- Allow nsplugin to comminicate with xdm_tmp_t sock_file
This commit is contained in:
Daniel J Walsh
parent
99873745bf
commit
2ede4ec7ba
@ -4711,8 +4711,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+')
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.5.9/policy/modules/apps/nsplugin.te
|
||||
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ serefpolicy-3.5.9/policy/modules/apps/nsplugin.te 2008-09-29 11:06:29.000000000 -0400
|
||||
@@ -0,0 +1,234 @@
|
||||
+++ serefpolicy-3.5.9/policy/modules/apps/nsplugin.te 2008-10-01 07:36:31.000000000 -0400
|
||||
@@ -0,0 +1,235 @@
|
||||
+
|
||||
+policy_module(nsplugin, 1.0.0)
|
||||
+
|
||||
@ -4869,6 +4869,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+')
|
||||
+
|
||||
+optional_policy(`
|
||||
+ xserver_stream_connect_xdm(nsplugin_t)
|
||||
+ xserver_stream_connect_xdm_xserver(nsplugin_t)
|
||||
+ xserver_rw_xdm_xserver_shm(nsplugin_t)
|
||||
+ xserver_read_xdm_tmp_files(nsplugin_t)
|
||||
@ -10862,7 +10863,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+')
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.5.9/policy/modules/services/apache.te
|
||||
--- nsaserefpolicy/policy/modules/services/apache.te 2008-08-07 11:15:11.000000000 -0400
|
||||
+++ serefpolicy-3.5.9/policy/modules/services/apache.te 2008-09-25 08:33:18.000000000 -0400
|
||||
+++ serefpolicy-3.5.9/policy/modules/services/apache.te 2008-10-01 07:40:09.000000000 -0400
|
||||
@@ -20,6 +20,8 @@
|
||||
# Declarations
|
||||
#
|
||||
@ -13545,7 +13546,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
-') dnl end TODO
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.5.9/policy/modules/services/cups.fc
|
||||
--- nsaserefpolicy/policy/modules/services/cups.fc 2008-08-07 11:15:11.000000000 -0400
|
||||
+++ serefpolicy-3.5.9/policy/modules/services/cups.fc 2008-09-30 10:27:16.000000000 -0400
|
||||
+++ serefpolicy-3.5.9/policy/modules/services/cups.fc 2008-10-01 07:43:49.000000000 -0400
|
||||
@@ -8,24 +8,33 @@
|
||||
/etc/cups/ppd/.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
|
||||
/etc/cups/ppds\.dat -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
|
||||
@ -13592,7 +13593,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
/var/cache/alchemist/printconf.* gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
|
||||
/var/cache/foomatic(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
|
||||
@@ -43,10 +52,20 @@
|
||||
@@ -43,10 +52,19 @@
|
||||
/var/lib/cups/certs/.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
|
||||
|
||||
/var/log/cups(/.*)? gen_context(system_u:object_r:cupsd_log_t,s0)
|
||||
@ -13606,9 +13607,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
/var/run/ptal-printd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
|
||||
/var/run/ptal-mlcd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
|
||||
+
|
||||
+/usr/local/Brother/inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
|
||||
+/usr/local/Brother/[^/]*/inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
|
||||
+/usr/local/Printer/[^/]*/inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
|
||||
+/usr/local/Brother/(.*/)?inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
|
||||
+/usr/local/Printer/(.*/)?inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
|
||||
+
|
||||
+
|
||||
+/usr/local/linuxprinter/ppd(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
|
||||
@ -15344,7 +15344,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+')
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.5.9/policy/modules/services/dnsmasq.te
|
||||
--- nsaserefpolicy/policy/modules/services/dnsmasq.te 2008-08-07 11:15:11.000000000 -0400
|
||||
+++ serefpolicy-3.5.9/policy/modules/services/dnsmasq.te 2008-09-25 08:33:18.000000000 -0400
|
||||
+++ serefpolicy-3.5.9/policy/modules/services/dnsmasq.te 2008-09-30 23:38:02.000000000 -0400
|
||||
@@ -10,6 +10,9 @@
|
||||
type dnsmasq_exec_t;
|
||||
init_daemon_domain(dnsmasq_t, dnsmasq_exec_t)
|
||||
@ -15373,16 +15373,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
files_var_lib_filetrans(dnsmasq_t,dnsmasq_lease_t,file)
|
||||
|
||||
manage_files_pattern(dnsmasq_t, dnsmasq_var_run_t, dnsmasq_var_run_t)
|
||||
@@ -56,7 +59,7 @@
|
||||
@@ -55,8 +58,7 @@
|
||||
corenet_tcp_bind_all_nodes(dnsmasq_t)
|
||||
corenet_udp_bind_all_nodes(dnsmasq_t)
|
||||
corenet_tcp_bind_dns_port(dnsmasq_t)
|
||||
corenet_udp_bind_dns_port(dnsmasq_t)
|
||||
-corenet_udp_bind_dns_port(dnsmasq_t)
|
||||
-corenet_udp_bind_dhcpd_port(dnsmasq_t)
|
||||
+corenet_udp_bind_all_ports(dnsmasq_t)
|
||||
corenet_sendrecv_dns_server_packets(dnsmasq_t)
|
||||
corenet_sendrecv_dhcpd_server_packets(dnsmasq_t)
|
||||
|
||||
@@ -95,3 +98,7 @@
|
||||
@@ -95,3 +97,7 @@
|
||||
optional_policy(`
|
||||
udev_read_db(dnsmasq_t)
|
||||
')
|
||||
@ -25691,6 +25692,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
corenet_all_recvfrom_unlabeled(stunnel_t)
|
||||
corenet_all_recvfrom_netlabel(stunnel_t)
|
||||
corenet_tcp_sendrecv_all_if(stunnel_t)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sysstat.te serefpolicy-3.5.9/policy/modules/services/sysstat.te
|
||||
--- nsaserefpolicy/policy/modules/services/sysstat.te 2008-08-07 11:15:11.000000000 -0400
|
||||
+++ serefpolicy-3.5.9/policy/modules/services/sysstat.te 2008-10-01 07:40:20.000000000 -0400
|
||||
@@ -47,6 +47,7 @@
|
||||
files_read_etc_files(sysstat_t)
|
||||
|
||||
fs_getattr_xattr_fs(sysstat_t)
|
||||
+fs_list_inotifyfs(sysstat_t)
|
||||
|
||||
term_use_console(sysstat_t)
|
||||
term_use_all_terms(sysstat_t)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/telnet.te serefpolicy-3.5.9/policy/modules/services/telnet.te
|
||||
--- nsaserefpolicy/policy/modules/services/telnet.te 2008-08-07 11:15:11.000000000 -0400
|
||||
+++ serefpolicy-3.5.9/policy/modules/services/telnet.te 2008-09-25 08:33:18.000000000 -0400
|
||||
@ -26221,7 +26233,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
/var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.5.9/policy/modules/services/xserver.if
|
||||
--- nsaserefpolicy/policy/modules/services/xserver.if 2008-09-24 09:07:28.000000000 -0400
|
||||
+++ serefpolicy-3.5.9/policy/modules/services/xserver.if 2008-09-26 13:06:46.000000000 -0400
|
||||
+++ serefpolicy-3.5.9/policy/modules/services/xserver.if 2008-10-01 07:36:13.000000000 -0400
|
||||
@@ -16,6 +16,7 @@
|
||||
gen_require(`
|
||||
type xkb_var_lib_t, xserver_exec_t, xserver_log_t;
|
||||
|
||||
@ -17,7 +17,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.5.9
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
@ -390,6 +390,9 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Oct 1 2008 Dan Walsh <dwalsh@redhat.com> 3.5.9-3
|
||||
- Allow nsplugin to comminicate with xdm_tmp_t sock_file
|
||||
|
||||
* Mon Sep 29 2008 Dan Walsh <dwalsh@redhat.com> 3.5.9-2
|
||||
- Change all user tmpfs_t files to be labeled user_tmpfs_t
|
||||
- Allow radiusd to create sock_files
|
||||
|
||||
Loading…
Reference in New Issue
Block a user