- More fixes from upstream
This commit is contained in:
Daniel J Walsh
parent
abd1536931
commit
43fb726b4b
@ -181,3 +181,4 @@ serefpolicy-3.6.22.tgz
|
||||
serefpolicy-3.6.23.tgz
|
||||
serefpolicy-3.6.24.tgz
|
||||
serefpolicy-3.6.25.tgz
|
||||
serefpolicy-3.6.26.tgz
|
||||
|
||||
@ -10579,7 +10579,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+')
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.26/policy/modules/services/hal.te
|
||||
--- nsaserefpolicy/policy/modules/services/hal.te 2009-07-28 13:28:33.000000000 -0400
|
||||
+++ serefpolicy-3.6.26/policy/modules/services/hal.te 2009-07-30 15:33:08.000000000 -0400
|
||||
+++ serefpolicy-3.6.26/policy/modules/services/hal.te 2009-07-30 17:31:42.000000000 -0400
|
||||
@@ -55,6 +55,9 @@
|
||||
type hald_var_lib_t;
|
||||
files_type(hald_var_lib_t)
|
||||
@ -10645,7 +10645,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
policykit_domtrans_auth(hald_acl_t)
|
||||
policykit_read_lib(hald_acl_t)
|
||||
policykit_read_reload(hald_acl_t)
|
||||
@@ -450,11 +466,15 @@
|
||||
@@ -450,12 +466,16 @@
|
||||
|
||||
miscfiles_read_localization(hald_keymap_t)
|
||||
|
||||
@ -10658,12 +10658,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
# Local hald dccm policy
|
||||
#
|
||||
-
|
||||
-allow hald_dccm_t self:capability { net_bind_service };
|
||||
+allow hald_dccm_t self:fifo_file rw_fifo_file_perms;
|
||||
allow hald_dccm_t self:capability { net_bind_service };
|
||||
+allow hald_dccm_t self:capability { chown net_bind_service };
|
||||
allow hald_dccm_t self:process getsched;
|
||||
allow hald_dccm_t self:tcp_socket create_stream_socket_perms;
|
||||
@@ -473,6 +493,8 @@
|
||||
allow hald_dccm_t self:udp_socket create_socket_perms;
|
||||
@@ -471,8 +491,12 @@
|
||||
|
||||
write_files_pattern(hald_dccm_t, hald_log_t, hald_log_t)
|
||||
|
||||
+dev_read_urand(hald_dccm_t)
|
||||
+
|
||||
kernel_search_network_sysctl(hald_dccm_t)
|
||||
|
||||
+hal_dontaudit_rw_dgram_sockets(hald_dccm_t)
|
||||
@ -10671,7 +10677,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
corenet_all_recvfrom_unlabeled(hald_dccm_t)
|
||||
corenet_all_recvfrom_netlabel(hald_dccm_t)
|
||||
corenet_tcp_sendrecv_generic_if(hald_dccm_t)
|
||||
@@ -484,6 +506,7 @@
|
||||
@@ -484,6 +508,7 @@
|
||||
corenet_tcp_bind_generic_node(hald_dccm_t)
|
||||
corenet_udp_bind_generic_node(hald_dccm_t)
|
||||
corenet_udp_bind_dhcpc_port(hald_dccm_t)
|
||||
@ -10679,7 +10685,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
corenet_tcp_bind_dccm_port(hald_dccm_t)
|
||||
|
||||
logging_send_syslog_msg(hald_dccm_t)
|
||||
@@ -491,3 +514,9 @@
|
||||
@@ -491,3 +516,9 @@
|
||||
files_read_usr_files(hald_dccm_t)
|
||||
|
||||
miscfiles_read_localization(hald_dccm_t)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user