Policy update should not modify local contexts
This commit is contained in:
Dan Walsh
parent
e1f17eb990
commit
37b75a051e
108
passwd.patch
108
passwd.patch
@ -1,7 +1,6 @@
|
||||
diff --git a/policy/modules/admin/mcelog.te b/policy/modules/admin/mcelog.te
|
||||
index ef8bc09..ea06507 100644
|
||||
--- a/policy/modules/admin/mcelog.te
|
||||
+++ b/policy/modules/admin/mcelog.te
|
||||
diff -up serefpolicy-3.10.0/policy/modules/admin/mcelog.te.passwd serefpolicy-3.10.0/policy/modules/admin/mcelog.te
|
||||
--- serefpolicy-3.10.0/policy/modules/admin/mcelog.te.passwd 2011-10-21 09:57:41.024059743 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/admin/mcelog.te 2011-10-21 09:57:41.523059314 -0400
|
||||
@@ -45,6 +45,8 @@ files_read_etc_files(mcelog_t)
|
||||
# for /dev/mem access
|
||||
mls_file_read_all_levels(mcelog_t)
|
||||
@ -11,11 +10,10 @@ index ef8bc09..ea06507 100644
|
||||
logging_send_syslog_msg(mcelog_t)
|
||||
|
||||
miscfiles_read_localization(mcelog_t)
|
||||
diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
|
||||
index 772a68e..e01c9c2 100644
|
||||
--- a/policy/modules/admin/usermanage.te
|
||||
+++ b/policy/modules/admin/usermanage.te
|
||||
@@ -90,6 +90,7 @@ fs_search_auto_mountpoints(chfn_t)
|
||||
diff -up serefpolicy-3.10.0/policy/modules/admin/usermanage.te.passwd serefpolicy-3.10.0/policy/modules/admin/usermanage.te
|
||||
--- serefpolicy-3.10.0/policy/modules/admin/usermanage.te.passwd 2011-10-21 09:57:41.053059719 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/admin/usermanage.te 2011-10-21 09:58:51.127999915 -0400
|
||||
@@ -91,6 +91,7 @@ fs_search_auto_mountpoints(chfn_t)
|
||||
dev_read_urand(chfn_t)
|
||||
dev_dontaudit_getattr_all(chfn_t)
|
||||
|
||||
@ -23,7 +21,7 @@ index 772a68e..e01c9c2 100644
|
||||
auth_use_pam(chfn_t)
|
||||
|
||||
# allow checking if a shell is executable
|
||||
@@ -97,7 +98,6 @@ corecmd_check_exec_shell(chfn_t)
|
||||
@@ -98,7 +99,6 @@ corecmd_check_exec_shell(chfn_t)
|
||||
|
||||
domain_use_interactive_fds(chfn_t)
|
||||
|
||||
@ -31,7 +29,7 @@ index 772a68e..e01c9c2 100644
|
||||
files_read_etc_runtime_files(chfn_t)
|
||||
files_dontaudit_search_var(chfn_t)
|
||||
files_dontaudit_search_home(chfn_t)
|
||||
@@ -207,8 +207,8 @@ init_dontaudit_write_utmp(groupadd_t)
|
||||
@@ -209,8 +209,8 @@ init_dontaudit_write_utmp(groupadd_t)
|
||||
|
||||
domain_use_interactive_fds(groupadd_t)
|
||||
|
||||
@ -41,7 +39,7 @@ index 772a68e..e01c9c2 100644
|
||||
files_read_etc_runtime_files(groupadd_t)
|
||||
files_read_usr_symlinks(groupadd_t)
|
||||
|
||||
@@ -223,9 +223,10 @@ miscfiles_read_localization(groupadd_t)
|
||||
@@ -225,9 +225,10 @@ miscfiles_read_localization(groupadd_t)
|
||||
auth_domtrans_chk_passwd(groupadd_t)
|
||||
auth_rw_lastlog(groupadd_t)
|
||||
auth_use_nsswitch(groupadd_t)
|
||||
@ -53,15 +51,15 @@ index 772a68e..e01c9c2 100644
|
||||
auth_relabel_shadow(groupadd_t)
|
||||
auth_etc_filetrans_shadow(groupadd_t)
|
||||
|
||||
@@ -298,6 +299,7 @@ selinux_compute_user_contexts(passwd_t)
|
||||
|
||||
@@ -301,6 +302,7 @@ selinux_compute_user_contexts(passwd_t)
|
||||
term_use_all_inherited_terms(passwd_t)
|
||||
term_getattr_all_ptys(passwd_t)
|
||||
|
||||
+auth_manage_passwd(passwd_t)
|
||||
auth_manage_shadow(passwd_t)
|
||||
auth_relabel_shadow(passwd_t)
|
||||
auth_etc_filetrans_shadow(passwd_t)
|
||||
@@ -312,7 +314,6 @@ corenet_tcp_connect_kerberos_password_port(passwd_t)
|
||||
@@ -315,7 +317,6 @@ corenet_tcp_connect_kerberos_password_po
|
||||
domain_use_interactive_fds(passwd_t)
|
||||
|
||||
files_read_etc_runtime_files(passwd_t)
|
||||
@ -69,15 +67,15 @@ index 772a68e..e01c9c2 100644
|
||||
files_search_var(passwd_t)
|
||||
files_dontaudit_search_pids(passwd_t)
|
||||
files_relabel_etc_files(passwd_t)
|
||||
@@ -392,6 +393,7 @@ fs_search_auto_mountpoints(sysadm_passwd_t)
|
||||
|
||||
@@ -396,6 +397,7 @@ fs_search_auto_mountpoints(sysadm_passwd
|
||||
term_use_all_inherited_terms(sysadm_passwd_t)
|
||||
term_getattr_all_ptys(sysadm_passwd_t)
|
||||
|
||||
+auth_manage_passwd(sysadm_passwd_t)
|
||||
auth_manage_shadow(sysadm_passwd_t)
|
||||
auth_relabel_shadow(sysadm_passwd_t)
|
||||
auth_etc_filetrans_shadow(sysadm_passwd_t)
|
||||
@@ -404,7 +406,6 @@ files_read_usr_files(sysadm_passwd_t)
|
||||
@@ -408,7 +410,6 @@ files_read_usr_files(sysadm_passwd_t)
|
||||
|
||||
domain_use_interactive_fds(sysadm_passwd_t)
|
||||
|
||||
@ -85,7 +83,7 @@ index 772a68e..e01c9c2 100644
|
||||
files_relabel_etc_files(sysadm_passwd_t)
|
||||
files_read_etc_runtime_files(sysadm_passwd_t)
|
||||
# for nscd lookups
|
||||
@@ -463,7 +464,6 @@ domain_use_interactive_fds(useradd_t)
|
||||
@@ -467,7 +468,6 @@ domain_use_interactive_fds(useradd_t)
|
||||
domain_read_all_domains_state(useradd_t)
|
||||
domain_dontaudit_read_all_domains_state(useradd_t)
|
||||
|
||||
@ -93,7 +91,7 @@ index 772a68e..e01c9c2 100644
|
||||
files_search_var_lib(useradd_t)
|
||||
files_relabel_etc_files(useradd_t)
|
||||
files_read_etc_runtime_files(useradd_t)
|
||||
@@ -490,6 +490,7 @@ auth_rw_faillog(useradd_t)
|
||||
@@ -495,6 +495,7 @@ auth_rw_faillog(useradd_t)
|
||||
auth_use_nsswitch(useradd_t)
|
||||
# these may be unnecessary due to the above
|
||||
# domtrans_chk_passwd() call.
|
||||
@ -101,10 +99,9 @@ index 772a68e..e01c9c2 100644
|
||||
auth_manage_shadow(useradd_t)
|
||||
auth_relabel_shadow(useradd_t)
|
||||
auth_etc_filetrans_shadow(useradd_t)
|
||||
diff --git a/policy/modules/apps/loadkeys.te b/policy/modules/apps/loadkeys.te
|
||||
index 50629a8..09669b6 100644
|
||||
--- a/policy/modules/apps/loadkeys.te
|
||||
+++ b/policy/modules/apps/loadkeys.te
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/loadkeys.te.passwd serefpolicy-3.10.0/policy/modules/apps/loadkeys.te
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/loadkeys.te.passwd 2011-10-21 09:57:41.074059700 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/loadkeys.te 2011-10-21 09:57:41.525059314 -0400
|
||||
@@ -31,6 +31,8 @@ files_read_etc_runtime_files(loadkeys_t)
|
||||
term_dontaudit_use_console(loadkeys_t)
|
||||
term_use_unallocated_ttys(loadkeys_t)
|
||||
@ -114,11 +111,10 @@ index 50629a8..09669b6 100644
|
||||
init_dontaudit_use_fds(loadkeys_t)
|
||||
init_dontaudit_use_script_ptys(loadkeys_t)
|
||||
|
||||
diff --git a/policy/modules/services/abrt.te b/policy/modules/services/abrt.te
|
||||
index b11c27f..5a452ae 100644
|
||||
--- a/policy/modules/services/abrt.te
|
||||
+++ b/policy/modules/services/abrt.te
|
||||
@@ -105,7 +105,6 @@ allow abrt_t self:fifo_file rw_fifo_file_perms;
|
||||
diff -up serefpolicy-3.10.0/policy/modules/services/abrt.te.passwd serefpolicy-3.10.0/policy/modules/services/abrt.te
|
||||
--- serefpolicy-3.10.0/policy/modules/services/abrt.te.passwd 2011-10-21 09:57:41.146059638 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/abrt.te 2011-10-21 09:57:41.527059312 -0400
|
||||
@@ -105,7 +105,6 @@ allow abrt_t self:fifo_file rw_fifo_file
|
||||
allow abrt_t self:tcp_socket create_stream_socket_perms;
|
||||
allow abrt_t self:udp_socket create_socket_perms;
|
||||
allow abrt_t self:unix_dgram_socket create_socket_perms;
|
||||
@ -150,10 +146,9 @@ index b11c27f..5a452ae 100644
|
||||
nsplugin_read_rw_files(abrt_t)
|
||||
nsplugin_read_home(abrt_t)
|
||||
')
|
||||
diff --git a/policy/modules/services/audioentropy.te b/policy/modules/services/audioentropy.te
|
||||
index 2b348c7..b89658c 100644
|
||||
--- a/policy/modules/services/audioentropy.te
|
||||
+++ b/policy/modules/services/audioentropy.te
|
||||
diff -up serefpolicy-3.10.0/policy/modules/services/audioentropy.te.passwd serefpolicy-3.10.0/policy/modules/services/audioentropy.te
|
||||
--- serefpolicy-3.10.0/policy/modules/services/audioentropy.te.passwd 2011-06-27 14:18:04.000000000 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/audioentropy.te 2011-10-21 09:57:41.528059311 -0400
|
||||
@@ -47,6 +47,8 @@ fs_search_auto_mountpoints(entropyd_t)
|
||||
|
||||
domain_use_interactive_fds(entropyd_t)
|
||||
@ -163,10 +158,9 @@ index 2b348c7..b89658c 100644
|
||||
logging_send_syslog_msg(entropyd_t)
|
||||
|
||||
miscfiles_read_localization(entropyd_t)
|
||||
diff --git a/policy/modules/services/plymouthd.te b/policy/modules/services/plymouthd.te
|
||||
index 4f9a575..5fc3a55 100644
|
||||
--- a/policy/modules/services/plymouthd.te
|
||||
+++ b/policy/modules/services/plymouthd.te
|
||||
diff -up serefpolicy-3.10.0/policy/modules/services/plymouthd.te.passwd serefpolicy-3.10.0/policy/modules/services/plymouthd.te
|
||||
--- serefpolicy-3.10.0/policy/modules/services/plymouthd.te.passwd 2011-10-21 09:57:41.332059479 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/plymouthd.te 2011-10-21 09:57:41.530059309 -0400
|
||||
@@ -75,6 +75,8 @@ init_signal(plymouthd_t)
|
||||
logging_link_generic_logs(plymouthd_t)
|
||||
logging_delete_generic_logs(plymouthd_t)
|
||||
@ -176,10 +170,9 @@ index 4f9a575..5fc3a55 100644
|
||||
miscfiles_read_localization(plymouthd_t)
|
||||
miscfiles_read_fonts(plymouthd_t)
|
||||
miscfiles_manage_fonts_cache(plymouthd_t)
|
||||
diff --git a/policy/modules/services/virt.te b/policy/modules/services/virt.te
|
||||
index ea9593c..0e641fa 100644
|
||||
--- a/policy/modules/services/virt.te
|
||||
+++ b/policy/modules/services/virt.te
|
||||
diff -up serefpolicy-3.10.0/policy/modules/services/virt.te.passwd serefpolicy-3.10.0/policy/modules/services/virt.te
|
||||
--- serefpolicy-3.10.0/policy/modules/services/virt.te.passwd 2011-10-21 09:57:41.435059390 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/virt.te 2011-10-21 09:57:41.533059306 -0400
|
||||
@@ -888,6 +888,7 @@ fs_getattr_xattr_fs(svirt_lxc_domain)
|
||||
fs_list_inotifyfs(svirt_lxc_domain)
|
||||
fs_dontaudit_getattr_xattr_fs(svirt_lxc_domain)
|
||||
@ -188,10 +181,9 @@ index ea9593c..0e641fa 100644
|
||||
auth_dontaudit_read_login_records(svirt_lxc_domain)
|
||||
auth_dontaudit_write_login_records(svirt_lxc_domain)
|
||||
auth_search_pam_console_data(svirt_lxc_domain)
|
||||
diff --git a/policy/modules/system/authlogin.fc b/policy/modules/system/authlogin.fc
|
||||
index 59742f4..02a592a 100644
|
||||
--- a/policy/modules/system/authlogin.fc
|
||||
+++ b/policy/modules/system/authlogin.fc
|
||||
diff -up serefpolicy-3.10.0/policy/modules/system/authlogin.fc.passwd serefpolicy-3.10.0/policy/modules/system/authlogin.fc
|
||||
--- serefpolicy-3.10.0/policy/modules/system/authlogin.fc.passwd 2011-10-21 09:57:41.451059376 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/system/authlogin.fc 2011-10-21 09:57:41.534059305 -0400
|
||||
@@ -7,6 +7,9 @@
|
||||
/etc/passwd\.lock -- gen_context(system_u:object_r:shadow_t,s0)
|
||||
/etc/passwd\.adjunct.* -- gen_context(system_u:object_r:shadow_t,s0)
|
||||
@ -202,11 +194,10 @@ index 59742f4..02a592a 100644
|
||||
|
||||
/sbin/pam_console_apply -- gen_context(system_u:object_r:pam_console_exec_t,s0)
|
||||
/sbin/pam_timestamp_check -- gen_context(system_u:object_r:pam_exec_t,s0)
|
||||
diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
|
||||
index e3720d4..8b30edb 100644
|
||||
--- a/policy/modules/system/authlogin.if
|
||||
+++ b/policy/modules/system/authlogin.if
|
||||
@@ -557,7 +557,6 @@ interface(`auth_domtrans_upd_passwd',`
|
||||
diff -up serefpolicy-3.10.0/policy/modules/system/authlogin.if.passwd serefpolicy-3.10.0/policy/modules/system/authlogin.if
|
||||
--- serefpolicy-3.10.0/policy/modules/system/authlogin.if.passwd 2011-10-21 09:57:41.452059376 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/system/authlogin.if 2011-10-21 09:57:41.535059304 -0400
|
||||
@@ -561,7 +561,6 @@ interface(`auth_domtrans_upd_passwd',`
|
||||
|
||||
domtrans_pattern($1, updpwd_exec_t, updpwd_t)
|
||||
auth_dontaudit_read_shadow($1)
|
||||
@ -214,7 +205,7 @@ index e3720d4..8b30edb 100644
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -754,6 +753,10 @@ interface(`auth_manage_shadow',`
|
||||
@@ -758,6 +757,10 @@ interface(`auth_manage_shadow',`
|
||||
|
||||
allow $1 shadow_t:file manage_file_perms;
|
||||
typeattribute $1 can_read_shadow_passwords, can_write_shadow_passwords;
|
||||
@ -225,7 +216,7 @@ index e3720d4..8b30edb 100644
|
||||
')
|
||||
|
||||
#######################################
|
||||
@@ -894,6 +897,9 @@ interface(`auth_manage_faillog',`
|
||||
@@ -898,6 +901,9 @@ interface(`auth_manage_faillog',`
|
||||
files_search_pids($1)
|
||||
allow $1 faillog_t:dir manage_dir_perms;
|
||||
allow $1 faillog_t:file manage_file_perms;
|
||||
@ -235,7 +226,7 @@ index e3720d4..8b30edb 100644
|
||||
')
|
||||
|
||||
#######################################
|
||||
@@ -1734,6 +1740,7 @@ interface(`auth_manage_login_records',`
|
||||
@@ -1738,6 +1744,7 @@ interface(`auth_manage_login_records',`
|
||||
|
||||
logging_rw_generic_log_dirs($1)
|
||||
allow $1 wtmp_t:file manage_file_perms;
|
||||
@ -243,7 +234,7 @@ index e3720d4..8b30edb 100644
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -1809,19 +1816,123 @@ interface(`auth_unconfined',`
|
||||
@@ -1813,19 +1820,123 @@ interface(`auth_unconfined',`
|
||||
interface(`authlogin_filetrans_named_content',`
|
||||
gen_require(`
|
||||
type shadow_t;
|
||||
@ -369,11 +360,10 @@ index e3720d4..8b30edb 100644
|
||||
+ files_etc_filetrans($1, passwd_file_t, file, "group")
|
||||
+ files_etc_filetrans($1, passwd_file_t, file, "group-")
|
||||
+')
|
||||
diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
|
||||
index a53db2b..16e2e63 100644
|
||||
--- a/policy/modules/system/authlogin.te
|
||||
+++ b/policy/modules/system/authlogin.te
|
||||
@@ -71,6 +71,9 @@ neverallow ~can_read_shadow_passwords shadow_t:file read;
|
||||
diff -up serefpolicy-3.10.0/policy/modules/system/authlogin.te.passwd serefpolicy-3.10.0/policy/modules/system/authlogin.te
|
||||
--- serefpolicy-3.10.0/policy/modules/system/authlogin.te.passwd 2011-10-21 09:57:41.453059375 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/system/authlogin.te 2011-10-21 09:57:41.536059303 -0400
|
||||
@@ -71,6 +71,9 @@ neverallow ~can_read_shadow_passwords sh
|
||||
neverallow ~can_write_shadow_passwords shadow_t:file { create write };
|
||||
neverallow ~can_relabelto_shadow_passwords shadow_t:file relabelto;
|
||||
|
||||
|
||||
120
userdomain.patch
120
userdomain.patch
@ -1,6 +1,6 @@
|
||||
diff -up serefpolicy-3.10.0/policy/modules/admin/usermanage.if.userdomain serefpolicy-3.10.0/policy/modules/admin/usermanage.if
|
||||
--- serefpolicy-3.10.0/policy/modules/admin/usermanage.if.userdomain 2011-10-11 10:15:28.062129903 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/admin/usermanage.if 2011-10-11 10:15:28.489129089 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/admin/usermanage.if.userdomain 2011-10-21 09:59:22.539973347 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/admin/usermanage.if 2011-10-21 09:59:23.104972871 -0400
|
||||
@@ -308,7 +308,7 @@ interface(`usermanage_run_useradd',`
|
||||
role $2 types useradd_t;
|
||||
|
||||
@ -11,9 +11,9 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/usermanage.if.userdomain serefp
|
||||
seutil_run_semanage(useradd_t, $2)
|
||||
|
||||
diff -up serefpolicy-3.10.0/policy/modules/admin/usermanage.te.userdomain serefpolicy-3.10.0/policy/modules/admin/usermanage.te
|
||||
--- serefpolicy-3.10.0/policy/modules/admin/usermanage.te.userdomain 2011-10-11 10:15:28.447129169 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/admin/usermanage.te 2011-10-11 10:15:28.490129087 -0400
|
||||
@@ -512,7 +512,7 @@ seutil_domtrans_setfiles(useradd_t)
|
||||
--- serefpolicy-3.10.0/policy/modules/admin/usermanage.te.userdomain 2011-10-21 09:59:22.999972958 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/admin/usermanage.te 2011-10-21 09:59:23.105972870 -0400
|
||||
@@ -517,7 +517,7 @@ seutil_domtrans_setfiles(useradd_t)
|
||||
userdom_use_unpriv_users_fds(useradd_t)
|
||||
# Add/remove user home directories
|
||||
userdom_home_filetrans_user_home_dir(useradd_t)
|
||||
@ -23,8 +23,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/usermanage.te.userdomain serefp
|
||||
mta_manage_spool(useradd_t)
|
||||
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.if.userdomain serefpolicy-3.10.0/policy/modules/apps/execmem.if
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/execmem.if.userdomain 2011-10-11 10:15:28.472129121 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/execmem.if 2011-10-11 10:15:28.491129085 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/execmem.if.userdomain 2011-10-21 09:59:23.031972932 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/execmem.if 2011-10-21 09:59:23.105972870 -0400
|
||||
@@ -57,8 +57,6 @@ template(`execmem_role_template',`
|
||||
role $2 types $1_execmem_t;
|
||||
|
||||
@ -35,8 +35,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.if.userdomain serefpolic
|
||||
allow $1_execmem_t self:process { execmem execstack };
|
||||
allow $3 $1_execmem_t:process { getattr ptrace noatsecure signal_perms };
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/java.if.userdomain serefpolicy-3.10.0/policy/modules/apps/java.if
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/java.if.userdomain 2011-10-11 10:15:28.077129873 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/java.if 2011-10-11 10:15:28.492129083 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/java.if.userdomain 2011-10-21 09:59:22.557973331 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/java.if 2011-10-21 09:59:23.106972869 -0400
|
||||
@@ -73,7 +73,8 @@ template(`java_role_template',`
|
||||
domain_interactive_fd($1_java_t)
|
||||
|
||||
@ -48,8 +48,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/java.if.userdomain serefpolicy-3
|
||||
allow $1_java_t self:process { ptrace signal getsched execmem execstack };
|
||||
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/mono.if.userdomain serefpolicy-3.10.0/policy/modules/apps/mono.if
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/mono.if.userdomain 2011-10-11 10:15:28.082129864 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/mono.if 2011-10-11 10:15:28.493129081 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/mono.if.userdomain 2011-10-21 09:59:22.562973328 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/mono.if 2011-10-21 09:59:23.107972868 -0400
|
||||
@@ -49,7 +49,8 @@ template(`mono_role_template',`
|
||||
corecmd_bin_domtrans($1_mono_t, $1_t)
|
||||
|
||||
@ -61,8 +61,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/mono.if.userdomain serefpolicy-3
|
||||
optional_policy(`
|
||||
xserver_role($1_r, $1_mono_t)
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.if.userdomain serefpolicy-3.10.0/policy/modules/apps/mozilla.if
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/mozilla.if.userdomain 2011-10-11 10:15:28.083129862 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/mozilla.if 2011-10-11 10:15:28.494129079 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/mozilla.if.userdomain 2011-10-21 09:59:22.564973326 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/mozilla.if 2011-10-21 09:59:23.107972868 -0400
|
||||
@@ -51,7 +51,7 @@ interface(`mozilla_role',`
|
||||
mozilla_run_plugin(mozilla_t, $1)
|
||||
mozilla_dbus_chat($2)
|
||||
@ -73,8 +73,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.if.userdomain serefpolic
|
||||
optional_policy(`
|
||||
nsplugin_role($1, mozilla_t)
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.if.userdomain serefpolicy-3.10.0/policy/modules/apps/nsplugin.if
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/nsplugin.if.userdomain 2011-10-11 10:15:28.087129854 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/nsplugin.if 2011-10-11 10:15:28.495129077 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/nsplugin.if.userdomain 2011-10-21 09:59:22.568973322 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/nsplugin.if 2011-10-21 09:59:23.108972867 -0400
|
||||
@@ -103,7 +103,7 @@ ifdef(`hide_broken_symptoms', `
|
||||
userdom_use_inherited_user_terminals(nsplugin_t)
|
||||
userdom_use_inherited_user_terminals(nsplugin_config_t)
|
||||
@ -85,9 +85,9 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.if.userdomain serefpoli
|
||||
optional_policy(`
|
||||
pulseaudio_role($1, nsplugin_t)
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.te.userdomain serefpolicy-3.10.0/policy/modules/apps/nsplugin.te
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/nsplugin.te.userdomain 2011-10-11 10:15:28.088129853 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/nsplugin.te 2011-10-11 10:15:28.496129075 -0400
|
||||
@@ -286,6 +286,7 @@ userdom_search_user_home_content(nsplugi
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/nsplugin.te.userdomain 2011-10-21 09:59:22.569973321 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/nsplugin.te 2011-10-21 09:59:23.109972866 -0400
|
||||
@@ -281,6 +281,7 @@ userdom_search_user_home_content(nsplugi
|
||||
userdom_read_user_home_content_symlinks(nsplugin_config_t)
|
||||
userdom_read_user_home_content_files(nsplugin_config_t)
|
||||
userdom_dontaudit_search_admin_dir(nsplugin_config_t)
|
||||
@ -96,8 +96,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.te.userdomain serefpoli
|
||||
tunable_policy(`use_nfs_home_dirs',`
|
||||
fs_getattr_nfs(nsplugin_t)
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/pulseaudio.if.userdomain serefpolicy-3.10.0/policy/modules/apps/pulseaudio.if
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/pulseaudio.if.userdomain 2011-10-11 10:15:28.089129851 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/pulseaudio.if 2011-10-11 10:15:28.497129073 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/pulseaudio.if.userdomain 2011-10-21 09:59:22.571973319 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/pulseaudio.if 2011-10-21 09:59:23.109972866 -0400
|
||||
@@ -35,9 +35,9 @@ interface(`pulseaudio_role',`
|
||||
allow pulseaudio_t $2:unix_stream_socket connectto;
|
||||
allow $2 pulseaudio_t:unix_stream_socket connectto;
|
||||
@ -112,8 +112,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/pulseaudio.if.userdomain serefpo
|
||||
allow $2 pulseaudio_t:dbus send_msg;
|
||||
allow pulseaudio_t $2:dbus { acquire_svc send_msg };
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/pulseaudio.te.userdomain serefpolicy-3.10.0/policy/modules/apps/pulseaudio.te
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/pulseaudio.te.userdomain 2011-10-11 10:15:28.091129847 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/pulseaudio.te 2011-10-11 10:15:28.498129071 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/pulseaudio.te.userdomain 2011-10-21 09:59:22.572973318 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/pulseaudio.te 2011-10-21 09:59:23.110972865 -0400
|
||||
@@ -95,6 +95,10 @@ logging_send_syslog_msg(pulseaudio_t)
|
||||
|
||||
miscfiles_read_localization(pulseaudio_t)
|
||||
@ -126,8 +126,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/pulseaudio.te.userdomain serefpo
|
||||
alsa_read_rw_config(pulseaudio_t)
|
||||
')
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/userhelper.if.userdomain serefpolicy-3.10.0/policy/modules/apps/userhelper.if
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/userhelper.if.userdomain 2011-10-11 10:15:28.102129826 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/userhelper.if 2011-10-11 10:15:28.498129071 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/userhelper.if.userdomain 2011-10-21 09:59:22.585973308 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/userhelper.if 2011-10-21 09:59:23.111972864 -0400
|
||||
@@ -294,7 +294,7 @@ template(`userhelper_console_role_templa
|
||||
|
||||
auth_use_pam($1_consolehelper_t)
|
||||
@ -138,8 +138,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/userhelper.if.userdomain serefpo
|
||||
optional_policy(`
|
||||
dbus_connect_session_bus($1_consolehelper_t)
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/userhelper.te.userdomain serefpolicy-3.10.0/policy/modules/apps/userhelper.te
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/userhelper.te.userdomain 2011-10-11 10:15:28.102129826 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/userhelper.te 2011-10-11 10:15:28.499129069 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/userhelper.te.userdomain 2011-10-21 09:59:22.586973307 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/userhelper.te 2011-10-21 09:59:23.111972864 -0400
|
||||
@@ -65,6 +65,7 @@ userhelper_exec(consolehelper_domain)
|
||||
userdom_use_user_ptys(consolehelper_domain)
|
||||
userdom_use_user_ttys(consolehelper_domain)
|
||||
@ -149,8 +149,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/userhelper.te.userdomain serefpo
|
||||
optional_policy(`
|
||||
gnome_read_gconf_home_files(consolehelper_domain)
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/wine.if.userdomain serefpolicy-3.10.0/policy/modules/apps/wine.if
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/wine.if.userdomain 2011-10-11 10:15:28.105129820 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/wine.if 2011-10-11 10:15:28.499129069 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/wine.if.userdomain 2011-10-21 09:59:22.590973303 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/wine.if 2011-10-21 09:59:23.112972863 -0400
|
||||
@@ -105,7 +105,8 @@ template(`wine_role_template',`
|
||||
corecmd_bin_domtrans($1_wine_t, $1_t)
|
||||
|
||||
@ -162,8 +162,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/wine.if.userdomain serefpolicy-3
|
||||
domain_mmap_low($1_wine_t)
|
||||
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/wm.if.userdomain serefpolicy-3.10.0/policy/modules/apps/wm.if
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/wm.if.userdomain 2011-10-11 10:15:28.107129816 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/wm.if 2011-10-11 10:15:28.500129068 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/wm.if.userdomain 2011-10-21 09:59:22.592973302 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/wm.if 2011-10-21 09:59:23.113972862 -0400
|
||||
@@ -77,9 +77,13 @@ template(`wm_role_template',`
|
||||
miscfiles_read_fonts($1_wm_t)
|
||||
miscfiles_read_localization($1_wm_t)
|
||||
@ -182,9 +182,9 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/wm.if.userdomain serefpolicy-3.1
|
||||
|
||||
optional_policy(`
|
||||
diff -up serefpolicy-3.10.0/policy/modules/roles/sysadm.te.userdomain serefpolicy-3.10.0/policy/modules/roles/sysadm.te
|
||||
--- serefpolicy-3.10.0/policy/modules/roles/sysadm.te.userdomain 2011-10-11 10:15:28.000000000 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/roles/sysadm.te 2011-10-11 10:16:15.471039586 -0400
|
||||
@@ -60,7 +60,8 @@ sysnet_filetrans_named_content(sysadm_t)
|
||||
--- serefpolicy-3.10.0/policy/modules/roles/sysadm.te.userdomain 2011-10-21 09:59:23.000000000 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/roles/sysadm.te 2011-10-21 10:00:11.291932414 -0400
|
||||
@@ -61,7 +61,8 @@ sysnet_filetrans_named_content(sysadm_t)
|
||||
# Add/remove user home directories
|
||||
userdom_manage_user_home_dirs(sysadm_t)
|
||||
userdom_home_filetrans_user_home_dir(sysadm_t)
|
||||
@ -193,10 +193,10 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/sysadm.te.userdomain serefpolic
|
||||
+userdom_manage_tmp(sysadm_t)
|
||||
|
||||
optional_policy(`
|
||||
ssh_filetrans_admin_home_content(sysadm_t)
|
||||
alsa_filetrans_named_content(sysadm_t)
|
||||
diff -up serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.userdomain serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te
|
||||
--- serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.userdomain 2011-10-11 10:15:28.476129113 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te 2011-10-11 10:15:28.501129066 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.userdomain 2011-10-21 09:59:23.035972928 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te 2011-10-21 09:59:23.114972861 -0400
|
||||
@@ -45,9 +45,12 @@ gen_tunable(unconfined_login, true)
|
||||
# calls is not correct, however we dont currently
|
||||
# have another method to add access to these types
|
||||
@ -214,8 +214,8 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.userdomain se
|
||||
|
||||
type unconfined_exec_t;
|
||||
diff -up serefpolicy-3.10.0/policy/modules/services/rshd.te.userdomain serefpolicy-3.10.0/policy/modules/services/rshd.te
|
||||
--- serefpolicy-3.10.0/policy/modules/services/rshd.te.userdomain 2011-10-11 10:15:28.333129386 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/rshd.te 2011-10-11 10:15:28.502129064 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/services/rshd.te.userdomain 2011-10-21 09:59:22.860973076 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/rshd.te 2011-10-21 09:59:23.115972861 -0400
|
||||
@@ -66,7 +66,7 @@ seutil_read_config(rshd_t)
|
||||
seutil_read_default_contexts(rshd_t)
|
||||
|
||||
@ -226,8 +226,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/rshd.te.userdomain serefpoli
|
||||
tunable_policy(`use_nfs_home_dirs',`
|
||||
fs_read_nfs_files(rshd_t)
|
||||
diff -up serefpolicy-3.10.0/policy/modules/services/ssh.if.userdomain serefpolicy-3.10.0/policy/modules/services/ssh.if
|
||||
--- serefpolicy-3.10.0/policy/modules/services/ssh.if.userdomain 2011-10-11 10:15:28.354129346 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/ssh.if 2011-10-11 10:15:28.503129062 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/services/ssh.if.userdomain 2011-10-21 09:59:22.884973056 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/ssh.if 2011-10-21 09:59:23.116972861 -0400
|
||||
@@ -380,7 +380,7 @@ template(`ssh_role_template',`
|
||||
manage_lnk_files_pattern($3, ssh_home_t, ssh_home_t)
|
||||
manage_sock_files_pattern($3, ssh_home_t, ssh_home_t)
|
||||
@ -238,8 +238,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ssh.if.userdomain serefpolic
|
||||
##############################
|
||||
#
|
||||
diff -up serefpolicy-3.10.0/policy/modules/services/ssh.te.userdomain serefpolicy-3.10.0/policy/modules/services/ssh.te
|
||||
--- serefpolicy-3.10.0/policy/modules/services/ssh.te.userdomain 2011-10-11 10:15:28.355129344 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/ssh.te 2011-10-11 10:15:28.503129062 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/services/ssh.te.userdomain 2011-10-21 09:59:22.885973055 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/ssh.te 2011-10-21 09:59:23.117972860 -0400
|
||||
@@ -200,6 +200,7 @@ userdom_read_user_tmp_files(ssh_t)
|
||||
userdom_write_user_tmp_files(ssh_t)
|
||||
userdom_read_user_home_content_symlinks(ssh_t)
|
||||
@ -258,9 +258,9 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ssh.te.userdomain serefpolic
|
||||
userdom_signal_unpriv_users(sshd_t)
|
||||
userdom_dyntransition_unpriv_users(sshd_t)
|
||||
diff -up serefpolicy-3.10.0/policy/modules/services/sssd.te.userdomain serefpolicy-3.10.0/policy/modules/services/sssd.te
|
||||
--- serefpolicy-3.10.0/policy/modules/services/sssd.te.userdomain 2011-10-11 10:15:28.356129342 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/sssd.te 2011-10-11 10:15:28.504129060 -0400
|
||||
@@ -92,7 +92,7 @@ miscfiles_read_generic_certs(sssd_t)
|
||||
--- serefpolicy-3.10.0/policy/modules/services/sssd.te.userdomain 2011-10-21 09:59:22.887973053 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/sssd.te 2011-10-21 09:59:23.117972860 -0400
|
||||
@@ -93,7 +93,7 @@ miscfiles_read_generic_certs(sssd_t)
|
||||
sysnet_dns_name_resolve(sssd_t)
|
||||
sysnet_use_ldap(sssd_t)
|
||||
|
||||
@ -270,8 +270,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/sssd.te.userdomain serefpoli
|
||||
optional_policy(`
|
||||
dbus_system_bus_client(sssd_t)
|
||||
diff -up serefpolicy-3.10.0/policy/modules/services/xserver.te.userdomain serefpolicy-3.10.0/policy/modules/services/xserver.te
|
||||
--- serefpolicy-3.10.0/policy/modules/services/xserver.te.userdomain 2011-10-11 10:15:28.480129106 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/xserver.te 2011-10-11 10:15:28.505129058 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/services/xserver.te.userdomain 2011-10-21 09:59:23.042972923 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/xserver.te 2011-10-21 09:59:23.119972858 -0400
|
||||
@@ -671,7 +671,7 @@ userdom_stream_connect(xdm_t)
|
||||
userdom_manage_user_tmp_dirs(xdm_t)
|
||||
userdom_manage_user_tmp_files(xdm_t)
|
||||
@ -282,8 +282,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/xserver.te.userdomain serefp
|
||||
application_signal(xdm_t)
|
||||
|
||||
diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.userdomain serefpolicy-3.10.0/policy/modules/system/userdomain.if
|
||||
--- serefpolicy-3.10.0/policy/modules/system/userdomain.if.userdomain 2011-10-11 10:15:28.482129102 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/system/userdomain.if 2011-10-11 10:15:28.506129056 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/system/userdomain.if.userdomain 2011-10-21 09:59:23.046972919 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/system/userdomain.if 2011-10-21 09:59:23.121972856 -0400
|
||||
@@ -35,21 +35,14 @@ template(`userdom_base_user_template',`
|
||||
type $1_t, userdomain, $1_usertype;
|
||||
domain_type($1_t)
|
||||
@ -983,8 +983,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.userdomain seref
|
||||
|
||||
########################################
|
||||
diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.te.userdomain serefpolicy-3.10.0/policy/modules/system/userdomain.te
|
||||
--- serefpolicy-3.10.0/policy/modules/system/userdomain.te.userdomain 2011-10-11 10:15:28.427129208 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/system/userdomain.te 2011-10-11 10:15:28.507129054 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/system/userdomain.te.userdomain 2011-10-21 09:59:22.972972981 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/system/userdomain.te 2011-10-21 10:04:03.330742358 -0400
|
||||
@@ -69,6 +69,8 @@ attribute userdomain;
|
||||
|
||||
# unprivileged user domains
|
||||
@ -994,7 +994,7 @@ diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.te.userdomain seref
|
||||
|
||||
attribute untrusted_content_type;
|
||||
attribute untrusted_content_tmp_type;
|
||||
@@ -141,16 +143,17 @@ miscfiles_cert_type(home_cert_t)
|
||||
@@ -141,22 +143,147 @@ miscfiles_cert_type(home_cert_t)
|
||||
userdom_user_home_content(home_cert_t)
|
||||
ubac_constrained(home_cert_t)
|
||||
|
||||
@ -1017,14 +1017,14 @@ diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.te.userdomain seref
|
||||
optional_policy(`
|
||||
alsa_read_rw_config(unpriv_userdomain)
|
||||
alsa_manage_home_files(unpriv_userdomain)
|
||||
@@ -158,6 +161,125 @@ optional_policy(`
|
||||
alsa_filetrans_named_content(unpriv_userdomain)
|
||||
alsa_relabel_home_files(unpriv_userdomain)
|
||||
')
|
||||
|
||||
+tunable_policy(`allow_console_login',`
|
||||
+ term_use_console(userdomain)
|
||||
+')
|
||||
+
|
||||
+##############################
|
||||
+#
|
||||
+# User domain Local policy
|
||||
+#
|
||||
+allow userdomain userdomain:process signull;
|
||||
+
|
||||
+allow userdomain user_devpts_t:chr_file { setattr rw_chr_file_perms };
|
||||
@ -1116,6 +1116,10 @@ diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.te.userdomain seref
|
||||
+
|
||||
+systemd_dbus_chat_logind(userdomain)
|
||||
+
|
||||
+tunable_policy(`allow_console_login',`
|
||||
+ term_use_console(userdomain)
|
||||
+')
|
||||
+
|
||||
+tunable_policy(`allow_execmem',`
|
||||
+ # Allow loading DSOs that require executable stack.
|
||||
+ allow userdomain self:process execmem;
|
||||
@ -1143,7 +1147,7 @@ diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.te.userdomain seref
|
||||
optional_policy(`
|
||||
gnome_filetrans_home_content(userdomain)
|
||||
')
|
||||
@@ -173,3 +295,240 @@ optional_policy(`
|
||||
@@ -172,3 +299,240 @@ optional_policy(`
|
||||
optional_policy(`
|
||||
xserver_filetrans_home_content(userdomain)
|
||||
')
|
||||
|
||||
Loading…
Reference in New Issue
Block a user