Allow firewallgui to read /etc/selinux/config
This commit is contained in:
Dan Walsh
parent
b6ae8086ef
commit
3dcddab74d
@ -17,7 +17,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.10.0
|
Version: 3.10.0
|
||||||
Release: 47%{?dist}
|
Release: 47.1%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
|
|||||||
136
userdomain.patch
136
userdomain.patch
@ -1,6 +1,6 @@
|
|||||||
diff -up serefpolicy-3.10.0/policy/modules/admin/usermanage.if.userdomain serefpolicy-3.10.0/policy/modules/admin/usermanage.if
|
diff -up serefpolicy-3.10.0/policy/modules/admin/usermanage.if.userdomain serefpolicy-3.10.0/policy/modules/admin/usermanage.if
|
||||||
--- serefpolicy-3.10.0/policy/modules/admin/usermanage.if.userdomain 2011-10-21 09:59:22.539973347 -0400
|
--- serefpolicy-3.10.0/policy/modules/admin/usermanage.if.userdomain 2011-10-24 13:26:35.236337023 -0400
|
||||||
+++ serefpolicy-3.10.0/policy/modules/admin/usermanage.if 2011-10-21 09:59:23.104972871 -0400
|
+++ serefpolicy-3.10.0/policy/modules/admin/usermanage.if 2011-10-24 13:26:35.756337065 -0400
|
||||||
@@ -308,7 +308,7 @@ interface(`usermanage_run_useradd',`
|
@@ -308,7 +308,7 @@ interface(`usermanage_run_useradd',`
|
||||||
role $2 types useradd_t;
|
role $2 types useradd_t;
|
||||||
|
|
||||||
@ -11,8 +11,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/usermanage.if.userdomain serefp
|
|||||||
seutil_run_semanage(useradd_t, $2)
|
seutil_run_semanage(useradd_t, $2)
|
||||||
|
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/admin/usermanage.te.userdomain serefpolicy-3.10.0/policy/modules/admin/usermanage.te
|
diff -up serefpolicy-3.10.0/policy/modules/admin/usermanage.te.userdomain serefpolicy-3.10.0/policy/modules/admin/usermanage.te
|
||||||
--- serefpolicy-3.10.0/policy/modules/admin/usermanage.te.userdomain 2011-10-21 09:59:22.999972958 -0400
|
--- serefpolicy-3.10.0/policy/modules/admin/usermanage.te.userdomain 2011-10-24 13:26:35.711337061 -0400
|
||||||
+++ serefpolicy-3.10.0/policy/modules/admin/usermanage.te 2011-10-21 09:59:23.105972870 -0400
|
+++ serefpolicy-3.10.0/policy/modules/admin/usermanage.te 2011-10-24 13:26:35.757337065 -0400
|
||||||
@@ -517,7 +517,7 @@ seutil_domtrans_setfiles(useradd_t)
|
@@ -517,7 +517,7 @@ seutil_domtrans_setfiles(useradd_t)
|
||||||
userdom_use_unpriv_users_fds(useradd_t)
|
userdom_use_unpriv_users_fds(useradd_t)
|
||||||
# Add/remove user home directories
|
# Add/remove user home directories
|
||||||
@ -23,8 +23,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/usermanage.te.userdomain serefp
|
|||||||
mta_manage_spool(useradd_t)
|
mta_manage_spool(useradd_t)
|
||||||
|
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.if.userdomain serefpolicy-3.10.0/policy/modules/apps/execmem.if
|
diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.if.userdomain serefpolicy-3.10.0/policy/modules/apps/execmem.if
|
||||||
--- serefpolicy-3.10.0/policy/modules/apps/execmem.if.userdomain 2011-10-21 09:59:23.031972932 -0400
|
--- serefpolicy-3.10.0/policy/modules/apps/execmem.if.userdomain 2011-10-24 13:26:35.736337064 -0400
|
||||||
+++ serefpolicy-3.10.0/policy/modules/apps/execmem.if 2011-10-21 09:59:23.105972870 -0400
|
+++ serefpolicy-3.10.0/policy/modules/apps/execmem.if 2011-10-24 13:26:35.757337065 -0400
|
||||||
@@ -57,8 +57,6 @@ template(`execmem_role_template',`
|
@@ -57,8 +57,6 @@ template(`execmem_role_template',`
|
||||||
role $2 types $1_execmem_t;
|
role $2 types $1_execmem_t;
|
||||||
|
|
||||||
@ -35,8 +35,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.if.userdomain serefpolic
|
|||||||
allow $1_execmem_t self:process { execmem execstack };
|
allow $1_execmem_t self:process { execmem execstack };
|
||||||
allow $3 $1_execmem_t:process { getattr ptrace noatsecure signal_perms };
|
allow $3 $1_execmem_t:process { getattr ptrace noatsecure signal_perms };
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/apps/java.if.userdomain serefpolicy-3.10.0/policy/modules/apps/java.if
|
diff -up serefpolicy-3.10.0/policy/modules/apps/java.if.userdomain serefpolicy-3.10.0/policy/modules/apps/java.if
|
||||||
--- serefpolicy-3.10.0/policy/modules/apps/java.if.userdomain 2011-10-21 09:59:22.557973331 -0400
|
--- serefpolicy-3.10.0/policy/modules/apps/java.if.userdomain 2011-10-24 13:26:35.255337024 -0400
|
||||||
+++ serefpolicy-3.10.0/policy/modules/apps/java.if 2011-10-21 09:59:23.106972869 -0400
|
+++ serefpolicy-3.10.0/policy/modules/apps/java.if 2011-10-24 13:26:35.758337065 -0400
|
||||||
@@ -73,7 +73,8 @@ template(`java_role_template',`
|
@@ -73,7 +73,8 @@ template(`java_role_template',`
|
||||||
domain_interactive_fd($1_java_t)
|
domain_interactive_fd($1_java_t)
|
||||||
|
|
||||||
@ -48,8 +48,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/java.if.userdomain serefpolicy-3
|
|||||||
allow $1_java_t self:process { ptrace signal getsched execmem execstack };
|
allow $1_java_t self:process { ptrace signal getsched execmem execstack };
|
||||||
|
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/apps/mono.if.userdomain serefpolicy-3.10.0/policy/modules/apps/mono.if
|
diff -up serefpolicy-3.10.0/policy/modules/apps/mono.if.userdomain serefpolicy-3.10.0/policy/modules/apps/mono.if
|
||||||
--- serefpolicy-3.10.0/policy/modules/apps/mono.if.userdomain 2011-10-21 09:59:22.562973328 -0400
|
--- serefpolicy-3.10.0/policy/modules/apps/mono.if.userdomain 2011-10-24 13:26:35.261337025 -0400
|
||||||
+++ serefpolicy-3.10.0/policy/modules/apps/mono.if 2011-10-21 09:59:23.107972868 -0400
|
+++ serefpolicy-3.10.0/policy/modules/apps/mono.if 2011-10-24 13:26:35.759337065 -0400
|
||||||
@@ -49,7 +49,8 @@ template(`mono_role_template',`
|
@@ -49,7 +49,8 @@ template(`mono_role_template',`
|
||||||
corecmd_bin_domtrans($1_mono_t, $1_t)
|
corecmd_bin_domtrans($1_mono_t, $1_t)
|
||||||
|
|
||||||
@ -61,8 +61,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/mono.if.userdomain serefpolicy-3
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
xserver_role($1_r, $1_mono_t)
|
xserver_role($1_r, $1_mono_t)
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.if.userdomain serefpolicy-3.10.0/policy/modules/apps/mozilla.if
|
diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.if.userdomain serefpolicy-3.10.0/policy/modules/apps/mozilla.if
|
||||||
--- serefpolicy-3.10.0/policy/modules/apps/mozilla.if.userdomain 2011-10-21 09:59:22.564973326 -0400
|
--- serefpolicy-3.10.0/policy/modules/apps/mozilla.if.userdomain 2011-10-24 13:26:35.262337026 -0400
|
||||||
+++ serefpolicy-3.10.0/policy/modules/apps/mozilla.if 2011-10-21 09:59:23.107972868 -0400
|
+++ serefpolicy-3.10.0/policy/modules/apps/mozilla.if 2011-10-24 13:26:35.760337065 -0400
|
||||||
@@ -51,7 +51,7 @@ interface(`mozilla_role',`
|
@@ -51,7 +51,7 @@ interface(`mozilla_role',`
|
||||||
mozilla_run_plugin(mozilla_t, $1)
|
mozilla_run_plugin(mozilla_t, $1)
|
||||||
mozilla_dbus_chat($2)
|
mozilla_dbus_chat($2)
|
||||||
@ -73,8 +73,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.if.userdomain serefpolic
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
nsplugin_role($1, mozilla_t)
|
nsplugin_role($1, mozilla_t)
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.if.userdomain serefpolicy-3.10.0/policy/modules/apps/nsplugin.if
|
diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.if.userdomain serefpolicy-3.10.0/policy/modules/apps/nsplugin.if
|
||||||
--- serefpolicy-3.10.0/policy/modules/apps/nsplugin.if.userdomain 2011-10-21 09:59:22.568973322 -0400
|
--- serefpolicy-3.10.0/policy/modules/apps/nsplugin.if.userdomain 2011-10-24 13:26:35.267337026 -0400
|
||||||
+++ serefpolicy-3.10.0/policy/modules/apps/nsplugin.if 2011-10-21 09:59:23.108972867 -0400
|
+++ serefpolicy-3.10.0/policy/modules/apps/nsplugin.if 2011-10-24 13:26:35.762337066 -0400
|
||||||
@@ -103,7 +103,7 @@ ifdef(`hide_broken_symptoms', `
|
@@ -103,7 +103,7 @@ ifdef(`hide_broken_symptoms', `
|
||||||
userdom_use_inherited_user_terminals(nsplugin_t)
|
userdom_use_inherited_user_terminals(nsplugin_t)
|
||||||
userdom_use_inherited_user_terminals(nsplugin_config_t)
|
userdom_use_inherited_user_terminals(nsplugin_config_t)
|
||||||
@ -85,8 +85,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.if.userdomain serefpoli
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
pulseaudio_role($1, nsplugin_t)
|
pulseaudio_role($1, nsplugin_t)
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.te.userdomain serefpolicy-3.10.0/policy/modules/apps/nsplugin.te
|
diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.te.userdomain serefpolicy-3.10.0/policy/modules/apps/nsplugin.te
|
||||||
--- serefpolicy-3.10.0/policy/modules/apps/nsplugin.te.userdomain 2011-10-21 09:59:22.569973321 -0400
|
--- serefpolicy-3.10.0/policy/modules/apps/nsplugin.te.userdomain 2011-10-24 13:26:35.267337026 -0400
|
||||||
+++ serefpolicy-3.10.0/policy/modules/apps/nsplugin.te 2011-10-21 09:59:23.109972866 -0400
|
+++ serefpolicy-3.10.0/policy/modules/apps/nsplugin.te 2011-10-24 13:26:35.763337066 -0400
|
||||||
@@ -281,6 +281,7 @@ userdom_search_user_home_content(nsplugi
|
@@ -281,6 +281,7 @@ userdom_search_user_home_content(nsplugi
|
||||||
userdom_read_user_home_content_symlinks(nsplugin_config_t)
|
userdom_read_user_home_content_symlinks(nsplugin_config_t)
|
||||||
userdom_read_user_home_content_files(nsplugin_config_t)
|
userdom_read_user_home_content_files(nsplugin_config_t)
|
||||||
@ -96,8 +96,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.te.userdomain serefpoli
|
|||||||
tunable_policy(`use_nfs_home_dirs',`
|
tunable_policy(`use_nfs_home_dirs',`
|
||||||
fs_getattr_nfs(nsplugin_t)
|
fs_getattr_nfs(nsplugin_t)
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/apps/pulseaudio.if.userdomain serefpolicy-3.10.0/policy/modules/apps/pulseaudio.if
|
diff -up serefpolicy-3.10.0/policy/modules/apps/pulseaudio.if.userdomain serefpolicy-3.10.0/policy/modules/apps/pulseaudio.if
|
||||||
--- serefpolicy-3.10.0/policy/modules/apps/pulseaudio.if.userdomain 2011-10-21 09:59:22.571973319 -0400
|
--- serefpolicy-3.10.0/policy/modules/apps/pulseaudio.if.userdomain 2011-10-24 13:26:35.270337026 -0400
|
||||||
+++ serefpolicy-3.10.0/policy/modules/apps/pulseaudio.if 2011-10-21 09:59:23.109972866 -0400
|
+++ serefpolicy-3.10.0/policy/modules/apps/pulseaudio.if 2011-10-24 13:26:35.763337066 -0400
|
||||||
@@ -35,9 +35,9 @@ interface(`pulseaudio_role',`
|
@@ -35,9 +35,9 @@ interface(`pulseaudio_role',`
|
||||||
allow pulseaudio_t $2:unix_stream_socket connectto;
|
allow pulseaudio_t $2:unix_stream_socket connectto;
|
||||||
allow $2 pulseaudio_t:unix_stream_socket connectto;
|
allow $2 pulseaudio_t:unix_stream_socket connectto;
|
||||||
@ -112,8 +112,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/pulseaudio.if.userdomain serefpo
|
|||||||
allow $2 pulseaudio_t:dbus send_msg;
|
allow $2 pulseaudio_t:dbus send_msg;
|
||||||
allow pulseaudio_t $2:dbus { acquire_svc send_msg };
|
allow pulseaudio_t $2:dbus { acquire_svc send_msg };
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/apps/pulseaudio.te.userdomain serefpolicy-3.10.0/policy/modules/apps/pulseaudio.te
|
diff -up serefpolicy-3.10.0/policy/modules/apps/pulseaudio.te.userdomain serefpolicy-3.10.0/policy/modules/apps/pulseaudio.te
|
||||||
--- serefpolicy-3.10.0/policy/modules/apps/pulseaudio.te.userdomain 2011-10-21 09:59:22.572973318 -0400
|
--- serefpolicy-3.10.0/policy/modules/apps/pulseaudio.te.userdomain 2011-10-24 13:26:35.271337026 -0400
|
||||||
+++ serefpolicy-3.10.0/policy/modules/apps/pulseaudio.te 2011-10-21 09:59:23.110972865 -0400
|
+++ serefpolicy-3.10.0/policy/modules/apps/pulseaudio.te 2011-10-24 13:26:35.764337066 -0400
|
||||||
@@ -95,6 +95,10 @@ logging_send_syslog_msg(pulseaudio_t)
|
@@ -95,6 +95,10 @@ logging_send_syslog_msg(pulseaudio_t)
|
||||||
|
|
||||||
miscfiles_read_localization(pulseaudio_t)
|
miscfiles_read_localization(pulseaudio_t)
|
||||||
@ -126,8 +126,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/pulseaudio.te.userdomain serefpo
|
|||||||
alsa_read_rw_config(pulseaudio_t)
|
alsa_read_rw_config(pulseaudio_t)
|
||||||
')
|
')
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/apps/userhelper.if.userdomain serefpolicy-3.10.0/policy/modules/apps/userhelper.if
|
diff -up serefpolicy-3.10.0/policy/modules/apps/userhelper.if.userdomain serefpolicy-3.10.0/policy/modules/apps/userhelper.if
|
||||||
--- serefpolicy-3.10.0/policy/modules/apps/userhelper.if.userdomain 2011-10-21 09:59:22.585973308 -0400
|
--- serefpolicy-3.10.0/policy/modules/apps/userhelper.if.userdomain 2011-10-24 13:26:35.285337027 -0400
|
||||||
+++ serefpolicy-3.10.0/policy/modules/apps/userhelper.if 2011-10-21 09:59:23.111972864 -0400
|
+++ serefpolicy-3.10.0/policy/modules/apps/userhelper.if 2011-10-24 13:26:35.765337066 -0400
|
||||||
@@ -294,7 +294,7 @@ template(`userhelper_console_role_templa
|
@@ -294,7 +294,7 @@ template(`userhelper_console_role_templa
|
||||||
|
|
||||||
auth_use_pam($1_consolehelper_t)
|
auth_use_pam($1_consolehelper_t)
|
||||||
@ -138,8 +138,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/userhelper.if.userdomain serefpo
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
dbus_connect_session_bus($1_consolehelper_t)
|
dbus_connect_session_bus($1_consolehelper_t)
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/apps/userhelper.te.userdomain serefpolicy-3.10.0/policy/modules/apps/userhelper.te
|
diff -up serefpolicy-3.10.0/policy/modules/apps/userhelper.te.userdomain serefpolicy-3.10.0/policy/modules/apps/userhelper.te
|
||||||
--- serefpolicy-3.10.0/policy/modules/apps/userhelper.te.userdomain 2011-10-21 09:59:22.586973307 -0400
|
--- serefpolicy-3.10.0/policy/modules/apps/userhelper.te.userdomain 2011-10-24 13:26:35.285337027 -0400
|
||||||
+++ serefpolicy-3.10.0/policy/modules/apps/userhelper.te 2011-10-21 09:59:23.111972864 -0400
|
+++ serefpolicy-3.10.0/policy/modules/apps/userhelper.te 2011-10-24 13:26:35.766337066 -0400
|
||||||
@@ -65,6 +65,7 @@ userhelper_exec(consolehelper_domain)
|
@@ -65,6 +65,7 @@ userhelper_exec(consolehelper_domain)
|
||||||
userdom_use_user_ptys(consolehelper_domain)
|
userdom_use_user_ptys(consolehelper_domain)
|
||||||
userdom_use_user_ttys(consolehelper_domain)
|
userdom_use_user_ttys(consolehelper_domain)
|
||||||
@ -149,8 +149,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/userhelper.te.userdomain serefpo
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
gnome_read_gconf_home_files(consolehelper_domain)
|
gnome_read_gconf_home_files(consolehelper_domain)
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/apps/wine.if.userdomain serefpolicy-3.10.0/policy/modules/apps/wine.if
|
diff -up serefpolicy-3.10.0/policy/modules/apps/wine.if.userdomain serefpolicy-3.10.0/policy/modules/apps/wine.if
|
||||||
--- serefpolicy-3.10.0/policy/modules/apps/wine.if.userdomain 2011-10-21 09:59:22.590973303 -0400
|
--- serefpolicy-3.10.0/policy/modules/apps/wine.if.userdomain 2011-10-24 13:26:35.289337027 -0400
|
||||||
+++ serefpolicy-3.10.0/policy/modules/apps/wine.if 2011-10-21 09:59:23.112972863 -0400
|
+++ serefpolicy-3.10.0/policy/modules/apps/wine.if 2011-10-24 13:26:35.766337066 -0400
|
||||||
@@ -105,7 +105,8 @@ template(`wine_role_template',`
|
@@ -105,7 +105,8 @@ template(`wine_role_template',`
|
||||||
corecmd_bin_domtrans($1_wine_t, $1_t)
|
corecmd_bin_domtrans($1_wine_t, $1_t)
|
||||||
|
|
||||||
@ -162,8 +162,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/wine.if.userdomain serefpolicy-3
|
|||||||
domain_mmap_low($1_wine_t)
|
domain_mmap_low($1_wine_t)
|
||||||
|
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/apps/wm.if.userdomain serefpolicy-3.10.0/policy/modules/apps/wm.if
|
diff -up serefpolicy-3.10.0/policy/modules/apps/wm.if.userdomain serefpolicy-3.10.0/policy/modules/apps/wm.if
|
||||||
--- serefpolicy-3.10.0/policy/modules/apps/wm.if.userdomain 2011-10-21 09:59:22.592973302 -0400
|
--- serefpolicy-3.10.0/policy/modules/apps/wm.if.userdomain 2011-10-24 13:26:35.291337027 -0400
|
||||||
+++ serefpolicy-3.10.0/policy/modules/apps/wm.if 2011-10-21 09:59:23.113972862 -0400
|
+++ serefpolicy-3.10.0/policy/modules/apps/wm.if 2011-10-24 13:26:35.767337066 -0400
|
||||||
@@ -77,9 +77,13 @@ template(`wm_role_template',`
|
@@ -77,9 +77,13 @@ template(`wm_role_template',`
|
||||||
miscfiles_read_fonts($1_wm_t)
|
miscfiles_read_fonts($1_wm_t)
|
||||||
miscfiles_read_localization($1_wm_t)
|
miscfiles_read_localization($1_wm_t)
|
||||||
@ -182,8 +182,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/wm.if.userdomain serefpolicy-3.1
|
|||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/roles/sysadm.te.userdomain serefpolicy-3.10.0/policy/modules/roles/sysadm.te
|
diff -up serefpolicy-3.10.0/policy/modules/roles/sysadm.te.userdomain serefpolicy-3.10.0/policy/modules/roles/sysadm.te
|
||||||
--- serefpolicy-3.10.0/policy/modules/roles/sysadm.te.userdomain 2011-10-21 09:59:23.000000000 -0400
|
--- serefpolicy-3.10.0/policy/modules/roles/sysadm.te.userdomain 2011-10-24 13:26:35.739337064 -0400
|
||||||
+++ serefpolicy-3.10.0/policy/modules/roles/sysadm.te 2011-10-21 10:00:11.291932414 -0400
|
+++ serefpolicy-3.10.0/policy/modules/roles/sysadm.te 2011-10-24 13:26:35.768337066 -0400
|
||||||
@@ -61,7 +61,8 @@ sysnet_filetrans_named_content(sysadm_t)
|
@@ -61,7 +61,8 @@ sysnet_filetrans_named_content(sysadm_t)
|
||||||
# Add/remove user home directories
|
# Add/remove user home directories
|
||||||
userdom_manage_user_home_dirs(sysadm_t)
|
userdom_manage_user_home_dirs(sysadm_t)
|
||||||
@ -195,8 +195,8 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/sysadm.te.userdomain serefpolic
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
alsa_filetrans_named_content(sysadm_t)
|
alsa_filetrans_named_content(sysadm_t)
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.userdomain serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te
|
diff -up serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.userdomain serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te
|
||||||
--- serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.userdomain 2011-10-21 09:59:23.035972928 -0400
|
--- serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.userdomain 2011-10-24 13:26:35.740337064 -0400
|
||||||
+++ serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te 2011-10-21 09:59:23.114972861 -0400
|
+++ serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te 2011-10-24 13:26:35.777337067 -0400
|
||||||
@@ -45,9 +45,12 @@ gen_tunable(unconfined_login, true)
|
@@ -45,9 +45,12 @@ gen_tunable(unconfined_login, true)
|
||||||
# calls is not correct, however we dont currently
|
# calls is not correct, however we dont currently
|
||||||
# have another method to add access to these types
|
# have another method to add access to these types
|
||||||
@ -213,9 +213,26 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.userdomain se
|
|||||||
userdom_unpriv_usertype(unconfined, unconfined_t)
|
userdom_unpriv_usertype(unconfined, unconfined_t)
|
||||||
|
|
||||||
type unconfined_exec_t;
|
type unconfined_exec_t;
|
||||||
|
@@ -347,9 +350,13 @@ optional_policy(`
|
||||||
|
lpd_run_checkpc(unconfined_t, unconfined_r)
|
||||||
|
')
|
||||||
|
|
||||||
|
-#optional_policy(`
|
||||||
|
-# mock_role(unconfined_r, unconfined_t)
|
||||||
|
-#')
|
||||||
|
+optional_policy(`
|
||||||
|
+ mock_role(unconfined_r, unconfined_t)
|
||||||
|
+')
|
||||||
|
+
|
||||||
|
+optional_policy(`
|
||||||
|
+ thumb_role(unconfined_r, unconfined_usertype)
|
||||||
|
+')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
modutils_run_update_mods(unconfined_t, unconfined_r)
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/services/rshd.te.userdomain serefpolicy-3.10.0/policy/modules/services/rshd.te
|
diff -up serefpolicy-3.10.0/policy/modules/services/rshd.te.userdomain serefpolicy-3.10.0/policy/modules/services/rshd.te
|
||||||
--- serefpolicy-3.10.0/policy/modules/services/rshd.te.userdomain 2011-10-21 09:59:22.860973076 -0400
|
--- serefpolicy-3.10.0/policy/modules/services/rshd.te.userdomain 2011-10-24 13:26:35.572337050 -0400
|
||||||
+++ serefpolicy-3.10.0/policy/modules/services/rshd.te 2011-10-21 09:59:23.115972861 -0400
|
+++ serefpolicy-3.10.0/policy/modules/services/rshd.te 2011-10-24 13:26:35.769337066 -0400
|
||||||
@@ -66,7 +66,7 @@ seutil_read_config(rshd_t)
|
@@ -66,7 +66,7 @@ seutil_read_config(rshd_t)
|
||||||
seutil_read_default_contexts(rshd_t)
|
seutil_read_default_contexts(rshd_t)
|
||||||
|
|
||||||
@ -226,8 +243,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/rshd.te.userdomain serefpoli
|
|||||||
tunable_policy(`use_nfs_home_dirs',`
|
tunable_policy(`use_nfs_home_dirs',`
|
||||||
fs_read_nfs_files(rshd_t)
|
fs_read_nfs_files(rshd_t)
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/services/ssh.if.userdomain serefpolicy-3.10.0/policy/modules/services/ssh.if
|
diff -up serefpolicy-3.10.0/policy/modules/services/ssh.if.userdomain serefpolicy-3.10.0/policy/modules/services/ssh.if
|
||||||
--- serefpolicy-3.10.0/policy/modules/services/ssh.if.userdomain 2011-10-21 09:59:22.884973056 -0400
|
--- serefpolicy-3.10.0/policy/modules/services/ssh.if.userdomain 2011-10-24 13:26:35.601337052 -0400
|
||||||
+++ serefpolicy-3.10.0/policy/modules/services/ssh.if 2011-10-21 09:59:23.116972861 -0400
|
+++ serefpolicy-3.10.0/policy/modules/services/ssh.if 2011-10-24 13:26:35.770337066 -0400
|
||||||
@@ -380,7 +380,7 @@ template(`ssh_role_template',`
|
@@ -380,7 +380,7 @@ template(`ssh_role_template',`
|
||||||
manage_lnk_files_pattern($3, ssh_home_t, ssh_home_t)
|
manage_lnk_files_pattern($3, ssh_home_t, ssh_home_t)
|
||||||
manage_sock_files_pattern($3, ssh_home_t, ssh_home_t)
|
manage_sock_files_pattern($3, ssh_home_t, ssh_home_t)
|
||||||
@ -238,8 +255,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ssh.if.userdomain serefpolic
|
|||||||
##############################
|
##############################
|
||||||
#
|
#
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/services/ssh.te.userdomain serefpolicy-3.10.0/policy/modules/services/ssh.te
|
diff -up serefpolicy-3.10.0/policy/modules/services/ssh.te.userdomain serefpolicy-3.10.0/policy/modules/services/ssh.te
|
||||||
--- serefpolicy-3.10.0/policy/modules/services/ssh.te.userdomain 2011-10-21 09:59:22.885973055 -0400
|
--- serefpolicy-3.10.0/policy/modules/services/ssh.te.userdomain 2011-10-24 13:26:35.602337053 -0400
|
||||||
+++ serefpolicy-3.10.0/policy/modules/services/ssh.te 2011-10-21 09:59:23.117972860 -0400
|
+++ serefpolicy-3.10.0/policy/modules/services/ssh.te 2011-10-24 13:26:35.771337066 -0400
|
||||||
@@ -200,6 +200,7 @@ userdom_read_user_tmp_files(ssh_t)
|
@@ -200,6 +200,7 @@ userdom_read_user_tmp_files(ssh_t)
|
||||||
userdom_write_user_tmp_files(ssh_t)
|
userdom_write_user_tmp_files(ssh_t)
|
||||||
userdom_read_user_home_content_symlinks(ssh_t)
|
userdom_read_user_home_content_symlinks(ssh_t)
|
||||||
@ -258,8 +275,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ssh.te.userdomain serefpolic
|
|||||||
userdom_signal_unpriv_users(sshd_t)
|
userdom_signal_unpriv_users(sshd_t)
|
||||||
userdom_dyntransition_unpriv_users(sshd_t)
|
userdom_dyntransition_unpriv_users(sshd_t)
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/services/sssd.te.userdomain serefpolicy-3.10.0/policy/modules/services/sssd.te
|
diff -up serefpolicy-3.10.0/policy/modules/services/sssd.te.userdomain serefpolicy-3.10.0/policy/modules/services/sssd.te
|
||||||
--- serefpolicy-3.10.0/policy/modules/services/sssd.te.userdomain 2011-10-21 09:59:22.887973053 -0400
|
--- serefpolicy-3.10.0/policy/modules/services/sssd.te.userdomain 2011-10-24 13:26:35.603337053 -0400
|
||||||
+++ serefpolicy-3.10.0/policy/modules/services/sssd.te 2011-10-21 09:59:23.117972860 -0400
|
+++ serefpolicy-3.10.0/policy/modules/services/sssd.te 2011-10-24 13:26:35.772337066 -0400
|
||||||
@@ -93,7 +93,7 @@ miscfiles_read_generic_certs(sssd_t)
|
@@ -93,7 +93,7 @@ miscfiles_read_generic_certs(sssd_t)
|
||||||
sysnet_dns_name_resolve(sssd_t)
|
sysnet_dns_name_resolve(sssd_t)
|
||||||
sysnet_use_ldap(sssd_t)
|
sysnet_use_ldap(sssd_t)
|
||||||
@ -270,8 +287,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/sssd.te.userdomain serefpoli
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
dbus_system_bus_client(sssd_t)
|
dbus_system_bus_client(sssd_t)
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/services/xserver.te.userdomain serefpolicy-3.10.0/policy/modules/services/xserver.te
|
diff -up serefpolicy-3.10.0/policy/modules/services/xserver.te.userdomain serefpolicy-3.10.0/policy/modules/services/xserver.te
|
||||||
--- serefpolicy-3.10.0/policy/modules/services/xserver.te.userdomain 2011-10-21 09:59:23.042972923 -0400
|
--- serefpolicy-3.10.0/policy/modules/services/xserver.te.userdomain 2011-10-24 13:26:35.746337064 -0400
|
||||||
+++ serefpolicy-3.10.0/policy/modules/services/xserver.te 2011-10-21 09:59:23.119972858 -0400
|
+++ serefpolicy-3.10.0/policy/modules/services/xserver.te 2011-10-24 13:26:35.773337067 -0400
|
||||||
@@ -671,7 +671,7 @@ userdom_stream_connect(xdm_t)
|
@@ -671,7 +671,7 @@ userdom_stream_connect(xdm_t)
|
||||||
userdom_manage_user_tmp_dirs(xdm_t)
|
userdom_manage_user_tmp_dirs(xdm_t)
|
||||||
userdom_manage_user_tmp_files(xdm_t)
|
userdom_manage_user_tmp_files(xdm_t)
|
||||||
@ -282,8 +299,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/xserver.te.userdomain serefp
|
|||||||
application_signal(xdm_t)
|
application_signal(xdm_t)
|
||||||
|
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.userdomain serefpolicy-3.10.0/policy/modules/system/userdomain.if
|
diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.userdomain serefpolicy-3.10.0/policy/modules/system/userdomain.if
|
||||||
--- serefpolicy-3.10.0/policy/modules/system/userdomain.if.userdomain 2011-10-21 09:59:23.046972919 -0400
|
--- serefpolicy-3.10.0/policy/modules/system/userdomain.if.userdomain 2011-10-24 13:26:35.749337065 -0400
|
||||||
+++ serefpolicy-3.10.0/policy/modules/system/userdomain.if 2011-10-21 09:59:23.121972856 -0400
|
+++ serefpolicy-3.10.0/policy/modules/system/userdomain.if 2011-10-24 13:27:29.940341512 -0400
|
||||||
@@ -35,21 +35,14 @@ template(`userdom_base_user_template',`
|
@@ -35,21 +35,14 @@ template(`userdom_base_user_template',`
|
||||||
type $1_t, userdomain, $1_usertype;
|
type $1_t, userdomain, $1_usertype;
|
||||||
domain_type($1_t)
|
domain_type($1_t)
|
||||||
@ -741,8 +758,7 @@ diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.userdomain seref
|
|||||||
- auth_read_login_records($1_usertype)
|
- auth_read_login_records($1_usertype)
|
||||||
- auth_run_pam($1_t,$1_r)
|
- auth_run_pam($1_t,$1_r)
|
||||||
- auth_run_utempter($1_t,$1_r)
|
- auth_run_utempter($1_t,$1_r)
|
||||||
+ userdom_basic_networking(common_userdomain)
|
-
|
||||||
|
|
||||||
- init_read_utmp($1_usertype)
|
- init_read_utmp($1_usertype)
|
||||||
-
|
-
|
||||||
- seutil_read_file_contexts($1_usertype)
|
- seutil_read_file_contexts($1_usertype)
|
||||||
@ -904,7 +920,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.userdomain seref
|
|||||||
- postgresql_tcp_connect($1_usertype)
|
- postgresql_tcp_connect($1_usertype)
|
||||||
- ')
|
- ')
|
||||||
- ')
|
- ')
|
||||||
-
|
+ userdom_basic_networking($1_usertype)
|
||||||
|
|
||||||
- optional_policy(`
|
- optional_policy(`
|
||||||
- resmgr_stream_connect($1_usertype)
|
- resmgr_stream_connect($1_usertype)
|
||||||
- ')
|
- ')
|
||||||
@ -983,8 +1000,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.userdomain seref
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.te.userdomain serefpolicy-3.10.0/policy/modules/system/userdomain.te
|
diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.te.userdomain serefpolicy-3.10.0/policy/modules/system/userdomain.te
|
||||||
--- serefpolicy-3.10.0/policy/modules/system/userdomain.te.userdomain 2011-10-21 09:59:22.972972981 -0400
|
--- serefpolicy-3.10.0/policy/modules/system/userdomain.te.userdomain 2011-10-24 13:26:35.691337060 -0400
|
||||||
+++ serefpolicy-3.10.0/policy/modules/system/userdomain.te 2011-10-21 10:04:03.330742358 -0400
|
+++ serefpolicy-3.10.0/policy/modules/system/userdomain.te 2011-10-24 13:26:35.776337067 -0400
|
||||||
@@ -69,6 +69,8 @@ attribute userdomain;
|
@@ -69,6 +69,8 @@ attribute userdomain;
|
||||||
|
|
||||||
# unprivileged user domains
|
# unprivileged user domains
|
||||||
@ -1388,24 +1405,3 @@ diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.te.userdomain seref
|
|||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
+ slrnpull_search_spool(common_userdomain)
|
+ slrnpull_search_spool(common_userdomain)
|
||||||
+')
|
+')
|
||||||
diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te
|
|
||||||
index b1e60db..67b58eb 100644
|
|
||||||
--- a/policy/modules/roles/unconfineduser.te
|
|
||||||
+++ b/policy/modules/roles/unconfineduser.te
|
|
||||||
@@ -346,9 +346,13 @@ optional_policy(`
|
|
||||||
lpd_run_checkpc(unconfined_t, unconfined_r)
|
|
||||||
')
|
|
||||||
|
|
||||||
-#optional_policy(`
|
|
||||||
-# mock_role(unconfined_r, unconfined_t)
|
|
||||||
-#')
|
|
||||||
+optional_policy(`
|
|
||||||
+ mock_role(unconfined_r, unconfined_t)
|
|
||||||
+')
|
|
||||||
+
|
|
||||||
+optional_policy(`
|
|
||||||
+ thumb_role(unconfined_r, unconfined_usertype)
|
|
||||||
+')
|
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
modutils_run_update_mods(unconfined_t, unconfined_r)
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user