rpms
/
selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Allow nsplugin to comminicate with xdm_tmp_t sock_file

This commit is contained in:
Daniel J Walsh 2008-10-01 12:27:11 +00:00
parent 99873745bf
commit 2ede4ec7ba
2 changed files with 29 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
policy-20080710.patch
View File

@ -4711,8 +4711,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.5.9/policy/modules/apps/nsplugin.te
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.5.9/policy/modules/apps/nsplugin.te 2008-09-29 11:06:29.000000000 -0400
@@ -0,0 +1,234 @@
+++ serefpolicy-3.5.9/policy/modules/apps/nsplugin.te 2008-10-01 07:36:31.000000000 -0400
@@ -0,0 +1,235 @@
+
+policy_module(nsplugin, 1.0.0)
+
@ -4869,6 +4869,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+optional_policy(`
+ xserver_stream_connect_xdm(nsplugin_t)
+ xserver_stream_connect_xdm_xserver(nsplugin_t)
+ xserver_rw_xdm_xserver_shm(nsplugin_t)
+ xserver_read_xdm_tmp_files(nsplugin_t)
@ -10862,7 +10863,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.5.9/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.9/policy/modules/services/apache.te 2008-09-25 08:33:18.000000000 -0400
+++ serefpolicy-3.5.9/policy/modules/services/apache.te 2008-10-01 07:40:09.000000000 -0400
@@ -20,6 +20,8 @@
# Declarations
#
@ -13545,7 +13546,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-') dnl end TODO
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.5.9/policy/modules/services/cups.fc
--- nsaserefpolicy/policy/modules/services/cups.fc 2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.9/policy/modules/services/cups.fc 2008-09-30 10:27:16.000000000 -0400
+++ serefpolicy-3.5.9/policy/modules/services/cups.fc 2008-10-01 07:43:49.000000000 -0400
@@ -8,24 +8,33 @@
/etc/cups/ppd/.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
/etc/cups/ppds\.dat -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@ -13592,7 +13593,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/cache/alchemist/printconf.* gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
/var/cache/foomatic(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -43,10 +52,20 @@
@@ -43,10 +52,19 @@
/var/lib/cups/certs/.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
/var/log/cups(/.*)? gen_context(system_u:object_r:cupsd_log_t,s0)
@ -13606,9 +13607,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/ptal-printd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
/var/run/ptal-mlcd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
+
+/usr/local/Brother/inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
+/usr/local/Brother/[^/]*/inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
+/usr/local/Printer/[^/]*/inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
+/usr/local/Brother/(.*/)?inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
+/usr/local/Printer/(.*/)?inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
+
+
+/usr/local/linuxprinter/ppd(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@ -15344,7 +15344,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.5.9/policy/modules/services/dnsmasq.te
--- nsaserefpolicy/policy/modules/services/dnsmasq.te 2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.9/policy/modules/services/dnsmasq.te 2008-09-25 08:33:18.000000000 -0400
+++ serefpolicy-3.5.9/policy/modules/services/dnsmasq.te 2008-09-30 23:38:02.000000000 -0400
@@ -10,6 +10,9 @@
type dnsmasq_exec_t;
init_daemon_domain(dnsmasq_t, dnsmasq_exec_t)
@ -15373,16 +15373,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
files_var_lib_filetrans(dnsmasq_t,dnsmasq_lease_t,file)
manage_files_pattern(dnsmasq_t, dnsmasq_var_run_t, dnsmasq_var_run_t)
@@ -56,7 +59,7 @@
@@ -55,8 +58,7 @@
corenet_tcp_bind_all_nodes(dnsmasq_t)
corenet_udp_bind_all_nodes(dnsmasq_t)
corenet_tcp_bind_dns_port(dnsmasq_t)
corenet_udp_bind_dns_port(dnsmasq_t)
-corenet_udp_bind_dns_port(dnsmasq_t)
-corenet_udp_bind_dhcpd_port(dnsmasq_t)
+corenet_udp_bind_all_ports(dnsmasq_t)
corenet_sendrecv_dns_server_packets(dnsmasq_t)
corenet_sendrecv_dhcpd_server_packets(dnsmasq_t)
@@ -95,3 +98,7 @@
@@ -95,3 +97,7 @@
optional_policy(`
udev_read_db(dnsmasq_t)
')
@ -25691,6 +25692,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_all_recvfrom_unlabeled(stunnel_t)
corenet_all_recvfrom_netlabel(stunnel_t)
corenet_tcp_sendrecv_all_if(stunnel_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sysstat.te serefpolicy-3.5.9/policy/modules/services/sysstat.te
--- nsaserefpolicy/policy/modules/services/sysstat.te 2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.9/policy/modules/services/sysstat.te 2008-10-01 07:40:20.000000000 -0400
@@ -47,6 +47,7 @@
files_read_etc_files(sysstat_t)
fs_getattr_xattr_fs(sysstat_t)
+fs_list_inotifyfs(sysstat_t)
term_use_console(sysstat_t)
term_use_all_terms(sysstat_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/telnet.te serefpolicy-3.5.9/policy/modules/services/telnet.te
--- nsaserefpolicy/policy/modules/services/telnet.te 2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.9/policy/modules/services/telnet.te 2008-09-25 08:33:18.000000000 -0400
@ -26221,7 +26233,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.5.9/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2008-09-24 09:07:28.000000000 -0400
+++ serefpolicy-3.5.9/policy/modules/services/xserver.if 2008-09-26 13:06:46.000000000 -0400
+++ serefpolicy-3.5.9/policy/modules/services/xserver.if 2008-10-01 07:36:13.000000000 -0400
@@ -16,6 +16,7 @@
gen_require(`
type xkb_var_lib_t, xserver_exec_t, xserver_log_t;

5
selinux-policy.spec
View File

@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.5.9
Release: 2%{?dist}
Release: 3%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@ -390,6 +390,9 @@ exit 0
%endif
%changelog
* Wed Oct 1 2008 Dan Walsh <dwalsh@redhat.com> 3.5.9-3
- Allow nsplugin to comminicate with xdm_tmp_t sock_file
* Mon Sep 29 2008 Dan Walsh <dwalsh@redhat.com> 3.5.9-2
- Change all user tmpfs_t files to be labeled user_tmpfs_t
- Allow radiusd to create sock_files