rpms/selinux-policy
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Turn on mock_t and thumb_t for unconfined domains

Browse Source
This commit is contained in:
Dan Walsh 2011-10-21 16:44:31 -04:00
parent f875d285bd
commit 1a2b4d14f1
3 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
default_trans.patch
View File

@ -9,3 +9,17 @@ index ed7a0c1..90d0b1e 100644
# #
# Define sensitivities # Define sensitivities
# #
diff --git a/policy/modules/admin/bootloader.fc b/policy/modules/admin/bootloader.fc
index e117271..58b782e 100644
--- a/policy/modules/admin/bootloader.fc
+++ b/policy/modules/admin/bootloader.fc
@@ -3,9 +3,7 @@
/etc/yaboot\.conf.* -- gen_context(system_u:object_r:bootloader_etc_t,s0)
/sbin/grub.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
-/sbin/installkernel -- gen_context(system_u:object_r:bootloader_exec_t,s0)
/sbin/lilo.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
-/sbin/new-kernel-pkg -- gen_context(system_u:object_r:bootloader_exec_t,s0)
/sbin/ybin.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
/usr/sbin/grub -- gen_context(system_u:object_r:bootloader_exec_t,s0)

14
execmem.patch
View File

@ -367,3 +367,17 @@ diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.execmem serefpol
mount_run_fusermount($1_t, $1_r) mount_run_fusermount($1_t, $1_r)
mount_read_pid_files($1_t) mount_read_pid_files($1_t)
') ')
diff --git a/policy/modules/admin/bootloader.fc b/policy/modules/admin/bootloader.fc
index e117271..58b782e 100644
--- a/policy/modules/admin/bootloader.fc
+++ b/policy/modules/admin/bootloader.fc
@@ -3,9 +3,7 @@
/etc/yaboot\.conf.* -- gen_context(system_u:object_r:bootloader_etc_t,s0)
/sbin/grub.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
-/sbin/installkernel -- gen_context(system_u:object_r:bootloader_exec_t,s0)
/sbin/lilo.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
-/sbin/new-kernel-pkg -- gen_context(system_u:object_r:bootloader_exec_t,s0)
/sbin/ybin.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
/usr/sbin/grub -- gen_context(system_u:object_r:bootloader_exec_t,s0)

1
selinux-policy.spec
View File

@ -29,7 +29,6 @@ patch4: execmem.patch
patch5: userdomain.patch patch5: userdomain.patch
patch6: apache.patch patch6: apache.patch
patch7: ptrace.patch patch7: ptrace.patch
patch8: default_trans.patch
Source1: modules-targeted.conf Source1: modules-targeted.conf
Source2: booleans-targeted.conf Source2: booleans-targeted.conf
Source3: Makefile.devel Source3: Makefile.devel