* Sat Aug 26 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-276
- Allow couple map rules
This commit is contained in:
Lukas Vrabec
parent
c1ce08ecb5
commit
2b14b695c4
Binary file not shown.
File diff suppressed because it is too large
Load Diff
@ -108616,10 +108616,10 @@ index 000000000..a6e216c73
|
||||
+
|
||||
diff --git a/targetd.te b/targetd.te
|
||||
new file mode 100644
|
||||
index 000000000..4cc8557fc
|
||||
index 000000000..681ec9f67
|
||||
--- /dev/null
|
||||
+++ b/targetd.te
|
||||
@@ -0,0 +1,91 @@
|
||||
@@ -0,0 +1,101 @@
|
||||
+policy_module(targetd, 1.0.0)
|
||||
+
|
||||
+########################################
|
||||
@ -108646,7 +108646,7 @@ index 000000000..4cc8557fc
|
||||
+allow targetd_t self:fifo_file rw_fifo_file_perms;
|
||||
+allow targetd_t self:unix_stream_socket create_stream_socket_perms;
|
||||
+allow targetd_t self:unix_dgram_socket create_socket_perms;
|
||||
+allow targetd_t self:tcp_socket listen;
|
||||
+allow targetd_t self:tcp_socket { accept listen };
|
||||
+allow targetd_t self:netlink_route_socket r_netlink_socket_perms;
|
||||
+allow targetd_t self:process { setfscreate setsched };
|
||||
+
|
||||
@ -108654,6 +108654,8 @@ index 000000000..4cc8557fc
|
||||
+manage_files_pattern(targetd_t, targetd_etc_rw_t, targetd_etc_rw_t)
|
||||
+files_etc_filetrans(targetd_t, targetd_etc_rw_t, { dir file })
|
||||
+
|
||||
+files_rw_isid_type_dirs(targetd_t)
|
||||
+
|
||||
+fs_getattr_xattr_fs(targetd_t)
|
||||
+fs_manage_configfs_files(targetd_t)
|
||||
+fs_manage_configfs_lnk_files(targetd_t)
|
||||
@ -108665,6 +108667,8 @@ index 000000000..4cc8557fc
|
||||
+kernel_read_system_state(targetd_t)
|
||||
+kernel_read_network_state(targetd_t)
|
||||
+kernel_load_module(targetd_t)
|
||||
+kernel_request_load_module(targetd_t)
|
||||
+kernel_dgram_send(targetd_t)
|
||||
+
|
||||
+rpc_read_exports(targetd_t)
|
||||
+
|
||||
@ -108685,6 +108689,8 @@ index 000000000..4cc8557fc
|
||||
+
|
||||
+libs_exec_ldconfig(targetd_t)
|
||||
+
|
||||
+seutil_dontaudit_read_module_store(targetd_t)
|
||||
+
|
||||
+storage_raw_read_fixed_disk(targetd_t)
|
||||
+storage_raw_read_removable_device(targetd_t)
|
||||
+
|
||||
@ -108708,6 +108714,10 @@ index 000000000..4cc8557fc
|
||||
+')
|
||||
+
|
||||
+optional_policy(`
|
||||
+ rpm_dontaudit_read_db(targetd_t)
|
||||
+')
|
||||
+
|
||||
+optional_policy(`
|
||||
+ udev_read_pid_files(targetd_t)
|
||||
+')
|
||||
+
|
||||
|
||||
@ -19,7 +19,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.13.1
|
||||
Release: 275%{?dist}
|
||||
Release: 276%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
@ -681,6 +681,9 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Sat Aug 26 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-276
|
||||
- Allow couple map rules
|
||||
|
||||
* Wed Aug 23 2017 Lukas Vrabec <lvrabec@redhat.com> - 3.13.1-275
|
||||
- Make confined users working
|
||||
- Allow ipmievd_t domain to load kernel modules
|
||||
|
||||
Loading…
Reference in New Issue
Block a user