rpms/selinux-policy
6
0
Fork 0
Code Issues Pull Requests Releases Activity

- Allow exim to getattr on mountpoints

Browse Source 
- Fixes for pulseaudio
This commit is contained in:
Daniel J Walsh 2009-08-04 11:32:06 +00:00
parent bebd8db8df
commit 4673269d66
2 changed files with 68 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
policy-F12.patch
View File

@ -2986,6 +2986,35 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ +
+ +
+ +
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.te serefpolicy-3.6.26/policy/modules/apps/pulseaudio.te
--- nsaserefpolicy/policy/modules/apps/pulseaudio.te 2009-07-23 14:11:04.000000000 -0400
+++ serefpolicy-3.6.26/policy/modules/apps/pulseaudio.te 2009-08-04 05:32:34.000000000 -0400
@@ -22,6 +22,7 @@
allow pulseaudio_t self:unix_dgram_socket { sendto create_socket_perms };
allow pulseaudio_t self:tcp_socket create_stream_socket_perms;
allow pulseaudio_t self:udp_socket create_socket_perms;
+allow pulseaudio_t self:netlink_kobject_uevent_socket create_socket_perms;
kernel_read_kernel_sysctls(pulseaudio_t)
@@ -47,6 +48,7 @@
fs_rw_anon_inodefs_files(pulseaudio_t)
fs_getattr_tmpfs(pulseaudio_t)
+fs_list_inotifyfs(pulseaudio_t)
term_use_all_user_ttys(pulseaudio_t)
term_use_all_user_ptys(pulseaudio_t)
@@ -85,8 +87,8 @@
')
optional_policy(`
- xserver_read_xdm_pid(pulseaudio_t)
xserver_manage_xdm_tmp_files(pulseaudio_t)
xserver_read_xdm_lib_files(pulseaudio_t)
+ xserver_common_app(pulseaudio_t)
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.6.26/policy/modules/apps/qemu.fc diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.6.26/policy/modules/apps/qemu.fc
--- nsaserefpolicy/policy/modules/apps/qemu.fc 2009-07-14 14:19:57.000000000 -0400 --- nsaserefpolicy/policy/modules/apps/qemu.fc 2009-07-14 14:19:57.000000000 -0400
+++ serefpolicy-3.6.26/policy/modules/apps/qemu.fc 2009-07-30 15:33:08.000000000 -0400 +++ serefpolicy-3.6.26/policy/modules/apps/qemu.fc 2009-07-30 15:33:08.000000000 -0400
@ -10644,7 +10673,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+') +')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.26/policy/modules/services/hal.te diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.26/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2009-07-28 13:28:33.000000000 -0400 --- nsaserefpolicy/policy/modules/services/hal.te 2009-07-28 13:28:33.000000000 -0400
+++ serefpolicy-3.6.26/policy/modules/services/hal.te 2009-07-31 06:43:31.000000000 -0400 +++ serefpolicy-3.6.26/policy/modules/services/hal.te 2009-08-04 05:57:57.000000000 -0400
@@ -55,6 +55,9 @@ @@ -55,6 +55,9 @@
type hald_var_lib_t; type hald_var_lib_t;
files_type(hald_var_lib_t) files_type(hald_var_lib_t)
@ -10702,7 +10731,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corecmd_exec_bin(hald_acl_t) corecmd_exec_bin(hald_acl_t)
@@ -369,6 +384,7 @@ @@ -357,6 +372,8 @@
files_read_usr_files(hald_acl_t)
files_read_etc_files(hald_acl_t)
+fs_getattr_all_fs(hald_acl_t)
+
storage_getattr_removable_dev(hald_acl_t)
storage_setattr_removable_dev(hald_acl_t)
storage_getattr_fixed_disk_dev(hald_acl_t)
@@ -369,6 +386,7 @@
miscfiles_read_localization(hald_acl_t) miscfiles_read_localization(hald_acl_t)
optional_policy(` optional_policy(`
@ -10710,7 +10748,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
policykit_domtrans_auth(hald_acl_t) policykit_domtrans_auth(hald_acl_t)
policykit_read_lib(hald_acl_t) policykit_read_lib(hald_acl_t)
policykit_read_reload(hald_acl_t) policykit_read_reload(hald_acl_t)
@@ -450,12 +466,16 @@ @@ -450,12 +468,16 @@
miscfiles_read_localization(hald_keymap_t) miscfiles_read_localization(hald_keymap_t)
@ -10729,7 +10767,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow hald_dccm_t self:process getsched; allow hald_dccm_t self:process getsched;
allow hald_dccm_t self:tcp_socket create_stream_socket_perms; allow hald_dccm_t self:tcp_socket create_stream_socket_perms;
allow hald_dccm_t self:udp_socket create_socket_perms; allow hald_dccm_t self:udp_socket create_socket_perms;
@@ -469,10 +489,17 @@ @@ -469,10 +491,17 @@
manage_files_pattern(hald_dccm_t, hald_var_lib_t, hald_var_lib_t) manage_files_pattern(hald_dccm_t, hald_var_lib_t, hald_var_lib_t)
files_search_var_lib(hald_dccm_t) files_search_var_lib(hald_dccm_t)
@ -10747,7 +10785,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_all_recvfrom_unlabeled(hald_dccm_t) corenet_all_recvfrom_unlabeled(hald_dccm_t)
corenet_all_recvfrom_netlabel(hald_dccm_t) corenet_all_recvfrom_netlabel(hald_dccm_t)
corenet_tcp_sendrecv_generic_if(hald_dccm_t) corenet_tcp_sendrecv_generic_if(hald_dccm_t)
@@ -484,6 +511,7 @@ @@ -484,6 +513,7 @@
corenet_tcp_bind_generic_node(hald_dccm_t) corenet_tcp_bind_generic_node(hald_dccm_t)
corenet_udp_bind_generic_node(hald_dccm_t) corenet_udp_bind_generic_node(hald_dccm_t)
corenet_udp_bind_dhcpc_port(hald_dccm_t) corenet_udp_bind_dhcpc_port(hald_dccm_t)
@ -10755,7 +10793,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_tcp_bind_dccm_port(hald_dccm_t) corenet_tcp_bind_dccm_port(hald_dccm_t)
logging_send_syslog_msg(hald_dccm_t) logging_send_syslog_msg(hald_dccm_t)
@@ -491,3 +519,9 @@ @@ -491,3 +521,9 @@
files_read_usr_files(hald_dccm_t) files_read_usr_files(hald_dccm_t)
miscfiles_read_localization(hald_dccm_t) miscfiles_read_localization(hald_dccm_t)
@ -13812,7 +13850,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
term_dontaudit_use_console(ricci_modstorage_t) term_dontaudit_use_console(ricci_modstorage_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.if serefpolicy-3.6.26/policy/modules/services/rpcbind.if diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.if serefpolicy-3.6.26/policy/modules/services/rpcbind.if
--- nsaserefpolicy/policy/modules/services/rpcbind.if 2009-07-14 14:19:57.000000000 -0400 --- nsaserefpolicy/policy/modules/services/rpcbind.if 2009-07-14 14:19:57.000000000 -0400
+++ serefpolicy-3.6.26/policy/modules/services/rpcbind.if 2009-07-30 15:33:09.000000000 -0400 +++ serefpolicy-3.6.26/policy/modules/services/rpcbind.if 2009-08-04 06:47:08.000000000 -0400
@@ -97,6 +97,26 @@ @@ -97,6 +97,26 @@
######################################## ########################################
@ -18584,7 +18622,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ +
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.6.26/policy/modules/system/authlogin.if diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.6.26/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2009-07-14 14:19:57.000000000 -0400 --- nsaserefpolicy/policy/modules/system/authlogin.if 2009-07-14 14:19:57.000000000 -0400
+++ serefpolicy-3.6.26/policy/modules/system/authlogin.if 2009-07-30 15:33:09.000000000 -0400 +++ serefpolicy-3.6.26/policy/modules/system/authlogin.if 2009-08-04 06:42:06.000000000 -0400
@@ -40,17 +40,76 @@ @@ -40,17 +40,76 @@
## </summary> ## </summary>
## </param> ## </param>
@ -18729,7 +18767,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
') ')
') ')
@@ -305,19 +379,16 @@ @@ -258,6 +332,7 @@
type auth_cache_t;
')
+ manage_dirs_pattern($1, auth_cache_t, auth_cache_t)
manage_files_pattern($1, auth_cache_t, auth_cache_t)
')
@@ -305,19 +380,16 @@
dev_read_rand($1) dev_read_rand($1)
dev_read_urand($1) dev_read_urand($1)
@ -18743,18 +18789,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- sysnet_dns_name_resolve($1) - sysnet_dns_name_resolve($1)
- sysnet_use_ldap($1) - sysnet_use_ldap($1)
- -
- optional_policy(` optional_policy(`
- kerberos_use($1) - kerberos_use($1)
- ') - ')
- -
optional_policy(` - optional_policy(`
- nis_use_ypbind($1) - nis_use_ypbind($1)
+ kerberos_read_keytab($1) + kerberos_read_keytab($1)
+ kerberos_connect_524($1) + kerberos_connect_524($1)
') ')
optional_policy(` optional_policy(`
@@ -328,6 +399,29 @@ @@ -328,6 +400,29 @@
optional_policy(` optional_policy(`
samba_stream_connect_winbind($1) samba_stream_connect_winbind($1)
') ')
@ -18784,7 +18830,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
') ')
######################################## ########################################
@@ -352,6 +446,7 @@ @@ -352,6 +447,7 @@
auth_domtrans_chk_passwd($1) auth_domtrans_chk_passwd($1)
role $2 types chkpwd_t; role $2 types chkpwd_t;
@ -18792,7 +18838,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
') ')
######################################## ########################################
@@ -1129,6 +1224,32 @@ @@ -1129,6 +1225,32 @@
######################################## ########################################
## <summary> ## <summary>
@ -18825,7 +18871,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Manage all files on the filesystem, except ## Manage all files on the filesystem, except
## the shadow passwords and listed exceptions. ## the shadow passwords and listed exceptions.
## </summary> ## </summary>
@@ -1254,6 +1375,25 @@ @@ -1254,6 +1376,25 @@
######################################## ########################################
## <summary> ## <summary>
@ -18851,7 +18897,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Do not audit attempts to write to ## Do not audit attempts to write to
## login records files. ## login records files.
## </summary> ## </summary>
@@ -1395,6 +1535,14 @@ @@ -1395,6 +1536,14 @@
') ')
optional_policy(` optional_policy(`
@ -18866,7 +18912,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
nis_use_ypbind($1) nis_use_ypbind($1)
') ')
@@ -1403,8 +1551,17 @@ @@ -1403,8 +1552,17 @@
') ')
optional_policy(` optional_policy(`

6
selinux-policy.spec
View File

@ -20,7 +20,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.6.26 Version: 3.6.26
Release: 3%{?dist} Release: 4%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Source: serefpolicy-%{version}.tgz Source: serefpolicy-%{version}.tgz
@ -475,6 +475,10 @@ exit 0
%endif %endif
%changelog %changelog
* Tue Aug 4 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-4
- Allow exim to getattr on mountpoints
- Fixes for pulseaudio
* Fri Jul 31 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-3 * Fri Jul 31 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-3
- Allow svirt_t to stream_connect to virtd_t - Allow svirt_t to stream_connect to virtd_t