- Additional perms for readahead
This commit is contained in:
parent
4d5adb716e
commit
5ba1bf287a
@ -770,12 +770,41 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+')
|
+')
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.fc serefpolicy-3.6.12/policy/modules/admin/readahead.fc
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.fc serefpolicy-3.6.12/policy/modules/admin/readahead.fc
|
||||||
--- nsaserefpolicy/policy/modules/admin/readahead.fc 2008-08-07 11:15:13.000000000 -0400
|
--- nsaserefpolicy/policy/modules/admin/readahead.fc 2008-08-07 11:15:13.000000000 -0400
|
||||||
+++ serefpolicy-3.6.12/policy/modules/admin/readahead.fc 2009-04-23 10:30:56.000000000 -0400
|
+++ serefpolicy-3.6.12/policy/modules/admin/readahead.fc 2009-04-23 17:15:49.000000000 -0400
|
||||||
@@ -1,3 +1,4 @@
|
@@ -1,3 +1,4 @@
|
||||||
/etc/readahead.d(/.*)? gen_context(system_u:object_r:readahead_etc_rw_t,s0)
|
/etc/readahead.d(/.*)? gen_context(system_u:object_r:readahead_etc_rw_t,s0)
|
||||||
|
|
||||||
/usr/sbin/readahead -- gen_context(system_u:object_r:readahead_exec_t,s0)
|
-/usr/sbin/readahead -- gen_context(system_u:object_r:readahead_exec_t,s0)
|
||||||
+/sbin/readahead -- gen_context(system_u:object_r:readahead_exec_t,s0)
|
+/usr/sbin/readahead.* -- gen_context(system_u:object_r:readahead_exec_t,s0)
|
||||||
|
+/sbin/readahead.* -- gen_context(system_u:object_r:readahead_exec_t,s0)
|
||||||
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-3.6.12/policy/modules/admin/readahead.te
|
||||||
|
--- nsaserefpolicy/policy/modules/admin/readahead.te 2009-01-05 15:39:44.000000000 -0500
|
||||||
|
+++ serefpolicy-3.6.12/policy/modules/admin/readahead.te 2009-04-23 17:21:40.000000000 -0400
|
||||||
|
@@ -24,7 +24,7 @@
|
||||||
|
|
||||||
|
allow readahead_t self:capability { fowner dac_override dac_read_search };
|
||||||
|
dontaudit readahead_t self:capability sys_tty_config;
|
||||||
|
-allow readahead_t self:process signal_perms;
|
||||||
|
+allow readahead_t self:process { setsched signal_perms };
|
||||||
|
|
||||||
|
manage_files_pattern(readahead_t, readahead_etc_rw_t, readahead_etc_rw_t)
|
||||||
|
|
||||||
|
@@ -58,6 +58,7 @@
|
||||||
|
fs_dontaudit_search_ramfs(readahead_t)
|
||||||
|
fs_dontaudit_read_ramfs_pipes(readahead_t)
|
||||||
|
fs_dontaudit_read_ramfs_files(readahead_t)
|
||||||
|
+fs_dontaudit_use_tmpfs_chr_dev(readahead_t)
|
||||||
|
fs_read_tmpfs_symlinks(readahead_t)
|
||||||
|
fs_list_inotifyfs(readahead_t)
|
||||||
|
|
||||||
|
@@ -72,6 +73,7 @@
|
||||||
|
init_getattr_initctl(readahead_t)
|
||||||
|
|
||||||
|
logging_send_syslog_msg(readahead_t)
|
||||||
|
+logging_send_audit_msgs(readahead_t)
|
||||||
|
logging_dontaudit_search_audit_config(readahead_t)
|
||||||
|
|
||||||
|
miscfiles_read_localization(readahead_t)
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.6.12/policy/modules/admin/rpm.fc
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.6.12/policy/modules/admin/rpm.fc
|
||||||
--- nsaserefpolicy/policy/modules/admin/rpm.fc 2008-08-07 11:15:13.000000000 -0400
|
--- nsaserefpolicy/policy/modules/admin/rpm.fc 2008-08-07 11:15:13.000000000 -0400
|
||||||
+++ serefpolicy-3.6.12/policy/modules/admin/rpm.fc 2009-04-23 09:44:57.000000000 -0400
|
+++ serefpolicy-3.6.12/policy/modules/admin/rpm.fc 2009-04-23 09:44:57.000000000 -0400
|
||||||
@ -5693,7 +5722,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+/dev/shm -d gen_context(system_u:object_r:tmpfs_t,s0)
|
+/dev/shm -d gen_context(system_u:object_r:tmpfs_t,s0)
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.6.12/policy/modules/kernel/filesystem.if
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.6.12/policy/modules/kernel/filesystem.if
|
||||||
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2009-03-04 16:49:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2009-03-04 16:49:00.000000000 -0500
|
||||||
+++ serefpolicy-3.6.12/policy/modules/kernel/filesystem.if 2009-04-23 09:44:57.000000000 -0400
|
+++ serefpolicy-3.6.12/policy/modules/kernel/filesystem.if 2009-04-23 17:21:31.000000000 -0400
|
||||||
@@ -723,6 +723,24 @@
|
@@ -723,6 +723,24 @@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
Loading…
Reference in New Issue
Block a user