- Allow unconfined_t to setfcap
This commit is contained in:
Daniel J Walsh
parent
273a44c689
commit
43f9fcec3e
@ -1584,7 +1584,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if
|
|||||||
')
|
')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.4.2/policy/modules/admin/tmpreaper.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.4.2/policy/modules/admin/tmpreaper.te
|
||||||
--- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2008-06-12 23:25:08.000000000 -0400
|
--- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2008-06-12 23:25:08.000000000 -0400
|
||||||
+++ serefpolicy-3.4.2/policy/modules/admin/tmpreaper.te 2008-07-02 08:47:04.000000000 -0400
|
+++ serefpolicy-3.4.2/policy/modules/admin/tmpreaper.te 2008-07-08 15:18:50.000000000 -0400
|
||||||
@@ -22,12 +22,14 @@
|
@@ -22,12 +22,14 @@
|
||||||
dev_read_urand(tmpreaper_t)
|
dev_read_urand(tmpreaper_t)
|
||||||
|
|
||||||
@ -1608,7 +1608,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreap
|
|||||||
+userdom_delete_all_users_home_content_files(tmpreaper_t)
|
+userdom_delete_all_users_home_content_files(tmpreaper_t)
|
||||||
+userdom_delete_all_users_home_content_symlinks(tmpreaper_t)
|
+userdom_delete_all_users_home_content_symlinks(tmpreaper_t)
|
||||||
+
|
+
|
||||||
+files_delete_isid_type_dirs(tmpreaper_t)
|
+files_manage_isid_type_dirs(tmpreaper_t)
|
||||||
+files_delete_isid_type_files(tmpreaper_t)
|
+files_delete_isid_type_files(tmpreaper_t)
|
||||||
+
|
+
|
||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
@ -6632,7 +6632,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
|
|||||||
# /emul
|
# /emul
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.4.2/policy/modules/kernel/files.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.4.2/policy/modules/kernel/files.if
|
||||||
--- nsaserefpolicy/policy/modules/kernel/files.if 2008-06-12 23:25:02.000000000 -0400
|
--- nsaserefpolicy/policy/modules/kernel/files.if 2008-06-12 23:25:02.000000000 -0400
|
||||||
+++ serefpolicy-3.4.2/policy/modules/kernel/files.if 2008-07-02 14:59:18.000000000 -0400
|
+++ serefpolicy-3.4.2/policy/modules/kernel/files.if 2008-07-08 15:17:08.000000000 -0400
|
||||||
@@ -110,6 +110,11 @@
|
@@ -110,6 +110,11 @@
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -33478,7 +33478,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
|
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.4.2/policy/modules/system/userdomain.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.4.2/policy/modules/system/userdomain.if
|
||||||
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-06-12 23:25:07.000000000 -0400
|
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-06-12 23:25:07.000000000 -0400
|
||||||
+++ serefpolicy-3.4.2/policy/modules/system/userdomain.if 2008-07-07 11:47:08.000000000 -0400
|
+++ serefpolicy-3.4.2/policy/modules/system/userdomain.if 2008-07-08 15:19:54.000000000 -0400
|
||||||
@@ -28,10 +28,14 @@
|
@@ -28,10 +28,14 @@
|
||||||
class context contains;
|
class context contains;
|
||||||
')
|
')
|
||||||
|
|||||||
@ -17,7 +17,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.4.2
|
Version: 3.4.2
|
||||||
Release: 12%{?dist}
|
Release: 13%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -375,6 +375,9 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jul 8 2008 Dan Walsh <dwalsh@redhat.com> 3.4.2-13
|
||||||
|
- Allow unconfined_t to setfcap
|
||||||
|
|
||||||
* Mon Jul 7 2008 Dan Walsh <dwalsh@redhat.com> 3.4.2-12
|
* Mon Jul 7 2008 Dan Walsh <dwalsh@redhat.com> 3.4.2-12
|
||||||
- Allow amanda to read tape
|
- Allow amanda to read tape
|
||||||
- Allow prewikka cgi to use syslog, allow audisp_t to signal cgi
|
- Allow prewikka cgi to use syslog, allow audisp_t to signal cgi
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user