- Allow dhcpc to restart ypbind
- Fixup labeling in /var/run
This commit is contained in:
parent
29e94cd4d0
commit
333ebd64df
|
@ -182,6 +182,13 @@ cdrecord = module
|
||||||
#
|
#
|
||||||
certwatch = module
|
certwatch = module
|
||||||
|
|
||||||
|
# Layer: admin
|
||||||
|
# Module: certmaster
|
||||||
|
#
|
||||||
|
# Digital Certificate Tracking
|
||||||
|
#
|
||||||
|
certmanager = module
|
||||||
|
|
||||||
# Layer: services
|
# Layer: services
|
||||||
# Module: cipe
|
# Module: cipe
|
||||||
#
|
#
|
||||||
|
|
|
@ -182,6 +182,13 @@ cdrecord = module
|
||||||
#
|
#
|
||||||
certwatch = module
|
certwatch = module
|
||||||
|
|
||||||
|
# Layer: admin
|
||||||
|
# Module: certmaster
|
||||||
|
#
|
||||||
|
# Digital Certificate Tracking
|
||||||
|
#
|
||||||
|
certmanager = module
|
||||||
|
|
||||||
# Layer: services
|
# Layer: services
|
||||||
# Module: cipe
|
# Module: cipe
|
||||||
#
|
#
|
||||||
|
|
|
@ -12178,8 +12178,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
+/var/log/certmaster(/.*)? gen_context(system_u:object_r:certmaster_var_log_t,s0)
|
+/var/log/certmaster(/.*)? gen_context(system_u:object_r:certmaster_var_log_t,s0)
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.if serefpolicy-3.5.13/policy/modules/services/certmaster.if
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.if serefpolicy-3.5.13/policy/modules/services/certmaster.if
|
||||||
--- nsaserefpolicy/policy/modules/services/certmaster.if 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/services/certmaster.if 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.5.13/policy/modules/services/certmaster.if 2008-10-30 14:44:58.000000000 -0400
|
+++ serefpolicy-3.5.13/policy/modules/services/certmaster.if 2008-11-03 15:55:54.000000000 -0500
|
||||||
@@ -0,0 +1,133 @@
|
@@ -0,0 +1,132 @@
|
||||||
+## <summary>policy for certmaster</summary>
|
+## <summary>policy for certmaster</summary>
|
||||||
+
|
+
|
||||||
+########################################
|
+########################################
|
||||||
|
@ -12205,15 +12205,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
+#######################################
|
+#######################################
|
||||||
+### <summary>
|
+## <summary>
|
||||||
+### read
|
+## read
|
||||||
+### certmaster logs.
|
+## certmaster logs.
|
||||||
+### </summary>
|
+## </summary>
|
||||||
+### <param name="domain">
|
+## <param name="domain">
|
||||||
+### <summary>
|
+## <summary>
|
||||||
+### Domain allowed access.
|
+## Domain allowed access.
|
||||||
+### </summary>
|
+## </summary>
|
||||||
+### </param>
|
+## </param>
|
||||||
+##
|
+##
|
||||||
+#
|
+#
|
||||||
+interface(`certmaster_read_log',`
|
+interface(`certmaster_read_log',`
|
||||||
|
@ -12225,14 +12225,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
+#######################################
|
+#######################################
|
||||||
+### <summary>
|
+## <summary>
|
||||||
+### Append to certmaster logs.
|
+## Append to certmaster logs.
|
||||||
+### </summary>
|
+## </summary>
|
||||||
+### <param name="domain">
|
+## <param name="domain">
|
||||||
+### <summary>
|
+## <summary>
|
||||||
+### Domain allowed access.
|
+## Domain allowed access.
|
||||||
+### </summary>
|
+## </summary>
|
||||||
+### </param>
|
+## </param>
|
||||||
+##
|
+##
|
||||||
+#
|
+#
|
||||||
+interface(`certmaster_append_log',`
|
+interface(`certmaster_append_log',`
|
||||||
|
@ -12244,15 +12244,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
+#######################################
|
+#######################################
|
||||||
+### <summary>
|
+## <summary>
|
||||||
+### Create, read, write, and delete
|
+## Create, read, write, and delete
|
||||||
+### certmaster logs.
|
+## certmaster logs.
|
||||||
+### </summary>
|
+## </summary>
|
||||||
+### <param name="domain">
|
+## <param name="domain">
|
||||||
+### <summary>
|
+## <summary>
|
||||||
+### Domain allowed access.
|
+## Domain allowed access.
|
||||||
+### </summary>
|
+## </summary>
|
||||||
+### </param>
|
+## </param>
|
||||||
+##
|
+##
|
||||||
+#
|
+#
|
||||||
+interface(`certmaster_manage_log',`
|
+interface(`certmaster_manage_log',`
|
||||||
|
@ -12265,22 +12265,22 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
+########################################
|
+########################################
|
||||||
+### <summary>
|
+## <summary>
|
||||||
+### All of the rules required to administrate
|
+## All of the rules required to administrate
|
||||||
+### an snort environment
|
+## an snort environment
|
||||||
+### </summary>
|
+## </summary>
|
||||||
+### <param name="domain">
|
+## <param name="domain">
|
||||||
+### <summary>
|
+## <summary>
|
||||||
+### Domain allowed access.
|
+## Domain allowed access.
|
||||||
+### </summary>
|
+## </summary>
|
||||||
+### </param>
|
+## </param>
|
||||||
+### <param name="role">
|
+## <param name="role">
|
||||||
+### <summary>
|
+## <summary>
|
||||||
+### The role to be allowed to manage the syslog domain.
|
+## The role to be allowed to manage the syslog domain.
|
||||||
+### </summary>
|
+## </summary>
|
||||||
+### </param>
|
+## </param>
|
||||||
+### <rolecap/>
|
+## <rolecap/>
|
||||||
+##
|
+#
|
||||||
+
|
+
|
||||||
+interface(`certmaster_admin',`
|
+interface(`certmaster_admin',`
|
||||||
+ gen_require(`
|
+ gen_require(`
|
||||||
|
@ -12312,7 +12312,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
+ files_list_var_lib($1)
|
+ files_list_var_lib($1)
|
||||||
+ admin_pattern($1, certmaster_var_lib_t)
|
+ admin_pattern($1, certmaster_var_lib_t)
|
||||||
+')
|
+')
|
||||||
+
|
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.te serefpolicy-3.5.13/policy/modules/services/certmaster.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.te serefpolicy-3.5.13/policy/modules/services/certmaster.te
|
||||||
--- nsaserefpolicy/policy/modules/services/certmaster.te 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/services/certmaster.te 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.5.13/policy/modules/services/certmaster.te 2008-10-30 14:48:03.000000000 -0400
|
+++ serefpolicy-3.5.13/policy/modules/services/certmaster.te 2008-10-30 14:48:03.000000000 -0400
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.5.13
|
Version: 3.5.13
|
||||||
Release: 11%{?dist}
|
Release: 13%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
|
@ -457,6 +457,13 @@ exit 0
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Nov 3 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-13
|
||||||
|
- Allow dhcpc to restart ypbind
|
||||||
|
- Fixup labeling in /var/run
|
||||||
|
|
||||||
|
* Thu Oct 30 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-12
|
||||||
|
- Add certmaster policy
|
||||||
|
|
||||||
* Wed Oct 29 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-11
|
* Wed Oct 29 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-11
|
||||||
- Fix confined users
|
- Fix confined users
|
||||||
- Allow xguest to read/write xguest_dbusd_t
|
- Allow xguest to read/write xguest_dbusd_t
|
||||||
|
|
Loading…
Reference in New Issue