rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Fix all kernel_request_load_module domains

Browse Source
This commit is contained in:
Daniel J Walsh 2009-09-22 12:49:53 +00:00
parent 405a74c394
commit 4c2f298bf2
2 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
policy-F12.patch
View File

@ -12795,7 +12795,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.6.32/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2009-08-14 13:14:31.000000000 -0700
+++ serefpolicy-3.6.32/policy/modules/services/networkmanager.te 2009-09-21 05:23:47.000000000 -0700
+++ serefpolicy-3.6.32/policy/modules/services/networkmanager.te 2009-09-21 19:37:35.000000000 -0700
@@ -19,6 +19,9 @@
type NetworkManager_tmp_t;
files_tmp_file(NetworkManager_tmp_t)
@ -12837,12 +12837,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
manage_dirs_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
manage_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
@@ -62,7 +69,9 @@
kernel_read_system_state(NetworkManager_t)
@@ -63,6 +70,8 @@
kernel_read_network_state(NetworkManager_t)
kernel_read_kernel_sysctls(NetworkManager_t)
-kernel_load_module(NetworkManager_t)
+kernel_request_load_module(NetworkManager_t)
kernel_load_module(NetworkManager_t)
+kernel_read_debugfs(NetworkManager_t)
+kernel_rw_net_sysctls(NetworkManager_t)
@ -14859,6 +14857,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
userdom_dontaudit_search_user_home_dirs(pyzor_t)
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.te serefpolicy-3.6.32/policy/modules/services/radvd.te
--- nsaserefpolicy/policy/modules/services/radvd.te 2009-08-14 13:14:31.000000000 -0700
+++ serefpolicy-3.6.32/policy/modules/services/radvd.te 2009-09-21 19:37:52.000000000 -0700
@@ -41,6 +41,7 @@
kernel_rw_net_sysctls(radvd_t)
kernel_read_network_state(radvd_t)
kernel_read_system_state(radvd_t)
+kernel_request_load_module(radvd_t)
corenet_all_recvfrom_unlabeled(radvd_t)
corenet_all_recvfrom_netlabel(radvd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.fc serefpolicy-3.6.32/policy/modules/services/razor.fc
--- nsaserefpolicy/policy/modules/services/razor.fc 2009-07-14 11:19:57.000000000 -0700
+++ serefpolicy-3.6.32/policy/modules/services/razor.fc 2009-09-16 07:03:09.000000000 -0700

6
selinux-policy.spec
View File

@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.6.32
Release: 8%{?dist}
Release: 9%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@ -447,9 +447,11 @@ exit 0
%endif
%changelog
* Mon Sep 21 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-8
* Mon Sep 21 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-9
- Fix all kernel_request_load_module domains
* Mon Sep 21 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-8
- Fix all kernel_request_load_module domains
* Sun Sep 20 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-7
- Remove allow_exec* booleans for confined users. Only available for unconfined_t