- Add ldconfig_cache_t
This commit is contained in:
parent
b4ae7d845a
commit
4f23c46830
@ -5249,7 +5249,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
|
||||
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.if serefpolicy-3.0.5/policy/modules/services/dovecot.if
|
||||
--- nsaserefpolicy/policy/modules/services/dovecot.if 2007-05-29 14:10:57.000000000 -0400
|
||||
+++ serefpolicy-3.0.5/policy/modules/services/dovecot.if 2007-08-07 09:39:49.000000000 -0400
|
||||
+++ serefpolicy-3.0.5/policy/modules/services/dovecot.if 2007-08-20 18:21:06.000000000 -0400
|
||||
@@ -18,3 +18,43 @@
|
||||
manage_files_pattern($1,dovecot_spool_t,dovecot_spool_t)
|
||||
manage_lnk_files_pattern($1,dovecot_spool_t,dovecot_spool_t)
|
||||
@ -7884,7 +7884,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soun
|
||||
+/usr/bin/nasd -- gen_context(system_u:object_r:soundd_exec_t,s0)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soundserver.if serefpolicy-3.0.5/policy/modules/services/soundserver.if
|
||||
--- nsaserefpolicy/policy/modules/services/soundserver.if 2007-05-29 14:10:57.000000000 -0400
|
||||
+++ serefpolicy-3.0.5/policy/modules/services/soundserver.if 2007-08-20 17:00:30.000000000 -0400
|
||||
+++ serefpolicy-3.0.5/policy/modules/services/soundserver.if 2007-08-20 18:36:50.000000000 -0400
|
||||
@@ -13,3 +13,64 @@
|
||||
interface(`soundserver_tcp_connect',`
|
||||
refpolicywarn(`$0($*) has been deprecated.')
|
||||
@ -9928,7 +9928,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
|
||||
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.0.5/policy/modules/system/libraries.fc
|
||||
--- nsaserefpolicy/policy/modules/system/libraries.fc 2007-08-02 08:17:28.000000000 -0400
|
||||
+++ serefpolicy-3.0.5/policy/modules/system/libraries.fc 2007-08-07 09:39:49.000000000 -0400
|
||||
+++ serefpolicy-3.0.5/policy/modules/system/libraries.fc 2007-08-20 19:01:03.000000000 -0400
|
||||
@@ -65,11 +65,12 @@
|
||||
/opt/(.*/)?java/.+\.jar -- gen_context(system_u:object_r:lib_t,s0)
|
||||
/opt/(.*/)?jre.*/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
@ -9968,23 +9968,35 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
|
||||
+/usr/lib/mozilla/plugins/libvlcplugin.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
+/usr/lib64/mozilla/plugins/libvlcplugin.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
+
|
||||
+/var/cache/ldconfig(/.*)? gen_context(system_u:object_r:ld_so_cache_t,s0)
|
||||
+/var/cache/ldconfig(/.*)? gen_context(system_u:object_r:ldconfig_cache_t,s0)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.0.5/policy/modules/system/libraries.te
|
||||
--- nsaserefpolicy/policy/modules/system/libraries.te 2007-08-02 08:17:28.000000000 -0400
|
||||
+++ serefpolicy-3.0.5/policy/modules/system/libraries.te 2007-08-20 17:12:36.000000000 -0400
|
||||
@@ -44,9 +44,9 @@
|
||||
+++ serefpolicy-3.0.5/policy/modules/system/libraries.te 2007-08-20 19:00:40.000000000 -0400
|
||||
@@ -23,6 +23,9 @@
|
||||
init_system_domain(ldconfig_t,ldconfig_exec_t)
|
||||
role system_r types ldconfig_t;
|
||||
|
||||
+type ldconfig_cache_t;
|
||||
+files_type(ldconfig_cache_t)
|
||||
+
|
||||
type ldconfig_tmp_t;
|
||||
files_tmp_file(ldconfig_tmp_t)
|
||||
|
||||
@@ -44,9 +47,11 @@
|
||||
# ldconfig local policy
|
||||
#
|
||||
|
||||
-allow ldconfig_t self:capability sys_chroot;
|
||||
+allow ldconfig_t self:capability { dac_override sys_chroot };
|
||||
+
|
||||
+manage_files_pattern(ldconfig_t,ldconfig_cache_t,ldconfig_cache_t)
|
||||
|
||||
-allow ldconfig_t ld_so_cache_t:file manage_file_perms;
|
||||
+manage_files_pattern(ldconfig_t,ld_so_cache_t,ld_so_cache_t)
|
||||
files_etc_filetrans(ldconfig_t,ld_so_cache_t,file)
|
||||
|
||||
manage_dirs_pattern(ldconfig_t,ldconfig_tmp_t,ldconfig_tmp_t)
|
||||
@@ -60,8 +60,11 @@
|
||||
@@ -60,8 +65,11 @@
|
||||
|
||||
fs_getattr_xattr_fs(ldconfig_t)
|
||||
|
||||
@ -9996,7 +10008,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
|
||||
files_search_var_lib(ldconfig_t)
|
||||
files_read_etc_files(ldconfig_t)
|
||||
files_search_tmp(ldconfig_t)
|
||||
@@ -96,4 +99,11 @@
|
||||
@@ -96,4 +104,11 @@
|
||||
# and executes ldconfig on it. If you dont allow this kernel installs
|
||||
# blow up.
|
||||
rpm_manage_script_tmp_files(ldconfig_t)
|
||||
|
@ -17,7 +17,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.0.5
|
||||
Release: 9%{?dist}
|
||||
Release: 10%{?dist}
|
||||
License: GPL
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
@ -360,6 +360,9 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Aug 20 2007 Dan Walsh <dwalsh@redhat.com> 3.0.5-10
|
||||
- Add ldconfig_cache_t
|
||||
|
||||
* Sat Aug 18 2007 Dan Walsh <dwalsh@redhat.com> 3.0.5-9
|
||||
- Allow sshd to write to proc_t for afs login
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user