- Fix all kernel_request_load_module domains
This commit is contained in:
parent
405a74c394
commit
4c2f298bf2
@ -12795,7 +12795,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+
|
+
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.6.32/policy/modules/services/networkmanager.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.6.32/policy/modules/services/networkmanager.te
|
||||||
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2009-08-14 13:14:31.000000000 -0700
|
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2009-08-14 13:14:31.000000000 -0700
|
||||||
+++ serefpolicy-3.6.32/policy/modules/services/networkmanager.te 2009-09-21 05:23:47.000000000 -0700
|
+++ serefpolicy-3.6.32/policy/modules/services/networkmanager.te 2009-09-21 19:37:35.000000000 -0700
|
||||||
@@ -19,6 +19,9 @@
|
@@ -19,6 +19,9 @@
|
||||||
type NetworkManager_tmp_t;
|
type NetworkManager_tmp_t;
|
||||||
files_tmp_file(NetworkManager_tmp_t)
|
files_tmp_file(NetworkManager_tmp_t)
|
||||||
@ -12837,12 +12837,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
|
|
||||||
manage_dirs_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
|
manage_dirs_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
|
||||||
manage_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
|
manage_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
|
||||||
@@ -62,7 +69,9 @@
|
@@ -63,6 +70,8 @@
|
||||||
kernel_read_system_state(NetworkManager_t)
|
|
||||||
kernel_read_network_state(NetworkManager_t)
|
kernel_read_network_state(NetworkManager_t)
|
||||||
kernel_read_kernel_sysctls(NetworkManager_t)
|
kernel_read_kernel_sysctls(NetworkManager_t)
|
||||||
-kernel_load_module(NetworkManager_t)
|
kernel_load_module(NetworkManager_t)
|
||||||
+kernel_request_load_module(NetworkManager_t)
|
|
||||||
+kernel_read_debugfs(NetworkManager_t)
|
+kernel_read_debugfs(NetworkManager_t)
|
||||||
+kernel_rw_net_sysctls(NetworkManager_t)
|
+kernel_rw_net_sysctls(NetworkManager_t)
|
||||||
|
|
||||||
@ -14859,6 +14857,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
userdom_dontaudit_search_user_home_dirs(pyzor_t)
|
userdom_dontaudit_search_user_home_dirs(pyzor_t)
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.te serefpolicy-3.6.32/policy/modules/services/radvd.te
|
||||||
|
--- nsaserefpolicy/policy/modules/services/radvd.te 2009-08-14 13:14:31.000000000 -0700
|
||||||
|
+++ serefpolicy-3.6.32/policy/modules/services/radvd.te 2009-09-21 19:37:52.000000000 -0700
|
||||||
|
@@ -41,6 +41,7 @@
|
||||||
|
kernel_rw_net_sysctls(radvd_t)
|
||||||
|
kernel_read_network_state(radvd_t)
|
||||||
|
kernel_read_system_state(radvd_t)
|
||||||
|
+kernel_request_load_module(radvd_t)
|
||||||
|
|
||||||
|
corenet_all_recvfrom_unlabeled(radvd_t)
|
||||||
|
corenet_all_recvfrom_netlabel(radvd_t)
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.fc serefpolicy-3.6.32/policy/modules/services/razor.fc
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.fc serefpolicy-3.6.32/policy/modules/services/razor.fc
|
||||||
--- nsaserefpolicy/policy/modules/services/razor.fc 2009-07-14 11:19:57.000000000 -0700
|
--- nsaserefpolicy/policy/modules/services/razor.fc 2009-07-14 11:19:57.000000000 -0700
|
||||||
+++ serefpolicy-3.6.32/policy/modules/services/razor.fc 2009-09-16 07:03:09.000000000 -0700
|
+++ serefpolicy-3.6.32/policy/modules/services/razor.fc 2009-09-16 07:03:09.000000000 -0700
|
||||||
|
@ -20,7 +20,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.6.32
|
Version: 3.6.32
|
||||||
Release: 8%{?dist}
|
Release: 9%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -447,9 +447,11 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Mon Sep 21 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-8
|
* Mon Sep 21 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-9
|
||||||
- Fix all kernel_request_load_module domains
|
- Fix all kernel_request_load_module domains
|
||||||
|
|
||||||
|
* Mon Sep 21 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-8
|
||||||
|
- Fix all kernel_request_load_module domains
|
||||||
|
|
||||||
* Sun Sep 20 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-7
|
* Sun Sep 20 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-7
|
||||||
- Remove allow_exec* booleans for confined users. Only available for unconfined_t
|
- Remove allow_exec* booleans for confined users. Only available for unconfined_t
|
||||||
|
Loading…
Reference in New Issue
Block a user