rpms/selinux-policy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

- Fix initrc_context generation for MLS

Browse Source
This commit is contained in:
Daniel J Walsh 2008-03-06 22:25:06 +00:00
parent cab5dce18d
commit 1bf67d57ed
4 changed files with 26 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules-mls.conf
View File

@ -570,7 +570,7 @@ rdisc = base
# #
# X windows login display manager # X windows login display manager
# #
xserver = off xserver = base
# Layer: services # Layer: services
# Module: nscd # Module: nscd

9
modules-targeted.conf
View File

@ -275,7 +275,14 @@ cvs = base
# #
# cyphesis game server # cyphesis game server
# #
cyphesis cyphesis = module
# Layer: services
# Module: gamin
#
# FAM File Alteration Monitor API
#
gamin = module
# Layer: services # Layer: services
# Module: cyrus # Module: cyrus

25
policy-20071130.patch
View File

@ -23256,7 +23256,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
/var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0) /var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.3.1/policy/modules/services/xserver.if diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.3.1/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2007-12-04 11:02:50.000000000 -0500 --- nsaserefpolicy/policy/modules/services/xserver.if 2007-12-04 11:02:50.000000000 -0500
+++ serefpolicy-3.3.1/policy/modules/services/xserver.if 2008-03-06 13:07:32.000000000 -0500 +++ serefpolicy-3.3.1/policy/modules/services/xserver.if 2008-03-06 17:09:27.000000000 -0500
@@ -12,9 +12,15 @@ @@ -12,9 +12,15 @@
## </summary> ## </summary>
## </param> ## </param>
@ -23720,7 +23720,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
# for when /tmp/.X11-unix is created by the system # for when /tmp/.X11-unix is created by the system
allow $2 xdm_t:fd use; allow $2 xdm_t:fd use;
@@ -542,25 +540,473 @@ @@ -542,25 +540,474 @@
allow $2 xdm_tmp_t:sock_file { read write }; allow $2 xdm_tmp_t:sock_file { read write };
dontaudit $2 xdm_t:tcp_socket { read write }; dontaudit $2 xdm_t:tcp_socket { read write };
@ -23918,6 +23918,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
+ attribute x_server_domain, x_domain; + attribute x_server_domain, x_domain;
+ attribute xproperty_type; + attribute xproperty_type;
+ attribute xevent_type, xextension_type; + attribute xevent_type, xextension_type;
+ attribute xserver_unconfined_type;
+ class x_drawable all_x_drawable_perms; + class x_drawable all_x_drawable_perms;
+ class x_screen all_x_screen_perms; + class x_screen all_x_screen_perms;
+ class x_gc all_x_gc_perms; + class x_gc all_x_gc_perms;
@ -24200,7 +24201,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
') ')
') ')
@@ -593,26 +1039,44 @@ @@ -593,26 +1040,44 @@
# #
template(`xserver_use_user_fonts',` template(`xserver_use_user_fonts',`
gen_require(` gen_require(`
@ -24252,7 +24253,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
## Transition to a user Xauthority domain. ## Transition to a user Xauthority domain.
## </summary> ## </summary>
## <desc> ## <desc>
@@ -638,10 +1102,77 @@ @@ -638,10 +1103,77 @@
# #
template(`xserver_domtrans_user_xauth',` template(`xserver_domtrans_user_xauth',`
gen_require(` gen_require(`
@ -24332,7 +24333,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
') ')
######################################## ########################################
@@ -671,10 +1202,10 @@ @@ -671,10 +1203,10 @@
# #
template(`xserver_user_home_dir_filetrans_user_xauth',` template(`xserver_user_home_dir_filetrans_user_xauth',`
gen_require(` gen_require(`
@ -24345,7 +24346,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
') ')
######################################## ########################################
@@ -760,7 +1291,7 @@ @@ -760,7 +1292,7 @@
type xconsole_device_t; type xconsole_device_t;
') ')
@ -24354,7 +24355,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
') ')
######################################## ########################################
@@ -860,6 +1391,25 @@ @@ -860,6 +1392,25 @@
######################################## ########################################
## <summary> ## <summary>
@ -24380,7 +24381,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
## Read xdm-writable configuration files. ## Read xdm-writable configuration files.
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
@@ -914,6 +1464,7 @@ @@ -914,6 +1465,7 @@
files_search_tmp($1) files_search_tmp($1)
allow $1 xdm_tmp_t:dir list_dir_perms; allow $1 xdm_tmp_t:dir list_dir_perms;
create_sock_files_pattern($1,xdm_tmp_t,xdm_tmp_t) create_sock_files_pattern($1,xdm_tmp_t,xdm_tmp_t)
@ -24388,7 +24389,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
') ')
######################################## ########################################
@@ -955,6 +1506,24 @@ @@ -955,6 +1507,24 @@
######################################## ########################################
## <summary> ## <summary>
@ -24413,7 +24414,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
## Execute the X server in the XDM X server domain. ## Execute the X server in the XDM X server domain.
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
@@ -965,15 +1534,47 @@ @@ -965,15 +1535,47 @@
# #
interface(`xserver_domtrans_xdm_xserver',` interface(`xserver_domtrans_xdm_xserver',`
gen_require(` gen_require(`
@ -24462,7 +24463,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
## Make an X session script an entrypoint for the specified domain. ## Make an X session script an entrypoint for the specified domain.
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
@@ -1123,7 +1724,7 @@ @@ -1123,7 +1725,7 @@
type xdm_xserver_tmp_t; type xdm_xserver_tmp_t;
') ')
@ -24471,7 +24472,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
') ')
######################################## ########################################
@@ -1312,3 +1913,82 @@ @@ -1312,3 +1914,82 @@
files_search_tmp($1) files_search_tmp($1)
stream_connect_pattern($1,xdm_xserver_tmp_t,xdm_xserver_tmp_t,xdm_xserver_t) stream_connect_pattern($1,xdm_xserver_tmp_t,xdm_xserver_tmp_t,xdm_xserver_t)
') ')

5
selinux-policy.spec
View File

@ -17,7 +17,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.3.1 Version: 3.3.1
Release: 11%{?dist} Release: 12%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Source: serefpolicy-%{version}.tgz Source: serefpolicy-%{version}.tgz
@ -388,6 +388,9 @@ exit 0
%endif %endif
%changelog %changelog
* Thu Mar 6 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-12
- Fix initrc_context generation for MLS
* Mon Mar 3 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-11 * Mon Mar 3 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-11
- Fixes for libvirt - Fixes for libvirt