- Allow unconfined_t to setfcap
This commit is contained in:
Daniel J Walsh
parent
273a44c689
commit
43f9fcec3e
|
|
@ -1584,7 +1584,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if
|
|||
')
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.4.2/policy/modules/admin/tmpreaper.te
|
||||
--- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2008-06-12 23:25:08.000000000 -0400
|
||||
+++ serefpolicy-3.4.2/policy/modules/admin/tmpreaper.te 2008-07-02 08:47:04.000000000 -0400
|
||||
+++ serefpolicy-3.4.2/policy/modules/admin/tmpreaper.te 2008-07-08 15:18:50.000000000 -0400
|
||||
@@ -22,12 +22,14 @@
|
||||
dev_read_urand(tmpreaper_t)
|
||||
|
||||
|
|
@ -1608,7 +1608,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreap
|
|||
+userdom_delete_all_users_home_content_files(tmpreaper_t)
|
||||
+userdom_delete_all_users_home_content_symlinks(tmpreaper_t)
|
||||
+
|
||||
+files_delete_isid_type_dirs(tmpreaper_t)
|
||||
+files_manage_isid_type_dirs(tmpreaper_t)
|
||||
+files_delete_isid_type_files(tmpreaper_t)
|
||||
+
|
||||
+optional_policy(`
|
||||
|
|
@ -6632,7 +6632,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
|
|||
# /emul
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.4.2/policy/modules/kernel/files.if
|
||||
--- nsaserefpolicy/policy/modules/kernel/files.if 2008-06-12 23:25:02.000000000 -0400
|
||||
+++ serefpolicy-3.4.2/policy/modules/kernel/files.if 2008-07-02 14:59:18.000000000 -0400
|
||||
+++ serefpolicy-3.4.2/policy/modules/kernel/files.if 2008-07-08 15:17:08.000000000 -0400
|
||||
@@ -110,6 +110,11 @@
|
||||
## </param>
|
||||
#
|
||||
|
|
@ -33478,7 +33478,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.4.2/policy/modules/system/userdomain.if
|
||||
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-06-12 23:25:07.000000000 -0400
|
||||
+++ serefpolicy-3.4.2/policy/modules/system/userdomain.if 2008-07-07 11:47:08.000000000 -0400
|
||||
+++ serefpolicy-3.4.2/policy/modules/system/userdomain.if 2008-07-08 15:19:54.000000000 -0400
|
||||
@@ -28,10 +28,14 @@
|
||||
class context contains;
|
||||
')
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@
|
|||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.4.2
|
||||
Release: 12%{?dist}
|
||||
Release: 13%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
|
|
@ -375,6 +375,9 @@ exit 0
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Jul 8 2008 Dan Walsh <dwalsh@redhat.com> 3.4.2-13
|
||||
- Allow unconfined_t to setfcap
|
||||
|
||||
* Mon Jul 7 2008 Dan Walsh <dwalsh@redhat.com> 3.4.2-12
|
||||
- Allow amanda to read tape
|
||||
- Allow prewikka cgi to use syslog, allow audisp_t to signal cgi
|
||||
|
|
|
|||
Loading…
Reference in New Issue