- Turn off direct transition
This commit is contained in:
parent
23716eb29c
commit
4eaf5c6dc6
|
@ -9334,7 +9334,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
||||||
+
|
+
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.0.7/policy/modules/services/xserver.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.0.7/policy/modules/services/xserver.te
|
||||||
--- nsaserefpolicy/policy/modules/services/xserver.te 2007-08-22 07:14:07.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/xserver.te 2007-08-22 07:14:07.000000000 -0400
|
||||||
+++ serefpolicy-3.0.7/policy/modules/services/xserver.te 2007-09-07 15:02:10.000000000 -0400
|
+++ serefpolicy-3.0.7/policy/modules/services/xserver.te 2007-09-07 16:19:01.000000000 -0400
|
||||||
@@ -16,6 +16,13 @@
|
@@ -16,6 +16,13 @@
|
||||||
|
|
||||||
## <desc>
|
## <desc>
|
||||||
|
@ -9370,14 +9370,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
||||||
|
|
||||||
allow xdm_t xdm_xserver_t:process signal;
|
allow xdm_t xdm_xserver_t:process signal;
|
||||||
allow xdm_t xdm_xserver_t:unix_stream_socket connectto;
|
allow xdm_t xdm_xserver_t:unix_stream_socket connectto;
|
||||||
@@ -189,6 +200,7 @@
|
@@ -185,6 +196,7 @@
|
||||||
|
corenet_udp_sendrecv_all_ports(xdm_t)
|
||||||
|
corenet_tcp_bind_all_nodes(xdm_t)
|
||||||
|
corenet_udp_bind_all_nodes(xdm_t)
|
||||||
|
+corenet_udp_bind_xdmcp_port(xdm_t)
|
||||||
|
corenet_tcp_connect_all_ports(xdm_t)
|
||||||
corenet_sendrecv_all_client_packets(xdm_t)
|
corenet_sendrecv_all_client_packets(xdm_t)
|
||||||
# xdm tries to bind to biff_port_t
|
# xdm tries to bind to biff_port_t
|
||||||
corenet_dontaudit_tcp_bind_all_ports(xdm_t)
|
|
||||||
+corenet_udp_bind_xdmcp_ports(xdm_t)
|
|
||||||
|
|
||||||
dev_read_rand(xdm_t)
|
|
||||||
dev_read_sysfs(xdm_t)
|
|
||||||
@@ -246,6 +258,7 @@
|
@@ -246,6 +258,7 @@
|
||||||
auth_domtrans_pam_console(xdm_t)
|
auth_domtrans_pam_console(xdm_t)
|
||||||
auth_manage_pam_pid(xdm_t)
|
auth_manage_pam_pid(xdm_t)
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.0.7
|
Version: 3.0.7
|
||||||
Release: 6%{?dist}
|
Release: 7%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
|
@ -194,8 +194,8 @@ make clean
|
||||||
%if %{BUILD_TARGETED}
|
%if %{BUILD_TARGETED}
|
||||||
# Build targeted policy
|
# Build targeted policy
|
||||||
# Commented out because only targeted ref policy currently builds
|
# Commented out because only targeted ref policy currently builds
|
||||||
%setupCmds targeted mcs y y
|
%setupCmds targeted mcs n y
|
||||||
%installCmds targeted mcs y y
|
%installCmds targeted mcs n y
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if %{BUILD_MLS}
|
%if %{BUILD_MLS}
|
||||||
|
@ -207,8 +207,8 @@ make clean
|
||||||
%if %{BUILD_OLPC}
|
%if %{BUILD_OLPC}
|
||||||
# Build targeted policy
|
# Build targeted policy
|
||||||
# Commented out because only targeted ref policy currently builds
|
# Commented out because only targeted ref policy currently builds
|
||||||
%setupCmds olpc mcs y y
|
%setupCmds olpc mcs n y
|
||||||
%installCmds olpc mcs y y
|
%installCmds olpc mcs n y
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
make NAME=targeted TYPE=targeted-mcs DISTRO=%{distro} DIRECT_INITRC=n MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} POLY=y MLS_CATS=1024 MCS_CATS=1024 install-headers install-docs
|
make NAME=targeted TYPE=targeted-mcs DISTRO=%{distro} DIRECT_INITRC=n MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} POLY=y MLS_CATS=1024 MCS_CATS=1024 install-headers install-docs
|
||||||
|
@ -362,6 +362,9 @@ exit 0
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Sep 7 2007 Dan Walsh <dwalsh@redhat.com> 3.0.7-7
|
||||||
|
- Turn off direct transition
|
||||||
|
|
||||||
* Fri Sep 7 2007 Dan Walsh <dwalsh@redhat.com> 3.0.7-6
|
* Fri Sep 7 2007 Dan Walsh <dwalsh@redhat.com> 3.0.7-6
|
||||||
- Allow wine to run in system role
|
- Allow wine to run in system role
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue