Move dontaudit sys_ptrace line from permissive.te to domain.te
Remove policy for hal, it no longer exists
This commit is contained in:
Dan Walsh
parent
042e3a325f
commit
2453975e3d
|
|
@ -619,13 +619,6 @@ gnome = module
|
|||
#
|
||||
gnomeclock = module
|
||||
|
||||
# Layer: services
|
||||
# Module: hal
|
||||
#
|
||||
# Hardware abstraction layer
|
||||
#
|
||||
hal = module
|
||||
|
||||
# Layer: services
|
||||
# Module: plymouthd
|
||||
#
|
||||
|
|
|
|||
|
|
@ -702,13 +702,6 @@ gnome = module
|
|||
#
|
||||
gnomeclock = module
|
||||
|
||||
# Layer: services
|
||||
# Module: hal
|
||||
#
|
||||
# Hardware abstraction layer
|
||||
#
|
||||
hal = module
|
||||
|
||||
# Layer: services
|
||||
# Module: hddtemp
|
||||
#
|
||||
|
|
|
|||
14
ptrace.patch
14
ptrace.patch
|
|
@ -83,20 +83,6 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/ncftool.te.ptrace serefpolicy-3
|
|||
allow ncftool_t self:process signal;
|
||||
|
||||
allow ncftool_t self:fifo_file manage_fifo_file_perms;
|
||||
diff -up serefpolicy-3.10.0/policy/modules/admin/permissivedomains.te.ptrace serefpolicy-3.10.0/policy/modules/admin/permissivedomains.te
|
||||
--- serefpolicy-3.10.0/policy/modules/admin/permissivedomains.te.ptrace 2011-10-11 16:42:15.590761731 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/admin/permissivedomains.te 2011-10-11 16:43:18.809744020 -0400
|
||||
@@ -266,3 +266,10 @@ optional_policy(`
|
||||
permissive virt_qmf_t;
|
||||
')
|
||||
|
||||
+optional_policy(`
|
||||
+ gen_require(`
|
||||
+ attribute domain;
|
||||
+ ')
|
||||
+
|
||||
+ dontaudit domain self:capability sys_ptrace;
|
||||
+')
|
||||
diff -up serefpolicy-3.10.0/policy/modules/admin/rpm.te.ptrace serefpolicy-3.10.0/policy/modules/admin/rpm.te
|
||||
--- serefpolicy-3.10.0/policy/modules/admin/rpm.te.ptrace 2011-10-11 16:42:16.020761610 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/admin/rpm.te 2011-10-11 16:42:16.085761591 -0400
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@
|
|||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.10.0
|
||||
Release: 39.2%{?dist}
|
||||
Release: 39.3%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
|
|
@ -218,7 +218,7 @@ fi;
|
|||
if [ -e /etc/selinux/%2/.rebuild ]; then \
|
||||
rm /etc/selinux/%2/.rebuild; \
|
||||
if [ %1 -ne 1 ]; then \
|
||||
/usr/sbin/semodule -n -s %2 -r hotplug howl java mono moilscanner gamin audio_entropy iscsid polkit_auth polkit rtkit_daemon ModemManager telepathysofiasip ethereal passanger qpidd 2>/dev/null; \
|
||||
/usr/sbin/semodule -n -s %2 -r hal hotplug howl java mono moilscanner gamin audio_entropy iscsid polkit_auth polkit rtkit_daemon ModemManager telepathysofiasip ethereal passanger qpidd 2>/dev/null; \
|
||||
fi \
|
||||
/usr/sbin/semodule -B -s %2; \
|
||||
else \
|
||||
|
|
@ -480,6 +480,10 @@ SELinux Reference policy mls base module.
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Oct 13 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-39.3
|
||||
- Move dontaudit sys_ptrace line from permissive.te to domain.te
|
||||
- Remove policy for hal, it no longer exists
|
||||
|
||||
* Wed Oct 12 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-39.2
|
||||
- Don't check md5 size or mtime on certain config files
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue