- Fix prelink to handle execmod

This commit is contained in:
Daniel J Walsh 2007-07-24 20:47:24 +00:00
parent fc4c7497a7
commit 24acabce75
2 changed files with 5 additions and 5 deletions

View File

@ -4394,7 +4394,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
+/usr/local/Brother/inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,mls_systemhigh)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.0.3/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2007-07-03 07:06:27.000000000 -0400
+++ serefpolicy-3.0.3/policy/modules/services/cups.te 2007-07-24 15:38:39.000000000 -0400
+++ serefpolicy-3.0.3/policy/modules/services/cups.te 2007-07-24 16:22:33.000000000 -0400
@@ -81,12 +81,11 @@
# /usr/lib/cups/backend/serial needs sys_admin(?!)
allow cupsd_t self:capability { sys_admin dac_override dac_read_search kill setgid setuid fsetid net_bind_service fowner chown dac_override sys_resource sys_tty_config };
@ -4441,7 +4441,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
files_read_usr_files(cupsd_t)
# for /var/lib/defoma
-files_search_var_lib(cupsd_t)
+files_read_var_lib(cupsd_t)
+files_read_var_lib_files(cupsd_t)
files_list_world_readable(cupsd_t)
files_read_world_readable_files(cupsd_t)
files_read_world_readable_symlinks(cupsd_t)
@ -9748,7 +9748,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.0.3/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2007-05-30 11:47:29.000000000 -0400
+++ serefpolicy-3.0.3/policy/modules/system/selinuxutil.te 2007-07-17 15:46:25.000000000 -0400
+++ serefpolicy-3.0.3/policy/modules/system/selinuxutil.te 2007-07-24 16:27:49.000000000 -0400
@@ -24,11 +24,9 @@
files_type(selinux_config_t)
@ -9791,7 +9791,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
role system_r types semanage_t;
+type setsebool_exec_t;
+application_domain(semanage_t, setsebool_exec_t)
+init_system_domain(semanage_t, setsebool_exec_t)
+domain_interactive_fd(semanage_t)
+
type semanage_store_t;

View File

@ -293,7 +293,7 @@ semodule -r moilscanner 2>/dev/null
%relabel targeted
exit 0
%triggerpostun targeted -- selinux-policy-targeted <= 3.0.3-4
%triggerpostun targeted -- selinux-policy-targeted <= 3.0.3-5
setsebool -P use_nfs_home_dirs=1
restorecon -R /root /etc/selinux/targeted 2> /dev/null
semanage login -m -s "system_u" __default__ 2> /dev/null