rpms/selinux-policy
6
0
Fork 0
Code Issues Pull Requests Releases Activity

- Allow vpnc to run ifconfig

Browse Source
This commit is contained in:
Daniel J Walsh 2008-06-27 11:58:29 +00:00
parent c18681476b
commit 50eeedfd33
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
policy-20080509.patch
View File

@ -25736,7 +25736,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
+') +')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.4.2/policy/modules/services/squid.te diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.4.2/policy/modules/services/squid.te
--- nsaserefpolicy/policy/modules/services/squid.te 2008-06-12 23:25:06.000000000 -0400 --- nsaserefpolicy/policy/modules/services/squid.te 2008-06-12 23:25:06.000000000 -0400
+++ serefpolicy-3.4.2/policy/modules/services/squid.te 2008-06-25 07:54:09.000000000 -0400 +++ serefpolicy-3.4.2/policy/modules/services/squid.te 2008-06-27 07:14:47.000000000 -0400
@@ -31,12 +31,15 @@ @@ -31,12 +31,15 @@
type squid_var_run_t; type squid_var_run_t;
files_pid_file(squid_var_run_t) files_pid_file(squid_var_run_t)
@ -25750,7 +25750,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
# #
-allow squid_t self:capability { setgid setuid dac_override sys_resource }; -allow squid_t self:capability { setgid setuid dac_override sys_resource };
+allow squid_t self:capability { setgid killa setuid dac_override sys_resource }; +allow squid_t self:capability { setgid kill setuid dac_override sys_resource };
dontaudit squid_t self:capability sys_tty_config; dontaudit squid_t self:capability sys_tty_config;
allow squid_t self:process ~{ ptrace setcurrent setexec setfscreate execmem execstack execheap }; allow squid_t self:process ~{ ptrace setcurrent setexec setfscreate execmem execstack execheap };
allow squid_t self:fifo_file rw_fifo_file_perms; allow squid_t self:fifo_file rw_fifo_file_perms;
@ -33295,7 +33295,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0) +/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.4.2/policy/modules/system/userdomain.if diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.4.2/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-06-12 23:25:07.000000000 -0400 --- nsaserefpolicy/policy/modules/system/userdomain.if 2008-06-12 23:25:07.000000000 -0400
+++ serefpolicy-3.4.2/policy/modules/system/userdomain.if 2008-06-26 08:07:11.000000000 -0400 +++ serefpolicy-3.4.2/policy/modules/system/userdomain.if 2008-06-27 07:06:54.000000000 -0400
@@ -28,10 +28,14 @@ @@ -28,10 +28,14 @@
class context contains; class context contains;
') ')
@ -35391,8 +35391,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
') ')
dontaudit $1 { home_dir_type home_type }:dir search_dir_perms; dontaudit $1 { home_dir_type home_type }:dir search_dir_perms;
+ fs_dontaudit_list_nfs($2) + fs_dontaudit_list_nfs($1)
+ fs_dontaudit_list_cifs($2) + fs_dontaudit_list_cifs($1)
') ')
######################################## ########################################