- Allow nsplugin to look at autofs_t directory
This commit is contained in:
parent
de61cc7d10
commit
3281238148
@ -1545,7 +1545,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+')
|
+')
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-3.5.13/policy/modules/admin/vbetool.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-3.5.13/policy/modules/admin/vbetool.te
|
||||||
--- nsaserefpolicy/policy/modules/admin/vbetool.te 2008-08-07 11:15:13.000000000 -0400
|
--- nsaserefpolicy/policy/modules/admin/vbetool.te 2008-08-07 11:15:13.000000000 -0400
|
||||||
+++ serefpolicy-3.5.13/policy/modules/admin/vbetool.te 2008-10-17 10:31:26.000000000 -0400
|
+++ serefpolicy-3.5.13/policy/modules/admin/vbetool.te 2008-10-23 17:12:42.000000000 -0400
|
||||||
@@ -23,6 +23,9 @@
|
@@ -23,6 +23,9 @@
|
||||||
dev_rwx_zero(vbetool_t)
|
dev_rwx_zero(vbetool_t)
|
||||||
dev_read_sysfs(vbetool_t)
|
dev_read_sysfs(vbetool_t)
|
||||||
@ -1556,7 +1556,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
term_use_unallocated_ttys(vbetool_t)
|
term_use_unallocated_ttys(vbetool_t)
|
||||||
|
|
||||||
libs_use_ld_so(vbetool_t)
|
libs_use_ld_so(vbetool_t)
|
||||||
@@ -35,3 +38,8 @@
|
@@ -35,3 +38,9 @@
|
||||||
hal_write_log(vbetool_t)
|
hal_write_log(vbetool_t)
|
||||||
hal_dontaudit_append_lib_files(vbetool_t)
|
hal_dontaudit_append_lib_files(vbetool_t)
|
||||||
')
|
')
|
||||||
@ -1565,6 +1565,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+ xserver_exec_pid(vbetool_t)
|
+ xserver_exec_pid(vbetool_t)
|
||||||
+ xserver_write_pid(vbetool_t)
|
+ xserver_write_pid(vbetool_t)
|
||||||
+')
|
+')
|
||||||
|
+
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if serefpolicy-3.5.13/policy/modules/admin/vpn.if
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if serefpolicy-3.5.13/policy/modules/admin/vpn.if
|
||||||
--- nsaserefpolicy/policy/modules/admin/vpn.if 2008-10-08 19:00:27.000000000 -0400
|
--- nsaserefpolicy/policy/modules/admin/vpn.if 2008-10-08 19:00:27.000000000 -0400
|
||||||
+++ serefpolicy-3.5.13/policy/modules/admin/vpn.if 2008-10-17 10:31:26.000000000 -0400
|
+++ serefpolicy-3.5.13/policy/modules/admin/vpn.if 2008-10-17 10:31:26.000000000 -0400
|
||||||
@ -4059,8 +4060,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+
|
+
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.fc serefpolicy-3.5.13/policy/modules/apps/nsplugin.fc
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.fc serefpolicy-3.5.13/policy/modules/apps/nsplugin.fc
|
||||||
--- nsaserefpolicy/policy/modules/apps/nsplugin.fc 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/apps/nsplugin.fc 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.5.13/policy/modules/apps/nsplugin.fc 2008-10-17 10:31:26.000000000 -0400
|
+++ serefpolicy-3.5.13/policy/modules/apps/nsplugin.fc 2008-10-23 14:40:47.000000000 -0400
|
||||||
@@ -0,0 +1,9 @@
|
@@ -0,0 +1,10 @@
|
||||||
+
|
+
|
||||||
+/usr/lib(64)?/nspluginwrapper/npviewer.bin -- gen_context(system_u:object_r:nsplugin_exec_t,s0)
|
+/usr/lib(64)?/nspluginwrapper/npviewer.bin -- gen_context(system_u:object_r:nsplugin_exec_t,s0)
|
||||||
+/usr/lib(64)?/nspluginwrapper/plugin-config -- gen_context(system_u:object_r:nsplugin_config_exec_t,s0)
|
+/usr/lib(64)?/nspluginwrapper/plugin-config -- gen_context(system_u:object_r:nsplugin_config_exec_t,s0)
|
||||||
@ -4069,7 +4070,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+HOME_DIR/\.adobe(/.*)? gen_context(system_u:object_r:nsplugin_home_t,s0)
|
+HOME_DIR/\.adobe(/.*)? gen_context(system_u:object_r:nsplugin_home_t,s0)
|
||||||
+HOME_DIR/\.macromedia(/.*)? gen_context(system_u:object_r:nsplugin_home_t,s0)
|
+HOME_DIR/\.macromedia(/.*)? gen_context(system_u:object_r:nsplugin_home_t,s0)
|
||||||
+HOME_DIR/\.gstreamer-.* gen_context(system_u:object_r:nsplugin_home_t,s0)
|
+HOME_DIR/\.gstreamer-.* gen_context(system_u:object_r:nsplugin_home_t,s0)
|
||||||
+HOME_DIR/\.config/totem(/.*)? gen_context(system_u:object_r:nsplugin_home_t,s0)
|
+HOME_DIR/\.config/totem(/.*)? gen_context(system_u:object_r:nsplugin_home_t,s0)
|
||||||
|
+HOME_DIR/\.gcjwebplugin(/.*)? gen_context(system_u:object_r:nsplugin_home_t,s0)
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.5.13/policy/modules/apps/nsplugin.if
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.5.13/policy/modules/apps/nsplugin.if
|
||||||
--- nsaserefpolicy/policy/modules/apps/nsplugin.if 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/apps/nsplugin.if 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.5.13/policy/modules/apps/nsplugin.if 2008-10-20 09:36:38.000000000 -0400
|
+++ serefpolicy-3.5.13/policy/modules/apps/nsplugin.if 2008-10-20 09:36:38.000000000 -0400
|
||||||
@ -4373,8 +4375,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+')
|
+')
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.5.13/policy/modules/apps/nsplugin.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.5.13/policy/modules/apps/nsplugin.te
|
||||||
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.5.13/policy/modules/apps/nsplugin.te 2008-10-17 16:06:37.000000000 -0400
|
+++ serefpolicy-3.5.13/policy/modules/apps/nsplugin.te 2008-10-23 14:17:48.000000000 -0400
|
||||||
@@ -0,0 +1,253 @@
|
@@ -0,0 +1,255 @@
|
||||||
+
|
+
|
||||||
+policy_module(nsplugin, 1.0.0)
|
+policy_module(nsplugin, 1.0.0)
|
||||||
+
|
+
|
||||||
@ -4456,6 +4458,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+corenet_tcp_connect_streaming_port(nsplugin_t)
|
+corenet_tcp_connect_streaming_port(nsplugin_t)
|
||||||
+corenet_tcp_connect_pulseaudio_port(nsplugin_t)
|
+corenet_tcp_connect_pulseaudio_port(nsplugin_t)
|
||||||
+corenet_tcp_connect_http_port(nsplugin_t)
|
+corenet_tcp_connect_http_port(nsplugin_t)
|
||||||
|
+corenet_tcp_connect_http_cache_port(nsplugin_t)
|
||||||
+corenet_tcp_sendrecv_generic_if(nsplugin_t)
|
+corenet_tcp_sendrecv_generic_if(nsplugin_t)
|
||||||
+corenet_tcp_sendrecv_all_nodes(nsplugin_t)
|
+corenet_tcp_sendrecv_all_nodes(nsplugin_t)
|
||||||
+
|
+
|
||||||
@ -4480,6 +4483,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+fs_list_inotifyfs(nsplugin_t)
|
+fs_list_inotifyfs(nsplugin_t)
|
||||||
+fs_getattr_tmpfs(nsplugin_t)
|
+fs_getattr_tmpfs(nsplugin_t)
|
||||||
+fs_getattr_xattr_fs(nsplugin_t)
|
+fs_getattr_xattr_fs(nsplugin_t)
|
||||||
|
+fs_search_auto_mountpoints(nsplugin_t)
|
||||||
+
|
+
|
||||||
+storage_dontaudit_getattr_fixed_disk_dev(nsplugin_t)
|
+storage_dontaudit_getattr_fixed_disk_dev(nsplugin_t)
|
||||||
+
|
+
|
||||||
@ -6168,7 +6172,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
########################################
|
########################################
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.5.13/policy/modules/kernel/corenetwork.te.in
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.5.13/policy/modules/kernel/corenetwork.te.in
|
||||||
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2008-10-14 11:58:07.000000000 -0400
|
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2008-10-14 11:58:07.000000000 -0400
|
||||||
+++ serefpolicy-3.5.13/policy/modules/kernel/corenetwork.te.in 2008-10-23 08:53:02.000000000 -0400
|
+++ serefpolicy-3.5.13/policy/modules/kernel/corenetwork.te.in 2008-10-23 14:24:15.000000000 -0400
|
||||||
@@ -79,6 +79,7 @@
|
@@ -79,6 +79,7 @@
|
||||||
network_port(auth, tcp,113,s0)
|
network_port(auth, tcp,113,s0)
|
||||||
network_port(bgp, tcp,179,s0, udp,179,s0, tcp,2605,s0, udp,2605,s0)
|
network_port(bgp, tcp,179,s0, udp,179,s0, tcp,2605,s0, udp,2605,s0)
|
||||||
@ -6181,7 +6185,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
network_port(distccd, tcp,3632,s0)
|
network_port(distccd, tcp,3632,s0)
|
||||||
network_port(dns, udp,53,s0, tcp,53,s0)
|
network_port(dns, udp,53,s0, tcp,53,s0)
|
||||||
network_port(fingerd, tcp,79,s0)
|
network_port(fingerd, tcp,79,s0)
|
||||||
+network_port(flash, tcp,1935,s0, udp,1935,s0)
|
+network_port(flash, tcp,843,s0, tcp,1935,s0, udp,1935,s0)
|
||||||
network_port(ftp_data, tcp,20,s0)
|
network_port(ftp_data, tcp,20,s0)
|
||||||
network_port(ftp, tcp,21,s0)
|
network_port(ftp, tcp,21,s0)
|
||||||
network_port(gatekeeper, udp,1718,s0, udp,1719,s0, tcp,1721,s0, tcp,7000,s0)
|
network_port(gatekeeper, udp,1718,s0, udp,1719,s0, tcp,1721,s0, tcp,7000,s0)
|
||||||
@ -10557,7 +10561,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+')
|
+')
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.5.13/policy/modules/services/apache.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.5.13/policy/modules/services/apache.te
|
||||||
--- nsaserefpolicy/policy/modules/services/apache.te 2008-10-16 17:21:16.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/apache.te 2008-10-16 17:21:16.000000000 -0400
|
||||||
+++ serefpolicy-3.5.13/policy/modules/services/apache.te 2008-10-23 08:58:26.000000000 -0400
|
+++ serefpolicy-3.5.13/policy/modules/services/apache.te 2008-10-23 10:30:58.000000000 -0400
|
||||||
@@ -20,6 +20,8 @@
|
@@ -20,6 +20,8 @@
|
||||||
# Declarations
|
# Declarations
|
||||||
#
|
#
|
||||||
@ -12387,7 +12391,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+/var/lib/glpi/files(/.*)? gen_context(system_u:object_r:cron_var_lib_t,s0)
|
+/var/lib/glpi/files(/.*)? gen_context(system_u:object_r:cron_var_lib_t,s0)
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.5.13/policy/modules/services/cron.if
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.5.13/policy/modules/services/cron.if
|
||||||
--- nsaserefpolicy/policy/modules/services/cron.if 2008-08-07 11:15:11.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/cron.if 2008-08-07 11:15:11.000000000 -0400
|
||||||
+++ serefpolicy-3.5.13/policy/modules/services/cron.if 2008-10-17 10:31:27.000000000 -0400
|
+++ serefpolicy-3.5.13/policy/modules/services/cron.if 2008-10-23 17:00:09.000000000 -0400
|
||||||
@@ -35,39 +35,24 @@
|
@@ -35,39 +35,24 @@
|
||||||
#
|
#
|
||||||
template(`cron_per_role_template',`
|
template(`cron_per_role_template',`
|
||||||
@ -12691,7 +12695,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -584,3 +500,45 @@
|
@@ -584,3 +500,64 @@
|
||||||
|
|
||||||
dontaudit $1 system_crond_tmp_t:file append;
|
dontaudit $1 system_crond_tmp_t:file append;
|
||||||
')
|
')
|
||||||
@ -12737,6 +12741,25 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+
|
+
|
||||||
+ read_files_pattern($1, system_crond_var_lib_t, system_crond_var_lib_t)
|
+ read_files_pattern($1, system_crond_var_lib_t, system_crond_var_lib_t)
|
||||||
+')
|
+')
|
||||||
|
+
|
||||||
|
+########################################
|
||||||
|
+## <summary>
|
||||||
|
+## Manage lib files used by cron
|
||||||
|
+## </summary>
|
||||||
|
+## <param name="domain">
|
||||||
|
+## <summary>
|
||||||
|
+## Domain allowed access.
|
||||||
|
+## </summary>
|
||||||
|
+## </param>
|
||||||
|
+#
|
||||||
|
+interface(`cron_manage_lib_files',`
|
||||||
|
+ gen_require(`
|
||||||
|
+ type crond_var_lib_t;
|
||||||
|
+ ')
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+ manage_files_pattern($1, crond_var_lib_t, crond_var_lib_t)
|
||||||
|
+')
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.5.13/policy/modules/services/cron.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.5.13/policy/modules/services/cron.te
|
||||||
--- nsaserefpolicy/policy/modules/services/cron.te 2008-08-07 11:15:11.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/cron.te 2008-08-07 11:15:11.000000000 -0400
|
||||||
+++ serefpolicy-3.5.13/policy/modules/services/cron.te 2008-10-17 10:31:27.000000000 -0400
|
+++ serefpolicy-3.5.13/policy/modules/services/cron.te 2008-10-17 10:31:27.000000000 -0400
|
||||||
@ -14439,8 +14462,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
/var/run/dnsmasq\.pid -- gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
|
/var/run/dnsmasq\.pid -- gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.if serefpolicy-3.5.13/policy/modules/services/dnsmasq.if
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.if serefpolicy-3.5.13/policy/modules/services/dnsmasq.if
|
||||||
--- nsaserefpolicy/policy/modules/services/dnsmasq.if 2008-08-07 11:15:11.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/dnsmasq.if 2008-08-07 11:15:11.000000000 -0400
|
||||||
+++ serefpolicy-3.5.13/policy/modules/services/dnsmasq.if 2008-10-17 10:31:27.000000000 -0400
|
+++ serefpolicy-3.5.13/policy/modules/services/dnsmasq.if 2008-10-23 17:21:21.000000000 -0400
|
||||||
@@ -1 +1,137 @@
|
@@ -1 +1,156 @@
|
||||||
## <summary>dnsmasq DNS forwarder and DHCP server</summary>
|
## <summary>dnsmasq DNS forwarder and DHCP server</summary>
|
||||||
+
|
+
|
||||||
+########################################
|
+########################################
|
||||||
@ -14543,6 +14566,25 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+
|
+
|
||||||
+########################################
|
+########################################
|
||||||
+## <summary>
|
+## <summary>
|
||||||
|
+## Send dnsmasq a sigkill
|
||||||
|
+## </summary>
|
||||||
|
+## <param name="domain">
|
||||||
|
+## <summary>
|
||||||
|
+## Domain allowed access.
|
||||||
|
+## </summary>
|
||||||
|
+## </param>
|
||||||
|
+#
|
||||||
|
+#
|
||||||
|
+interface(`dnsmasq_delete_pid_files',`
|
||||||
|
+ gen_require(`
|
||||||
|
+ type dnsmasq_var_run_t;
|
||||||
|
+ ')
|
||||||
|
+
|
||||||
|
+ delete_files_pattern($1, dnsmasq_var_run_t, dnsmasq_var_run_t)
|
||||||
|
+')
|
||||||
|
+
|
||||||
|
+########################################
|
||||||
|
+## <summary>
|
||||||
+## All of the rules required to administrate
|
+## All of the rules required to administrate
|
||||||
+## an dnsmasq environment
|
+## an dnsmasq environment
|
||||||
+## </summary>
|
+## </summary>
|
||||||
@ -14580,7 +14622,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+')
|
+')
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.5.13/policy/modules/services/dnsmasq.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.5.13/policy/modules/services/dnsmasq.te
|
||||||
--- nsaserefpolicy/policy/modules/services/dnsmasq.te 2008-10-16 17:21:16.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/dnsmasq.te 2008-10-16 17:21:16.000000000 -0400
|
||||||
+++ serefpolicy-3.5.13/policy/modules/services/dnsmasq.te 2008-10-17 10:31:27.000000000 -0400
|
+++ serefpolicy-3.5.13/policy/modules/services/dnsmasq.te 2008-10-23 16:59:49.000000000 -0400
|
||||||
@@ -10,6 +10,9 @@
|
@@ -10,6 +10,9 @@
|
||||||
type dnsmasq_exec_t;
|
type dnsmasq_exec_t;
|
||||||
init_daemon_domain(dnsmasq_t, dnsmasq_exec_t)
|
init_daemon_domain(dnsmasq_t, dnsmasq_exec_t)
|
||||||
@ -14619,6 +14661,31 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
corenet_sendrecv_dns_server_packets(dnsmasq_t)
|
corenet_sendrecv_dns_server_packets(dnsmasq_t)
|
||||||
corenet_sendrecv_dhcpd_server_packets(dnsmasq_t)
|
corenet_sendrecv_dhcpd_server_packets(dnsmasq_t)
|
||||||
|
|
||||||
|
@@ -71,6 +73,8 @@
|
||||||
|
fs_getattr_all_fs(dnsmasq_t)
|
||||||
|
fs_search_auto_mountpoints(dnsmasq_t)
|
||||||
|
|
||||||
|
+auth_use_nsswitch(dnsmasq_t)
|
||||||
|
+
|
||||||
|
libs_use_ld_so(dnsmasq_t)
|
||||||
|
libs_use_shared_libs(dnsmasq_t)
|
||||||
|
|
||||||
|
@@ -78,14 +82,12 @@
|
||||||
|
|
||||||
|
miscfiles_read_localization(dnsmasq_t)
|
||||||
|
|
||||||
|
-sysnet_read_config(dnsmasq_t)
|
||||||
|
-
|
||||||
|
userdom_dontaudit_use_unpriv_user_fds(dnsmasq_t)
|
||||||
|
|
||||||
|
sysadm_dontaudit_search_home_dirs(dnsmasq_t)
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
- nis_use_ypbind(dnsmasq_t)
|
||||||
|
+ cron_manage_lib_files(crond_var_lib_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
@@ -95,3 +97,7 @@
|
@@ -95,3 +97,7 @@
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
udev_read_db(dnsmasq_t)
|
udev_read_db(dnsmasq_t)
|
||||||
@ -15569,7 +15636,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+')
|
+')
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.5.13/policy/modules/services/hal.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.5.13/policy/modules/services/hal.te
|
||||||
--- nsaserefpolicy/policy/modules/services/hal.te 2008-08-07 11:15:11.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/hal.te 2008-08-07 11:15:11.000000000 -0400
|
||||||
+++ serefpolicy-3.5.13/policy/modules/services/hal.te 2008-10-17 10:31:27.000000000 -0400
|
+++ serefpolicy-3.5.13/policy/modules/services/hal.te 2008-10-23 10:40:11.000000000 -0400
|
||||||
@@ -49,6 +49,9 @@
|
@@ -49,6 +49,9 @@
|
||||||
type hald_var_lib_t;
|
type hald_var_lib_t;
|
||||||
files_type(hald_var_lib_t)
|
files_type(hald_var_lib_t)
|
||||||
@ -15601,7 +15668,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
rpc_search_nfs_state_data(hald_t)
|
rpc_search_nfs_state_data(hald_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -300,6 +310,10 @@
|
@@ -300,12 +310,16 @@
|
||||||
vbetool_domtrans(hald_t)
|
vbetool_domtrans(hald_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -15612,6 +15679,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# Hal acl local policy
|
# Hal acl local policy
|
||||||
|
#
|
||||||
|
|
||||||
|
-allow hald_acl_t self:capability { dac_override fowner };
|
||||||
|
+allow hald_acl_t self:capability { dac_override fowner sys_resource };
|
||||||
|
allow hald_acl_t self:process { getattr signal };
|
||||||
|
allow hald_acl_t self:fifo_file rw_fifo_file_perms;
|
||||||
|
|
||||||
@@ -344,13 +358,22 @@
|
@@ -344,13 +358,22 @@
|
||||||
libs_use_ld_so(hald_acl_t)
|
libs_use_ld_so(hald_acl_t)
|
||||||
libs_use_shared_libs(hald_acl_t)
|
libs_use_shared_libs(hald_acl_t)
|
||||||
@ -16800,7 +16874,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
#
|
#
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.5.13/policy/modules/services/networkmanager.fc
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.5.13/policy/modules/services/networkmanager.fc
|
||||||
--- nsaserefpolicy/policy/modules/services/networkmanager.fc 2008-09-24 09:07:28.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/networkmanager.fc 2008-09-24 09:07:28.000000000 -0400
|
||||||
+++ serefpolicy-3.5.13/policy/modules/services/networkmanager.fc 2008-10-17 10:31:27.000000000 -0400
|
+++ serefpolicy-3.5.13/policy/modules/services/networkmanager.fc 2008-10-23 16:31:49.000000000 -0400
|
||||||
@@ -1,8 +1,12 @@
|
@@ -1,8 +1,12 @@
|
||||||
+/etc/NetworkManager/dispatcher\.d(/.*) gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
|
+/etc/NetworkManager/dispatcher\.d(/.*) gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
|
||||||
+
|
+
|
||||||
@ -16821,7 +16895,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+/var/run/nm-dhclient.* gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
|
+/var/run/nm-dhclient.* gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.5.13/policy/modules/services/networkmanager.if
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.5.13/policy/modules/services/networkmanager.if
|
||||||
--- nsaserefpolicy/policy/modules/services/networkmanager.if 2008-09-11 11:28:34.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/networkmanager.if 2008-09-11 11:28:34.000000000 -0400
|
||||||
+++ serefpolicy-3.5.13/policy/modules/services/networkmanager.if 2008-10-17 10:31:27.000000000 -0400
|
+++ serefpolicy-3.5.13/policy/modules/services/networkmanager.if 2008-10-23 16:34:49.000000000 -0400
|
||||||
@@ -118,6 +118,24 @@
|
@@ -118,6 +118,24 @@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -16849,7 +16923,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.5.13/policy/modules/services/networkmanager.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.5.13/policy/modules/services/networkmanager.te
|
||||||
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2008-10-14 11:58:09.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2008-10-14 11:58:09.000000000 -0400
|
||||||
+++ serefpolicy-3.5.13/policy/modules/services/networkmanager.te 2008-10-17 10:31:27.000000000 -0400
|
+++ serefpolicy-3.5.13/policy/modules/services/networkmanager.te 2008-10-23 16:47:42.000000000 -0400
|
||||||
@@ -33,9 +33,9 @@
|
@@ -33,9 +33,9 @@
|
||||||
|
|
||||||
# networkmanager will ptrace itself if gdb is installed
|
# networkmanager will ptrace itself if gdb is installed
|
||||||
@ -16878,7 +16952,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
kernel_read_kernel_sysctls(NetworkManager_t)
|
kernel_read_kernel_sysctls(NetworkManager_t)
|
||||||
kernel_load_module(NetworkManager_t)
|
kernel_load_module(NetworkManager_t)
|
||||||
+kernel_read_debugfs(NetworkManager_t)
|
+kernel_read_debugfs(NetworkManager_t)
|
||||||
+kernel_search_network_sysctl(NetworkManager_t)
|
+kernel_rw_net_sysctls(NetworkManager_t)
|
||||||
|
|
||||||
corenet_all_recvfrom_unlabeled(NetworkManager_t)
|
corenet_all_recvfrom_unlabeled(NetworkManager_t)
|
||||||
corenet_all_recvfrom_netlabel(NetworkManager_t)
|
corenet_all_recvfrom_netlabel(NetworkManager_t)
|
||||||
@ -16950,13 +17024,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
bind_domtrans(NetworkManager_t)
|
bind_domtrans(NetworkManager_t)
|
||||||
bind_manage_cache(NetworkManager_t)
|
bind_manage_cache(NetworkManager_t)
|
||||||
|
+ bind_sigkill(NetworkManager_t)
|
||||||
bind_signal(NetworkManager_t)
|
bind_signal(NetworkManager_t)
|
||||||
+ bind_signull(NetworkManager_t)
|
+ bind_signull(NetworkManager_t)
|
||||||
+ bind_sigkill(NetworkManager_t)
|
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -151,8 +173,18 @@
|
@@ -151,8 +173,20 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -16966,9 +17040,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
|
+ dnsmasq_delete_pid_files(NetworkManager_t)
|
||||||
|
+ dnsmasq_domtrans(NetworkManager_t)
|
||||||
+ dnsmasq_initrc_domtrans(NetworkManager_t)
|
+ dnsmasq_initrc_domtrans(NetworkManager_t)
|
||||||
+ dnsmasq_signal(NetworkManager_t)
|
|
||||||
+ dnsmasq_sigkill(NetworkManager_t)
|
+ dnsmasq_sigkill(NetworkManager_t)
|
||||||
|
+ dnsmasq_signal(NetworkManager_t)
|
||||||
+ dnsmasq_signull(NetworkManager_t)
|
+ dnsmasq_signull(NetworkManager_t)
|
||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
@ -16977,7 +17053,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -160,23 +192,48 @@
|
@@ -160,23 +194,48 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -17001,9 +17077,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
openvpn_domtrans(NetworkManager_t)
|
openvpn_domtrans(NetworkManager_t)
|
||||||
|
+ openvpn_sigkill(NetworkManager_t)
|
||||||
openvpn_signal(NetworkManager_t)
|
openvpn_signal(NetworkManager_t)
|
||||||
+ openvpn_signull(NetworkManager_t)
|
+ openvpn_signull(NetworkManager_t)
|
||||||
+ openvpn_sigkill(NetworkManager_t)
|
|
||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
@ -17028,7 +17104,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -194,7 +251,9 @@
|
@@ -194,7 +253,9 @@
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
vpn_domtrans(NetworkManager_t)
|
vpn_domtrans(NetworkManager_t)
|
||||||
@ -19615,7 +19691,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
')
|
')
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.5.13/policy/modules/services/prelude.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.5.13/policy/modules/services/prelude.te
|
||||||
--- nsaserefpolicy/policy/modules/services/prelude.te 2008-08-07 11:15:11.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/prelude.te 2008-08-07 11:15:11.000000000 -0400
|
||||||
+++ serefpolicy-3.5.13/policy/modules/services/prelude.te 2008-10-17 10:31:27.000000000 -0400
|
+++ serefpolicy-3.5.13/policy/modules/services/prelude.te 2008-10-23 14:47:03.000000000 -0400
|
||||||
@@ -13,25 +13,57 @@
|
@@ -13,25 +13,57 @@
|
||||||
type prelude_spool_t;
|
type prelude_spool_t;
|
||||||
files_type(prelude_spool_t)
|
files_type(prelude_spool_t)
|
||||||
@ -19717,7 +19793,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
|
|
||||||
dev_read_rand(prelude_audisp_t)
|
dev_read_rand(prelude_audisp_t)
|
||||||
dev_read_urand(prelude_audisp_t)
|
dev_read_urand(prelude_audisp_t)
|
||||||
@@ -117,15 +161,142 @@
|
@@ -117,15 +161,143 @@
|
||||||
# Init script handling
|
# Init script handling
|
||||||
domain_use_interactive_fds(prelude_audisp_t)
|
domain_use_interactive_fds(prelude_audisp_t)
|
||||||
|
|
||||||
@ -19833,6 +19909,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+files_search_var_lib(prelude_lml_t)
|
+files_search_var_lib(prelude_lml_t)
|
||||||
+
|
+
|
||||||
+fs_list_inotifyfs(prelude_lml_t)
|
+fs_list_inotifyfs(prelude_lml_t)
|
||||||
|
+fs_read_anon_inodefs_files(prelude_lml_t)
|
||||||
+
|
+
|
||||||
+kernel_read_sysctl(prelude_lml_t)
|
+kernel_read_sysctl(prelude_lml_t)
|
||||||
+
|
+
|
||||||
@ -19860,7 +19937,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# prewikka_cgi Declarations
|
# prewikka_cgi Declarations
|
||||||
@@ -134,6 +305,17 @@
|
@@ -134,6 +306,17 @@
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
apache_content_template(prewikka)
|
apache_content_template(prewikka)
|
||||||
files_read_etc_files(httpd_prewikka_script_t)
|
files_read_etc_files(httpd_prewikka_script_t)
|
||||||
@ -23883,7 +23960,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
corenet_tcp_connect_http_port(httpd_w3c_validator_script_t)
|
corenet_tcp_connect_http_port(httpd_w3c_validator_script_t)
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.5.13/policy/modules/services/xserver.fc
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.5.13/policy/modules/services/xserver.fc
|
||||||
--- nsaserefpolicy/policy/modules/services/xserver.fc 2008-08-07 11:15:11.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/xserver.fc 2008-08-07 11:15:11.000000000 -0400
|
||||||
+++ serefpolicy-3.5.13/policy/modules/services/xserver.fc 2008-10-17 10:31:27.000000000 -0400
|
+++ serefpolicy-3.5.13/policy/modules/services/xserver.fc 2008-10-23 17:11:34.000000000 -0400
|
||||||
@@ -1,13 +1,15 @@
|
@@ -1,13 +1,15 @@
|
||||||
#
|
#
|
||||||
# HOME_DIR
|
# HOME_DIR
|
||||||
@ -23962,7 +24039,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
/var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0)
|
/var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0)
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.5.13/policy/modules/services/xserver.if
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.5.13/policy/modules/services/xserver.if
|
||||||
--- nsaserefpolicy/policy/modules/services/xserver.if 2008-10-08 19:00:27.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/xserver.if 2008-10-08 19:00:27.000000000 -0400
|
||||||
+++ serefpolicy-3.5.13/policy/modules/services/xserver.if 2008-10-21 11:39:30.000000000 -0400
|
+++ serefpolicy-3.5.13/policy/modules/services/xserver.if 2008-10-23 17:14:25.000000000 -0400
|
||||||
@@ -16,6 +16,7 @@
|
@@ -16,6 +16,7 @@
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type xkb_var_lib_t, xserver_exec_t, xserver_log_t;
|
type xkb_var_lib_t, xserver_exec_t, xserver_log_t;
|
||||||
@ -25216,7 +25293,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
')
|
')
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.5.13/policy/modules/services/xserver.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.5.13/policy/modules/services/xserver.te
|
||||||
--- nsaserefpolicy/policy/modules/services/xserver.te 2008-10-16 17:21:16.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/xserver.te 2008-10-16 17:21:16.000000000 -0400
|
||||||
+++ serefpolicy-3.5.13/policy/modules/services/xserver.te 2008-10-17 10:31:27.000000000 -0400
|
+++ serefpolicy-3.5.13/policy/modules/services/xserver.te 2008-10-23 17:11:00.000000000 -0400
|
||||||
@@ -8,6 +8,14 @@
|
@@ -8,6 +8,14 @@
|
||||||
|
|
||||||
## <desc>
|
## <desc>
|
||||||
@ -26983,7 +27060,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
allow iscsid_t iscsi_tmp_t:dir manage_dir_perms;
|
allow iscsid_t iscsi_tmp_t:dir manage_dir_perms;
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.5.13/policy/modules/system/libraries.fc
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.5.13/policy/modules/system/libraries.fc
|
||||||
--- nsaserefpolicy/policy/modules/system/libraries.fc 2008-08-13 15:24:56.000000000 -0400
|
--- nsaserefpolicy/policy/modules/system/libraries.fc 2008-08-13 15:24:56.000000000 -0400
|
||||||
+++ serefpolicy-3.5.13/policy/modules/system/libraries.fc 2008-10-20 14:06:44.000000000 -0400
|
+++ serefpolicy-3.5.13/policy/modules/system/libraries.fc 2008-10-23 15:34:21.000000000 -0400
|
||||||
@@ -60,12 +60,15 @@
|
@@ -60,12 +60,15 @@
|
||||||
#
|
#
|
||||||
# /opt
|
# /opt
|
||||||
@ -27010,10 +27087,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
/opt/cisco-vpnclient/lib/libvpnapi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/opt/cisco-vpnclient/lib/libvpnapi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/opt/cxoffice/lib/wine/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/opt/cxoffice/lib/wine/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/opt/f-secure/fspms/libexec/librapi\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/opt/f-secure/fspms/libexec/librapi\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
@@ -115,9 +119,16 @@
|
@@ -115,9 +119,17 @@
|
||||||
|
|
||||||
/usr/(.*/)?nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/(.*/)?nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
|
|
||||||
|
+/usr/lib/vlc/video_chroma/libi420_rgb_mmx_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
+/usr/lib/vlc/codec/librealvideo_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
+/usr/lib/vlc/codec/librealvideo_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/usr/lib/vlc/codec/libdmo_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib/vlc/codec/libdmo_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/usr/lib/vlc/codec/librealaudio_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib/vlc/codec/librealaudio_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
@ -27027,7 +27105,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
/usr/(.*/)?lib(64)?(/.*)?/nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/(.*/)?lib(64)?(/.*)?/nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/usr/lib(64)?(/.*)?/nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib(64)?(/.*)?/nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/usr/lib(64)?/libsipphoneapi\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib(64)?/libsipphoneapi\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
@@ -133,6 +144,7 @@
|
@@ -133,6 +145,7 @@
|
||||||
/usr/lib(64)?/nvidia-graphics(-[^/]*/)?libnvidia.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib(64)?/nvidia-graphics(-[^/]*/)?libnvidia.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/usr/lib(64)?/nvidia-graphics(-[^/]*/)?libXvMCNVIDIA\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib(64)?/nvidia-graphics(-[^/]*/)?libXvMCNVIDIA\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/usr/lib(64)?/xorg/libGL\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib(64)?/xorg/libGL\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
@ -27035,7 +27113,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
/usr/lib(64)?/xulrunner-[^/]*/libgtkembedmoz\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib(64)?/xulrunner-[^/]*/libgtkembedmoz\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/usr/lib(64)?/xulrunner-[^/]*/libxul\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib(64)?/xulrunner-[^/]*/libxul\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
|
|
||||||
@@ -168,7 +180,8 @@
|
@@ -168,7 +181,8 @@
|
||||||
# Fedora Core packages: gstreamer-plugins, compat-libstdc++, Glide3, libdv
|
# Fedora Core packages: gstreamer-plugins, compat-libstdc++, Glide3, libdv
|
||||||
# HelixPlayer, SDL, xorg-x11, xorg-x11-libs, Hermes, valgrind, openoffice.org-libs, httpd - php
|
# HelixPlayer, SDL, xorg-x11, xorg-x11-libs, Hermes, valgrind, openoffice.org-libs, httpd - php
|
||||||
/usr/lib(64)?/gstreamer-.*/[^/]*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib(64)?/gstreamer-.*/[^/]*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
@ -27045,7 +27123,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
|
|
||||||
/usr/lib/firefox-[^/]*/plugins/nppdf.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib/firefox-[^/]*/plugins/nppdf.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/usr/lib/libFLAC\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib/libFLAC\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
@@ -187,6 +200,7 @@
|
@@ -187,6 +201,7 @@
|
||||||
/usr/lib(64)?/libdv\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib(64)?/libdv\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/usr/lib(64)?/helix/plugins/[^/]*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib(64)?/helix/plugins/[^/]*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/usr/lib(64)?/helix/codecs/[^/]*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib(64)?/helix/codecs/[^/]*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
@ -27053,7 +27131,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
/usr/lib(64)?/libSDL-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib(64)?/libSDL-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/usr/lib(64)?/xorg/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib(64)?/xorg/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/usr/X11R6/lib/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/X11R6/lib/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
@@ -246,7 +260,7 @@
|
@@ -246,7 +261,7 @@
|
||||||
|
|
||||||
# Flash plugin, Macromedia
|
# Flash plugin, Macromedia
|
||||||
HOME_DIR/\.mozilla(/.*)?/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
HOME_DIR/\.mozilla(/.*)?/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
@ -27062,7 +27140,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
/usr/lib(64)?/.*/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib(64)?/.*/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/usr/local/(.*/)?libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/local/(.*/)?libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
HOME_DIR/.*/plugins/nprhapengine\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
HOME_DIR/.*/plugins/nprhapengine\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
@@ -267,6 +281,8 @@
|
@@ -267,6 +282,8 @@
|
||||||
/usr/lib(64)?/vmware/lib(/.*)?/HConfig\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib(64)?/vmware/lib(/.*)?/HConfig\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/usr/lib(64)?/vmware/(.*/)?VmPerl\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib(64)?/vmware/(.*/)?VmPerl\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
|
|
||||||
@ -27071,7 +27149,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
# Java, Sun Microsystems (JPackage SRPM)
|
# Java, Sun Microsystems (JPackage SRPM)
|
||||||
/usr/(.*/)?jre.*/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/(.*/)?jre.*/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/usr/local/(.*/)?jre.*/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/local/(.*/)?jre.*/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
@@ -291,6 +307,8 @@
|
@@ -291,6 +308,8 @@
|
||||||
/usr/lib/acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib/acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/usr/lib/acroread/.+\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib/acroread/.+\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/usr/lib/acroread/(.*/)?ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib/acroread/(.*/)?ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
@ -27080,7 +27158,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
') dnl end distro_redhat
|
') dnl end distro_redhat
|
||||||
|
|
||||||
#
|
#
|
||||||
@@ -310,3 +328,15 @@
|
@@ -310,3 +329,15 @@
|
||||||
/var/spool/postfix/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
|
/var/spool/postfix/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
|
||||||
/var/spool/postfix/usr(/.*)? gen_context(system_u:object_r:lib_t,s0)
|
/var/spool/postfix/usr(/.*)? gen_context(system_u:object_r:lib_t,s0)
|
||||||
/var/spool/postfix/lib(64)?/ld.*\.so.* -- gen_context(system_u:object_r:ld_so_t,s0)
|
/var/spool/postfix/lib(64)?/ld.*\.so.* -- gen_context(system_u:object_r:ld_so_t,s0)
|
||||||
@ -29458,7 +29536,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+
|
+
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.5.13/policy/modules/system/unconfined.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.5.13/policy/modules/system/unconfined.te
|
||||||
--- nsaserefpolicy/policy/modules/system/unconfined.te 2008-10-14 11:58:09.000000000 -0400
|
--- nsaserefpolicy/policy/modules/system/unconfined.te 2008-10-14 11:58:09.000000000 -0400
|
||||||
+++ serefpolicy-3.5.13/policy/modules/system/unconfined.te 2008-10-17 10:31:27.000000000 -0400
|
+++ serefpolicy-3.5.13/policy/modules/system/unconfined.te 2008-10-23 10:34:43.000000000 -0400
|
||||||
@@ -6,35 +6,76 @@
|
@@ -6,35 +6,76 @@
|
||||||
# Declarations
|
# Declarations
|
||||||
#
|
#
|
||||||
@ -29673,9 +29751,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
- # cjp: this should probably be removed:
|
- # cjp: this should probably be removed:
|
||||||
- postfix_domtrans_master(unconfined_t)
|
- postfix_domtrans_master(unconfined_t)
|
||||||
-')
|
-')
|
||||||
|
-
|
||||||
+ qemu_per_role_template_notrans(unconfined, unconfined_t, unconfined_r)
|
+ qemu_per_role_template_notrans(unconfined, unconfined_t, unconfined_r)
|
||||||
|
|
||||||
-
|
|
||||||
-optional_policy(`
|
-optional_policy(`
|
||||||
- pyzor_per_role_template(unconfined)
|
- pyzor_per_role_template(unconfined)
|
||||||
+ tunable_policy(`allow_unconfined_qemu_transition',`
|
+ tunable_policy(`allow_unconfined_qemu_transition',`
|
||||||
@ -29753,7 +29831,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -229,14 +293,43 @@
|
@@ -229,14 +293,52 @@
|
||||||
|
|
||||||
allow unconfined_execmem_t self:process { execstack execmem };
|
allow unconfined_execmem_t self:process { execstack execmem };
|
||||||
unconfined_domain_noaudit(unconfined_execmem_t)
|
unconfined_domain_noaudit(unconfined_execmem_t)
|
||||||
@ -29795,9 +29873,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
+ gen_require(`
|
+ gen_require(`
|
||||||
+ type mplayer_exec_t;
|
+ type mplayer_exec_t;
|
||||||
+ ')
|
|
||||||
+ domtrans_pattern(unconfined_t, mplayer_exec_t, unconfined_execmem_t)
|
|
||||||
')
|
')
|
||||||
|
+ domtrans_pattern(unconfined_t, mplayer_exec_t, unconfined_execmem_t)
|
||||||
|
+')
|
||||||
|
+
|
||||||
|
+optional_policy(`
|
||||||
|
+ tunable_policy(`allow_unconfined_nsplugin_transition',`', `
|
||||||
|
+ gen_require(`
|
||||||
|
+ type mozilla_exec_t;
|
||||||
|
+ ')
|
||||||
|
+ domtrans_pattern(unconfined_t, mozilla_exec_t, unconfined_execmem_t)
|
||||||
|
+ ')
|
||||||
|
+')
|
||||||
+
|
+
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.5.13/policy/modules/system/userdomain.fc
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.5.13/policy/modules/system/userdomain.fc
|
||||||
--- nsaserefpolicy/policy/modules/system/userdomain.fc 2008-08-07 11:15:12.000000000 -0400
|
--- nsaserefpolicy/policy/modules/system/userdomain.fc 2008-08-07 11:15:12.000000000 -0400
|
||||||
@ -33082,13 +33169,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+gen_user(root, user, unconfined_r sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
|
+gen_user(root, user, unconfined_r sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-3.5.13/support/Makefile.devel
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/support/Makefile.devel serefpolicy-3.5.13/support/Makefile.devel
|
||||||
--- nsaserefpolicy/support/Makefile.devel 2008-08-07 11:15:14.000000000 -0400
|
--- nsaserefpolicy/support/Makefile.devel 2008-08-07 11:15:14.000000000 -0400
|
||||||
+++ serefpolicy-3.5.13/support/Makefile.devel 2008-10-17 10:31:27.000000000 -0400
|
+++ serefpolicy-3.5.13/support/Makefile.devel 2008-10-24 08:13:54.000000000 -0400
|
||||||
@@ -181,7 +181,7 @@
|
@@ -181,8 +181,8 @@
|
||||||
tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
|
tmp/%.mod: $(m4support) tmp/all_interfaces.conf %.te
|
||||||
@$(EINFO) "Compiling $(NAME) $(basename $(@F)) module"
|
@$(EINFO) "Compiling $(NAME) $(basename $(@F)) module"
|
||||||
@test -d $(@D) || mkdir -p $(@D)
|
@test -d $(@D) || mkdir -p $(@D)
|
||||||
- $(call peruser-expansion,$(basename $(@F)),$@.role)
|
- $(call peruser-expansion,$(basename $(@F)),$@.role)
|
||||||
|
- $(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp)
|
||||||
+# $(call peruser-expansion,$(basename $(@F)),$@.role)
|
+# $(call peruser-expansion,$(basename $(@F)),$@.role)
|
||||||
$(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp)
|
+# $(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp)
|
||||||
$(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@
|
$(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@
|
||||||
|
|
||||||
|
tmp/%.mod.fc: $(m4support) %.fc
|
||||||
|
@ -20,7 +20,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.5.13
|
Version: 3.5.13
|
||||||
Release: 5%{?dist}
|
Release: 6%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -462,6 +462,9 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Oct 23 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-6
|
||||||
|
- Allow nsplugin to look at autofs_t directory
|
||||||
|
|
||||||
* Wed Oct 22 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-5
|
* Wed Oct 22 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-5
|
||||||
- Allow kerneloops to create tmp files
|
- Allow kerneloops to create tmp files
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user