- Allow exim to getattr on mountpoints
- Fixes for pulseaudio
This commit is contained in:
Daniel J Walsh
parent
bebd8db8df
commit
4673269d66
@ -2986,6 +2986,35 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+
|
||||
+
|
||||
+
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.te serefpolicy-3.6.26/policy/modules/apps/pulseaudio.te
|
||||
--- nsaserefpolicy/policy/modules/apps/pulseaudio.te 2009-07-23 14:11:04.000000000 -0400
|
||||
+++ serefpolicy-3.6.26/policy/modules/apps/pulseaudio.te 2009-08-04 05:32:34.000000000 -0400
|
||||
@@ -22,6 +22,7 @@
|
||||
allow pulseaudio_t self:unix_dgram_socket { sendto create_socket_perms };
|
||||
allow pulseaudio_t self:tcp_socket create_stream_socket_perms;
|
||||
allow pulseaudio_t self:udp_socket create_socket_perms;
|
||||
+allow pulseaudio_t self:netlink_kobject_uevent_socket create_socket_perms;
|
||||
|
||||
kernel_read_kernel_sysctls(pulseaudio_t)
|
||||
|
||||
@@ -47,6 +48,7 @@
|
||||
|
||||
fs_rw_anon_inodefs_files(pulseaudio_t)
|
||||
fs_getattr_tmpfs(pulseaudio_t)
|
||||
+fs_list_inotifyfs(pulseaudio_t)
|
||||
|
||||
term_use_all_user_ttys(pulseaudio_t)
|
||||
term_use_all_user_ptys(pulseaudio_t)
|
||||
@@ -85,8 +87,8 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
- xserver_read_xdm_pid(pulseaudio_t)
|
||||
xserver_manage_xdm_tmp_files(pulseaudio_t)
|
||||
xserver_read_xdm_lib_files(pulseaudio_t)
|
||||
+ xserver_common_app(pulseaudio_t)
|
||||
')
|
||||
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.6.26/policy/modules/apps/qemu.fc
|
||||
--- nsaserefpolicy/policy/modules/apps/qemu.fc 2009-07-14 14:19:57.000000000 -0400
|
||||
+++ serefpolicy-3.6.26/policy/modules/apps/qemu.fc 2009-07-30 15:33:08.000000000 -0400
|
||||
@ -10644,7 +10673,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+')
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.26/policy/modules/services/hal.te
|
||||
--- nsaserefpolicy/policy/modules/services/hal.te 2009-07-28 13:28:33.000000000 -0400
|
||||
+++ serefpolicy-3.6.26/policy/modules/services/hal.te 2009-07-31 06:43:31.000000000 -0400
|
||||
+++ serefpolicy-3.6.26/policy/modules/services/hal.te 2009-08-04 05:57:57.000000000 -0400
|
||||
@@ -55,6 +55,9 @@
|
||||
type hald_var_lib_t;
|
||||
files_type(hald_var_lib_t)
|
||||
@ -10702,7 +10731,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
corecmd_exec_bin(hald_acl_t)
|
||||
|
||||
@@ -369,6 +384,7 @@
|
||||
@@ -357,6 +372,8 @@
|
||||
files_read_usr_files(hald_acl_t)
|
||||
files_read_etc_files(hald_acl_t)
|
||||
|
||||
+fs_getattr_all_fs(hald_acl_t)
|
||||
+
|
||||
storage_getattr_removable_dev(hald_acl_t)
|
||||
storage_setattr_removable_dev(hald_acl_t)
|
||||
storage_getattr_fixed_disk_dev(hald_acl_t)
|
||||
@@ -369,6 +386,7 @@
|
||||
miscfiles_read_localization(hald_acl_t)
|
||||
|
||||
optional_policy(`
|
||||
@ -10710,7 +10748,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
policykit_domtrans_auth(hald_acl_t)
|
||||
policykit_read_lib(hald_acl_t)
|
||||
policykit_read_reload(hald_acl_t)
|
||||
@@ -450,12 +466,16 @@
|
||||
@@ -450,12 +468,16 @@
|
||||
|
||||
miscfiles_read_localization(hald_keymap_t)
|
||||
|
||||
@ -10729,7 +10767,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
allow hald_dccm_t self:process getsched;
|
||||
allow hald_dccm_t self:tcp_socket create_stream_socket_perms;
|
||||
allow hald_dccm_t self:udp_socket create_socket_perms;
|
||||
@@ -469,10 +489,17 @@
|
||||
@@ -469,10 +491,17 @@
|
||||
manage_files_pattern(hald_dccm_t, hald_var_lib_t, hald_var_lib_t)
|
||||
files_search_var_lib(hald_dccm_t)
|
||||
|
||||
@ -10747,7 +10785,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
corenet_all_recvfrom_unlabeled(hald_dccm_t)
|
||||
corenet_all_recvfrom_netlabel(hald_dccm_t)
|
||||
corenet_tcp_sendrecv_generic_if(hald_dccm_t)
|
||||
@@ -484,6 +511,7 @@
|
||||
@@ -484,6 +513,7 @@
|
||||
corenet_tcp_bind_generic_node(hald_dccm_t)
|
||||
corenet_udp_bind_generic_node(hald_dccm_t)
|
||||
corenet_udp_bind_dhcpc_port(hald_dccm_t)
|
||||
@ -10755,7 +10793,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
corenet_tcp_bind_dccm_port(hald_dccm_t)
|
||||
|
||||
logging_send_syslog_msg(hald_dccm_t)
|
||||
@@ -491,3 +519,9 @@
|
||||
@@ -491,3 +521,9 @@
|
||||
files_read_usr_files(hald_dccm_t)
|
||||
|
||||
miscfiles_read_localization(hald_dccm_t)
|
||||
@ -13812,7 +13850,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
term_dontaudit_use_console(ricci_modstorage_t)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.if serefpolicy-3.6.26/policy/modules/services/rpcbind.if
|
||||
--- nsaserefpolicy/policy/modules/services/rpcbind.if 2009-07-14 14:19:57.000000000 -0400
|
||||
+++ serefpolicy-3.6.26/policy/modules/services/rpcbind.if 2009-07-30 15:33:09.000000000 -0400
|
||||
+++ serefpolicy-3.6.26/policy/modules/services/rpcbind.if 2009-08-04 06:47:08.000000000 -0400
|
||||
@@ -97,6 +97,26 @@
|
||||
|
||||
########################################
|
||||
@ -18584,7 +18622,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.6.26/policy/modules/system/authlogin.if
|
||||
--- nsaserefpolicy/policy/modules/system/authlogin.if 2009-07-14 14:19:57.000000000 -0400
|
||||
+++ serefpolicy-3.6.26/policy/modules/system/authlogin.if 2009-07-30 15:33:09.000000000 -0400
|
||||
+++ serefpolicy-3.6.26/policy/modules/system/authlogin.if 2009-08-04 06:42:06.000000000 -0400
|
||||
@@ -40,17 +40,76 @@
|
||||
## </summary>
|
||||
## </param>
|
||||
@ -18729,7 +18767,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
')
|
||||
|
||||
@@ -305,19 +379,16 @@
|
||||
@@ -258,6 +332,7 @@
|
||||
type auth_cache_t;
|
||||
')
|
||||
|
||||
+ manage_dirs_pattern($1, auth_cache_t, auth_cache_t)
|
||||
manage_files_pattern($1, auth_cache_t, auth_cache_t)
|
||||
')
|
||||
|
||||
@@ -305,19 +380,16 @@
|
||||
dev_read_rand($1)
|
||||
dev_read_urand($1)
|
||||
|
||||
@ -18743,18 +18789,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
- sysnet_dns_name_resolve($1)
|
||||
- sysnet_use_ldap($1)
|
||||
-
|
||||
- optional_policy(`
|
||||
optional_policy(`
|
||||
- kerberos_use($1)
|
||||
- ')
|
||||
-
|
||||
optional_policy(`
|
||||
- optional_policy(`
|
||||
- nis_use_ypbind($1)
|
||||
+ kerberos_read_keytab($1)
|
||||
+ kerberos_connect_524($1)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -328,6 +399,29 @@
|
||||
@@ -328,6 +400,29 @@
|
||||
optional_policy(`
|
||||
samba_stream_connect_winbind($1)
|
||||
')
|
||||
@ -18784,7 +18830,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -352,6 +446,7 @@
|
||||
@@ -352,6 +447,7 @@
|
||||
|
||||
auth_domtrans_chk_passwd($1)
|
||||
role $2 types chkpwd_t;
|
||||
@ -18792,7 +18838,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -1129,6 +1224,32 @@
|
||||
@@ -1129,6 +1225,32 @@
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
@ -18825,7 +18871,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
## Manage all files on the filesystem, except
|
||||
## the shadow passwords and listed exceptions.
|
||||
## </summary>
|
||||
@@ -1254,6 +1375,25 @@
|
||||
@@ -1254,6 +1376,25 @@
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
@ -18851,7 +18897,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
## Do not audit attempts to write to
|
||||
## login records files.
|
||||
## </summary>
|
||||
@@ -1395,6 +1535,14 @@
|
||||
@@ -1395,6 +1536,14 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -18866,7 +18912,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
nis_use_ypbind($1)
|
||||
')
|
||||
|
||||
@@ -1403,8 +1551,17 @@
|
||||
@@ -1403,8 +1552,17 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
||||
@ -20,7 +20,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.6.26
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
@ -475,6 +475,10 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Aug 4 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-4
|
||||
- Allow exim to getattr on mountpoints
|
||||
- Fixes for pulseaudio
|
||||
|
||||
* Fri Jul 31 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-3
|
||||
- Allow svirt_t to stream_connect to virtd_t
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user