- Fix confined users
- Allow xguest to read/write xguest_dbusd_t
This commit is contained in:
parent
0c5d01932f
commit
2362056f7a
|
@ -4394,8 +4394,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
+')
|
+')
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.5.13/policy/modules/apps/nsplugin.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.5.13/policy/modules/apps/nsplugin.te
|
||||||
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.5.13/policy/modules/apps/nsplugin.te 2008-10-28 10:58:06.000000000 -0400
|
+++ serefpolicy-3.5.13/policy/modules/apps/nsplugin.te 2008-10-29 12:10:02.000000000 -0400
|
||||||
@@ -0,0 +1,256 @@
|
@@ -0,0 +1,257 @@
|
||||||
+
|
+
|
||||||
+policy_module(nsplugin, 1.0.0)
|
+policy_module(nsplugin, 1.0.0)
|
||||||
+
|
+
|
||||||
|
@ -4494,6 +4494,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
+kernel_read_kernel_sysctls(nsplugin_t)
|
+kernel_read_kernel_sysctls(nsplugin_t)
|
||||||
+kernel_read_system_state(nsplugin_t)
|
+kernel_read_system_state(nsplugin_t)
|
||||||
+
|
+
|
||||||
|
+files_dontaudit_getattr_lost_found_dirs(nsplugin_t)
|
||||||
+files_dontaudit_list_home(nsplugin_t)
|
+files_dontaudit_list_home(nsplugin_t)
|
||||||
+files_read_usr_files(nsplugin_t)
|
+files_read_usr_files(nsplugin_t)
|
||||||
+files_read_etc_files(nsplugin_t)
|
+files_read_etc_files(nsplugin_t)
|
||||||
|
@ -7133,7 +7134,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
/etc/localtime -l gen_context(system_u:object_r:etc_t,s0)
|
/etc/localtime -l gen_context(system_u:object_r:etc_t,s0)
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.5.13/policy/modules/kernel/files.if
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.5.13/policy/modules/kernel/files.if
|
||||||
--- nsaserefpolicy/policy/modules/kernel/files.if 2008-08-07 11:15:01.000000000 -0400
|
--- nsaserefpolicy/policy/modules/kernel/files.if 2008-08-07 11:15:01.000000000 -0400
|
||||||
+++ serefpolicy-3.5.13/policy/modules/kernel/files.if 2008-10-28 10:56:19.000000000 -0400
|
+++ serefpolicy-3.5.13/policy/modules/kernel/files.if 2008-10-29 12:09:50.000000000 -0400
|
||||||
@@ -110,6 +110,11 @@
|
@@ -110,6 +110,11 @@
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
|
@ -8589,8 +8590,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
+logging_admin(logadm_t, logadm_r, { logadm_devpts_t logadm_tty_device_t })
|
+logging_admin(logadm_t, logadm_r, { logadm_devpts_t logadm_tty_device_t })
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.5.13/policy/modules/roles/staff.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.5.13/policy/modules/roles/staff.te
|
||||||
--- nsaserefpolicy/policy/modules/roles/staff.te 2008-08-07 11:15:11.000000000 -0400
|
--- nsaserefpolicy/policy/modules/roles/staff.te 2008-08-07 11:15:11.000000000 -0400
|
||||||
+++ serefpolicy-3.5.13/policy/modules/roles/staff.te 2008-10-28 11:14:35.000000000 -0400
|
+++ serefpolicy-3.5.13/policy/modules/roles/staff.te 2008-10-29 12:02:31.000000000 -0400
|
||||||
@@ -4,27 +4,63 @@
|
@@ -4,27 +4,68 @@
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# Declarations
|
# Declarations
|
||||||
|
@ -8656,6 +8657,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
+ webadm_role_change_template(staff)
|
+ webadm_role_change_template(staff)
|
||||||
+')
|
+')
|
||||||
|
+
|
||||||
|
+optional_policy(`
|
||||||
|
+ cron_admin_template(sysadm)
|
||||||
|
+')
|
||||||
|
+
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.if serefpolicy-3.5.13/policy/modules/roles/sysadm.if
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.if serefpolicy-3.5.13/policy/modules/roles/sysadm.if
|
||||||
--- nsaserefpolicy/policy/modules/roles/sysadm.if 2008-08-07 11:15:11.000000000 -0400
|
--- nsaserefpolicy/policy/modules/roles/sysadm.if 2008-08-07 11:15:11.000000000 -0400
|
||||||
+++ serefpolicy-3.5.13/policy/modules/roles/sysadm.if 2008-10-28 11:21:02.000000000 -0400
|
+++ serefpolicy-3.5.13/policy/modules/roles/sysadm.if 2008-10-28 11:21:02.000000000 -0400
|
||||||
|
@ -8856,7 +8862,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
|
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.5.13/policy/modules/roles/sysadm.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.5.13/policy/modules/roles/sysadm.te
|
||||||
--- nsaserefpolicy/policy/modules/roles/sysadm.te 2008-08-07 11:15:11.000000000 -0400
|
--- nsaserefpolicy/policy/modules/roles/sysadm.te 2008-08-07 11:15:11.000000000 -0400
|
||||||
+++ serefpolicy-3.5.13/policy/modules/roles/sysadm.te 2008-10-29 12:00:43.000000000 -0400
|
+++ serefpolicy-3.5.13/policy/modules/roles/sysadm.te 2008-10-29 12:02:23.000000000 -0400
|
||||||
@@ -15,7 +14,7 @@
|
@@ -15,7 +14,7 @@
|
||||||
|
|
||||||
role sysadm_r;
|
role sysadm_r;
|
||||||
|
@ -8866,20 +8872,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
|
|
||||||
ifndef(`enable_mls',`
|
ifndef(`enable_mls',`
|
||||||
userdom_security_admin_template(sysadm_t, sysadm_r, { sysadm_tty_device_t sysadm_devpts_t })
|
userdom_security_admin_template(sysadm_t, sysadm_r, { sysadm_tty_device_t sysadm_devpts_t })
|
||||||
@@ -109,9 +108,9 @@
|
@@ -110,10 +109,6 @@
|
||||||
consoletype_run(sysadm_t, sysadm_r, { sysadm_tty_device_t sysadm_devpts_t })
|
|
||||||
')
|
')
|
||||||
|
|
||||||
-optional_policy(`
|
optional_policy(`
|
||||||
- cron_admin_template(sysadm)
|
- cron_admin_template(sysadm)
|
||||||
-')
|
-')
|
||||||
+#optional_policy(`
|
-
|
||||||
+# cron_admin_template(sysadm)
|
-optional_policy(`
|
||||||
+#')
|
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
cvs_exec(sysadm_t)
|
cvs_exec(sysadm_t)
|
||||||
@@ -171,6 +170,10 @@
|
')
|
||||||
|
|
||||||
|
@@ -171,6 +166,10 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
@ -8890,7 +8894,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
kudzu_run(sysadm_t, sysadm_r, { sysadm_tty_device_t sysadm_devpts_t })
|
kudzu_run(sysadm_t, sysadm_r, { sysadm_tty_device_t sysadm_devpts_t })
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -215,8 +218,8 @@
|
@@ -215,8 +214,8 @@
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
netutils_run(sysadm_t, sysadm_r, { sysadm_tty_device_t sysadm_devpts_t })
|
netutils_run(sysadm_t, sysadm_r, { sysadm_tty_device_t sysadm_devpts_t })
|
||||||
|
@ -8901,7 +8905,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -328,3 +331,5 @@
|
@@ -328,3 +327,5 @@
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
yam_run(sysadm_t, sysadm_r, { sysadm_tty_device_t sysadm_devpts_t })
|
yam_run(sysadm_t, sysadm_r, { sysadm_tty_device_t sysadm_devpts_t })
|
||||||
')
|
')
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.5.13
|
Version: 3.5.13
|
||||||
Release: 9%{?dist}
|
Release: 10%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
|
@ -457,6 +457,10 @@ exit 0
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Oct 29 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-10
|
||||||
|
- Fix confined users
|
||||||
|
- Allow xguest to read/write xguest_dbusd_t
|
||||||
|
|
||||||
* Mon Oct 27 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-9
|
* Mon Oct 27 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-9
|
||||||
- Allow openoffice execstack/execmem privs
|
- Allow openoffice execstack/execmem privs
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue