- Turn off direct transition
This commit is contained in:
Daniel J Walsh
parent
23716eb29c
commit
4eaf5c6dc6
|
|
@ -9334,7 +9334,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
+
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.0.7/policy/modules/services/xserver.te
|
||||
--- nsaserefpolicy/policy/modules/services/xserver.te 2007-08-22 07:14:07.000000000 -0400
|
||||
+++ serefpolicy-3.0.7/policy/modules/services/xserver.te 2007-09-07 15:02:10.000000000 -0400
|
||||
+++ serefpolicy-3.0.7/policy/modules/services/xserver.te 2007-09-07 16:19:01.000000000 -0400
|
||||
@@ -16,6 +16,13 @@
|
||||
|
||||
## <desc>
|
||||
|
|
@ -9370,14 +9370,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
|
||||
allow xdm_t xdm_xserver_t:process signal;
|
||||
allow xdm_t xdm_xserver_t:unix_stream_socket connectto;
|
||||
@@ -189,6 +200,7 @@
|
||||
@@ -185,6 +196,7 @@
|
||||
corenet_udp_sendrecv_all_ports(xdm_t)
|
||||
corenet_tcp_bind_all_nodes(xdm_t)
|
||||
corenet_udp_bind_all_nodes(xdm_t)
|
||||
+corenet_udp_bind_xdmcp_port(xdm_t)
|
||||
corenet_tcp_connect_all_ports(xdm_t)
|
||||
corenet_sendrecv_all_client_packets(xdm_t)
|
||||
# xdm tries to bind to biff_port_t
|
||||
corenet_dontaudit_tcp_bind_all_ports(xdm_t)
|
||||
+corenet_udp_bind_xdmcp_ports(xdm_t)
|
||||
|
||||
dev_read_rand(xdm_t)
|
||||
dev_read_sysfs(xdm_t)
|
||||
@@ -246,6 +258,7 @@
|
||||
auth_domtrans_pam_console(xdm_t)
|
||||
auth_manage_pam_pid(xdm_t)
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@
|
|||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.0.7
|
||||
Release: 6%{?dist}
|
||||
Release: 7%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
|
|
@ -194,8 +194,8 @@ make clean
|
|||
%if %{BUILD_TARGETED}
|
||||
# Build targeted policy
|
||||
# Commented out because only targeted ref policy currently builds
|
||||
%setupCmds targeted mcs y y
|
||||
%installCmds targeted mcs y y
|
||||
%setupCmds targeted mcs n y
|
||||
%installCmds targeted mcs n y
|
||||
%endif
|
||||
|
||||
%if %{BUILD_MLS}
|
||||
|
|
@ -207,8 +207,8 @@ make clean
|
|||
%if %{BUILD_OLPC}
|
||||
# Build targeted policy
|
||||
# Commented out because only targeted ref policy currently builds
|
||||
%setupCmds olpc mcs y y
|
||||
%installCmds olpc mcs y y
|
||||
%setupCmds olpc mcs n y
|
||||
%installCmds olpc mcs n y
|
||||
%endif
|
||||
|
||||
make NAME=targeted TYPE=targeted-mcs DISTRO=%{distro} DIRECT_INITRC=n MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} POLY=y MLS_CATS=1024 MCS_CATS=1024 install-headers install-docs
|
||||
|
|
@ -362,6 +362,9 @@ exit 0
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Sep 7 2007 Dan Walsh <dwalsh@redhat.com> 3.0.7-7
|
||||
- Turn off direct transition
|
||||
|
||||
* Fri Sep 7 2007 Dan Walsh <dwalsh@redhat.com> 3.0.7-6
|
||||
- Allow wine to run in system role
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue