rpms/selinux-policy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

- Add new sysadm_secadm.pp module

Browse Source 
* contains secadm definition for sysadm_t
- Move user_mail_domain access out of the interface into the
- Allow httpd_t to create httpd_var_lib_t directories as wel
- Allow snmpd to connect to the ricci_modcluster stream
- Allow firewalld to read /etc/passwd
- Add auth_use_nsswitch for colord
- Allow smartd to read network state
- smartdnotify needs to read /etc/group
This commit is contained in:
Miroslav Grepl 2012-02-06 23:20:13 +01:00
parent 01be486292
commit 4689b08b49
4 changed files with 516 additions and 165 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
modules-mls.conf
View File

@ -1861,6 +1861,13 @@ staff = module
#
sysadm = module
# Layer:role
# Module: sysadm_secadm
#
# System Administrator with Security Admin rules
#
sysadm_secadm = module
# Layer: role
# Module: unprivuser
#

22
modules-targeted.conf
View File

@ -2161,6 +2161,21 @@ dbadm = module
#
logadm = module
# Layer: role
# Module: secadm
#
# secadm account on tty logins
#
secadm = module
# Layer: role
# Module: auditadm
#
# auditadm account on tty logins
#
auditadm = module
# Layer: role
# Module: webadm
#
@ -2232,6 +2247,13 @@ staff = module
#
sysadm = module
# Layer:role
# Module: sysadm_secadm
#
# System Administrator with Security Admin rules
#
sysadm_secadm = module
# Layer: role
# Module: unprivuser
#

639
policy-F16.patch
View File

File diff suppressed because it is too large Load Diff

13
selinux-policy.spec
View File

@ -22,7 +22,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.10.0
Release: 82%{?dist}
Release: 83%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@ -482,6 +482,17 @@ SELinux Reference policy mls base module.
%endif
%changelog
* Mon Feb 6 2012 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-83
- Add new sysadm_secadm.pp module
* contains secadm definition for sysadm_t
- Move user_mail_domain access out of the interface into the te file
- Allow httpd_t to create httpd_var_lib_t directories as well as files
- Allow snmpd to connect to the ricci_modcluster stream
- Allow firewalld to read /etc/passwd
- Add auth_use_nsswitch for colord
- Allow smartd to read network state
- smartdnotify needs to read /etc/group
* Fri Feb 3 2012 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-82
- Allow gpg and gpg_agent to store sock_file in gpg_secret_t directory
- lxdm startup scripts should be labeled bin_t, so confined users will work