- Allow podsleuth to use tmpfs files

This commit is contained in:
Daniel J Walsh 2009-04-06 14:44:51 +00:00
parent 04b6828096
commit 4cdbdd6bd1

View File

@ -3384,8 +3384,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/bin/pulseaudio -- gen_context(system_u:object_r:pulseaudio_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.if serefpolicy-3.6.10/policy/modules/apps/pulseaudio.if
--- nsaserefpolicy/policy/modules/apps/pulseaudio.if 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.6.10/policy/modules/apps/pulseaudio.if 2009-04-03 17:24:36.000000000 -0400
@@ -0,0 +1,147 @@
+++ serefpolicy-3.6.10/policy/modules/apps/pulseaudio.if 2009-04-06 08:51:37.000000000 -0400
@@ -0,0 +1,148 @@
+
+## <summary>policy for pulseaudio</summary>
+
@ -3470,6 +3470,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+interface(`pulseaudio_role',`
+ gen_require(`
+ type pulseaudio_t, pulseaudio_exec_t, print_spool_t;
+ class dbus { send_msg };
+ ')
+
+ role $1 types pulseaudio_t;
@ -10708,7 +10709,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.6.10/policy/modules/services/dbus.te
--- nsaserefpolicy/policy/modules/services/dbus.te 2009-01-19 11:06:49.000000000 -0500
+++ serefpolicy-3.6.10/policy/modules/services/dbus.te 2009-03-30 10:09:41.000000000 -0400
+++ serefpolicy-3.6.10/policy/modules/services/dbus.te 2009-04-06 08:40:45.000000000 -0400
@@ -9,14 +9,15 @@
#
# Delcarations
@ -10801,7 +10802,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
logging_send_audit_msgs(system_dbusd_t)
logging_send_syslog_msg(system_dbusd_t)
@@ -128,9 +149,37 @@
@@ -128,9 +149,38 @@
')
optional_policy(`
@ -10838,6 +10839,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+allow dbusd_unconfined session_bus_type:dbus all_dbus_perms;
+allow dbusd_unconfined dbusd_unconfined:dbus all_dbus_perms;
+allow session_bus_type dbusd_unconfined:dbus send_msg;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.fc serefpolicy-3.6.10/policy/modules/services/dcc.fc
--- nsaserefpolicy/policy/modules/services/dcc.fc 2008-08-07 11:15:11.000000000 -0400
@ -16403,7 +16405,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/sbin/postkick -- gen_context(system_u:object_r:postfix_master_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.6.10/policy/modules/services/postfix.if
--- nsaserefpolicy/policy/modules/services/postfix.if 2009-01-19 11:06:49.000000000 -0500
+++ serefpolicy-3.6.10/policy/modules/services/postfix.if 2009-03-30 10:09:41.000000000 -0400
+++ serefpolicy-3.6.10/policy/modules/services/postfix.if 2009-04-06 08:26:28.000000000 -0400
@@ -46,6 +46,7 @@
allow postfix_$1_t postfix_etc_t:dir list_dir_perms;
@ -27760,7 +27762,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/dev/shm/mono.* gen_context(system_u:object_r:user_tmpfs_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.10/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2009-01-19 11:07:34.000000000 -0500
+++ serefpolicy-3.6.10/policy/modules/system/userdomain.if 2009-04-03 16:55:31.000000000 -0400
+++ serefpolicy-3.6.10/policy/modules/system/userdomain.if 2009-04-06 08:22:27.000000000 -0400
@@ -30,8 +30,9 @@
')