From 550cc5f4f480759db55480aff0d1eb5ae8df72b3 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 22 Dec 2009 17:25:13 +0000 Subject: [PATCH] - Add back xserver_manage_home_fonts --- modules-minimum.conf | 14 ++++++++++++++ modules-mls.conf | 7 +++++++ modules-targeted.conf | 14 ++++++++++++++ policy-F13.patch | 32 ++++++++++++++++++++++++++++++-- selinux-policy.spec | 5 ++++- 5 files changed, 69 insertions(+), 3 deletions(-) diff --git a/modules-minimum.conf b/modules-minimum.conf index 1f08acc0..35c7ddb6 100644 --- a/modules-minimum.conf +++ b/modules-minimum.conf @@ -2009,6 +2009,20 @@ xguest = module # courier = module +# Layer: services +# Module: cgroup +# +# Tools and libraries to control and monitor control groups +# +cgroup = module + +# Layer: services +# Module: denyhosts +# +# script to help thwart ssh server attacks +# +denyhosts = module + # Layer: apps # Module: livecd # diff --git a/modules-mls.conf b/modules-mls.conf index 9eaf94ab..779e1b61 100644 --- a/modules-mls.conf +++ b/modules-mls.conf @@ -32,6 +32,13 @@ alsa = base # ada = module +# Layer: services +# Module: cgroup +# +# Tools and libraries to control and monitor control groups +# +cgroup = module + # Layer: apps # Module: cpufreqselector # diff --git a/modules-targeted.conf b/modules-targeted.conf index 1f08acc0..35c7ddb6 100644 --- a/modules-targeted.conf +++ b/modules-targeted.conf @@ -2009,6 +2009,20 @@ xguest = module # courier = module +# Layer: services +# Module: cgroup +# +# Tools and libraries to control and monitor control groups +# +cgroup = module + +# Layer: services +# Module: denyhosts +# +# script to help thwart ssh server attacks +# +denyhosts = module + # Layer: apps # Module: livecd # diff --git a/policy-F13.patch b/policy-F13.patch index 1210af1b..6a5742b1 100644 --- a/policy-F13.patch +++ b/policy-F13.patch @@ -26105,7 +26105,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser +/var/lib/nxserver/home/\.Xauthority.* -- gen_context(system_u:object_r:xauth_home_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.7.5/policy/modules/services/xserver.if --- nsaserefpolicy/policy/modules/services/xserver.if 2009-12-04 09:43:33.000000000 -0500 -+++ serefpolicy-3.7.5/policy/modules/services/xserver.if 2009-12-22 09:50:42.000000000 -0500 ++++ serefpolicy-3.7.5/policy/modules/services/xserver.if 2009-12-22 12:24:34.000000000 -0500 @@ -56,6 +56,13 @@ domtrans_pattern($2, iceauth_exec_t, iceauth_t) @@ -26199,7 +26199,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser ') ######################################## -@@ -1219,3 +1232,301 @@ +@@ -1219,3 +1232,329 @@ typeattribute $1 x_domain; typeattribute $1 xserver_unconfined_type; ') @@ -26234,6 +26234,34 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser + +######################################## +## ++## append to .xsession-errors file ++## ++## ++## ++## Domain to not audit ++## ++## ++# ++interface(`xserver_append_xdm_home_files',` ++ gen_require(` ++ type xdm_home_t; ++ type xserver_tmp_t; ++ ') ++ ++ allow $1 xdm_home_t:file append_file_perms; ++ allow $1 xserver_tmp_t:file append_file_perms; ++ ++ tunable_policy(`use_nfs_home_dirs',` ++ fs_append_nfs_files($1) ++ ') ++ ++ tunable_policy(`use_samba_home_dirs',` ++ fs_append_cifs_files($1) ++ ') ++') ++ ++######################################## ++## +## Manage the xdm_spool files +## +## diff --git a/selinux-policy.spec b/selinux-policy.spec index 032ac751..2df6be7b 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -20,7 +20,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.7.5 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -449,6 +449,9 @@ exit 0 %endif %changelog +* Tue Dec 22 2009 Dan Walsh 3.7.5-3 +- Add back xserver_manage_home_fonts + * Mon Dec 21 2009 Dan Walsh 3.7.5-2 - Dontaudit sandbox trying to read nscd and sssd