rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Update selinux policy to handle new /usr/share/sandbox/start script

Browse Source
This commit is contained in:
Dan Walsh 2010-12-16 11:41:43 -05:00
parent f3f61efb0b
commit 4a0e761dd0
1 changed files with 39 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
policy-F15.patch
View File

@ -12,41 +12,67 @@ index 376acee..c5bb5f8 100644
all_layers := $(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d) all_layers := $(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d)
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index 6760c95..34edd2a 100644 index 6760c95..1a4fe06 100644
--- a/policy/flask/access_vectors --- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors +++ b/policy/flask/access_vectors
@@ -27,6 +27,8 @@ common file @@ -153,6 +153,8 @@ inherits file
swapon search
quotaon rmdir
mounton open
+ audit_access + audit_access
+ execmod + execmod
} }
class file
@@ -160,19 +162,20 @@ inherits file @@ -162,10 +164,16 @@ inherits file
{
execute_no_trans
entrypoint entrypoint
- execmod execmod
open open
+ audit_access
} }
class lnk_file class lnk_file
inherits file inherits file
+{ +{
+ open + open
+ audit_access
+ execmod
+} +}
class chr_file class chr_file
inherits file inherits file
{ @@ -174,24 +182,31 @@ inherits file
execute_no_trans
entrypoint entrypoint
- execmod execmod
open open
+ audit_access
} }
class blk_file
inherits file
{
open
+ audit_access
+ execmod
}
class sock_file
inherits file
{
open
+ audit_access
+ execmod
}
class fifo_file
inherits file
{
open
+ audit_access
+ execmod
}
class fd
diff --git a/policy/global_booleans b/policy/global_booleans diff --git a/policy/global_booleans b/policy/global_booleans
index 111d004..9df7b5e 100644 index 111d004..9df7b5e 100644
--- a/policy/global_booleans --- a/policy/global_booleans