- Allow execution of gconf

This commit is contained in:
Daniel J Walsh 2007-07-19 14:45:16 +00:00
parent 8675561212
commit 297dd1a900
4 changed files with 28 additions and 11 deletions

View File

@ -120,3 +120,4 @@ serefpolicy-2.6.4.tgz
serefpolicy-2.6.5.tgz
serefpolicy-3.0.1.tgz
serefpolicy-3.0.2.tgz
serefpolicy-3.0.3.tgz

View File

@ -5536,16 +5536,25 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.0.3/policy/modules/services/ntp.te
--- nsaserefpolicy/policy/modules/services/ntp.te 2007-07-03 07:06:27.000000000 -0400
+++ serefpolicy-3.0.3/policy/modules/services/ntp.te 2007-07-19 09:24:25.000000000 -0400
@@ -40,6 +40,7 @@
+++ serefpolicy-3.0.3/policy/modules/services/ntp.te 2007-07-19 10:44:14.000000000 -0400
@@ -36,6 +36,7 @@
dontaudit ntpd_t self:capability { net_admin sys_tty_config fsetid sys_nice };
allow ntpd_t self:process { signal_perms setcap setsched setrlimit };
allow ntpd_t self:fifo_file { read write getattr };
+allow ntpd_t self:shm create_shm_perms;
allow ntpd_t self:unix_dgram_socket create_socket_perms;
allow ntpd_t self:unix_stream_socket create_socket_perms;
allow ntpd_t self:tcp_socket create_stream_socket_perms;
allow ntpd_t self:udp_socket create_socket_perms;
+allow ntpd_t self:shm create_shm_perms;
@@ -82,6 +83,8 @@
manage_files_pattern(ntpd_t,ntp_drift_t,ntp_drift_t)
fs_getattr_all_fs(ntpd_t)
fs_search_auto_mountpoints(ntpd_t)
+# Necessary to communicate with gpsd devices
+fs_rw_tmpfs_files(ntpd_t)
@@ -107,6 +108,8 @@
auth_use_nsswitch(ntpd_t)
@@ -107,6 +110,8 @@
sysnet_read_config(ntpd_t)
@ -5554,7 +5563,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.
userdom_dontaudit_use_unpriv_user_fds(ntpd_t)
userdom_list_sysadm_home_dirs(ntpd_t)
userdom_dontaudit_list_sysadm_home_dirs(ntpd_t)
@@ -126,6 +129,10 @@
@@ -126,9 +131,14 @@
')
optional_policy(`
@ -5565,6 +5574,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.
seutil_sigchld_newrole(ntpd_t)
')
optional_policy(`
udev_read_db(ntpd_t)
')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.if serefpolicy-3.0.3/policy/modules/services/openvpn.if
--- nsaserefpolicy/policy/modules/services/openvpn.if 2007-05-29 14:10:57.000000000 -0400
+++ serefpolicy-3.0.3/policy/modules/services/openvpn.if 2007-07-17 15:46:25.000000000 -0400

View File

@ -16,8 +16,8 @@
%define CHECKPOLICYVER 2.0.3-1
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.2
Release: 8%{?dist}
Version: 3.0.3
Release: 1%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@ -172,7 +172,7 @@ fi;
%description
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision 2348.
Based off of reference policy: Checked out revision 2370.
%prep
%setup -q -n serefpolicy-%{version}
@ -357,6 +357,9 @@ exit 0
%endif
%changelog
* Tue Jul 17 2007 Dan Walsh <dwalsh@redhat.com> 3.0.2-9
- Allow execution of gconf
* Sat Jul 14 2007 Dan Walsh <dwalsh@redhat.com> 3.0.2-8
- Fix moilscanner update problem

View File

@ -1 +1 @@
7487348a6530067125f23316f43ff369 serefpolicy-3.0.2.tgz
af54ae49007f995f1cb9e5d6f5baf8bf serefpolicy-3.0.3.tgz