rpms/selinux-policy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

- Add policy for ajaxterm

Browse Source
This commit is contained in:
Dan Walsh 2010-09-09 09:58:12 -04:00
parent 6e2d7f3a82
commit 30a7d17203
3 changed files with 228 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
modules-targeted.conf
View File

@ -25,6 +25,13 @@ accountsd = module
#
acct = base
# Layer: services
# Module: ajaxterm
#
# Web Based Terminal
#
ajaxterm = module
# Layer: admin
# Module: alsa
#

246
policy-F14.patch
View File

@ -3777,7 +3777,7 @@ index 9a6d67d..47aa143 100644
## mozilla over dbus.
## </summary>
diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
index cbf4bec..58899ca 100644
index cbf4bec..ec6a1ff 100644
--- a/policy/modules/apps/mozilla.te
+++ b/policy/modules/apps/mozilla.te
@@ -25,6 +25,7 @@ files_config_file(mozilla_conf_t)
@ -3850,7 +3850,7 @@ index cbf4bec..58899ca 100644
pulseaudio_exec(mozilla_t)
pulseaudio_stream_connect(mozilla_t)
pulseaudio_manage_home_files(mozilla_t)
@@ -266,3 +291,78 @@ optional_policy(`
@@ -266,3 +291,79 @@ optional_policy(`
optional_policy(`
thunderbird_domtrans(mozilla_t)
')
@ -3918,6 +3918,7 @@ index cbf4bec..58899ca 100644
+optional_policy(`
+ nsplugin_domtrans(mozilla_plugin_t)
+ nsplugin_rw_exec(mozilla_plugin_t)
+ nsplugin_manage_home_dirs(mozilla_plugin_t)
+ nsplugin_manage_home_files(mozilla_plugin_t)
+')
+
@ -4031,10 +4032,10 @@ index 0000000..63abc5c
+/usr/lib(64)?/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:nsplugin_rw_t,s0)
diff --git a/policy/modules/apps/nsplugin.if b/policy/modules/apps/nsplugin.if
new file mode 100644
index 0000000..4dd9d05
index 0000000..c779d44
--- /dev/null
+++ b/policy/modules/apps/nsplugin.if
@@ -0,0 +1,374 @@
@@ -0,0 +1,392 @@
+
+## <summary>policy for nsplugin</summary>
+
@ -4321,6 +4322,24 @@ index 0000000..4dd9d05
+
+########################################
+## <summary>
+## manage nnsplugin home dirs.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`nsplugin_manage_home_dirs',`
+ gen_require(`
+ type nsplugin_home_t;
+ ')
+
+ manage_dirs_pattern($1, nsplugin_home_t, nsplugin_home_t)
+')
+
+########################################
+## <summary>
+## Allow attempts to read and write to
+## nsplugin named pipes.
+## </summary>
@ -6895,7 +6914,7 @@ index 82842a0..369c3b5 100644
dbus_system_bus_client($1_wm_t)
dbus_session_bus_client($1_wm_t)
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index 0eb1d97..b267560 100644
index 0eb1d97..b42af1b 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -9,8 +9,11 @@
@ -6956,15 +6975,19 @@ index 0eb1d97..b267560 100644
/usr/lib(64)?/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/apt/methods.+ -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/ConsoleKit/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
@@ -220,6 +234,7 @@ ifdef(`distro_gentoo',`
@@ -218,8 +232,11 @@ ifdef(`distro_gentoo',`
/usr/sbin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/sbin/smrsh -- gen_context(system_u:object_r:shell_exec_t,s0)
+/usr/share/ajaxterm/qweb.py.* -- gen_context(system_u:object_r:bin_t,s0)
+/usr/share/ajaxterm/ajaxterm.py.* -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/apr-0/build/[^/]+\.sh -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/apr-0/build/libtool -- gen_context(system_u:object_r:bin_t,s0)
+/usr/share/dayplanner/dayplanner -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/debconf/.+ -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/denyhosts/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/denyhosts/plugins(/.*)? gen_context(system_u:object_r:bin_t,s0)
@@ -228,6 +243,8 @@ ifdef(`distro_gentoo',`
@@ -228,6 +245,8 @@ ifdef(`distro_gentoo',`
/usr/share/cluster/svclib_nfslock -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/e16/misc(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/gedit-2/plugins/externaltools/tools(/.*)? gen_context(system_u:object_r:bin_t,s0)
@ -6973,7 +6996,7 @@ index 0eb1d97..b267560 100644
/usr/share/gnucash/finance-quote-check -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/gnucash/finance-quote-helper -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
@@ -314,6 +331,7 @@ ifdef(`distro_redhat', `
@@ -314,6 +333,7 @@ ifdef(`distro_redhat', `
/usr/share/texmf/web2c/mktexdir -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/texmf/web2c/mktexnam -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/texmf/web2c/mktexupd -- gen_context(system_u:object_r:bin_t,s0)
@ -6981,7 +7004,7 @@ index 0eb1d97..b267560 100644
')
ifdef(`distro_suse', `
@@ -340,3 +358,27 @@ ifdef(`distro_suse', `
@@ -340,3 +360,27 @@ ifdef(`distro_suse', `
ifdef(`distro_suse',`
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
')
@ -7041,7 +7064,7 @@ index 9e5c83e..953e0e8 100644
+/lib/udev/devices/ppp -c gen_context(system_u:object_r:ppp_device_t,s0)
+/lib/udev/devices/net/.* -c gen_context(system_u:object_r:tun_tap_device_t,s0)
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 2ecdde8..bb4adcb 100644
index 2ecdde8..f15e5ba 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -24,6 +24,7 @@ dev_node(ppp_device_t)
@ -7052,7 +7075,7 @@ index 2ecdde8..bb4adcb 100644
########################################
#
@@ -64,6 +65,7 @@ type hi_reserved_port_t, port_type, reserved_port_type, rpc_port_type;
@@ -64,20 +65,25 @@ type hi_reserved_port_t, port_type, reserved_port_type, rpc_port_type;
type server_packet_t, packet_type, server_packet_type;
network_port(afs_bos, udp,7007,s0)
@ -7060,7 +7083,9 @@ index 2ecdde8..bb4adcb 100644
network_port(afs_fs, tcp,2040,s0, udp,7000,s0, udp,7005,s0)
network_port(afs_ka, udp,7004,s0)
network_port(afs_pt, udp,7002,s0)
@@ -72,12 +74,15 @@ network_port(agentx, udp,705,s0, tcp,705,s0)
network_port(afs_vl, udp,7003,s0)
network_port(agentx, udp,705,s0, tcp,705,s0)
+network_port(ajaxterm, tcp,8022,s0)
network_port(amanda, udp,10080-10082,s0, tcp,10080-10083,s0)
network_port(amavisd_recv, tcp,10024,s0)
network_port(amavisd_send, tcp,10025,s0)
@ -7076,7 +7101,7 @@ index 2ecdde8..bb4adcb 100644
type biff_port_t, port_type, reserved_port_type; dnl network_port(biff) # no defined portcon in current strict
network_port(certmaster, tcp,51235,s0)
network_port(chronyd, udp,323,s0)
@@ -85,6 +90,7 @@ network_port(clamd, tcp,3310,s0)
@@ -85,6 +91,7 @@ network_port(clamd, tcp,3310,s0)
network_port(clockspeed, udp,4041,s0)
network_port(cluster, tcp,5149,s0, udp,5149,s0, tcp,40040,s0, tcp,50006-50008,s0, udp,50006-50008,s0)
network_port(cobbler, tcp,25151,s0)
@ -7084,7 +7109,7 @@ index 2ecdde8..bb4adcb 100644
network_port(comsat, udp,512,s0)
network_port(cvs, tcp,2401,s0, udp,2401,s0)
network_port(cyphesis, tcp,6767,s0, tcp,6769,s0, tcp,6780-6799,s0, udp,32771,s0)
@@ -97,7 +103,9 @@ network_port(dict, tcp,2628,s0)
@@ -97,7 +104,9 @@ network_port(dict, tcp,2628,s0)
network_port(distccd, tcp,3632,s0)
network_port(dns, udp,53,s0, tcp,53,s0)
network_port(epmap, tcp,135,s0, udp,135,s0)
@ -7094,7 +7119,7 @@ index 2ecdde8..bb4adcb 100644
network_port(ftp, tcp,21,s0, tcp,990,s0, udp,990,s0)
network_port(ftp_data, tcp,20,s0)
network_port(gatekeeper, udp,1718,s0, udp,1719,s0, tcp,1721,s0, tcp,7000,s0)
@@ -109,7 +117,7 @@ network_port(hddtemp, tcp,7634,s0)
@@ -109,7 +118,7 @@ network_port(hddtemp, tcp,7634,s0)
network_port(howl, tcp,5335,s0, udp,5353,s0)
network_port(hplip, tcp,1782,s0, tcp,2207,s0, tcp,2208,s0, tcp, 8290,s0, tcp,50000,s0, tcp,50002,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0, tcp,9292,s0)
network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0, tcp,8443,s0) #8443 is mod_nss default port
@ -7103,7 +7128,7 @@ index 2ecdde8..bb4adcb 100644
network_port(i18n_input, tcp,9010,s0)
network_port(imaze, tcp,5323,s0, udp,5323,s0)
network_port(inetd_child, tcp,1,s0, udp,1,s0, tcp,7,s0, udp,7,s0, tcp,9,s0, udp,9,s0, tcp,13,s0, udp,13,s0, tcp,19,s0, udp,19,s0, tcp,37,s0, udp,37,s0, tcp,512,s0, tcp,543,s0, tcp,544,s0, tcp,891,s0, udp,891,s0, tcp,892,s0, udp,892,s0, tcp,2105,s0, tcp,5666,s0)
@@ -123,30 +131,34 @@ network_port(iscsi, tcp,3260,s0)
@@ -123,30 +132,34 @@ network_port(iscsi, tcp,3260,s0)
network_port(isns, tcp,3205,s0, udp,3205,s0)
network_port(jabber_client, tcp,5222,s0, tcp,5223,s0)
network_port(jabber_interserver, tcp,5269,s0)
@ -7142,7 +7167,7 @@ index 2ecdde8..bb4adcb 100644
network_port(ntp, udp,123,s0)
network_port(ocsp, tcp,9080,s0)
network_port(openvpn, tcp,1194,s0, udp,1194,s0)
@@ -154,12 +166,20 @@ network_port(pegasus_http, tcp,5988,s0)
@@ -154,12 +167,20 @@ network_port(pegasus_http, tcp,5988,s0)
network_port(pegasus_https, tcp,5989,s0)
network_port(pgpkeyserver, udp, 11371,s0, tcp,11371,s0)
network_port(pingd, tcp,9125,s0)
@ -7163,7 +7188,7 @@ index 2ecdde8..bb4adcb 100644
network_port(printer, tcp,515,s0)
network_port(ptal, tcp,5703,s0)
network_port(pulseaudio, tcp,4713,s0)
@@ -174,24 +194,28 @@ network_port(ricci, tcp,11111,s0, udp,11111,s0)
@@ -174,24 +195,28 @@ network_port(ricci, tcp,11111,s0, udp,11111,s0)
network_port(ricci_modcluster, tcp,16851,s0, udp,16851,s0)
network_port(rlogind, tcp,513,s0)
network_port(rndc, tcp,953,s0)
@ -7196,7 +7221,7 @@ index 2ecdde8..bb4adcb 100644
network_port(syslogd, udp,514,s0)
network_port(telnetd, tcp,23,s0)
network_port(tftp, udp,69,s0)
@@ -201,16 +225,17 @@ network_port(transproxy, tcp,8081,s0)
@@ -201,16 +226,17 @@ network_port(transproxy, tcp,8081,s0)
network_port(ups, tcp,3493,s0)
type utcpserver_port_t, port_type; dnl network_port(utcpserver) # no defined portcon
network_port(uucpd, tcp,540,s0)
@ -8818,7 +8843,7 @@ index 437a42a..8d6d333 100644
+')
+
diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
index 0dff98e..930062c 100644
index 0dff98e..31ebaa7 100644
--- a/policy/modules/kernel/filesystem.te
+++ b/policy/modules/kernel/filesystem.te
@@ -52,6 +52,7 @@ type anon_inodefs_t;
@ -8842,7 +8867,14 @@ index 0dff98e..930062c 100644
genfscon cgroup / gen_context(system_u:object_r:cgroup_t,s0)
type configfs_t;
@@ -106,6 +108,15 @@ fs_type(ibmasmfs_t)
@@ -100,12 +102,22 @@ type hugetlbfs_t;
fs_type(hugetlbfs_t)
files_mountpoint(hugetlbfs_t)
fs_use_trans hugetlbfs gen_context(system_u:object_r:hugetlbfs_t,s0);
+dev_associate_sysfs(hugetlbfs_t)
type ibmasmfs_t;
fs_type(ibmasmfs_t)
allow ibmasmfs_t self:filesystem associate;
genfscon ibmasmfs / gen_context(system_u:object_r:ibmasmfs_t,s0)
@ -8858,7 +8890,7 @@ index 0dff98e..930062c 100644
type inotifyfs_t;
fs_type(inotifyfs_t)
genfscon inotifyfs / gen_context(system_u:object_r:inotifyfs_t,s0)
@@ -148,6 +159,12 @@ fs_type(squash_t)
@@ -148,6 +160,12 @@ fs_type(squash_t)
genfscon squash / gen_context(system_u:object_r:squash_t,s0)
files_mountpoint(squash_t)
@ -8871,7 +8903,7 @@ index 0dff98e..930062c 100644
type vmblock_t;
fs_noxattr_type(vmblock_t)
files_mountpoint(vmblock_t)
@@ -168,6 +185,7 @@ fs_type(tmpfs_t)
@@ -168,6 +186,7 @@ fs_type(tmpfs_t)
files_type(tmpfs_t)
files_mountpoint(tmpfs_t)
files_poly_parent(tmpfs_t)
@ -8879,7 +8911,7 @@ index 0dff98e..930062c 100644
# Use a transition SID based on the allocating task SID and the
# filesystem SID to label inodes in the following filesystem types,
@@ -247,6 +265,7 @@ genfscon udf / gen_context(system_u:object_r:iso9660_t,s0)
@@ -247,6 +266,7 @@ genfscon udf / gen_context(system_u:object_r:iso9660_t,s0)
type removable_t;
allow removable_t noxattrfs:filesystem associate;
fs_noxattr_type(removable_t)
@ -11746,6 +11778,158 @@ index 97c9cae..c24bd66 100644
optional_policy(`
ccs_stream_connect(aisexec_t)
')
diff --git a/policy/modules/services/ajaxterm.fc b/policy/modules/services/ajaxterm.fc
new file mode 100644
index 0000000..aeb1888
--- /dev/null
+++ b/policy/modules/services/ajaxterm.fc
@@ -0,0 +1,6 @@
+
+/etc/rc\.d/init\.d/ajaxterm -- gen_context(system_u:object_r:ajaxterm_initrc_exec_t,s0)
+
+/usr/share/ajaxterm/ajaxterm\.py -- gen_context(system_u:object_r:ajaxterm_exec_t,s0)
+
+/var/run/ajaxterm\.pid -- gen_context(system_u:object_r:ajaxterm_var_run_t,s0)
diff --git a/policy/modules/services/ajaxterm.if b/policy/modules/services/ajaxterm.if
new file mode 100644
index 0000000..581ae6e
--- /dev/null
+++ b/policy/modules/services/ajaxterm.if
@@ -0,0 +1,72 @@
+
+## <summary>policy for ajaxterm</summary>
+
+########################################
+## <summary>
+## Execute a domain transition to run ajaxterm.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`ajaxterm_domtrans',`
+ gen_require(`
+ type ajaxterm_t, ajaxterm_exec_t;
+ ')
+
+ domtrans_pattern($1, ajaxterm_exec_t, ajaxterm_t)
+')
+
+
+########################################
+## <summary>
+## Execute ajaxterm server in the ajaxterm domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## The type of the process performing this action.
+## </summary>
+## </param>
+#
+interface(`ajaxterm_initrc_domtrans',`
+ gen_require(`
+ type ajaxterm_initrc_exec_t;
+ ')
+
+ init_labeled_script_domtrans($1, ajaxterm_initrc_exec_t)
+')
+
+########################################
+## <summary>
+## All of the rules required to administrate
+## an ajaxterm environment
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="role">
+## <summary>
+## Role allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`ajaxterm_admin',`
+ gen_require(`
+ type ajaxterm_t;
+ type ajaxterm_initrc_exec_t;
+ ')
+
+ allow $1 ajaxterm_t:process { ptrace signal_perms };
+ ps_process_pattern($1, ajaxterm_t)
+
+ ajaxterm_initrc_domtrans($1)
+ domain_system_change_exemption($1)
+ role_transition $2 ajaxterm_initrc_exec_t system_r;
+ allow $2 system_r;
+
+')
diff --git a/policy/modules/services/ajaxterm.te b/policy/modules/services/ajaxterm.te
new file mode 100644
index 0000000..3441758
--- /dev/null
+++ b/policy/modules/services/ajaxterm.te
@@ -0,0 +1,56 @@
+policy_module(ajaxterm,1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type ajaxterm_t;
+type ajaxterm_exec_t;
+init_daemon_domain(ajaxterm_t, ajaxterm_exec_t)
+
+type ajaxterm_initrc_exec_t;
+init_script_file(ajaxterm_initrc_exec_t)
+
+type ajaxterm_var_run_t;
+files_pid_file(ajaxterm_var_run_t)
+
+type ajaxterm_devpts_t;
+term_login_pty(ajaxterm_devpts_t)
+
+permissive ajaxterm_t;
+
+########################################
+#
+# ajaxterm local policy
+#
+allow ajaxterm_t self:capability setuid;
+allow ajaxterm_t self:process setpgid;
+allow ajaxterm_t self:fifo_file rw_fifo_file_perms;
+allow ajaxterm_t self:unix_stream_socket create_stream_socket_perms;
+allow ajaxterm_t self:tcp_socket create_stream_socket_perms;
+
+allow ajaxterm_t ajaxterm_devpts_t:chr_file { rw_chr_file_perms setattr getattr relabelfrom };
+term_create_pty(ajaxterm_t, ajaxterm_devpts_t)
+
+manage_dirs_pattern(ajaxterm_t, ajaxterm_var_run_t, ajaxterm_var_run_t)
+manage_files_pattern(ajaxterm_t, ajaxterm_var_run_t, ajaxterm_var_run_t)
+files_pid_filetrans(ajaxterm_t, ajaxterm_var_run_t, { file dir })
+
+kernel_read_system_state(ajaxterm_t)
+
+corecmd_exec_bin(ajaxterm_t)
+
+corenet_tcp_bind_generic_node(ajaxterm_t)
+corenet_tcp_bind_ajaxterm_port(ajaxterm_t)
+
+dev_read_urand(ajaxterm_t)
+
+domain_use_interactive_fds(ajaxterm_t)
+
+files_read_etc_files(ajaxterm_t)
+files_read_usr_files(ajaxterm_t)
+
+miscfiles_read_localization(ajaxterm_t)
+
+sysnet_dns_name_resolve(ajaxterm_t)
diff --git a/policy/modules/services/amavis.if b/policy/modules/services/amavis.if
index adb3d5f..de26af5 100644
--- a/policy/modules/services/amavis.if
@ -15860,7 +16044,7 @@ index 2a0f1c1..ab82c3c 100644
snmp_dontaudit_write_snmp_var_lib_files(cyrus_t)
snmp_stream_connect(cyrus_t)
diff --git a/policy/modules/services/dbus.if b/policy/modules/services/dbus.if
index 39e901a..63c82b7 100644
index 39e901a..87fc055 100644
--- a/policy/modules/services/dbus.if
+++ b/policy/modules/services/dbus.if
@@ -42,8 +42,10 @@ template(`dbus_role_template',`
@ -15971,7 +16155,7 @@ index 39e901a..63c82b7 100644
+#
+interface(`dbus_delete_pid_files',`
+ gen_require(`
+ type dbus_var_run_t;
+ type system_dbusd_var_run_t;
+ ')
+
+ delete_files_pattern($1, system_dbusd_var_run_t, system_dbusd_var_run_t)
@ -20764,7 +20948,7 @@ index 4996f62..975deca 100644
kernel_read_kernel_sysctls(openct_t)
kernel_list_proc(openct_t)
diff --git a/policy/modules/services/openvpn.te b/policy/modules/services/openvpn.te
index f3d5790..196f2a2 100644
index f3d5790..80161cd 100644
--- a/policy/modules/services/openvpn.te
+++ b/policy/modules/services/openvpn.te
@@ -24,6 +24,9 @@ files_config_file(openvpn_etc_t)
@ -20808,7 +20992,7 @@ index f3d5790..196f2a2 100644
corecmd_exec_bin(openvpn_t)
corecmd_exec_shell(openvpn_t)
@@ -113,6 +121,8 @@ sysnet_manage_config(openvpn_t)
@@ -113,9 +121,11 @@ sysnet_manage_config(openvpn_t)
sysnet_etc_filetrans_config(openvpn_t)
userdom_use_user_terminals(openvpn_t)
@ -20816,7 +21000,11 @@ index f3d5790..196f2a2 100644
+userdom_attach_admin_tun_iface(openvpn_t)
tunable_policy(`openvpn_enable_homedirs',`
userdom_read_user_home_content_files(openvpn_t)
- userdom_read_user_home_content_files(openvpn_t)
+ userdom_search_user_home_dirs(openvpn_t)
')
tunable_policy(`openvpn_enable_homedirs && use_nfs_home_dirs',`
@@ -138,3 +148,7 @@ optional_policy(`
networkmanager_dbus_chat(openvpn_t)

5
selinux-policy.spec
View File

@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.9.3
Release: 2%{?dist}
Release: 3%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@ -469,6 +469,9 @@ exit 0
%endif
%changelog
* Thu Sep 8 2010 Dan Walsh <dwalsh@redhat.com> 3.9.3-3
- Add policy for ajaxterm
* Wed Sep 8 2010 Dan Walsh <dwalsh@redhat.com> 3.9.3-2
- Handle /var/db/sudo
- Allow pulseaudio to read alsa config