- Add back xserver_manage_home_fonts

This commit is contained in:
Daniel J Walsh 2009-12-22 17:25:13 +00:00
parent 5e630de186
commit 550cc5f4f4
5 changed files with 69 additions and 3 deletions

View File

@ -2009,6 +2009,20 @@ xguest = module
# #
courier = module courier = module
# Layer: services
# Module: cgroup
#
# Tools and libraries to control and monitor control groups
#
cgroup = module
# Layer: services
# Module: denyhosts
#
# script to help thwart ssh server attacks
#
denyhosts = module
# Layer: apps # Layer: apps
# Module: livecd # Module: livecd
# #

View File

@ -32,6 +32,13 @@ alsa = base
# #
ada = module ada = module
# Layer: services
# Module: cgroup
#
# Tools and libraries to control and monitor control groups
#
cgroup = module
# Layer: apps # Layer: apps
# Module: cpufreqselector # Module: cpufreqselector
# #

View File

@ -2009,6 +2009,20 @@ xguest = module
# #
courier = module courier = module
# Layer: services
# Module: cgroup
#
# Tools and libraries to control and monitor control groups
#
cgroup = module
# Layer: services
# Module: denyhosts
#
# script to help thwart ssh server attacks
#
denyhosts = module
# Layer: apps # Layer: apps
# Module: livecd # Module: livecd
# #

View File

@ -26105,7 +26105,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
+/var/lib/nxserver/home/\.Xauthority.* -- gen_context(system_u:object_r:xauth_home_t,s0) +/var/lib/nxserver/home/\.Xauthority.* -- gen_context(system_u:object_r:xauth_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.7.5/policy/modules/services/xserver.if diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.7.5/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2009-12-04 09:43:33.000000000 -0500 --- nsaserefpolicy/policy/modules/services/xserver.if 2009-12-04 09:43:33.000000000 -0500
+++ serefpolicy-3.7.5/policy/modules/services/xserver.if 2009-12-22 09:50:42.000000000 -0500 +++ serefpolicy-3.7.5/policy/modules/services/xserver.if 2009-12-22 12:24:34.000000000 -0500
@@ -56,6 +56,13 @@ @@ -56,6 +56,13 @@
domtrans_pattern($2, iceauth_exec_t, iceauth_t) domtrans_pattern($2, iceauth_exec_t, iceauth_t)
@ -26199,7 +26199,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
') ')
######################################## ########################################
@@ -1219,3 +1232,301 @@ @@ -1219,3 +1232,329 @@
typeattribute $1 x_domain; typeattribute $1 x_domain;
typeattribute $1 xserver_unconfined_type; typeattribute $1 xserver_unconfined_type;
') ')
@ -26234,6 +26234,34 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
+ +
+######################################## +########################################
+## <summary> +## <summary>
+## append to .xsession-errors file
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to not audit
+## </summary>
+## </param>
+#
+interface(`xserver_append_xdm_home_files',`
+ gen_require(`
+ type xdm_home_t;
+ type xserver_tmp_t;
+ ')
+
+ allow $1 xdm_home_t:file append_file_perms;
+ allow $1 xserver_tmp_t:file append_file_perms;
+
+ tunable_policy(`use_nfs_home_dirs',`
+ fs_append_nfs_files($1)
+ ')
+
+ tunable_policy(`use_samba_home_dirs',`
+ fs_append_cifs_files($1)
+ ')
+')
+
+########################################
+## <summary>
+## Manage the xdm_spool files +## Manage the xdm_spool files
+## </summary> +## </summary>
+## <param name="domain"> +## <param name="domain">

View File

@ -20,7 +20,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.7.5 Version: 3.7.5
Release: 2%{?dist} Release: 3%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Source: serefpolicy-%{version}.tgz Source: serefpolicy-%{version}.tgz
@ -449,6 +449,9 @@ exit 0
%endif %endif
%changelog %changelog
* Tue Dec 22 2009 Dan Walsh <dwalsh@redhat.com> 3.7.5-3
- Add back xserver_manage_home_fonts
* Mon Dec 21 2009 Dan Walsh <dwalsh@redhat.com> 3.7.5-2 * Mon Dec 21 2009 Dan Walsh <dwalsh@redhat.com> 3.7.5-2
- Dontaudit sandbox trying to read nscd and sssd - Dontaudit sandbox trying to read nscd and sssd