rpms
/
selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Allow unconfined_t to setfcap

This commit is contained in:
Daniel J Walsh 2008-07-08 20:14:39 +00:00
parent 273a44c689
commit 43f9fcec3e
2 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
policy-20080509.patch
View File

@ -1584,7 +1584,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if
') ')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.4.2/policy/modules/admin/tmpreaper.te diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.4.2/policy/modules/admin/tmpreaper.te
--- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2008-06-12 23:25:08.000000000 -0400 --- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2008-06-12 23:25:08.000000000 -0400
+++ serefpolicy-3.4.2/policy/modules/admin/tmpreaper.te 2008-07-02 08:47:04.000000000 -0400 +++ serefpolicy-3.4.2/policy/modules/admin/tmpreaper.te 2008-07-08 15:18:50.000000000 -0400
@@ -22,12 +22,14 @@ @@ -22,12 +22,14 @@
dev_read_urand(tmpreaper_t) dev_read_urand(tmpreaper_t)
@ -1608,7 +1608,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreap
+userdom_delete_all_users_home_content_files(tmpreaper_t) +userdom_delete_all_users_home_content_files(tmpreaper_t)
+userdom_delete_all_users_home_content_symlinks(tmpreaper_t) +userdom_delete_all_users_home_content_symlinks(tmpreaper_t)
+ +
+files_delete_isid_type_dirs(tmpreaper_t) +files_manage_isid_type_dirs(tmpreaper_t)
+files_delete_isid_type_files(tmpreaper_t) +files_delete_isid_type_files(tmpreaper_t)
+ +
+optional_policy(` +optional_policy(`
@ -6632,7 +6632,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
# /emul # /emul
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.4.2/policy/modules/kernel/files.if diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.4.2/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2008-06-12 23:25:02.000000000 -0400 --- nsaserefpolicy/policy/modules/kernel/files.if 2008-06-12 23:25:02.000000000 -0400
+++ serefpolicy-3.4.2/policy/modules/kernel/files.if 2008-07-02 14:59:18.000000000 -0400 +++ serefpolicy-3.4.2/policy/modules/kernel/files.if 2008-07-08 15:17:08.000000000 -0400
@@ -110,6 +110,11 @@ @@ -110,6 +110,11 @@
## </param> ## </param>
# #
@ -33478,7 +33478,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0) +/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.4.2/policy/modules/system/userdomain.if diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.4.2/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-06-12 23:25:07.000000000 -0400 --- nsaserefpolicy/policy/modules/system/userdomain.if 2008-06-12 23:25:07.000000000 -0400
+++ serefpolicy-3.4.2/policy/modules/system/userdomain.if 2008-07-07 11:47:08.000000000 -0400 +++ serefpolicy-3.4.2/policy/modules/system/userdomain.if 2008-07-08 15:19:54.000000000 -0400
@@ -28,10 +28,14 @@ @@ -28,10 +28,14 @@
class context contains; class context contains;
') ')

5
selinux-policy.spec
View File

@ -17,7 +17,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.4.2 Version: 3.4.2
Release: 12%{?dist} Release: 13%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Source: serefpolicy-%{version}.tgz Source: serefpolicy-%{version}.tgz
@ -375,6 +375,9 @@ exit 0
%endif %endif
%changelog %changelog
* Tue Jul 8 2008 Dan Walsh <dwalsh@redhat.com> 3.4.2-13
- Allow unconfined_t to setfcap
* Mon Jul 7 2008 Dan Walsh <dwalsh@redhat.com> 3.4.2-12 * Mon Jul 7 2008 Dan Walsh <dwalsh@redhat.com> 3.4.2-12
- Allow amanda to read tape - Allow amanda to read tape
- Allow prewikka cgi to use syslog, allow audisp_t to signal cgi - Allow prewikka cgi to use syslog, allow audisp_t to signal cgi