- Re-add corenet_in_generic_if(unlabeled_t)
This commit is contained in:
Daniel J Walsh
parent
d9ad79766e
commit
2eec438a0b
@ -160,3 +160,4 @@ serefpolicy-3.6.2.tgz
|
||||
serefpolicy-3.6.3.tgz
|
||||
serefpolicy-3.6.4.tgz
|
||||
serefpolicy-3.6.5.tgz
|
||||
serefpolicy-3.6.6.tgz
|
||||
|
||||
@ -4413,7 +4413,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+corecmd_executable_file(wm_exec_t)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.6.6/policy/modules/kernel/corecommands.fc
|
||||
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2009-01-05 15:39:38.000000000 -0500
|
||||
+++ serefpolicy-3.6.6/policy/modules/kernel/corecommands.fc 2009-02-16 17:29:50.000000000 -0500
|
||||
+++ serefpolicy-3.6.6/policy/modules/kernel/corecommands.fc 2009-02-16 17:52:43.000000000 -0500
|
||||
@@ -58,6 +58,8 @@
|
||||
|
||||
/etc/init\.d/functions -- gen_context(system_u:object_r:bin_t,s0)
|
||||
@ -4423,16 +4423,23 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
/etc/netplug\.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
/etc/ppp/ip-down\..* -- gen_context(system_u:object_r:bin_t,s0)
|
||||
@@ -78,6 +80,8 @@
|
||||
/etc/sysconfig/network-scripts/ifup-.* -l gen_context(system_u:object_r:bin_t,s0)
|
||||
/etc/sysconfig/network-scripts/ifdown-.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/etc/sysconfig/network-scripts/ifdown-.* -l gen_context(system_u:object_r:bin_t,s0)
|
||||
+/etc/sysconfig/network-scripts/net.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||
+/etc/sysconfig/network-scripts/init.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||
@@ -74,10 +76,11 @@
|
||||
/etc/sysconfig/libvirtd -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/etc/sysconfig/netconsole -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/etc/sysconfig/readonly-root -- gen_context(system_u:object_r:bin_t,s0)
|
||||
-/etc/sysconfig/network-scripts/ifup-.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||
-/etc/sysconfig/network-scripts/ifup-.* -l gen_context(system_u:object_r:bin_t,s0)
|
||||
-/etc/sysconfig/network-scripts/ifdown-.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||
-/etc/sysconfig/network-scripts/ifdown-.* -l gen_context(system_u:object_r:bin_t,s0)
|
||||
+
|
||||
+/etc/sysconfig/network-scripts/ifup.* gen_context(system_u:object_r:bin_t,s0)
|
||||
+/etc/sysconfig/network-scripts/ifdown.* gen_context(system_u:object_r:bin_t,s0)
|
||||
+/etc/sysconfig/network-scripts/net.* gen_context(system_u:object_r:bin_t,s0)
|
||||
+/etc/sysconfig/network-scripts/init.* gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
/etc/X11/xdm/GiveConsole -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/etc/X11/xdm/TakeConsole -- gen_context(system_u:object_r:bin_t,s0)
|
||||
@@ -130,6 +134,8 @@
|
||||
@@ -130,6 +133,8 @@
|
||||
/opt/vmware/workstation/lib/lib/wrapper-gtk24\.sh -- gen_context(system_u:object_r:bin_t,s0)
|
||||
')
|
||||
|
||||
@ -4441,7 +4448,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
#
|
||||
# /usr
|
||||
#
|
||||
@@ -203,6 +209,7 @@
|
||||
@@ -203,6 +208,7 @@
|
||||
/usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/hal/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/mc/extfs/.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||
@ -4449,7 +4456,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
/usr/share/printconf/util/print\.py -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/selinux/devel/policygentool -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/turboprint/lib(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
|
||||
@@ -223,14 +230,15 @@
|
||||
@@ -223,14 +229,15 @@
|
||||
/usr/lib64/.*/program(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib64/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
|
||||
@ -4467,7 +4474,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
/usr/share/fedora-usermgmt/wrapper -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/hplip/[^/]* -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/hwbrowser/hwbrowser -- gen_context(system_u:object_r:bin_t,s0)
|
||||
@@ -293,3 +301,14 @@
|
||||
@@ -293,3 +300,14 @@
|
||||
ifdef(`distro_suse',`
|
||||
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
|
||||
')
|
||||
@ -5381,12 +5388,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
type power_device_t;
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.6.6/policy/modules/kernel/domain.if
|
||||
--- nsaserefpolicy/policy/modules/kernel/domain.if 2009-01-05 15:39:38.000000000 -0500
|
||||
+++ serefpolicy-3.6.6/policy/modules/kernel/domain.if 2009-02-16 17:25:53.000000000 -0500
|
||||
+++ serefpolicy-3.6.6/policy/modules/kernel/domain.if 2009-02-16 17:42:39.000000000 -0500
|
||||
@@ -629,6 +629,7 @@
|
||||
|
||||
dontaudit $1 unconfined_domain_type:dir search_dir_perms;
|
||||
dontaudit $1 unconfined_domain_type:file read_file_perms;
|
||||
+ dontaudit $1 unconfined_domain_type:lnk_file read_file_perms;
|
||||
+ dontaudit $1 unconfined_domain_type:lnk_file read_lnk_file_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -28059,7 +28066,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.6.6/policy/modules/system/sysnetwork.if
|
||||
--- nsaserefpolicy/policy/modules/system/sysnetwork.if 2009-01-19 11:07:34.000000000 -0500
|
||||
+++ serefpolicy-3.6.6/policy/modules/system/sysnetwork.if 2009-02-16 13:18:06.000000000 -0500
|
||||
+++ serefpolicy-3.6.6/policy/modules/system/sysnetwork.if 2009-02-16 17:51:03.000000000 -0500
|
||||
@@ -43,6 +43,39 @@
|
||||
|
||||
sysnet_domtrans_dhcpc($1)
|
||||
@ -28126,6 +28133,24 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+ delete_files_pattern($1, dhcpc_state_t, dhcpc_state_t)
|
||||
')
|
||||
|
||||
#######################################
|
||||
@@ -230,7 +281,7 @@
|
||||
')
|
||||
|
||||
files_search_etc($1)
|
||||
- allow $1 net_conf_t:file read_file_perms;
|
||||
+ read_files_pattern($1, net_conf_t, net_conf_t)
|
||||
')
|
||||
|
||||
#######################################
|
||||
@@ -323,7 +374,7 @@
|
||||
type net_conf_t;
|
||||
')
|
||||
|
||||
- allow $1 net_conf_t:file manage_file_perms;
|
||||
+ manage_files_pattern($1, net_conf_t, net_conf_t)
|
||||
')
|
||||
|
||||
#######################################
|
||||
@@ -541,6 +592,7 @@
|
||||
type net_conf_t;
|
||||
|
||||
@ -19,8 +19,8 @@
|
||||
%define CHECKPOLICYVER 2.0.16-3
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.6.5
|
||||
Release: 3%{?dist}
|
||||
Version: 3.6.6
|
||||
Release: 1%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
@ -184,7 +184,7 @@ fi;
|
||||
|
||||
%description
|
||||
SELinux Reference Policy - modular.
|
||||
Based off of reference policy: Checked out revision 2908.
|
||||
Based off of reference policy: Checked out revision 2909.
|
||||
|
||||
%build
|
||||
|
||||
@ -444,6 +444,9 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Feb 11 2009 Dan Walsh <dwalsh@redhat.com> 3.6.6-1
|
||||
- Re-add corenet_in_generic_if(unlabeled_t)
|
||||
|
||||
* Wed Feb 11 2009 Dan Walsh <dwalsh@redhat.com> 3.6.5-3
|
||||
|
||||
* Tue Feb 10 2009 Dan Walsh <dwalsh@redhat.com> 3.6.5-2
|
||||
|
||||
Loading…
Reference in New Issue
Block a user