rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Allow audit dispatcher to kill his children

Browse Source
This commit is contained in:
Daniel J Walsh 2008-08-29 20:54:34 +00:00
parent c37b427de8
commit 3ad3552b8a
2 changed files with 30 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
policy-20080710.patch
View File

@ -378,6 +378,29 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ xserver_unconfined(firstboot_t) + xserver_unconfined(firstboot_t)
') ')
-') dnl end TODO -') dnl end TODO
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.5.5/policy/modules/admin/kismet.te
--- nsaserefpolicy/policy/modules/admin/kismet.te 2008-08-07 11:15:13.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/admin/kismet.te 2008-08-29 16:38:04.000000000 -0400
@@ -26,7 +26,10 @@
#
allow kismet_t self:capability { net_admin net_raw setuid setgid };
+allow kismet_t self:fifo_file rw_file_perms;
allow kismet_t self:packet_socket create_socket_perms;
+allow kismet_t self:unix_dgram_socket create_socket_perms;
+allow kismet_t self:unix_stream_socket create_stream_socket_perms;
manage_files_pattern(kismet_t, kismet_log_t, kismet_log_t)
allow kismet_t kismet_log_t:dir setattr;
@@ -42,6 +45,8 @@
corecmd_exec_bin(kismet_t)
+kernel_search_debugfs(kismet_t)
+
auth_use_nsswitch(kismet_t)
files_read_etc_files(kismet_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-3.5.5/policy/modules/admin/kudzu.te diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-3.5.5/policy/modules/admin/kudzu.te
--- nsaserefpolicy/policy/modules/admin/kudzu.te 2008-08-14 13:08:27.000000000 -0400 --- nsaserefpolicy/policy/modules/admin/kudzu.te 2008-08-14 13:08:27.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/admin/kudzu.te 2008-08-25 10:50:15.000000000 -0400 +++ serefpolicy-3.5.5/policy/modules/admin/kudzu.te 2008-08-25 10:50:15.000000000 -0400
@ -20593,7 +20616,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## </summary> ## </summary>
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.5.5/policy/modules/services/postfix.te diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.5.5/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2008-08-07 11:15:11.000000000 -0400 --- nsaserefpolicy/policy/modules/services/postfix.te 2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/postfix.te 2008-08-29 15:43:57.000000000 -0400 +++ serefpolicy-3.5.5/policy/modules/services/postfix.te 2008-08-29 16:32:25.000000000 -0400
@@ -6,6 +6,14 @@ @@ -6,6 +6,14 @@
# Declarations # Declarations
# #
@ -30027,13 +30050,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/etc/rc\.d/init\.d/auditd -- gen_context(system_u:object_r:auditd_script_exec_t,s0) +/etc/rc\.d/init\.d/auditd -- gen_context(system_u:object_r:auditd_script_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.5.5/policy/modules/system/logging.if diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.5.5/policy/modules/system/logging.if
--- nsaserefpolicy/policy/modules/system/logging.if 2008-08-25 09:12:31.000000000 -0400 --- nsaserefpolicy/policy/modules/system/logging.if 2008-08-25 09:12:31.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/system/logging.if 2008-08-29 16:22:26.000000000 -0400 +++ serefpolicy-3.5.5/policy/modules/system/logging.if 2008-08-29 16:48:08.000000000 -0400
@@ -281,7 +281,7 @@ @@ -281,7 +281,7 @@
role system_r types $1; role system_r types $1;
domtrans_pattern(audisp_t, $2, $1) domtrans_pattern(audisp_t, $2, $1)
- allow $1 audisp_t:process signal; - allow $1 audisp_t:process signal;
+ allow audisp_t $1:process { sigkill sigstop signull signal } + allow audisp_t $1:process { sigkill sigstop signull signal };
allow audisp_t $2:file getattr; allow audisp_t $2:file getattr;
allow $1 audisp_t:unix_stream_socket rw_socket_perms; allow $1 audisp_t:unix_stream_socket rw_socket_perms;

5
selinux-policy.spec
View File

@ -17,7 +17,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.5.5 Version: 3.5.5
Release: 2%{?dist} Release: 3%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Source: serefpolicy-%{version}.tgz Source: serefpolicy-%{version}.tgz
@ -380,6 +380,9 @@ exit 0
%endif %endif
%changelog %changelog
* Fri Aug 29 2008 Dan Walsh <dwalsh@redhat.com> 3.5.5-3
- Allow audit dispatcher to kill his children
* Tue Aug 26 2008 Dan Walsh <dwalsh@redhat.com> 3.5.5-2 * Tue Aug 26 2008 Dan Walsh <dwalsh@redhat.com> 3.5.5-2
- Update to upstream - Update to upstream
- Fix crontab use by unconfined user - Fix crontab use by unconfined user