* Sat Aug 26 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-276
- Allow couple map rules
This commit is contained in:
parent
c1ce08ecb5
commit
2b14b695c4
Binary file not shown.
File diff suppressed because it is too large
Load Diff
@ -108616,10 +108616,10 @@ index 000000000..a6e216c73
|
|||||||
+
|
+
|
||||||
diff --git a/targetd.te b/targetd.te
|
diff --git a/targetd.te b/targetd.te
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 000000000..4cc8557fc
|
index 000000000..681ec9f67
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/targetd.te
|
+++ b/targetd.te
|
||||||
@@ -0,0 +1,91 @@
|
@@ -0,0 +1,101 @@
|
||||||
+policy_module(targetd, 1.0.0)
|
+policy_module(targetd, 1.0.0)
|
||||||
+
|
+
|
||||||
+########################################
|
+########################################
|
||||||
@ -108646,7 +108646,7 @@ index 000000000..4cc8557fc
|
|||||||
+allow targetd_t self:fifo_file rw_fifo_file_perms;
|
+allow targetd_t self:fifo_file rw_fifo_file_perms;
|
||||||
+allow targetd_t self:unix_stream_socket create_stream_socket_perms;
|
+allow targetd_t self:unix_stream_socket create_stream_socket_perms;
|
||||||
+allow targetd_t self:unix_dgram_socket create_socket_perms;
|
+allow targetd_t self:unix_dgram_socket create_socket_perms;
|
||||||
+allow targetd_t self:tcp_socket listen;
|
+allow targetd_t self:tcp_socket { accept listen };
|
||||||
+allow targetd_t self:netlink_route_socket r_netlink_socket_perms;
|
+allow targetd_t self:netlink_route_socket r_netlink_socket_perms;
|
||||||
+allow targetd_t self:process { setfscreate setsched };
|
+allow targetd_t self:process { setfscreate setsched };
|
||||||
+
|
+
|
||||||
@ -108654,6 +108654,8 @@ index 000000000..4cc8557fc
|
|||||||
+manage_files_pattern(targetd_t, targetd_etc_rw_t, targetd_etc_rw_t)
|
+manage_files_pattern(targetd_t, targetd_etc_rw_t, targetd_etc_rw_t)
|
||||||
+files_etc_filetrans(targetd_t, targetd_etc_rw_t, { dir file })
|
+files_etc_filetrans(targetd_t, targetd_etc_rw_t, { dir file })
|
||||||
+
|
+
|
||||||
|
+files_rw_isid_type_dirs(targetd_t)
|
||||||
|
+
|
||||||
+fs_getattr_xattr_fs(targetd_t)
|
+fs_getattr_xattr_fs(targetd_t)
|
||||||
+fs_manage_configfs_files(targetd_t)
|
+fs_manage_configfs_files(targetd_t)
|
||||||
+fs_manage_configfs_lnk_files(targetd_t)
|
+fs_manage_configfs_lnk_files(targetd_t)
|
||||||
@ -108665,6 +108667,8 @@ index 000000000..4cc8557fc
|
|||||||
+kernel_read_system_state(targetd_t)
|
+kernel_read_system_state(targetd_t)
|
||||||
+kernel_read_network_state(targetd_t)
|
+kernel_read_network_state(targetd_t)
|
||||||
+kernel_load_module(targetd_t)
|
+kernel_load_module(targetd_t)
|
||||||
|
+kernel_request_load_module(targetd_t)
|
||||||
|
+kernel_dgram_send(targetd_t)
|
||||||
+
|
+
|
||||||
+rpc_read_exports(targetd_t)
|
+rpc_read_exports(targetd_t)
|
||||||
+
|
+
|
||||||
@ -108685,6 +108689,8 @@ index 000000000..4cc8557fc
|
|||||||
+
|
+
|
||||||
+libs_exec_ldconfig(targetd_t)
|
+libs_exec_ldconfig(targetd_t)
|
||||||
+
|
+
|
||||||
|
+seutil_dontaudit_read_module_store(targetd_t)
|
||||||
|
+
|
||||||
+storage_raw_read_fixed_disk(targetd_t)
|
+storage_raw_read_fixed_disk(targetd_t)
|
||||||
+storage_raw_read_removable_device(targetd_t)
|
+storage_raw_read_removable_device(targetd_t)
|
||||||
+
|
+
|
||||||
@ -108708,6 +108714,10 @@ index 000000000..4cc8557fc
|
|||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
|
+ rpm_dontaudit_read_db(targetd_t)
|
||||||
|
+')
|
||||||
|
+
|
||||||
|
+optional_policy(`
|
||||||
+ udev_read_pid_files(targetd_t)
|
+ udev_read_pid_files(targetd_t)
|
||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
|
@ -19,7 +19,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.13.1
|
Version: 3.13.1
|
||||||
Release: 275%{?dist}
|
Release: 276%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -681,6 +681,9 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sat Aug 26 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-276
|
||||||
|
- Allow couple map rules
|
||||||
|
|
||||||
* Wed Aug 23 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-275
|
* Wed Aug 23 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-275
|
||||||
- Make confined users working
|
- Make confined users working
|
||||||
- Allow ipmievd_t domain to load kernel modules
|
- Allow ipmievd_t domain to load kernel modules
|
||||||
|
Loading…
Reference in New Issue
Block a user