- Allow dhcpc to restart ypbind

- Fixup labeling in /var/run
2008-11-03 21:09:40 +00:00 · 2008-11-03 21:09:40 +00:00 · 333ebd64df
parent 29e94cd4d0
commit 333ebd64df
4 changed files with 66 additions and 46 deletions
--- a/modules-minimum.conf
+++ b/modules-minimum.conf
@ -182,6 +182,13 @@ cdrecord = module
 # 
 certwatch = module
 # Layer: admin
 # Module: certmaster
 #
 # Digital Certificate Tracking
 # 
 certmanager = module
 # Layer: services
 # Module: cipe
 #
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@ -182,6 +182,13 @@ cdrecord = module
 # 
 certwatch = module
 # Layer: admin
 # Module: certmaster
 #
 # Digital Certificate Tracking
 # 
 certmanager = module
 # Layer: services
 # Module: cipe
 #
--- a/policy-20080710.patch
+++ b/policy-20080710.patch
@ -12178,8 +12178,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/log/certmaster(/.*)?  				gen_context(system_u:object_r:certmaster_var_log_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.if serefpolicy-3.5.13/policy/modules/services/certmaster.if
 --- nsaserefpolicy/policy/modules/services/certmaster.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/policy/modules/services/certmaster.if	2008-10-30 14:44:58.000000000 -0400
+++ serefpolicy-3.5.13/policy/modules/services/certmaster.if	2008-11-03 15:55:54.000000000 -0500
-@@ -0,0 +1,133 @@
+@@ -0,0 +1,132 @@
 +## <summary>policy for certmaster</summary>
 +
 +########################################
@ -12205,15 +12205,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +#######################################
-+### <summary>
+## <summary>
-+###      read
+##      read
-+###      certmaster logs.
+##      certmaster logs.
-+### </summary>
+## </summary>
-+### <param name="domain">
+## <param name="domain">
-+###      <summary>
+##      <summary>
-+###      Domain allowed access.
+##      Domain allowed access.
-+###      </summary>
+##      </summary>
-+### </param>
+## </param>
 +##
 +#
 +interface(`certmaster_read_log',`
@ -12225,14 +12225,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +#######################################
-+### <summary>
+## <summary>
-+###      Append to certmaster logs.
+##      Append to certmaster logs.
-+### </summary>
+## </summary>
-+### <param name="domain">
+## <param name="domain">
-+###      <summary>
+##      <summary>
-+###      Domain allowed access.
+##      Domain allowed access.
-+###      </summary>
+##      </summary>
-+### </param>
+## </param>
 +##
 +#
 +interface(`certmaster_append_log',`
@ -12244,15 +12244,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +#######################################
-+### <summary>
+## <summary>
-+###      Create, read, write, and delete
+##      Create, read, write, and delete
-+###      certmaster logs.
+##      certmaster logs.
-+### </summary>
+## </summary>
-+### <param name="domain">
+## <param name="domain">
-+###      <summary>
+##      <summary>
-+###      Domain allowed access.
+##      Domain allowed access.
-+###      </summary>
+##      </summary>
-+### </param>
+## </param>
 +##
 +#
 +interface(`certmaster_manage_log',`
@ -12265,22 +12265,22 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +########################################
-+### <summary>
+## <summary>
-+###      All of the rules required to administrate 
+##      All of the rules required to administrate 
-+###      an snort environment
+##      an snort environment
-+### </summary>
+## </summary>
-+### <param name="domain">
+## <param name="domain">
-+###      <summary>
+##      <summary>
-+###      Domain allowed access.
+##      Domain allowed access.
-+###      </summary>
+##      </summary>
-+### </param>
+## </param>
-+### <param name="role">
+## <param name="role">
-+###      <summary>
+##      <summary>
-+###      The role to be allowed to manage the syslog domain.
+##      The role to be allowed to manage the syslog domain.
-+###      </summary>
+##      </summary>
-+### </param>
+## </param>
-+### <rolecap/>
+## <rolecap/>
-+##
+#
 +
 +interface(`certmaster_admin',`
 +        gen_require(`
@ -12312,7 +12312,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	files_list_var_lib($1)
 +	admin_pattern($1, certmaster_var_lib_t)
 +')
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.te serefpolicy-3.5.13/policy/modules/services/certmaster.te
 --- nsaserefpolicy/policy/modules/services/certmaster.te	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-3.5.13/policy/modules/services/certmaster.te	2008-10-30 14:48:03.000000000 -0400
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.5.13
-Release: 11%{?dist}
+Release: 13%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@ -457,6 +457,13 @@ exit 0
 %endif
 %changelog
 * Mon Nov 3 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-13
 - Allow dhcpc to restart ypbind
 - Fixup labeling in /var/run
 * Thu Oct 30 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-12
 - Add certmaster policy
 * Wed Oct 29 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-11
 - Fix confined users 
 - Allow xguest to read/write xguest_dbusd_t