- Add new sysadm_secadm.pp module
* contains secadm definition for sysadm_t - Move user_mail_domain access out of the interface into the - Allow httpd_t to create httpd_var_lib_t directories as wel - Allow snmpd to connect to the ricci_modcluster stream - Allow firewalld to read /etc/passwd - Add auth_use_nsswitch for colord - Allow smartd to read network state - smartdnotify needs to read /etc/group
This commit is contained in:
Miroslav Grepl
parent
01be486292
commit
4689b08b49
|
|
@ -1861,6 +1861,13 @@ staff = module
|
|||
#
|
||||
sysadm = module
|
||||
|
||||
# Layer:role
|
||||
# Module: sysadm_secadm
|
||||
#
|
||||
# System Administrator with Security Admin rules
|
||||
#
|
||||
sysadm_secadm = module
|
||||
|
||||
# Layer: role
|
||||
# Module: unprivuser
|
||||
#
|
||||
|
|
|
|||
|
|
@ -2161,6 +2161,21 @@ dbadm = module
|
|||
#
|
||||
logadm = module
|
||||
|
||||
# Layer: role
|
||||
# Module: secadm
|
||||
#
|
||||
# secadm account on tty logins
|
||||
#
|
||||
secadm = module
|
||||
|
||||
# Layer: role
|
||||
# Module: auditadm
|
||||
#
|
||||
# auditadm account on tty logins
|
||||
#
|
||||
auditadm = module
|
||||
|
||||
|
||||
# Layer: role
|
||||
# Module: webadm
|
||||
#
|
||||
|
|
@ -2232,6 +2247,13 @@ staff = module
|
|||
#
|
||||
sysadm = module
|
||||
|
||||
# Layer:role
|
||||
# Module: sysadm_secadm
|
||||
#
|
||||
# System Administrator with Security Admin rules
|
||||
#
|
||||
sysadm_secadm = module
|
||||
|
||||
# Layer: role
|
||||
# Module: unprivuser
|
||||
#
|
||||
|
|
|
|||
639
policy-F16.patch
639
policy-F16.patch
File diff suppressed because it is too large
Load Diff
|
|
@ -22,7 +22,7 @@
|
|||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.10.0
|
||||
Release: 82%{?dist}
|
||||
Release: 83%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
|
|
@ -482,6 +482,17 @@ SELinux Reference policy mls base module.
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Feb 6 2012 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-83
|
||||
- Add new sysadm_secadm.pp module
|
||||
* contains secadm definition for sysadm_t
|
||||
- Move user_mail_domain access out of the interface into the te file
|
||||
- Allow httpd_t to create httpd_var_lib_t directories as well as files
|
||||
- Allow snmpd to connect to the ricci_modcluster stream
|
||||
- Allow firewalld to read /etc/passwd
|
||||
- Add auth_use_nsswitch for colord
|
||||
- Allow smartd to read network state
|
||||
- smartdnotify needs to read /etc/group
|
||||
|
||||
* Fri Feb 3 2012 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-82
|
||||
- Allow gpg and gpg_agent to store sock_file in gpg_secret_t directory
|
||||
- lxdm startup scripts should be labeled bin_t, so confined users will work
|
||||
|
|
|
|||
Loading…
Reference in New Issue