- Update selinux policy to handle new /usr/share/sandbox/start script

2010-12-16 11:41:43 -05:00 · 2010-12-16 11:41:43 -05:00 · 4a0e761dd0
commit 4a0e761dd0
parent f3f61efb0b
1 changed files with 39 additions and 13 deletions
--- a/policy-F15.patch
+++ b/policy-F15.patch
@ -12,41 +12,67 @@ index 376acee..c5bb5f8 100644
 
 all_layers := $(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d)
 diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
-index 6760c95..34edd2a 100644
+index 6760c95..1a4fe06 100644
 --- a/policy/flask/access_vectors
 +++ b/policy/flask/access_vectors
-@@ -27,6 +27,8 @@ common file
- 	swapon
- 	quotaon
- 	mounton
+@@ -153,6 +153,8 @@ inherits file
+ 	search
+ 	rmdir
+ 	open
 +	audit_access
 +	execmod
 }
 
- 
-@@ -160,19 +162,20 @@ inherits file
- {
- 	execute_no_trans
+ class file
+@@ -162,10 +164,16 @@ inherits file
 	entrypoint
-	execmod
+ 	execmod
 	open
+	audit_access
 }
 
 class lnk_file
 inherits file
 +{
 +	open
+	audit_access
+	execmod
 +}
 
 class chr_file
 inherits file
- {
- 	execute_no_trans
+@@ -174,24 +182,31 @@ inherits file
 	entrypoint
-	execmod
+ 	execmod
 	open
+	audit_access
 }
 
+ class blk_file
+ inherits file
+ {
+ 	open
+	audit_access
+	execmod
+ }
+ 
+ class sock_file
+ inherits file
+ {
+ 	open
+	audit_access
+	execmod
+ }
+ 
+ class fifo_file
+ inherits file
+ {
+ 	open
+	audit_access
+	execmod
+ }
+ 
+ class fd
 diff --git a/policy/global_booleans b/policy/global_booleans
 index 111d004..9df7b5e 100644
 --- a/policy/global_booleans