Daniel J Walsh
parent
23337281e4
commit
4abfc011a4
|
|
@ -1,25 +1,3 @@
|
|||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Changelog serefpolicy-3.8.1/Changelog
|
||||
--- nsaserefpolicy/Changelog 2010-05-27 12:03:30.000000000 -0400
|
||||
+++ serefpolicy-3.8.1/Changelog 2010-05-26 15:48:20.000000000 -0400
|
||||
@@ -13,18 +13,14 @@
|
||||
- SE-Postgresql updates from KaiGai Kohei.
|
||||
- X object manager revisions from Eamon Walsh.
|
||||
- Added modules:
|
||||
- aisexec (Dan Walsh)
|
||||
chronyd (Miroslav Grepl)
|
||||
cobbler (Dominick Grift)
|
||||
- corosync (Dan Walsh)
|
||||
dbadm (KaiGai Kohei)
|
||||
denyhosts (Dan Walsh)
|
||||
nut (Stefan Schulze Frielinghaus, Miroslav Grepl)
|
||||
likewise (Scott Salley)
|
||||
plymouthd (Dan Walsh)
|
||||
pyicqt (Stefan Schulze Frielinghaus)
|
||||
- rhcs (Dan Walsh)
|
||||
- rgmanager (Dan Walsh)
|
||||
sectoolm (Miroslav Grepl)
|
||||
usbmuxd (Dan Walsh)
|
||||
vhostmd (Dan Walsh)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.8.1/Makefile
|
||||
--- nsaserefpolicy/Makefile 2009-08-18 11:41:14.000000000 -0400
|
||||
+++ serefpolicy-3.8.1/Makefile 2010-05-26 16:28:29.000000000 -0400
|
||||
|
|
@ -248,8 +226,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/account
|
|||
+')
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/accountsd.te serefpolicy-3.8.1/policy/modules/admin/accountsd.te
|
||||
--- nsaserefpolicy/policy/modules/admin/accountsd.te 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ serefpolicy-3.8.1/policy/modules/admin/accountsd.te 2010-05-27 12:01:15.000000000 -0400
|
||||
@@ -0,0 +1,55 @@
|
||||
+++ serefpolicy-3.8.1/policy/modules/admin/accountsd.te 2010-05-28 08:07:50.000000000 -0400
|
||||
@@ -0,0 +1,62 @@
|
||||
+policy_module(accountsd,1.0.0)
|
||||
+
|
||||
+########################################
|
||||
|
|
@ -268,7 +246,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/account
|
|||
+#
|
||||
+# accountsd local policy
|
||||
+#
|
||||
+allow accountsd_t self:capability { dac_override sys_ptrace };
|
||||
+allow accountsd_t self:capability { dac_override setuid setgid sys_ptrace };
|
||||
+
|
||||
+allow accountsd_t self:fifo_file rw_fifo_file_perms;
|
||||
+
|
||||
|
|
@ -276,11 +254,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/account
|
|||
+manage_files_pattern(accountsd_t, accountsd_var_lib_t, accountsd_var_lib_t)
|
||||
+files_var_lib_filetrans(accountsd_t, accountsd_var_lib_t, { file dir } )
|
||||
+
|
||||
+kernel_read_kernel_sysctls(accountsd_t)
|
||||
+
|
||||
+corecmd_exec_bin(accountsd_t)
|
||||
+
|
||||
+files_read_usr_files(accountsd_t)
|
||||
+files_read_mnt_files(accountsd_t)
|
||||
+
|
||||
+fs_list_inotifyfs(accountsd_t)
|
||||
+fs_read_noxattr_fs_files(accountsd_t)
|
||||
+
|
||||
+auth_use_nsswitch(accountsd_t)
|
||||
+auth_read_shadow(accountsd_t)
|
||||
|
|
@ -293,6 +275,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/account
|
|||
+usermanage_domtrans_useradd(accountsd_t)
|
||||
+usermanage_domtrans_passwd(accountsd_t)
|
||||
+
|
||||
+userdom_read_user_tmp_files(accountsd_t)
|
||||
+userdom_read_user_home_content_files(accountsd_t)
|
||||
+
|
||||
+optional_policy(`
|
||||
+ consolekit_read_log(accountsd_t)
|
||||
+')
|
||||
|
|
@ -426,31 +411,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
|
|||
userdom_user_home_dir_filetrans(kismet_t, kismet_home_t, { file dir })
|
||||
|
||||
manage_files_pattern(kismet_t, kismet_log_t, kismet_log_t)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-3.8.1/policy/modules/admin/kudzu.te
|
||||
--- nsaserefpolicy/policy/modules/admin/kudzu.te 2010-05-27 12:03:30.000000000 -0400
|
||||
+++ serefpolicy-3.8.1/policy/modules/admin/kudzu.te 2010-05-26 15:48:20.000000000 -0400
|
||||
@@ -65,6 +65,11 @@
|
||||
mls_file_read_all_levels(kudzu_t)
|
||||
mls_file_write_all_levels(kudzu_t)
|
||||
|
||||
+modutils_read_module_deps(kudzu_t)
|
||||
+modutils_read_module_config(kudzu_t)
|
||||
+modutils_rename_module_config(kudzu_t)
|
||||
+modutils_delete_module_config(kudzu_t)
|
||||
+
|
||||
storage_read_scsi_generic(kudzu_t)
|
||||
storage_read_tape(kudzu_t)
|
||||
storage_raw_write_fixed_disk(kudzu_t)
|
||||
@@ -113,9 +118,6 @@
|
||||
miscfiles_read_localization(kudzu_t)
|
||||
|
||||
modutils_read_module_config(kudzu_t)
|
||||
-modutils_read_module_deps(kudzu_t)
|
||||
-modutils_rename_module_config(kudzu_t)
|
||||
-modutils_delete_module_config(kudzu_t)
|
||||
modutils_domtrans_insmod(kudzu_t)
|
||||
|
||||
sysnet_read_config(kudzu_t)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.8.1/policy/modules/admin/logrotate.te
|
||||
--- nsaserefpolicy/policy/modules/admin/logrotate.te 2010-05-25 16:28:22.000000000 -0400
|
||||
+++ serefpolicy-3.8.1/policy/modules/admin/logrotate.te 2010-05-26 16:28:29.000000000 -0400
|
||||
|
|
@ -7254,7 +7214,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
|
|||
+/nsr/logs(/.*)? gen_context(system_u:object_r:var_log_t,s0)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.8.1/policy/modules/kernel/files.if
|
||||
--- nsaserefpolicy/policy/modules/kernel/files.if 2010-05-25 16:28:22.000000000 -0400
|
||||
+++ serefpolicy-3.8.1/policy/modules/kernel/files.if 2010-05-26 16:28:29.000000000 -0400
|
||||
+++ serefpolicy-3.8.1/policy/modules/kernel/files.if 2010-05-28 08:06:33.000000000 -0400
|
||||
@@ -1053,10 +1053,8 @@
|
||||
relabel_lnk_files_pattern($1, { file_type $2 }, { file_type $2 })
|
||||
relabel_fifo_files_pattern($1, { file_type $2 }, { file_type $2 })
|
||||
|
|
@ -8143,7 +8103,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
|
|||
#
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.8.1/policy/modules/kernel/filesystem.if
|
||||
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2010-03-12 11:48:14.000000000 -0500
|
||||
+++ serefpolicy-3.8.1/policy/modules/kernel/filesystem.if 2010-05-26 16:28:29.000000000 -0400
|
||||
+++ serefpolicy-3.8.1/policy/modules/kernel/filesystem.if 2010-05-28 08:07:42.000000000 -0400
|
||||
@@ -559,7 +559,7 @@
|
||||
|
||||
########################################
|
||||
|
|
@ -9152,7 +9112,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/secadm.
|
|||
#
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.8.1/policy/modules/roles/staff.te
|
||||
--- nsaserefpolicy/policy/modules/roles/staff.te 2010-05-25 16:28:22.000000000 -0400
|
||||
+++ serefpolicy-3.8.1/policy/modules/roles/staff.te 2010-05-26 16:28:29.000000000 -0400
|
||||
+++ serefpolicy-3.8.1/policy/modules/roles/staff.te 2010-05-27 17:03:24.000000000 -0400
|
||||
@@ -9,25 +9,56 @@
|
||||
role staff_r;
|
||||
|
||||
|
|
@ -9269,7 +9229,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t
|
|||
thunderbird_role(staff_r, staff_t)
|
||||
')
|
||||
|
||||
@@ -169,6 +216,77 @@
|
||||
@@ -169,6 +216,78 @@
|
||||
wireshark_role(staff_r, staff_t)
|
||||
')
|
||||
|
||||
|
|
@ -9304,6 +9264,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t
|
|||
+
|
||||
+optional_policy(`
|
||||
+ accountsd_dbus_chat(staff_t)
|
||||
+ accountsd_read_lib_files(staff_t)
|
||||
+')
|
||||
+
|
||||
+optional_policy(`
|
||||
|
|
@ -12677,7 +12638,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boin
|
|||
+')
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boinc.te serefpolicy-3.8.1/policy/modules/services/boinc.te
|
||||
--- nsaserefpolicy/policy/modules/services/boinc.te 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ serefpolicy-3.8.1/policy/modules/services/boinc.te 2010-05-27 11:58:08.000000000 -0400
|
||||
+++ serefpolicy-3.8.1/policy/modules/services/boinc.te 2010-05-28 08:14:12.000000000 -0400
|
||||
@@ -0,0 +1,93 @@
|
||||
+
|
||||
+policy_module(boinc,1.0.0)
|
||||
|
|
@ -12709,7 +12670,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boin
|
|||
+#
|
||||
+
|
||||
+allow boinc_t self:capability { kill };
|
||||
+allow boinc_t self:process { execmem fork setsched signal sigkill };
|
||||
+allow boinc_t self:process { execmem fork setsched signal signull sigkill };
|
||||
+
|
||||
+allow boinc_t self:fifo_file rw_fifo_file_perms;
|
||||
+allow boinc_t self:unix_stream_socket create_stream_socket_perms;
|
||||
|
|
@ -27872,7 +27833,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||
+HOME_DIR/\.gvfs(/.*)? <<none>>
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.8.1/policy/modules/system/userdomain.if
|
||||
--- nsaserefpolicy/policy/modules/system/userdomain.if 2010-03-03 23:26:37.000000000 -0500
|
||||
+++ serefpolicy-3.8.1/policy/modules/system/userdomain.if 2010-05-26 16:43:47.000000000 -0400
|
||||
+++ serefpolicy-3.8.1/policy/modules/system/userdomain.if 2010-05-28 08:05:41.000000000 -0400
|
||||
@@ -30,8 +30,9 @@
|
||||
')
|
||||
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@
|
|||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.8.1
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
|
|
@ -469,6 +469,10 @@ exit 0
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu May 27 2010 Dan Walsh <dwalsh@redhat.com> 3.8.1-3
|
||||
- Fixes for accountsdialog
|
||||
- Fixes for boinc
|
||||
|
||||
* Thu May 27 2010 Dan Walsh <dwalsh@redhat.com> 3.8.1-2
|
||||
- Fix label on /var/lib/dokwiki
|
||||
- Change permissive domains to enforcing
|
||||
|
|
|
|||
Loading…
Reference in New Issue