrc_t)
|
domain_read_all_domains_state(initrc_t)
|
||||||
domain_getattr_all_domains(initrc_t)
|
domain_getattr_all_domains(initrc_t)
|
||||||
@ -28614,7 +28624,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
domain_getsession_all_domains(initrc_t)
|
domain_getsession_all_domains(initrc_t)
|
||||||
domain_use_interactive_fds(initrc_t)
|
domain_use_interactive_fds(initrc_t)
|
||||||
# for lsof which is used by alsa shutdown:
|
# for lsof which is used by alsa shutdown:
|
||||||
@@ -339,6 +654,7 @@ domain_dontaudit_getattr_all_udp_sockets(initrc_t)
|
@@ -339,6 +655,7 @@ domain_dontaudit_getattr_all_udp_sockets(initrc_t)
|
||||||
domain_dontaudit_getattr_all_tcp_sockets(initrc_t)
|
domain_dontaudit_getattr_all_tcp_sockets(initrc_t)
|
||||||
domain_dontaudit_getattr_all_dgram_sockets(initrc_t)
|
domain_dontaudit_getattr_all_dgram_sockets(initrc_t)
|
||||||
domain_dontaudit_getattr_all_pipes(initrc_t)
|
domain_dontaudit_getattr_all_pipes(initrc_t)
|
||||||
@ -28622,7 +28632,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
|
|
||||||
files_getattr_all_dirs(initrc_t)
|
files_getattr_all_dirs(initrc_t)
|
||||||
files_getattr_all_files(initrc_t)
|
files_getattr_all_files(initrc_t)
|
||||||
@@ -346,14 +662,15 @@ files_getattr_all_symlinks(initrc_t)
|
@@ -346,14 +663,15 @@ files_getattr_all_symlinks(initrc_t)
|
||||||
files_getattr_all_pipes(initrc_t)
|
files_getattr_all_pipes(initrc_t)
|
||||||
files_getattr_all_sockets(initrc_t)
|
files_getattr_all_sockets(initrc_t)
|
||||||
files_purge_tmp(initrc_t)
|
files_purge_tmp(initrc_t)
|
||||||
@ -28640,7 +28650,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
files_read_usr_files(initrc_t)
|
files_read_usr_files(initrc_t)
|
||||||
files_manage_urandom_seed(initrc_t)
|
files_manage_urandom_seed(initrc_t)
|
||||||
files_manage_generic_spool(initrc_t)
|
files_manage_generic_spool(initrc_t)
|
||||||
@@ -363,8 +680,12 @@ files_list_isid_type_dirs(initrc_t)
|
@@ -363,8 +681,12 @@ files_list_isid_type_dirs(initrc_t)
|
||||||
files_mounton_isid_type_dirs(initrc_t)
|
files_mounton_isid_type_dirs(initrc_t)
|
||||||
files_list_default(initrc_t)
|
files_list_default(initrc_t)
|
||||||
files_mounton_default(initrc_t)
|
files_mounton_default(initrc_t)
|
||||||
@ -28654,7 +28664,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
fs_list_inotifyfs(initrc_t)
|
fs_list_inotifyfs(initrc_t)
|
||||||
fs_register_binary_executable_type(initrc_t)
|
fs_register_binary_executable_type(initrc_t)
|
||||||
# rhgb-console writes to ramfs
|
# rhgb-console writes to ramfs
|
||||||
@@ -374,10 +695,11 @@ fs_mount_all_fs(initrc_t)
|
@@ -374,10 +696,11 @@ fs_mount_all_fs(initrc_t)
|
||||||
fs_unmount_all_fs(initrc_t)
|
fs_unmount_all_fs(initrc_t)
|
||||||
fs_remount_all_fs(initrc_t)
|
fs_remount_all_fs(initrc_t)
|
||||||
fs_getattr_all_fs(initrc_t)
|
fs_getattr_all_fs(initrc_t)
|
||||||
@ -28668,7 +28678,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
mcs_process_set_categories(initrc_t)
|
mcs_process_set_categories(initrc_t)
|
||||||
|
|
||||||
mls_file_read_all_levels(initrc_t)
|
mls_file_read_all_levels(initrc_t)
|
||||||
@@ -386,6 +708,7 @@ mls_process_read_up(initrc_t)
|
@@ -386,6 +709,7 @@ mls_process_read_up(initrc_t)
|
||||||
mls_process_write_down(initrc_t)
|
mls_process_write_down(initrc_t)
|
||||||
mls_rangetrans_source(initrc_t)
|
mls_rangetrans_source(initrc_t)
|
||||||
mls_fd_share_all_levels(initrc_t)
|
mls_fd_share_all_levels(initrc_t)
|
||||||
@ -28676,7 +28686,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
|
|
||||||
selinux_get_enforce_mode(initrc_t)
|
selinux_get_enforce_mode(initrc_t)
|
||||||
|
|
||||||
@@ -397,6 +720,7 @@ term_use_all_terms(initrc_t)
|
@@ -397,6 +721,7 @@ term_use_all_terms(initrc_t)
|
||||||
term_reset_tty_labels(initrc_t)
|
term_reset_tty_labels(initrc_t)
|
||||||
|
|
||||||
auth_rw_login_records(initrc_t)
|
auth_rw_login_records(initrc_t)
|
||||||
@ -28684,7 +28694,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
auth_setattr_login_records(initrc_t)
|
auth_setattr_login_records(initrc_t)
|
||||||
auth_rw_lastlog(initrc_t)
|
auth_rw_lastlog(initrc_t)
|
||||||
auth_read_pam_pid(initrc_t)
|
auth_read_pam_pid(initrc_t)
|
||||||
@@ -415,20 +739,18 @@ logging_read_all_logs(initrc_t)
|
@@ -415,20 +740,18 @@ logging_read_all_logs(initrc_t)
|
||||||
logging_append_all_logs(initrc_t)
|
logging_append_all_logs(initrc_t)
|
||||||
logging_read_audit_config(initrc_t)
|
logging_read_audit_config(initrc_t)
|
||||||
|
|
||||||
@ -28708,7 +28718,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
|
|
||||||
ifdef(`distro_debian',`
|
ifdef(`distro_debian',`
|
||||||
dev_setattr_generic_dirs(initrc_t)
|
dev_setattr_generic_dirs(initrc_t)
|
||||||
@@ -450,7 +772,6 @@ ifdef(`distro_gentoo',`
|
@@ -450,7 +773,6 @@ ifdef(`distro_gentoo',`
|
||||||
allow initrc_t self:process setfscreate;
|
allow initrc_t self:process setfscreate;
|
||||||
dev_create_null_dev(initrc_t)
|
dev_create_null_dev(initrc_t)
|
||||||
dev_create_zero_dev(initrc_t)
|
dev_create_zero_dev(initrc_t)
|
||||||
@ -28716,7 +28726,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
term_create_console_dev(initrc_t)
|
term_create_console_dev(initrc_t)
|
||||||
|
|
||||||
# unfortunately /sbin/rc does stupid tricks
|
# unfortunately /sbin/rc does stupid tricks
|
||||||
@@ -485,6 +806,10 @@ ifdef(`distro_gentoo',`
|
@@ -485,6 +807,10 @@ ifdef(`distro_gentoo',`
|
||||||
sysnet_setattr_config(initrc_t)
|
sysnet_setattr_config(initrc_t)
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -28727,7 +28737,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
alsa_read_lib(initrc_t)
|
alsa_read_lib(initrc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -505,7 +830,7 @@ ifdef(`distro_redhat',`
|
@@ -505,7 +831,7 @@ ifdef(`distro_redhat',`
|
||||||
|
|
||||||
# Red Hat systems seem to have a stray
|
# Red Hat systems seem to have a stray
|
||||||
# fd open from the initrd
|
# fd open from the initrd
|
||||||
@ -28736,7 +28746,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
files_dontaudit_read_root_files(initrc_t)
|
files_dontaudit_read_root_files(initrc_t)
|
||||||
|
|
||||||
# These seem to be from the initrd
|
# These seem to be from the initrd
|
||||||
@@ -520,6 +845,7 @@ ifdef(`distro_redhat',`
|
@@ -520,6 +846,7 @@ ifdef(`distro_redhat',`
|
||||||
files_create_boot_dirs(initrc_t)
|
files_create_boot_dirs(initrc_t)
|
||||||
files_create_boot_flag(initrc_t)
|
files_create_boot_flag(initrc_t)
|
||||||
files_rw_boot_symlinks(initrc_t)
|
files_rw_boot_symlinks(initrc_t)
|
||||||
@ -28744,7 +28754,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
# wants to read /.fonts directory
|
# wants to read /.fonts directory
|
||||||
files_read_default_files(initrc_t)
|
files_read_default_files(initrc_t)
|
||||||
files_mountpoint(initrc_tmp_t)
|
files_mountpoint(initrc_tmp_t)
|
||||||
@@ -540,6 +866,7 @@ ifdef(`distro_redhat',`
|
@@ -540,6 +867,7 @@ ifdef(`distro_redhat',`
|
||||||
miscfiles_rw_localization(initrc_t)
|
miscfiles_rw_localization(initrc_t)
|
||||||
miscfiles_setattr_localization(initrc_t)
|
miscfiles_setattr_localization(initrc_t)
|
||||||
miscfiles_relabel_localization(initrc_t)
|
miscfiles_relabel_localization(initrc_t)
|
||||||
@ -28752,7 +28762,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
|
|
||||||
miscfiles_read_fonts(initrc_t)
|
miscfiles_read_fonts(initrc_t)
|
||||||
miscfiles_read_hwdata(initrc_t)
|
miscfiles_read_hwdata(initrc_t)
|
||||||
@@ -549,8 +876,44 @@ ifdef(`distro_redhat',`
|
@@ -549,8 +877,44 @@ ifdef(`distro_redhat',`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -28797,7 +28807,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -558,14 +921,31 @@ ifdef(`distro_redhat',`
|
@@ -558,14 +922,31 @@ ifdef(`distro_redhat',`
|
||||||
rpc_write_exports(initrc_t)
|
rpc_write_exports(initrc_t)
|
||||||
rpc_manage_nfs_state_data(initrc_t)
|
rpc_manage_nfs_state_data(initrc_t)
|
||||||
')
|
')
|
||||||
@ -28829,7 +28839,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -576,6 +956,39 @@ ifdef(`distro_suse',`
|
@@ -576,6 +957,39 @@ ifdef(`distro_suse',`
|
||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -28869,7 +28879,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
amavis_search_lib(initrc_t)
|
amavis_search_lib(initrc_t)
|
||||||
amavis_setattr_pid_files(initrc_t)
|
amavis_setattr_pid_files(initrc_t)
|
||||||
@@ -588,6 +1001,8 @@ optional_policy(`
|
@@ -588,6 +1002,8 @@ optional_policy(`
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
apache_read_config(initrc_t)
|
apache_read_config(initrc_t)
|
||||||
apache_list_modules(initrc_t)
|
apache_list_modules(initrc_t)
|
||||||
@ -28878,7 +28888,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -609,6 +1024,7 @@ optional_policy(`
|
@@ -609,6 +1025,7 @@ optional_policy(`
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
cgroup_stream_connect_cgred(initrc_t)
|
cgroup_stream_connect_cgred(initrc_t)
|
||||||
@ -28886,7 +28896,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -625,6 +1041,17 @@ optional_policy(`
|
@@ -625,6 +1042,17 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -28904,7 +28914,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
dev_getattr_printer_dev(initrc_t)
|
dev_getattr_printer_dev(initrc_t)
|
||||||
|
|
||||||
cups_read_log(initrc_t)
|
cups_read_log(initrc_t)
|
||||||
@@ -641,9 +1068,13 @@ optional_policy(`
|
@@ -641,9 +1069,13 @@ optional_policy(`
|
||||||
dbus_connect_system_bus(initrc_t)
|
dbus_connect_system_bus(initrc_t)
|
||||||
dbus_system_bus_client(initrc_t)
|
dbus_system_bus_client(initrc_t)
|
||||||
dbus_read_config(initrc_t)
|
dbus_read_config(initrc_t)
|
||||||
@ -28918,7 +28928,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -656,15 +1087,11 @@ optional_policy(`
|
@@ -656,15 +1088,11 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -28936,7 +28946,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -685,6 +1112,15 @@ optional_policy(`
|
@@ -685,6 +1113,15 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -28952,7 +28962,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
inn_exec_config(initrc_t)
|
inn_exec_config(initrc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -725,6 +1161,7 @@ optional_policy(`
|
@@ -725,6 +1162,7 @@ optional_policy(`
|
||||||
lpd_list_spool(initrc_t)
|
lpd_list_spool(initrc_t)
|
||||||
|
|
||||||
lpd_read_config(initrc_t)
|
lpd_read_config(initrc_t)
|
||||||
@ -28960,7 +28970,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -742,7 +1179,13 @@ optional_policy(`
|
@@ -742,7 +1180,13 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -28975,7 +28985,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
mta_dontaudit_read_spool_symlinks(initrc_t)
|
mta_dontaudit_read_spool_symlinks(initrc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -765,6 +1208,10 @@ optional_policy(`
|
@@ -765,6 +1209,10 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -28986,7 +28996,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
postgresql_manage_db(initrc_t)
|
postgresql_manage_db(initrc_t)
|
||||||
postgresql_read_config(initrc_t)
|
postgresql_read_config(initrc_t)
|
||||||
')
|
')
|
||||||
@@ -774,10 +1221,20 @@ optional_policy(`
|
@@ -774,10 +1222,20 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -29007,7 +29017,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
quota_manage_flags(initrc_t)
|
quota_manage_flags(initrc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -786,6 +1243,10 @@ optional_policy(`
|
@@ -786,6 +1244,10 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -29018,7 +29028,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
fs_write_ramfs_sockets(initrc_t)
|
fs_write_ramfs_sockets(initrc_t)
|
||||||
fs_search_ramfs(initrc_t)
|
fs_search_ramfs(initrc_t)
|
||||||
|
|
||||||
@@ -807,8 +1268,6 @@ optional_policy(`
|
@@ -807,8 +1269,6 @@ optional_policy(`
|
||||||
# bash tries ioctl for some reason
|
# bash tries ioctl for some reason
|
||||||
files_dontaudit_ioctl_all_pids(initrc_t)
|
files_dontaudit_ioctl_all_pids(initrc_t)
|
||||||
|
|
||||||
@ -29027,7 +29037,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -817,6 +1276,10 @@ optional_policy(`
|
@@ -817,6 +1277,10 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -29038,7 +29048,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
# shorewall-init script run /var/lib/shorewall/firewall
|
# shorewall-init script run /var/lib/shorewall/firewall
|
||||||
shorewall_lib_domtrans(initrc_t)
|
shorewall_lib_domtrans(initrc_t)
|
||||||
')
|
')
|
||||||
@@ -826,10 +1289,12 @@ optional_policy(`
|
@@ -826,10 +1290,12 @@ optional_policy(`
|
||||||
squid_manage_logs(initrc_t)
|
squid_manage_logs(initrc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -29051,10 +29061,15 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
ssh_dontaudit_read_server_keys(initrc_t)
|
ssh_dontaudit_read_server_keys(initrc_t)
|
||||||
@@ -856,12 +1321,28 @@ optional_policy(`
|
@@ -856,12 +1322,33 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
+ virt_read_config(init_t)
|
||||||
|
+ virt_stream_connect(init_t)
|
||||||
|
+')
|
||||||
|
+
|
||||||
|
+optional_policy(`
|
||||||
+ virt_manage_pid_dirs(initrc_t)
|
+ virt_manage_pid_dirs(initrc_t)
|
||||||
+ virt_manage_cache(initrc_t)
|
+ virt_manage_cache(initrc_t)
|
||||||
+ virt_manage_lib_files(initrc_t)
|
+ virt_manage_lib_files(initrc_t)
|
||||||
@ -29081,7 +29096,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
|
|
||||||
ifdef(`distro_redhat',`
|
ifdef(`distro_redhat',`
|
||||||
# system-config-services causes avc messages that should be dontaudited
|
# system-config-services causes avc messages that should be dontaudited
|
||||||
@@ -871,6 +1352,18 @@ optional_policy(`
|
@@ -871,6 +1358,18 @@ optional_policy(`
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
mono_domtrans(initrc_t)
|
mono_domtrans(initrc_t)
|
||||||
')
|
')
|
||||||
@ -29100,7 +29115,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -886,6 +1379,10 @@ optional_policy(`
|
@@ -886,6 +1385,10 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -29111,7 +29126,7 @@ index dd3be8d..e9ab9ba 100644
|
|||||||
# Set device ownerships/modes.
|
# Set device ownerships/modes.
|
||||||
xserver_setattr_console_pipes(initrc_t)
|
xserver_setattr_console_pipes(initrc_t)
|
||||||
|
|
||||||
@@ -896,3 +1393,218 @@ optional_policy(`
|
@@ -896,3 +1399,218 @@ optional_policy(`
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
zebra_read_config(initrc_t)
|
zebra_read_config(initrc_t)
|
||||||
')
|
')
|
||||||
|
@ -19,7 +19,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.12.1
|
Version: 3.12.1
|
||||||
Release: 95%{?dist}
|
Release: 96%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -573,6 +573,9 @@ SELinux Reference policy mls base module.
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Oct 1 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-96
|
||||||
|
- Add missing permission checks for nscd
|
||||||
|
|
||||||
* Wed Oct 30 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-95
|
* Wed Oct 30 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-95
|
||||||
- Fix alias decl in corenetwork.te.in
|
- Fix alias decl in corenetwork.te.in
|
||||||
- Add support for fuse.glusterfs
|
- Add support for fuse.glusterfs
|
||||||
|
Loading…
Reference in New Issue
Block a user