From 4a0e761dd0e136f50df8b9c02408835516b1b34a Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Thu, 16 Dec 2010 11:41:43 -0500 Subject: [PATCH] - Update selinux policy to handle new /usr/share/sandbox/start script --- policy-F15.patch | 52 ++++++++++++++++++++++++++++++++++++------------ 1 file changed, 39 insertions(+), 13 deletions(-) diff --git a/policy-F15.patch b/policy-F15.patch index 663291fb..8871ef6c 100644 --- a/policy-F15.patch +++ b/policy-F15.patch @@ -12,41 +12,67 @@ index 376acee..c5bb5f8 100644 all_layers := $(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d) diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors -index 6760c95..34edd2a 100644 +index 6760c95..1a4fe06 100644 --- a/policy/flask/access_vectors +++ b/policy/flask/access_vectors -@@ -27,6 +27,8 @@ common file - swapon - quotaon - mounton +@@ -153,6 +153,8 @@ inherits file + search + rmdir + open + audit_access + execmod } - -@@ -160,19 +162,20 @@ inherits file - { - execute_no_trans + class file +@@ -162,10 +164,16 @@ inherits file entrypoint -- execmod + execmod open ++ audit_access } class lnk_file inherits file +{ + open ++ audit_access ++ execmod +} class chr_file inherits file - { - execute_no_trans +@@ -174,24 +182,31 @@ inherits file entrypoint -- execmod + execmod open ++ audit_access } + class blk_file + inherits file + { + open ++ audit_access ++ execmod + } + + class sock_file + inherits file + { + open ++ audit_access ++ execmod + } + + class fifo_file + inherits file + { + open ++ audit_access ++ execmod + } + + class fd diff --git a/policy/global_booleans b/policy/global_booleans index 111d004..9df7b5e 100644 --- a/policy/global_booleans