- Fix prelink to handle execmod
This commit is contained in:
parent
fc4c7497a7
commit
24acabce75
@ -4394,7 +4394,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
|
||||
+/usr/local/Brother/inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,mls_systemhigh)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.0.3/policy/modules/services/cups.te
|
||||
--- nsaserefpolicy/policy/modules/services/cups.te 2007-07-03 07:06:27.000000000 -0400
|
||||
+++ serefpolicy-3.0.3/policy/modules/services/cups.te 2007-07-24 15:38:39.000000000 -0400
|
||||
+++ serefpolicy-3.0.3/policy/modules/services/cups.te 2007-07-24 16:22:33.000000000 -0400
|
||||
@@ -81,12 +81,11 @@
|
||||
# /usr/lib/cups/backend/serial needs sys_admin(?!)
|
||||
allow cupsd_t self:capability { sys_admin dac_override dac_read_search kill setgid setuid fsetid net_bind_service fowner chown dac_override sys_resource sys_tty_config };
|
||||
@ -4441,7 +4441,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
|
||||
files_read_usr_files(cupsd_t)
|
||||
# for /var/lib/defoma
|
||||
-files_search_var_lib(cupsd_t)
|
||||
+files_read_var_lib(cupsd_t)
|
||||
+files_read_var_lib_files(cupsd_t)
|
||||
files_list_world_readable(cupsd_t)
|
||||
files_read_world_readable_files(cupsd_t)
|
||||
files_read_world_readable_symlinks(cupsd_t)
|
||||
@ -9748,7 +9748,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
|
||||
+')
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.0.3/policy/modules/system/selinuxutil.te
|
||||
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2007-05-30 11:47:29.000000000 -0400
|
||||
+++ serefpolicy-3.0.3/policy/modules/system/selinuxutil.te 2007-07-17 15:46:25.000000000 -0400
|
||||
+++ serefpolicy-3.0.3/policy/modules/system/selinuxutil.te 2007-07-24 16:27:49.000000000 -0400
|
||||
@@ -24,11 +24,9 @@
|
||||
files_type(selinux_config_t)
|
||||
|
||||
@ -9791,7 +9791,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
|
||||
role system_r types semanage_t;
|
||||
|
||||
+type setsebool_exec_t;
|
||||
+application_domain(semanage_t, setsebool_exec_t)
|
||||
+init_system_domain(semanage_t, setsebool_exec_t)
|
||||
+domain_interactive_fd(semanage_t)
|
||||
+
|
||||
type semanage_store_t;
|
||||
|
@ -293,7 +293,7 @@ semodule -r moilscanner 2>/dev/null
|
||||
%relabel targeted
|
||||
exit 0
|
||||
|
||||
%triggerpostun targeted -- selinux-policy-targeted <= 3.0.3-4
|
||||
%triggerpostun targeted -- selinux-policy-targeted <= 3.0.3-5
|
||||
setsebool -P use_nfs_home_dirs=1
|
||||
restorecon -R /root /etc/selinux/targeted 2> /dev/null
|
||||
semanage login -m -s "system_u" __default__ 2> /dev/null
|
||||
|
Loading…
Reference in New Issue
Block a user