rpms
/
selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Mon Nov 18 2013 Miroslav Grepl<mgrepl@redhat.com> 3.13.1-5 

- Add back /dev/shm labeling
This commit is contained in:
Miroslav Grepl 2013-11-18 16:59:45 +01:00
parent d20212ac4f
commit 3abf0519c2
2 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
policy-rawhide-base.patch
View File

@ -12639,10 +12639,10 @@ index 1a03abd..92d1a8f 100644
allow files_unconfined_type file_type:file execmod;
')
diff --git a/policy/modules/kernel/filesystem.fc b/policy/modules/kernel/filesystem.fc
index d7c11a0..1fb5480 100644
index d7c11a0..2fc3436 100644
--- a/policy/modules/kernel/filesystem.fc
+++ b/policy/modules/kernel/filesystem.fc
@@ -1,23 +1,23 @@
@@ -1,23 +1,26 @@
-/cgroup -d gen_context(system_u:object_r:cgroup_t,s0)
-/cgroup/.* <<none>>
+# ecryptfs does not support xattr
@ -12658,13 +12658,16 @@ index d7c11a0..1fb5480 100644
-/lib/udev/devices/hugepages/.* <<none>>
-/lib/udev/devices/shm -d gen_context(system_u:object_r:tmpfs_t,s0)
-/lib/udev/devices/shm/.* <<none>>
+/dev/shm -d gen_context(system_u:object_r:tmpfs_t,s0-mls_systemhigh)
+/dev/shm/.* <<none>>
+/usr/lib/udev/devices/hugepages -d gen_context(system_u:object_r:hugetlbfs_t,s0)
+/usr/lib/udev/devices/hugepages/.* <<none>>
+/usr/lib/udev/devices/shm -d gen_context(system_u:object_r:tmpfs_t,s0)
+/usr/lib/udev/devices/shm/.* <<none>>
+/var/run/[^/]*/gvfs -d gen_context(system_u:object_r:fusefs_t,s0)
+/var/run/[^/]*/gvfs/.* <<none>>
+
+# for systemd systems:
/sys/fs/cgroup -d gen_context(system_u:object_r:cgroup_t,s0)
/sys/fs/cgroup/.* <<none>>

5
selinux-policy.spec
View File

@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.13.1
Release: 4%{?dist}
Release: 5%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@ -575,6 +575,9 @@ SELinux Reference policy mls base module.
%endif
%changelog
* Mon Nov 18 2013 Miroslav Grepl<mgrepl@redhat.com> 3.13.1-5
- Add back /dev/shm labeling
* Mon Nov 18 2013 Miroslav Grepl<mgrepl@redhat.com> 3.13.1-4
- Fix gnome_role_template() interface