- Add ldconfig_cache_t

2007-08-20 23:02:30 +00:00 · 2007-08-20 23:02:30 +00:00 · 4f23c46830
commit 4f23c46830
parent b4ae7d845a
2 changed files with 24 additions and 9 deletions
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@ -5249,7 +5249,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.if serefpolicy-3.0.5/policy/modules/services/dovecot.if
 --- nsaserefpolicy/policy/modules/services/dovecot.if	2007-05-29 14:10:57.000000000 -0400
-+++ serefpolicy-3.0.5/policy/modules/services/dovecot.if	2007-08-07 09:39:49.000000000 -0400
+++ serefpolicy-3.0.5/policy/modules/services/dovecot.if	2007-08-20 18:21:06.000000000 -0400
@@ -18,3 +18,43 @@
 	manage_files_pattern($1,dovecot_spool_t,dovecot_spool_t)
 	manage_lnk_files_pattern($1,dovecot_spool_t,dovecot_spool_t)
@ -7884,7 +7884,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soun
 +/usr/bin/nasd		--	gen_context(system_u:object_r:soundd_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soundserver.if serefpolicy-3.0.5/policy/modules/services/soundserver.if
 --- nsaserefpolicy/policy/modules/services/soundserver.if	2007-05-29 14:10:57.000000000 -0400
-+++ serefpolicy-3.0.5/policy/modules/services/soundserver.if	2007-08-20 17:00:30.000000000 -0400
+++ serefpolicy-3.0.5/policy/modules/services/soundserver.if	2007-08-20 18:36:50.000000000 -0400
@@ -13,3 +13,64 @@
 interface(`soundserver_tcp_connect',`
 	refpolicywarn(`$0($*) has been deprecated.')
@ -9928,7 +9928,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.0.5/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2007-08-02 08:17:28.000000000 -0400
-+++ serefpolicy-3.0.5/policy/modules/system/libraries.fc	2007-08-07 09:39:49.000000000 -0400
+++ serefpolicy-3.0.5/policy/modules/system/libraries.fc	2007-08-20 19:01:03.000000000 -0400
@@ -65,11 +65,12 @@
 /opt/(.*/)?java/.+\.jar			--	gen_context(system_u:object_r:lib_t,s0)
 /opt/(.*/)?jre.*/.+\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@ -9968,23 +9968,35 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
 +/usr/lib/mozilla/plugins/libvlcplugin.so  --	gen_context(system_u:object_r:textrel_shlib_t,s0)
 +/usr/lib64/mozilla/plugins/libvlcplugin.so  --	gen_context(system_u:object_r:textrel_shlib_t,s0)
 +
-+/var/cache/ldconfig(/.*)?			    	gen_context(system_u:object_r:ld_so_cache_t,s0)
+/var/cache/ldconfig(/.*)?		    	gen_context(system_u:object_r:ldconfig_cache_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.0.5/policy/modules/system/libraries.te
 --- nsaserefpolicy/policy/modules/system/libraries.te	2007-08-02 08:17:28.000000000 -0400
-+++ serefpolicy-3.0.5/policy/modules/system/libraries.te	2007-08-20 17:12:36.000000000 -0400
+++ serefpolicy-3.0.5/policy/modules/system/libraries.te	2007-08-20 19:00:40.000000000 -0400
-@@ -44,9 +44,9 @@
+@@ -23,6 +23,9 @@
 init_system_domain(ldconfig_t,ldconfig_exec_t)
 role system_r types ldconfig_t;
 +type ldconfig_cache_t;
 +files_type(ldconfig_cache_t)
 +
 type ldconfig_tmp_t;
 files_tmp_file(ldconfig_tmp_t)
@@ -44,9 +47,11 @@
 # ldconfig local policy
 #
 -allow ldconfig_t self:capability sys_chroot;
 +allow ldconfig_t self:capability { dac_override sys_chroot };
 +
 +manage_files_pattern(ldconfig_t,ldconfig_cache_t,ldconfig_cache_t)
 -allow ldconfig_t ld_so_cache_t:file manage_file_perms;
 +manage_files_pattern(ldconfig_t,ld_so_cache_t,ld_so_cache_t)
 files_etc_filetrans(ldconfig_t,ld_so_cache_t,file)
 manage_dirs_pattern(ldconfig_t,ldconfig_tmp_t,ldconfig_tmp_t)
-@@ -60,8 +60,11 @@
+@@ -60,8 +65,11 @@
 fs_getattr_xattr_fs(ldconfig_t)
@ -9996,7 +10008,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
 files_search_var_lib(ldconfig_t)
 files_read_etc_files(ldconfig_t)
 files_search_tmp(ldconfig_t)
-@@ -96,4 +99,11 @@
+@@ -96,4 +104,11 @@
 	# and executes ldconfig on it.  If you dont allow this kernel installs 
 	# blow up.
 	rpm_manage_script_tmp_files(ldconfig_t)
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.0.5
-Release: 9%{?dist}
+Release: 10%{?dist}
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@ -360,6 +360,9 @@ exit 0
 %endif
 %changelog
 * Mon Aug 20 2007 Dan Walsh <dwalsh@redhat.com> 3.0.5-10
 - Add ldconfig_cache_t
 * Sat Aug 18 2007 Dan Walsh <dwalsh@redhat.com> 3.0.5-9
 - Allow sshd to write to proc_t for afs login