- Fix confined users
- Allow xguest to read/write xguest_dbusd_t
This commit is contained in:
Daniel J Walsh
parent
0c5d01932f
commit
2362056f7a
|
|
@ -4394,8 +4394,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
+')
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.5.13/policy/modules/apps/nsplugin.te
|
||||
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ serefpolicy-3.5.13/policy/modules/apps/nsplugin.te 2008-10-28 10:58:06.000000000 -0400
|
||||
@@ -0,0 +1,256 @@
|
||||
+++ serefpolicy-3.5.13/policy/modules/apps/nsplugin.te 2008-10-29 12:10:02.000000000 -0400
|
||||
@@ -0,0 +1,257 @@
|
||||
+
|
||||
+policy_module(nsplugin, 1.0.0)
|
||||
+
|
||||
|
|
@ -4494,6 +4494,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
+kernel_read_kernel_sysctls(nsplugin_t)
|
||||
+kernel_read_system_state(nsplugin_t)
|
||||
+
|
||||
+files_dontaudit_getattr_lost_found_dirs(nsplugin_t)
|
||||
+files_dontaudit_list_home(nsplugin_t)
|
||||
+files_read_usr_files(nsplugin_t)
|
||||
+files_read_etc_files(nsplugin_t)
|
||||
|
|
@ -7133,7 +7134,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
/etc/localtime -l gen_context(system_u:object_r:etc_t,s0)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.5.13/policy/modules/kernel/files.if
|
||||
--- nsaserefpolicy/policy/modules/kernel/files.if 2008-08-07 11:15:01.000000000 -0400
|
||||
+++ serefpolicy-3.5.13/policy/modules/kernel/files.if 2008-10-28 10:56:19.000000000 -0400
|
||||
+++ serefpolicy-3.5.13/policy/modules/kernel/files.if 2008-10-29 12:09:50.000000000 -0400
|
||||
@@ -110,6 +110,11 @@
|
||||
## </param>
|
||||
#
|
||||
|
|
@ -8589,8 +8590,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
+logging_admin(logadm_t, logadm_r, { logadm_devpts_t logadm_tty_device_t })
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.5.13/policy/modules/roles/staff.te
|
||||
--- nsaserefpolicy/policy/modules/roles/staff.te 2008-08-07 11:15:11.000000000 -0400
|
||||
+++ serefpolicy-3.5.13/policy/modules/roles/staff.te 2008-10-28 11:14:35.000000000 -0400
|
||||
@@ -4,27 +4,63 @@
|
||||
+++ serefpolicy-3.5.13/policy/modules/roles/staff.te 2008-10-29 12:02:31.000000000 -0400
|
||||
@@ -4,27 +4,68 @@
|
||||
########################################
|
||||
#
|
||||
# Declarations
|
||||
|
|
@ -8656,6 +8657,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
+optional_policy(`
|
||||
+ webadm_role_change_template(staff)
|
||||
+')
|
||||
+
|
||||
+optional_policy(`
|
||||
+ cron_admin_template(sysadm)
|
||||
+')
|
||||
+
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.if serefpolicy-3.5.13/policy/modules/roles/sysadm.if
|
||||
--- nsaserefpolicy/policy/modules/roles/sysadm.if 2008-08-07 11:15:11.000000000 -0400
|
||||
+++ serefpolicy-3.5.13/policy/modules/roles/sysadm.if 2008-10-28 11:21:02.000000000 -0400
|
||||
|
|
@ -8856,7 +8862,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.5.13/policy/modules/roles/sysadm.te
|
||||
--- nsaserefpolicy/policy/modules/roles/sysadm.te 2008-08-07 11:15:11.000000000 -0400
|
||||
+++ serefpolicy-3.5.13/policy/modules/roles/sysadm.te 2008-10-29 12:00:43.000000000 -0400
|
||||
+++ serefpolicy-3.5.13/policy/modules/roles/sysadm.te 2008-10-29 12:02:23.000000000 -0400
|
||||
@@ -15,7 +14,7 @@
|
||||
|
||||
role sysadm_r;
|
||||
|
|
@ -8866,20 +8872,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
ifndef(`enable_mls',`
|
||||
userdom_security_admin_template(sysadm_t, sysadm_r, { sysadm_tty_device_t sysadm_devpts_t })
|
||||
@@ -109,9 +108,9 @@
|
||||
consoletype_run(sysadm_t, sysadm_r, { sysadm_tty_device_t sysadm_devpts_t })
|
||||
@@ -110,10 +109,6 @@
|
||||
')
|
||||
|
||||
-optional_policy(`
|
||||
optional_policy(`
|
||||
- cron_admin_template(sysadm)
|
||||
-')
|
||||
+#optional_policy(`
|
||||
+# cron_admin_template(sysadm)
|
||||
+#')
|
||||
|
||||
optional_policy(`
|
||||
-
|
||||
-optional_policy(`
|
||||
cvs_exec(sysadm_t)
|
||||
@@ -171,6 +170,10 @@
|
||||
')
|
||||
|
||||
@@ -171,6 +166,10 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -8890,7 +8894,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
kudzu_run(sysadm_t, sysadm_r, { sysadm_tty_device_t sysadm_devpts_t })
|
||||
')
|
||||
|
||||
@@ -215,8 +218,8 @@
|
||||
@@ -215,8 +214,8 @@
|
||||
|
||||
optional_policy(`
|
||||
netutils_run(sysadm_t, sysadm_r, { sysadm_tty_device_t sysadm_devpts_t })
|
||||
|
|
@ -8901,7 +8905,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -328,3 +331,5 @@
|
||||
@@ -328,3 +327,5 @@
|
||||
optional_policy(`
|
||||
yam_run(sysadm_t, sysadm_r, { sysadm_tty_device_t sysadm_devpts_t })
|
||||
')
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@
|
|||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.5.13
|
||||
Release: 9%{?dist}
|
||||
Release: 10%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
|
|
@ -457,6 +457,10 @@ exit 0
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Oct 29 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-10
|
||||
- Fix confined users
|
||||
- Allow xguest to read/write xguest_dbusd_t
|
||||
|
||||
* Mon Oct 27 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-9
|
||||
- Allow openoffice execstack/execmem privs
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue