Make sure content created in the homedir by uncnfined domains get created with the corect label. specifically /.readahead
This commit is contained in:
parent
e88478c88d
commit
5991fc8049
File diff suppressed because it is too large
Load Diff
|
@ -47944,10 +47944,10 @@ index 0000000..48ea717
|
||||||
+')
|
+')
|
||||||
diff --git a/realmd.te b/realmd.te
|
diff --git a/realmd.te b/realmd.te
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000..3f5f701
|
index 0000000..314e17e
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/realmd.te
|
+++ b/realmd.te
|
||||||
@@ -0,0 +1,45 @@
|
@@ -0,0 +1,44 @@
|
||||||
+policy_module(realmd, 1.0.0)
|
+policy_module(realmd, 1.0.0)
|
||||||
+
|
+
|
||||||
+########################################
|
+########################################
|
||||||
|
@ -47958,7 +47958,6 @@ index 0000000..3f5f701
|
||||||
+type realmd_t;
|
+type realmd_t;
|
||||||
+type realmd_exec_t;
|
+type realmd_exec_t;
|
||||||
+application_domain(realmd_t, realmd_exec_t)
|
+application_domain(realmd_t, realmd_exec_t)
|
||||||
+role system_r types realmd_t;
|
|
||||||
+
|
+
|
||||||
+########################################
|
+########################################
|
||||||
+#
|
+#
|
||||||
|
@ -52468,20 +52467,19 @@ index 905883f..564240d 100644
|
||||||
+ can_exec(smbd_t, samba_unconfined_script_exec_t)
|
+ can_exec(smbd_t, samba_unconfined_script_exec_t)
|
||||||
')
|
')
|
||||||
diff --git a/sambagui.te b/sambagui.te
|
diff --git a/sambagui.te b/sambagui.te
|
||||||
index 1898dbd..eec2a5a 100644
|
index 1898dbd..43fcb73 100644
|
||||||
--- a/sambagui.te
|
--- a/sambagui.te
|
||||||
+++ b/sambagui.te
|
+++ b/sambagui.te
|
||||||
@@ -7,7 +7,8 @@ policy_module(sambagui, 1.1.0)
|
@@ -7,7 +7,7 @@ policy_module(sambagui, 1.1.0)
|
||||||
|
|
||||||
type sambagui_t;
|
type sambagui_t;
|
||||||
type sambagui_exec_t;
|
type sambagui_exec_t;
|
||||||
-dbus_system_domain(sambagui_t, sambagui_exec_t)
|
-dbus_system_domain(sambagui_t, sambagui_exec_t)
|
||||||
+application_domain(sambagui_t, sambagui_exec_t)
|
+application_domain(sambagui_t, sambagui_exec_t)
|
||||||
+role system_r types sambagui_t;
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@@ -27,21 +28,30 @@ corecmd_exec_bin(sambagui_t)
|
@@ -27,21 +27,30 @@ corecmd_exec_bin(sambagui_t)
|
||||||
|
|
||||||
dev_dontaudit_read_urand(sambagui_t)
|
dev_dontaudit_read_urand(sambagui_t)
|
||||||
|
|
||||||
|
@ -52513,7 +52511,7 @@ index 1898dbd..eec2a5a 100644
|
||||||
nscd_dontaudit_search_pid(sambagui_t)
|
nscd_dontaudit_search_pid(sambagui_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -56,6 +66,7 @@ optional_policy(`
|
@@ -56,6 +65,7 @@ optional_policy(`
|
||||||
samba_manage_var_files(sambagui_t)
|
samba_manage_var_files(sambagui_t)
|
||||||
samba_read_secrets(sambagui_t)
|
samba_read_secrets(sambagui_t)
|
||||||
samba_initrc_domtrans(sambagui_t)
|
samba_initrc_domtrans(sambagui_t)
|
||||||
|
@ -63450,7 +63448,7 @@ index 0000000..14c5c0a
|
||||||
+
|
+
|
||||||
+miscfiles_read_localization(wdmd_t)
|
+miscfiles_read_localization(wdmd_t)
|
||||||
diff --git a/webadm.te b/webadm.te
|
diff --git a/webadm.te b/webadm.te
|
||||||
index 0ecc786..e0f21c3 100644
|
index 0ecc786..3e7e984 100644
|
||||||
--- a/webadm.te
|
--- a/webadm.te
|
||||||
+++ b/webadm.te
|
+++ b/webadm.te
|
||||||
@@ -28,7 +28,7 @@ userdom_base_user_template(webadm)
|
@@ -28,7 +28,7 @@ userdom_base_user_template(webadm)
|
||||||
|
@ -63462,6 +63460,14 @@ index 0ecc786..e0f21c3 100644
|
||||||
|
|
||||||
files_dontaudit_search_all_dirs(webadm_t)
|
files_dontaudit_search_all_dirs(webadm_t)
|
||||||
files_manage_generic_locks(webadm_t)
|
files_manage_generic_locks(webadm_t)
|
||||||
|
@@ -38,6 +38,7 @@ selinux_get_enforce_mode(webadm_t)
|
||||||
|
seutil_domtrans_setfiles(webadm_t)
|
||||||
|
|
||||||
|
logging_send_syslog_msg(webadm_t)
|
||||||
|
+logging_send_audit_msgs(webadm_t)
|
||||||
|
|
||||||
|
userdom_dontaudit_search_user_home_dirs(webadm_t)
|
||||||
|
|
||||||
diff --git a/webalizer.te b/webalizer.te
|
diff --git a/webalizer.te b/webalizer.te
|
||||||
index 32b4f76..ea008d8 100644
|
index 32b4f76..ea008d8 100644
|
||||||
--- a/webalizer.te
|
--- a/webalizer.te
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.11.1
|
Version: 3.11.1
|
||||||
Release: 3%{?dist}
|
Release: 3.1%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
|
@ -491,6 +491,9 @@ SELinux Reference policy mls base module.
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Aug 8 2012 Dan Walsh <dwalshl@redhat.com> 3.11.1-3.1
|
||||||
|
- Update with fixes for SECure linux containers
|
||||||
|
|
||||||
* Tue Aug 7 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-3
|
* Tue Aug 7 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.1-3
|
||||||
- Add role rules for realmd, sambagui
|
- Add role rules for realmd, sambagui
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue