- Add ldconfig_cache_t

This commit is contained in:
Daniel J Walsh 2007-08-20 23:02:30 +00:00
parent b4ae7d845a
commit 4f23c46830
2 changed files with 24 additions and 9 deletions

View File

@ -5249,7 +5249,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.if serefpolicy-3.0.5/policy/modules/services/dovecot.if
--- nsaserefpolicy/policy/modules/services/dovecot.if 2007-05-29 14:10:57.000000000 -0400
+++ serefpolicy-3.0.5/policy/modules/services/dovecot.if 2007-08-07 09:39:49.000000000 -0400
+++ serefpolicy-3.0.5/policy/modules/services/dovecot.if 2007-08-20 18:21:06.000000000 -0400
@@ -18,3 +18,43 @@
manage_files_pattern($1,dovecot_spool_t,dovecot_spool_t)
manage_lnk_files_pattern($1,dovecot_spool_t,dovecot_spool_t)
@ -7884,7 +7884,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soun
+/usr/bin/nasd -- gen_context(system_u:object_r:soundd_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soundserver.if serefpolicy-3.0.5/policy/modules/services/soundserver.if
--- nsaserefpolicy/policy/modules/services/soundserver.if 2007-05-29 14:10:57.000000000 -0400
+++ serefpolicy-3.0.5/policy/modules/services/soundserver.if 2007-08-20 17:00:30.000000000 -0400
+++ serefpolicy-3.0.5/policy/modules/services/soundserver.if 2007-08-20 18:36:50.000000000 -0400
@@ -13,3 +13,64 @@
interface(`soundserver_tcp_connect',`
refpolicywarn(`$0($*) has been deprecated.')
@ -9928,7 +9928,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.0.5/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2007-08-02 08:17:28.000000000 -0400
+++ serefpolicy-3.0.5/policy/modules/system/libraries.fc 2007-08-07 09:39:49.000000000 -0400
+++ serefpolicy-3.0.5/policy/modules/system/libraries.fc 2007-08-20 19:01:03.000000000 -0400
@@ -65,11 +65,12 @@
/opt/(.*/)?java/.+\.jar -- gen_context(system_u:object_r:lib_t,s0)
/opt/(.*/)?jre.*/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@ -9968,23 +9968,35 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
+/usr/lib/mozilla/plugins/libvlcplugin.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib64/mozilla/plugins/libvlcplugin.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+
+/var/cache/ldconfig(/.*)? gen_context(system_u:object_r:ld_so_cache_t,s0)
+/var/cache/ldconfig(/.*)? gen_context(system_u:object_r:ldconfig_cache_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.0.5/policy/modules/system/libraries.te
--- nsaserefpolicy/policy/modules/system/libraries.te 2007-08-02 08:17:28.000000000 -0400
+++ serefpolicy-3.0.5/policy/modules/system/libraries.te 2007-08-20 17:12:36.000000000 -0400
@@ -44,9 +44,9 @@
+++ serefpolicy-3.0.5/policy/modules/system/libraries.te 2007-08-20 19:00:40.000000000 -0400
@@ -23,6 +23,9 @@
init_system_domain(ldconfig_t,ldconfig_exec_t)
role system_r types ldconfig_t;
+type ldconfig_cache_t;
+files_type(ldconfig_cache_t)
+
type ldconfig_tmp_t;
files_tmp_file(ldconfig_tmp_t)
@@ -44,9 +47,11 @@
# ldconfig local policy
#
-allow ldconfig_t self:capability sys_chroot;
+allow ldconfig_t self:capability { dac_override sys_chroot };
+
+manage_files_pattern(ldconfig_t,ldconfig_cache_t,ldconfig_cache_t)
-allow ldconfig_t ld_so_cache_t:file manage_file_perms;
+manage_files_pattern(ldconfig_t,ld_so_cache_t,ld_so_cache_t)
files_etc_filetrans(ldconfig_t,ld_so_cache_t,file)
manage_dirs_pattern(ldconfig_t,ldconfig_tmp_t,ldconfig_tmp_t)
@@ -60,8 +60,11 @@
@@ -60,8 +65,11 @@
fs_getattr_xattr_fs(ldconfig_t)
@ -9996,7 +10008,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
files_search_var_lib(ldconfig_t)
files_read_etc_files(ldconfig_t)
files_search_tmp(ldconfig_t)
@@ -96,4 +99,11 @@
@@ -96,4 +104,11 @@
# and executes ldconfig on it. If you dont allow this kernel installs
# blow up.
rpm_manage_script_tmp_files(ldconfig_t)

View File

@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.0.5
Release: 9%{?dist}
Release: 10%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@ -360,6 +360,9 @@ exit 0
%endif
%changelog
* Mon Aug 20 2007 Dan Walsh <dwalsh@redhat.com> 3.0.5-10
- Add ldconfig_cache_t
* Sat Aug 18 2007 Dan Walsh <dwalsh@redhat.com> 3.0.5-9
- Allow sshd to write to proc_t for afs login