- Allow podsleuth to use tmpfs files

2009-04-06 14:44:51 +00:00 · 2009-04-06 14:44:51 +00:00 · 4cdbdd6bd1
commit 4cdbdd6bd1
parent 04b6828096
1 changed files with 8 additions and 6 deletions
--- a/policy-20090105.patch
+++ b/policy-20090105.patch
@ -3384,8 +3384,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/bin/pulseaudio	--	gen_context(system_u:object_r:pulseaudio_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.if serefpolicy-3.6.10/policy/modules/apps/pulseaudio.if
 --- nsaserefpolicy/policy/modules/apps/pulseaudio.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/apps/pulseaudio.if	2009-04-03 17:24:36.000000000 -0400
-@@ -0,0 +1,147 @@
+++ serefpolicy-3.6.10/policy/modules/apps/pulseaudio.if	2009-04-06 08:51:37.000000000 -0400
+@@ -0,0 +1,148 @@
 +
 +## <summary>policy for pulseaudio</summary>
 +
@ -3470,6 +3470,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +interface(`pulseaudio_role',`
 +	gen_require(`
 +		type pulseaudio_t, pulseaudio_exec_t, print_spool_t;
+		class dbus { send_msg };
 +	')
 +
 +	role $1 types pulseaudio_t;
@ -10708,7 +10709,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.6.10/policy/modules/services/dbus.te
 --- nsaserefpolicy/policy/modules/services/dbus.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/dbus.te	2009-03-30 10:09:41.000000000 -0400
+++ serefpolicy-3.6.10/policy/modules/services/dbus.te	2009-04-06 08:40:45.000000000 -0400
@@ -9,14 +9,15 @@
 #
 # Delcarations
@ -10801,7 +10802,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 
 logging_send_audit_msgs(system_dbusd_t)
 logging_send_syslog_msg(system_dbusd_t)
-@@ -128,9 +149,37 @@
+@@ -128,9 +149,38 @@
 ')
 
 optional_policy(`
@ -10838,6 +10839,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +allow dbusd_unconfined session_bus_type:dbus all_dbus_perms;
+allow dbusd_unconfined dbusd_unconfined:dbus all_dbus_perms;
 +allow session_bus_type dbusd_unconfined:dbus send_msg;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.fc serefpolicy-3.6.10/policy/modules/services/dcc.fc
 --- nsaserefpolicy/policy/modules/services/dcc.fc	2008-08-07 11:15:11.000000000 -0400
@ -16403,7 +16405,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 /usr/sbin/postkick	--	gen_context(system_u:object_r:postfix_master_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.6.10/policy/modules/services/postfix.if
 --- nsaserefpolicy/policy/modules/services/postfix.if	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/services/postfix.if	2009-03-30 10:09:41.000000000 -0400
+++ serefpolicy-3.6.10/policy/modules/services/postfix.if	2009-04-06 08:26:28.000000000 -0400
@@ -46,6 +46,7 @@
 
 	allow postfix_$1_t postfix_etc_t:dir list_dir_perms;
@ -27760,7 +27762,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/dev/shm/mono.*		gen_context(system_u:object_r:user_tmpfs_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.10/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.10/policy/modules/system/userdomain.if	2009-04-03 16:55:31.000000000 -0400
+++ serefpolicy-3.6.10/policy/modules/system/userdomain.if	2009-04-06 08:22:27.000000000 -0400
@@ -30,8 +30,9 @@
 	')