- Update to upstream
This commit is contained in:
parent
352dafd046
commit
468fe0b647
@ -196,3 +196,4 @@ serefpolicy-3.7.2.tgz
|
|||||||
serefpolicy-3.7.3.tgz
|
serefpolicy-3.7.3.tgz
|
||||||
serefpolicy-3.7.4.tgz
|
serefpolicy-3.7.4.tgz
|
||||||
serefpolicy-3.7.5.tgz
|
serefpolicy-3.7.5.tgz
|
||||||
|
serefpolicy-3.7.6.tgz
|
||||||
|
208
policy-F13.patch
208
policy-F13.patch
@ -437,7 +437,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink
|
|||||||
')
|
')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.7.6/policy/modules/admin/prelink.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.7.6/policy/modules/admin/prelink.te
|
||||||
--- nsaserefpolicy/policy/modules/admin/prelink.te 2009-11-17 10:54:26.000000000 -0500
|
--- nsaserefpolicy/policy/modules/admin/prelink.te 2009-11-17 10:54:26.000000000 -0500
|
||||||
+++ serefpolicy-3.7.6/policy/modules/admin/prelink.te 2010-01-07 15:28:30.000000000 -0500
|
+++ serefpolicy-3.7.6/policy/modules/admin/prelink.te 2010-01-08 12:08:33.000000000 -0500
|
||||||
@@ -21,8 +21,21 @@
|
@@ -21,8 +21,21 @@
|
||||||
type prelink_tmp_t;
|
type prelink_tmp_t;
|
||||||
files_tmp_file(prelink_tmp_t)
|
files_tmp_file(prelink_tmp_t)
|
||||||
@ -501,7 +501,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink
|
|||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
amanda_manage_lib(prelink_t)
|
amanda_manage_lib(prelink_t)
|
||||||
@@ -99,5 +117,57 @@
|
@@ -99,5 +117,58 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -524,6 +524,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink
|
|||||||
+allow prelink_cron_system_t self:unix_dgram_socket { write bind create setopt };
|
+allow prelink_cron_system_t self:unix_dgram_socket { write bind create setopt };
|
||||||
+
|
+
|
||||||
+domtrans_pattern(prelink_cron_system_t, prelink_exec_t, prelink_t)
|
+domtrans_pattern(prelink_cron_system_t, prelink_exec_t, prelink_t)
|
||||||
|
+allow prelink_cron_system_t prelink_t:process noatsecure;
|
||||||
+
|
+
|
||||||
+read_files_pattern(prelink_cron_system_t, prelink_cache_t, prelink_cache_t)
|
+read_files_pattern(prelink_cron_system_t, prelink_cache_t, prelink_cache_t)
|
||||||
+allow prelink_cron_system_t prelink_cache_t:file unlink;
|
+allow prelink_cron_system_t prelink_cache_t:file unlink;
|
||||||
@ -5985,7 +5986,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
|
|||||||
#network_node(multicast, s0 - mls_systemhigh, ff00::, ff00::)
|
#network_node(multicast, s0 - mls_systemhigh, ff00::, ff00::)
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.7.6/policy/modules/kernel/devices.fc
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.7.6/policy/modules/kernel/devices.fc
|
||||||
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2009-11-20 10:51:41.000000000 -0500
|
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2009-11-20 10:51:41.000000000 -0500
|
||||||
+++ serefpolicy-3.7.6/policy/modules/kernel/devices.fc 2010-01-07 15:28:30.000000000 -0500
|
+++ serefpolicy-3.7.6/policy/modules/kernel/devices.fc 2010-01-08 15:36:31.000000000 -0500
|
||||||
@@ -16,13 +16,16 @@
|
@@ -16,13 +16,16 @@
|
||||||
/dev/audio.* -c gen_context(system_u:object_r:sound_device_t,s0)
|
/dev/audio.* -c gen_context(system_u:object_r:sound_device_t,s0)
|
||||||
/dev/autofs.* -c gen_context(system_u:object_r:autofs_device_t,s0)
|
/dev/autofs.* -c gen_context(system_u:object_r:autofs_device_t,s0)
|
||||||
@ -6011,9 +6012,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
|
|||||||
/dev/usb.+ -c gen_context(system_u:object_r:usb_device_t,s0)
|
/dev/usb.+ -c gen_context(system_u:object_r:usb_device_t,s0)
|
||||||
/dev/usblp.* -c gen_context(system_u:object_r:printer_device_t,s0)
|
/dev/usblp.* -c gen_context(system_u:object_r:printer_device_t,s0)
|
||||||
ifdef(`distro_suse', `
|
ifdef(`distro_suse', `
|
||||||
|
@@ -159,6 +163,8 @@
|
||||||
|
/dev/usb/mdc800.* -c gen_context(system_u:object_r:scanner_device_t,s0)
|
||||||
|
/dev/usb/scanner.* -c gen_context(system_u:object_r:scanner_device_t,s0)
|
||||||
|
|
||||||
|
+/dev/uio[0-9]+ -c gen_context(system_u:object_r:userio_device_t,s0)
|
||||||
|
+
|
||||||
|
/dev/xen/blktap.* -c gen_context(system_u:object_r:xen_device_t,s0)
|
||||||
|
/dev/xen/evtchn -c gen_context(system_u:object_r:xen_device_t,s0)
|
||||||
|
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.7.6/policy/modules/kernel/devices.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.7.6/policy/modules/kernel/devices.if
|
||||||
--- nsaserefpolicy/policy/modules/kernel/devices.if 2009-12-18 11:38:25.000000000 -0500
|
--- nsaserefpolicy/policy/modules/kernel/devices.if 2009-12-18 11:38:25.000000000 -0500
|
||||||
+++ serefpolicy-3.7.6/policy/modules/kernel/devices.if 2010-01-07 15:28:30.000000000 -0500
|
+++ serefpolicy-3.7.6/policy/modules/kernel/devices.if 2010-01-08 15:36:31.000000000 -0500
|
||||||
@@ -801,6 +801,24 @@
|
@@ -801,6 +801,24 @@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -6114,10 +6124,35 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
|
|||||||
## Mount a usbfs filesystem.
|
## Mount a usbfs filesystem.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
|
@@ -3703,6 +3775,24 @@
|
||||||
|
getattr_chr_files_pattern($1, device_t, v4l_device_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
+######################################
|
||||||
|
+## <summary>
|
||||||
|
+## Read or write userio device.
|
||||||
|
+## </summary>
|
||||||
|
+## <param name="domain">
|
||||||
|
+## <summary>
|
||||||
|
+## Domain allowed access.
|
||||||
|
+## </summary>
|
||||||
|
+## </param>
|
||||||
|
+#
|
||||||
|
+interface(`dev_rw_userio_dev',`
|
||||||
|
+ gen_require(`
|
||||||
|
+ type device_t, userio_device_t;
|
||||||
|
+ ')
|
||||||
|
+
|
||||||
|
+ rw_chr_files_pattern($1, device_t, userio_device_t)
|
||||||
|
+')
|
||||||
|
+
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Do not audit attempts to get the attributes
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.7.6/policy/modules/kernel/devices.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.7.6/policy/modules/kernel/devices.te
|
||||||
--- nsaserefpolicy/policy/modules/kernel/devices.te 2009-12-18 11:38:25.000000000 -0500
|
--- nsaserefpolicy/policy/modules/kernel/devices.te 2009-12-18 11:38:25.000000000 -0500
|
||||||
+++ serefpolicy-3.7.6/policy/modules/kernel/devices.te 2010-01-07 15:28:30.000000000 -0500
|
+++ serefpolicy-3.7.6/policy/modules/kernel/devices.te 2010-01-08 15:36:31.000000000 -0500
|
||||||
@@ -227,6 +227,12 @@
|
@@ -227,11 +227,23 @@
|
||||||
genfscon usbdevfs / gen_context(system_u:object_r:usbfs_t,s0)
|
genfscon usbdevfs / gen_context(system_u:object_r:usbfs_t,s0)
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -6130,6 +6165,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
|
|||||||
# usb_device_t is the type for /dev/bus/usb/[0-9]+/[0-9]+
|
# usb_device_t is the type for /dev/bus/usb/[0-9]+/[0-9]+
|
||||||
#
|
#
|
||||||
type usb_device_t;
|
type usb_device_t;
|
||||||
|
dev_node(usb_device_t)
|
||||||
|
|
||||||
|
+#
|
||||||
|
+# userio_device_t is the type for /dev/uio[0-9]+
|
||||||
|
+#
|
||||||
|
+type userio_device_t;
|
||||||
|
+dev_node(userio_device_t)
|
||||||
|
+
|
||||||
|
type v4l_device_t;
|
||||||
|
dev_node(v4l_device_t)
|
||||||
|
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.7.6/policy/modules/kernel/domain.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.7.6/policy/modules/kernel/domain.if
|
||||||
--- nsaserefpolicy/policy/modules/kernel/domain.if 2009-07-14 14:19:57.000000000 -0400
|
--- nsaserefpolicy/policy/modules/kernel/domain.if 2009-07-14 14:19:57.000000000 -0400
|
||||||
+++ serefpolicy-3.7.6/policy/modules/kernel/domain.if 2010-01-07 15:28:30.000000000 -0500
|
+++ serefpolicy-3.7.6/policy/modules/kernel/domain.if 2010-01-07 15:28:30.000000000 -0500
|
||||||
@ -10009,7 +10055,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
|
|||||||
## All of the rules required to administrate
|
## All of the rules required to administrate
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.7.6/policy/modules/services/abrt.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.7.6/policy/modules/services/abrt.te
|
||||||
--- nsaserefpolicy/policy/modules/services/abrt.te 2009-09-16 09:09:20.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/abrt.te 2009-09-16 09:09:20.000000000 -0400
|
||||||
+++ serefpolicy-3.7.6/policy/modules/services/abrt.te 2010-01-07 15:28:30.000000000 -0500
|
+++ serefpolicy-3.7.6/policy/modules/services/abrt.te 2010-01-08 08:37:25.000000000 -0500
|
||||||
@@ -33,12 +33,24 @@
|
@@ -33,12 +33,24 @@
|
||||||
type abrt_var_run_t;
|
type abrt_var_run_t;
|
||||||
files_pid_file(abrt_var_run_t)
|
files_pid_file(abrt_var_run_t)
|
||||||
@ -10057,7 +10103,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
|
|||||||
files_pid_filetrans(abrt_t, abrt_var_run_t, { file dir })
|
files_pid_filetrans(abrt_t, abrt_var_run_t, { file dir })
|
||||||
|
|
||||||
kernel_read_ring_buffer(abrt_t)
|
kernel_read_ring_buffer(abrt_t)
|
||||||
@@ -75,18 +90,36 @@
|
@@ -75,18 +90,37 @@
|
||||||
|
|
||||||
corecmd_exec_bin(abrt_t)
|
corecmd_exec_bin(abrt_t)
|
||||||
corecmd_exec_shell(abrt_t)
|
corecmd_exec_shell(abrt_t)
|
||||||
@ -10067,6 +10113,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
|
|||||||
+corenet_tcp_connect_ftp_port(abrt_t)
|
+corenet_tcp_connect_ftp_port(abrt_t)
|
||||||
+corenet_tcp_connect_all_ports(abrt_t)
|
+corenet_tcp_connect_all_ports(abrt_t)
|
||||||
|
|
||||||
|
+dev_getattr_all_chr_files(abrt_t)
|
||||||
dev_read_urand(abrt_t)
|
dev_read_urand(abrt_t)
|
||||||
+dev_rw_sysfs(abrt_t)
|
+dev_rw_sysfs(abrt_t)
|
||||||
+dev_dontaudit_read_memory_dev(abrt_t)
|
+dev_dontaudit_read_memory_dev(abrt_t)
|
||||||
@ -10094,7 +10141,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
|
|||||||
|
|
||||||
sysnet_read_config(abrt_t)
|
sysnet_read_config(abrt_t)
|
||||||
|
|
||||||
@@ -96,22 +129,93 @@
|
@@ -96,22 +130,93 @@
|
||||||
miscfiles_read_certs(abrt_t)
|
miscfiles_read_certs(abrt_t)
|
||||||
miscfiles_read_localization(abrt_t)
|
miscfiles_read_localization(abrt_t)
|
||||||
|
|
||||||
@ -14695,7 +14742,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
|
|||||||
+/usr/local/linuxprinter/ppd(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
|
+/usr/local/linuxprinter/ppd(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.7.6/policy/modules/services/cups.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.7.6/policy/modules/services/cups.te
|
||||||
--- nsaserefpolicy/policy/modules/services/cups.te 2009-08-14 16:14:31.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/cups.te 2009-08-14 16:14:31.000000000 -0400
|
||||||
+++ serefpolicy-3.7.6/policy/modules/services/cups.te 2010-01-07 15:28:30.000000000 -0500
|
+++ serefpolicy-3.7.6/policy/modules/services/cups.te 2010-01-08 11:58:33.000000000 -0500
|
||||||
@@ -23,6 +23,9 @@
|
@@ -23,6 +23,9 @@
|
||||||
type cupsd_initrc_exec_t;
|
type cupsd_initrc_exec_t;
|
||||||
init_script_file(cupsd_initrc_exec_t)
|
init_script_file(cupsd_initrc_exec_t)
|
||||||
@ -14870,7 +14917,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
|
|||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# Cups lpd support
|
# Cups lpd support
|
||||||
@@ -542,6 +576,8 @@
|
@@ -520,6 +554,7 @@
|
||||||
|
logging_send_syslog_msg(cupsd_lpd_t)
|
||||||
|
|
||||||
|
miscfiles_read_localization(cupsd_lpd_t)
|
||||||
|
+miscfiles_setattr_fonts_cache_dirs(cupsd_lpd_t)
|
||||||
|
|
||||||
|
cups_stream_connect(cupsd_lpd_t)
|
||||||
|
|
||||||
|
@@ -542,6 +577,8 @@
|
||||||
manage_dirs_pattern(cups_pdf_t, cups_pdf_tmp_t, cups_pdf_tmp_t)
|
manage_dirs_pattern(cups_pdf_t, cups_pdf_tmp_t, cups_pdf_tmp_t)
|
||||||
files_tmp_filetrans(cups_pdf_t, cups_pdf_tmp_t, { file dir })
|
files_tmp_filetrans(cups_pdf_t, cups_pdf_tmp_t, { file dir })
|
||||||
|
|
||||||
@ -14879,7 +14934,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
|
|||||||
kernel_read_system_state(cups_pdf_t)
|
kernel_read_system_state(cups_pdf_t)
|
||||||
|
|
||||||
files_read_etc_files(cups_pdf_t)
|
files_read_etc_files(cups_pdf_t)
|
||||||
@@ -556,11 +592,15 @@
|
@@ -556,11 +593,15 @@
|
||||||
miscfiles_read_fonts(cups_pdf_t)
|
miscfiles_read_fonts(cups_pdf_t)
|
||||||
|
|
||||||
userdom_home_filetrans_user_home_dir(cups_pdf_t)
|
userdom_home_filetrans_user_home_dir(cups_pdf_t)
|
||||||
@ -14895,7 +14950,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
|
|||||||
|
|
||||||
tunable_policy(`use_nfs_home_dirs',`
|
tunable_policy(`use_nfs_home_dirs',`
|
||||||
fs_manage_nfs_dirs(cups_pdf_t)
|
fs_manage_nfs_dirs(cups_pdf_t)
|
||||||
@@ -601,6 +641,9 @@
|
@@ -601,6 +642,9 @@
|
||||||
read_lnk_files_pattern(hplip_t, hplip_etc_t, hplip_etc_t)
|
read_lnk_files_pattern(hplip_t, hplip_etc_t, hplip_etc_t)
|
||||||
files_search_etc(hplip_t)
|
files_search_etc(hplip_t)
|
||||||
|
|
||||||
@ -14905,7 +14960,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
|
|||||||
manage_fifo_files_pattern(hplip_t, hplip_tmp_t, hplip_tmp_t)
|
manage_fifo_files_pattern(hplip_t, hplip_tmp_t, hplip_tmp_t)
|
||||||
files_tmp_filetrans(hplip_t, hplip_tmp_t, fifo_file )
|
files_tmp_filetrans(hplip_t, hplip_tmp_t, fifo_file )
|
||||||
|
|
||||||
@@ -627,6 +670,7 @@
|
@@ -627,6 +671,7 @@
|
||||||
corenet_tcp_connect_ipp_port(hplip_t)
|
corenet_tcp_connect_ipp_port(hplip_t)
|
||||||
corenet_sendrecv_hplip_client_packets(hplip_t)
|
corenet_sendrecv_hplip_client_packets(hplip_t)
|
||||||
corenet_receive_hplip_server_packets(hplip_t)
|
corenet_receive_hplip_server_packets(hplip_t)
|
||||||
@ -15365,7 +15420,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devi
|
|||||||
## </summary>
|
## </summary>
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.te serefpolicy-3.7.6/policy/modules/services/devicekit.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.te serefpolicy-3.7.6/policy/modules/services/devicekit.te
|
||||||
--- nsaserefpolicy/policy/modules/services/devicekit.te 2009-07-29 15:15:33.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/devicekit.te 2009-07-29 15:15:33.000000000 -0400
|
||||||
+++ serefpolicy-3.7.6/policy/modules/services/devicekit.te 2010-01-07 15:28:30.000000000 -0500
|
+++ serefpolicy-3.7.6/policy/modules/services/devicekit.te 2010-01-08 09:11:11.000000000 -0500
|
||||||
@@ -42,6 +42,8 @@
|
@@ -42,6 +42,8 @@
|
||||||
|
|
||||||
files_read_etc_files(devicekit_t)
|
files_read_etc_files(devicekit_t)
|
||||||
@ -15380,7 +15435,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devi
|
|||||||
#
|
#
|
||||||
|
|
||||||
-allow devicekit_disk_t self:capability { chown dac_override fowner fsetid sys_nice sys_ptrace sys_rawio };
|
-allow devicekit_disk_t self:capability { chown dac_override fowner fsetid sys_nice sys_ptrace sys_rawio };
|
||||||
+allow devicekit_disk_t self:capability { chown setuid setgid dac_override fowner fsetid net_admin sys_nice sys_ptrace sys_rawio };
|
+allow devicekit_disk_t self:capability { chown setuid setgid dac_override fowner fsetid net_admin sys_admin sys_nice sys_ptrace sys_rawio };
|
||||||
+allow devicekit_disk_t self:process signal_perms;
|
+allow devicekit_disk_t self:process signal_perms;
|
||||||
allow devicekit_disk_t self:fifo_file rw_fifo_file_perms;
|
allow devicekit_disk_t self:fifo_file rw_fifo_file_perms;
|
||||||
+allow devicekit_disk_t self:netlink_kobject_uevent_socket create_socket_perms;
|
+allow devicekit_disk_t self:netlink_kobject_uevent_socket create_socket_perms;
|
||||||
@ -15832,7 +15887,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
|
|||||||
')
|
')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.if serefpolicy-3.7.6/policy/modules/services/fail2ban.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.if serefpolicy-3.7.6/policy/modules/services/fail2ban.if
|
||||||
--- nsaserefpolicy/policy/modules/services/fail2ban.if 2009-07-14 14:19:57.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/fail2ban.if 2009-07-14 14:19:57.000000000 -0400
|
||||||
+++ serefpolicy-3.7.6/policy/modules/services/fail2ban.if 2010-01-07 15:28:30.000000000 -0500
|
+++ serefpolicy-3.7.6/policy/modules/services/fail2ban.if 2010-01-08 09:57:24.000000000 -0500
|
||||||
@@ -98,6 +98,46 @@
|
@@ -98,6 +98,46 @@
|
||||||
allow $1 fail2ban_var_run_t:file read_file_perms;
|
allow $1 fail2ban_var_run_t:file read_file_perms;
|
||||||
')
|
')
|
||||||
@ -15880,6 +15935,28 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
|
|||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## All of the rules required to administrate
|
## All of the rules required to administrate
|
||||||
|
@@ -135,3 +175,21 @@
|
||||||
|
files_list_pids($1)
|
||||||
|
admin_pattern($1, fail2ban_var_run_t)
|
||||||
|
')
|
||||||
|
+
|
||||||
|
+########################################
|
||||||
|
+## <summary>
|
||||||
|
+## Read and write to an fail2ban unix stream socket.
|
||||||
|
+## </summary>
|
||||||
|
+## <param name="domain">
|
||||||
|
+## <summary>
|
||||||
|
+## Domain allowed access.
|
||||||
|
+## </summary>
|
||||||
|
+## </param>
|
||||||
|
+#
|
||||||
|
+interface(`fail2ban_rw_stream_sockets',`
|
||||||
|
+ gen_require(`
|
||||||
|
+ type fail2ban_t;
|
||||||
|
+ ')
|
||||||
|
+
|
||||||
|
+ allow $1 fail2ban_t:unix_stream_socket { getattr read write ioctl };
|
||||||
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.te serefpolicy-3.7.6/policy/modules/services/fetchmail.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.te serefpolicy-3.7.6/policy/modules/services/fetchmail.te
|
||||||
--- nsaserefpolicy/policy/modules/services/fetchmail.te 2010-01-07 14:53:53.000000000 -0500
|
--- nsaserefpolicy/policy/modules/services/fetchmail.te 2010-01-07 14:53:53.000000000 -0500
|
||||||
+++ serefpolicy-3.7.6/policy/modules/services/fetchmail.te 2010-01-07 15:28:30.000000000 -0500
|
+++ serefpolicy-3.7.6/policy/modules/services/fetchmail.te 2010-01-07 15:28:30.000000000 -0500
|
||||||
@ -23415,7 +23492,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl
|
|||||||
|
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.7.6/policy/modules/services/sendmail.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.7.6/policy/modules/services/sendmail.if
|
||||||
--- nsaserefpolicy/policy/modules/services/sendmail.if 2009-07-14 14:19:57.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/sendmail.if 2009-07-14 14:19:57.000000000 -0400
|
||||||
+++ serefpolicy-3.7.6/policy/modules/services/sendmail.if 2010-01-07 15:28:30.000000000 -0500
|
+++ serefpolicy-3.7.6/policy/modules/services/sendmail.if 2010-01-08 09:57:13.000000000 -0500
|
||||||
@@ -59,20 +59,20 @@
|
@@ -59,20 +59,20 @@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -23590,7 +23667,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
|
|||||||
+')
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.7.6/policy/modules/services/sendmail.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.7.6/policy/modules/services/sendmail.te
|
||||||
--- nsaserefpolicy/policy/modules/services/sendmail.te 2009-08-14 16:14:31.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/sendmail.te 2009-08-14 16:14:31.000000000 -0400
|
||||||
+++ serefpolicy-3.7.6/policy/modules/services/sendmail.te 2010-01-07 15:28:30.000000000 -0500
|
+++ serefpolicy-3.7.6/policy/modules/services/sendmail.te 2010-01-08 09:55:32.000000000 -0500
|
||||||
@@ -20,13 +20,17 @@
|
@@ -20,13 +20,17 @@
|
||||||
mta_mailserver_delivery(sendmail_t)
|
mta_mailserver_delivery(sendmail_t)
|
||||||
mta_mailserver_sender(sendmail_t)
|
mta_mailserver_sender(sendmail_t)
|
||||||
@ -23650,7 +23727,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
|
|||||||
|
|
||||||
auth_use_nsswitch(sendmail_t)
|
auth_use_nsswitch(sendmail_t)
|
||||||
|
|
||||||
@@ -89,23 +100,46 @@
|
@@ -89,23 +100,47 @@
|
||||||
libs_read_lib_files(sendmail_t)
|
libs_read_lib_files(sendmail_t)
|
||||||
|
|
||||||
logging_send_syslog_msg(sendmail_t)
|
logging_send_syslog_msg(sendmail_t)
|
||||||
@ -23692,6 +23769,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
|
|||||||
+
|
+
|
||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
+ fail2ban_read_lib_files(sendmail_t)
|
+ fail2ban_read_lib_files(sendmail_t)
|
||||||
|
+ fail2ban_rw_stream_sockets(sendmail_t)
|
||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
@ -23699,7 +23777,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -113,13 +147,20 @@
|
@@ -113,13 +148,20 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -23721,7 +23799,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -127,24 +168,29 @@
|
@@ -127,24 +169,29 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -29582,11 +29660,48 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
|
|||||||
udev_read_db(iptables_t)
|
udev_read_db(iptables_t)
|
||||||
')
|
')
|
||||||
+
|
+
|
||||||
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.fc serefpolicy-3.7.6/policy/modules/system/iscsi.fc
|
||||||
|
--- nsaserefpolicy/policy/modules/system/iscsi.fc 2009-07-14 14:19:57.000000000 -0400
|
||||||
|
+++ serefpolicy-3.7.6/policy/modules/system/iscsi.fc 2010-01-08 15:36:31.000000000 -0500
|
||||||
|
@@ -1,4 +1,6 @@
|
||||||
|
-/sbin/iscsid -- gen_context(system_u:object_r:iscsid_exec_t,s0)
|
||||||
|
+
|
||||||
|
+/sbin/brcm_iscsiuio -- gen_context(system_u:object_r:iscsid_exec_t,s0)
|
||||||
|
+/sbin/iscsid -- gen_context(system_u:object_r:iscsid_exec_t,s0)
|
||||||
|
|
||||||
|
/var/lib/iscsi(/.*)? gen_context(system_u:object_r:iscsi_var_lib_t,s0)
|
||||||
|
/var/lock/iscsi(/.*)? gen_context(system_u:object_r:iscsi_lock_t,s0)
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.7.6/policy/modules/system/iscsi.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.7.6/policy/modules/system/iscsi.te
|
||||||
--- nsaserefpolicy/policy/modules/system/iscsi.te 2009-11-25 11:47:19.000000000 -0500
|
--- nsaserefpolicy/policy/modules/system/iscsi.te 2009-11-25 11:47:19.000000000 -0500
|
||||||
+++ serefpolicy-3.7.6/policy/modules/system/iscsi.te 2010-01-07 15:28:30.000000000 -0500
|
+++ serefpolicy-3.7.6/policy/modules/system/iscsi.te 2010-01-08 15:37:25.000000000 -0500
|
||||||
@@ -69,11 +69,18 @@
|
@@ -35,10 +35,13 @@
|
||||||
|
allow iscsid_t self:unix_dgram_socket create_socket_perms;
|
||||||
|
allow iscsid_t self:sem create_sem_perms;
|
||||||
|
allow iscsid_t self:shm create_shm_perms;
|
||||||
|
-allow iscsid_t self:netlink_socket create_socket_perms;
|
||||||
|
+allow iscsid_t self:netlink_kobject_uevent_socket create_socket_perms;
|
||||||
|
allow iscsid_t self:netlink_route_socket rw_netlink_socket_perms;
|
||||||
|
+allow iscsid_t self:netlink_socket create_socket_perms;
|
||||||
|
allow iscsid_t self:tcp_socket create_stream_socket_perms;
|
||||||
|
|
||||||
|
+can_exec(iscsid_t, iscsid_exec_t)
|
||||||
|
+
|
||||||
|
manage_files_pattern(iscsid_t, iscsi_lock_t, iscsi_lock_t)
|
||||||
|
files_lock_filetrans(iscsid_t, iscsi_lock_t, file)
|
||||||
|
|
||||||
|
@@ -54,6 +57,7 @@
|
||||||
|
manage_files_pattern(iscsid_t, iscsi_var_run_t, iscsi_var_run_t)
|
||||||
|
files_pid_filetrans(iscsid_t, iscsi_var_run_t, file)
|
||||||
|
|
||||||
|
+kernel_read_network_state(iscsid_t)
|
||||||
|
kernel_read_system_state(iscsid_t)
|
||||||
|
kernel_search_debugfs(iscsid_t)
|
||||||
|
|
||||||
|
@@ -67,13 +71,21 @@
|
||||||
|
corenet_tcp_connect_isns_port(iscsid_t)
|
||||||
|
|
||||||
dev_rw_sysfs(iscsid_t)
|
dev_rw_sysfs(iscsid_t)
|
||||||
|
+dev_rw_userio_dev(iscsid_t)
|
||||||
|
|
||||||
domain_use_interactive_fds(iscsid_t)
|
domain_use_interactive_fds(iscsid_t)
|
||||||
+domain_dontaudit_read_all_domains_state(iscsid_t)
|
+domain_dontaudit_read_all_domains_state(iscsid_t)
|
||||||
@ -29606,7 +29721,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
|
|||||||
+')
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.7.6/policy/modules/system/libraries.fc
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.7.6/policy/modules/system/libraries.fc
|
||||||
--- nsaserefpolicy/policy/modules/system/libraries.fc 2009-08-14 16:14:31.000000000 -0400
|
--- nsaserefpolicy/policy/modules/system/libraries.fc 2009-08-14 16:14:31.000000000 -0400
|
||||||
+++ serefpolicy-3.7.6/policy/modules/system/libraries.fc 2010-01-07 15:28:30.000000000 -0500
|
+++ serefpolicy-3.7.6/policy/modules/system/libraries.fc 2010-01-08 09:16:04.000000000 -0500
|
||||||
@@ -60,12 +60,15 @@
|
@@ -60,12 +60,15 @@
|
||||||
#
|
#
|
||||||
# /opt
|
# /opt
|
||||||
@ -29823,7 +29938,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
|
|||||||
') dnl end distro_redhat
|
') dnl end distro_redhat
|
||||||
|
|
||||||
#
|
#
|
||||||
@@ -307,10 +317,131 @@
|
@@ -307,10 +317,132 @@
|
||||||
|
|
||||||
/var/mailman/pythonlib(/.*)?/.+\.so(\..*)? -- gen_context(system_u:object_r:lib_t,s0)
|
/var/mailman/pythonlib(/.*)?/.+\.so(\..*)? -- gen_context(system_u:object_r:lib_t,s0)
|
||||||
|
|
||||||
@ -29936,6 +30051,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
|
|||||||
+
|
+
|
||||||
+/usr/lib(64)?/nmm/liba52\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
+/usr/lib(64)?/nmm/liba52\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
+/opt/lampp/lib/libct\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
+/opt/lampp/lib/libct\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
|
+/opt/lampp/lib/.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
+/opt/VirtualBox(/.*)?/VBox.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
+/opt/VirtualBox(/.*)?/VBox.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
+
|
+
|
||||||
+/usr/lib(64)?/chromium-browser/.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
+/usr/lib(64)?/chromium-browser/.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
@ -30385,7 +30501,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
|
|||||||
|
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-3.7.6/policy/modules/system/miscfiles.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-3.7.6/policy/modules/system/miscfiles.if
|
||||||
--- nsaserefpolicy/policy/modules/system/miscfiles.if 2009-11-25 11:47:19.000000000 -0500
|
--- nsaserefpolicy/policy/modules/system/miscfiles.if 2009-11-25 11:47:19.000000000 -0500
|
||||||
+++ serefpolicy-3.7.6/policy/modules/system/miscfiles.if 2010-01-07 15:28:30.000000000 -0500
|
+++ serefpolicy-3.7.6/policy/modules/system/miscfiles.if 2010-01-08 11:59:54.000000000 -0500
|
||||||
@@ -73,7 +73,8 @@
|
@@ -73,7 +73,8 @@
|
||||||
#
|
#
|
||||||
interface(`miscfiles_read_fonts',`
|
interface(`miscfiles_read_fonts',`
|
||||||
@ -30407,7 +30523,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -167,6 +172,32 @@
|
@@ -167,6 +172,51 @@
|
||||||
manage_dirs_pattern($1, fonts_t, fonts_t)
|
manage_dirs_pattern($1, fonts_t, fonts_t)
|
||||||
manage_files_pattern($1, fonts_t, fonts_t)
|
manage_files_pattern($1, fonts_t, fonts_t)
|
||||||
manage_lnk_files_pattern($1, fonts_t, fonts_t)
|
manage_lnk_files_pattern($1, fonts_t, fonts_t)
|
||||||
@ -30416,6 +30532,25 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
|
|||||||
+
|
+
|
||||||
+########################################
|
+########################################
|
||||||
+## <summary>
|
+## <summary>
|
||||||
|
+## Set the attributes on a fonts cache directory.
|
||||||
|
+## </summary>
|
||||||
|
+## <param name="domain">
|
||||||
|
+## <summary>
|
||||||
|
+## Domain allowed access.
|
||||||
|
+## </summary>
|
||||||
|
+## </param>
|
||||||
|
+## <rolecap/>
|
||||||
|
+#
|
||||||
|
+interface(`miscfiles_setattr_fonts_cache_dirs',`
|
||||||
|
+ gen_require(`
|
||||||
|
+ type fonts_cache_t;
|
||||||
|
+ ')
|
||||||
|
+
|
||||||
|
+ allow $1 fonts_cache_t:dir setattr;
|
||||||
|
+')
|
||||||
|
+
|
||||||
|
+########################################
|
||||||
|
+## <summary>
|
||||||
+## Create, read, write, and delete fonts cache.
|
+## Create, read, write, and delete fonts cache.
|
||||||
+## </summary>
|
+## </summary>
|
||||||
+## <param name="domain">
|
+## <param name="domain">
|
||||||
@ -30427,7 +30562,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
|
|||||||
+#
|
+#
|
||||||
+interface(`miscfiles_manage_fonts_cache',`
|
+interface(`miscfiles_manage_fonts_cache',`
|
||||||
+ gen_require(`
|
+ gen_require(`
|
||||||
+ type fonts_t;
|
+ type fonts_cache_t;
|
||||||
+ ')
|
+ ')
|
||||||
+
|
+
|
||||||
+ # cjp: fonts can be in either of these dirs
|
+ # cjp: fonts can be in either of these dirs
|
||||||
@ -32190,7 +32325,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
|
|||||||
-')
|
-')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.7.6/policy/modules/system/unconfined.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.7.6/policy/modules/system/unconfined.if
|
||||||
--- nsaserefpolicy/policy/modules/system/unconfined.if 2009-07-14 14:19:57.000000000 -0400
|
--- nsaserefpolicy/policy/modules/system/unconfined.if 2009-07-14 14:19:57.000000000 -0400
|
||||||
+++ serefpolicy-3.7.6/policy/modules/system/unconfined.if 2010-01-07 15:28:30.000000000 -0500
|
+++ serefpolicy-3.7.6/policy/modules/system/unconfined.if 2010-01-08 10:06:25.000000000 -0500
|
||||||
@@ -12,14 +12,13 @@
|
@@ -12,14 +12,13 @@
|
||||||
#
|
#
|
||||||
interface(`unconfined_domain_noaudit',`
|
interface(`unconfined_domain_noaudit',`
|
||||||
@ -32207,7 +32342,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
|
|||||||
allow $1 self:fifo_file manage_fifo_file_perms;
|
allow $1 self:fifo_file manage_fifo_file_perms;
|
||||||
|
|
||||||
# Transition to myself, to make get_ordered_context_list happy.
|
# Transition to myself, to make get_ordered_context_list happy.
|
||||||
@@ -27,12 +26,13 @@
|
@@ -27,12 +26,14 @@
|
||||||
|
|
||||||
# Write access is for setting attributes under /proc/self/attr.
|
# Write access is for setting attributes under /proc/self/attr.
|
||||||
allow $1 self:file rw_file_perms;
|
allow $1 self:file rw_file_perms;
|
||||||
@ -32222,10 +32357,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
|
|||||||
+ allow $1 self:dbus all_dbus_perms;
|
+ allow $1 self:dbus all_dbus_perms;
|
||||||
+ allow $1 self:passwd all_passwd_perms;
|
+ allow $1 self:passwd all_passwd_perms;
|
||||||
+ allow $1 self:association all_association_perms;
|
+ allow $1 self:association all_association_perms;
|
||||||
|
+ allow $1 self:socket_class_set create_socket_perms;
|
||||||
|
|
||||||
kernel_unconfined($1)
|
kernel_unconfined($1)
|
||||||
corenet_unconfined($1)
|
corenet_unconfined($1)
|
||||||
@@ -44,6 +44,16 @@
|
@@ -44,6 +45,16 @@
|
||||||
fs_unconfined($1)
|
fs_unconfined($1)
|
||||||
selinux_unconfined($1)
|
selinux_unconfined($1)
|
||||||
|
|
||||||
@ -32242,7 +32378,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
|
|||||||
tunable_policy(`allow_execheap',`
|
tunable_policy(`allow_execheap',`
|
||||||
# Allow making the stack executable via mprotect.
|
# Allow making the stack executable via mprotect.
|
||||||
allow $1 self:process execheap;
|
allow $1 self:process execheap;
|
||||||
@@ -57,8 +67,8 @@
|
@@ -57,8 +68,8 @@
|
||||||
|
|
||||||
tunable_policy(`allow_execstack',`
|
tunable_policy(`allow_execstack',`
|
||||||
# Allow making the stack executable via mprotect;
|
# Allow making the stack executable via mprotect;
|
||||||
@ -32253,7 +32389,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
|
|||||||
# auditallow $1 self:process execstack;
|
# auditallow $1 self:process execstack;
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -69,6 +79,7 @@
|
@@ -69,6 +80,7 @@
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
# Communicate via dbusd.
|
# Communicate via dbusd.
|
||||||
dbus_system_bus_unconfined($1)
|
dbus_system_bus_unconfined($1)
|
||||||
@ -32261,7 +32397,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -111,16 +122,16 @@
|
@@ -111,16 +123,16 @@
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`unconfined_domain',`
|
interface(`unconfined_domain',`
|
||||||
@ -32282,7 +32418,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -173,411 +184,3 @@
|
@@ -173,411 +185,3 @@
|
||||||
refpolicywarn(`$0($1) has been deprecated.')
|
refpolicywarn(`$0($1) has been deprecated.')
|
||||||
')
|
')
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user