- Update to upstream
- Additional mail ports - Add virt_use_usb boolean for svirt
This commit is contained in:
parent
9386d6f55f
commit
6071093529
@ -171,3 +171,4 @@ serefpolicy-3.6.13.tgz
|
||||
serefpolicy-3.6.14.tgz
|
||||
serefpolicy-3.6.15.tgz
|
||||
serefpolicy-3.6.16.tgz
|
||||
serefpolicy-3.6.17.tgz
|
||||
|
178
policy-F12.patch
178
policy-F12.patch
@ -1565,41 +1565,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
type sudo_exec_t;
|
||||
application_executable_file(sudo_exec_t)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-3.6.16/policy/modules/admin/su.if
|
||||
--- nsaserefpolicy/policy/modules/admin/su.if 2009-01-19 11:07:34.000000000 -0500
|
||||
+++ serefpolicy-3.6.16/policy/modules/admin/su.if 2009-06-12 15:59:08.000000000 -0400
|
||||
@@ -90,15 +90,6 @@
|
||||
|
||||
miscfiles_read_localization($1_su_t)
|
||||
|
||||
- ifdef(`distro_redhat',`
|
||||
- # RHEL5 and possibly newer releases incl. Fedora
|
||||
- auth_domtrans_upd_passwd($1_su_t)
|
||||
-
|
||||
- optional_policy(`
|
||||
- locallogin_search_keys($1_su_t)
|
||||
- ')
|
||||
- ')
|
||||
-
|
||||
ifdef(`distro_rhel4',`
|
||||
domain_role_change_exemption($1_su_t)
|
||||
domain_subj_id_change_exemption($1_su_t)
|
||||
@@ -227,15 +218,6 @@
|
||||
userdom_use_user_terminals($1_su_t)
|
||||
userdom_search_user_home_dirs($1_su_t)
|
||||
|
||||
- ifdef(`distro_redhat',`
|
||||
- # RHEL5 and possibly newer releases incl. Fedora
|
||||
- auth_domtrans_upd_passwd($1_su_t)
|
||||
-
|
||||
- optional_policy(`
|
||||
- locallogin_search_keys($1_su_t)
|
||||
- ')
|
||||
- ')
|
||||
-
|
||||
ifdef(`distro_rhel4',`
|
||||
domain_role_change_exemption($1_su_t)
|
||||
domain_subj_id_change_exemption($1_su_t)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.6.16/policy/modules/admin/tmpreaper.te
|
||||
--- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2008-11-11 16:13:49.000000000 -0500
|
||||
+++ serefpolicy-3.6.16/policy/modules/admin/tmpreaper.te 2009-06-12 15:59:08.000000000 -0400
|
||||
@ -4249,7 +4214,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.6.16/policy/modules/apps/qemu.te
|
||||
--- nsaserefpolicy/policy/modules/apps/qemu.te 2009-01-19 11:03:28.000000000 -0500
|
||||
+++ serefpolicy-3.6.16/policy/modules/apps/qemu.te 2009-06-12 15:59:08.000000000 -0400
|
||||
+++ serefpolicy-3.6.16/policy/modules/apps/qemu.te 2009-06-19 07:21:45.000000000 -0400
|
||||
@@ -13,28 +13,97 @@
|
||||
## </desc>
|
||||
gen_tunable(qemu_full_network, false)
|
||||
@ -5351,7 +5316,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
########################################
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.6.16/policy/modules/kernel/corenetwork.te.in
|
||||
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2009-06-12 09:08:48.000000000 -0400
|
||||
+++ serefpolicy-3.6.16/policy/modules/kernel/corenetwork.te.in 2009-06-12 15:59:08.000000000 -0400
|
||||
+++ serefpolicy-3.6.16/policy/modules/kernel/corenetwork.te.in 2009-06-19 07:01:21.000000000 -0400
|
||||
@@ -65,6 +65,7 @@
|
||||
type server_packet_t, packet_type, server_packet_type;
|
||||
|
||||
@ -5390,7 +5355,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0, tcp,8443,s0) #8443 is mod_nss default port
|
||||
network_port(howl, tcp,5335,s0, udp,5353,s0)
|
||||
network_port(hplip, tcp,1782,s0, tcp,2207,s0, tcp,2208,s0, tcp, 8290,s0, tcp,50000,s0, tcp,50002,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0, tcp,9292,s0)
|
||||
@@ -121,6 +128,7 @@
|
||||
@@ -121,16 +128,18 @@
|
||||
network_port(kerberos_admin, tcp,464,s0, udp,464,s0, tcp,749,s0)
|
||||
network_port(kerberos_master, tcp,4444,s0, udp,4444,s0)
|
||||
network_port(kerberos, tcp,88,s0, udp,88,s0, tcp,750,s0, udp,750,s0)
|
||||
@ -5398,7 +5363,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
network_port(kprop, tcp,754,s0)
|
||||
network_port(ktalkd, udp,517,s0, udp,518,s0)
|
||||
network_port(ldap, tcp,389,s0, udp,389,s0, tcp,636,s0, udp,636,s0, tcp,3268,s0)
|
||||
@@ -131,6 +139,7 @@
|
||||
type lrrd_port_t, port_type; dnl network_port(lrrd_port_t) # no defined portcon
|
||||
network_port(lmtp, tcp,24,s0, udp,24,s0)
|
||||
-network_port(mail, tcp,2000,s0)
|
||||
+network_port(mail, tcp,2000,s0, tcp,3905,s0)
|
||||
network_port(memcache, tcp,11211,s0, udp,11211,s0)
|
||||
network_port(mmcc, tcp,5050,s0, udp,5050,s0)
|
||||
network_port(monopd, tcp,1234,s0)
|
||||
network_port(msnp, tcp,1863,s0, udp,1863,s0)
|
||||
@ -5683,7 +5652,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
type lvm_control_t;
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.6.16/policy/modules/kernel/domain.if
|
||||
--- nsaserefpolicy/policy/modules/kernel/domain.if 2009-06-12 09:08:48.000000000 -0400
|
||||
+++ serefpolicy-3.6.16/policy/modules/kernel/domain.if 2009-06-12 15:59:08.000000000 -0400
|
||||
+++ serefpolicy-3.6.16/policy/modules/kernel/domain.if 2009-06-19 06:16:32.000000000 -0400
|
||||
@@ -65,7 +65,8 @@
|
||||
')
|
||||
|
||||
@ -6286,7 +6255,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+/dev/shm -d gen_context(system_u:object_r:tmpfs_t,s0)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.6.16/policy/modules/kernel/kernel.if
|
||||
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2009-06-12 09:08:48.000000000 -0400
|
||||
+++ serefpolicy-3.6.16/policy/modules/kernel/kernel.if 2009-06-12 15:59:08.000000000 -0400
|
||||
+++ serefpolicy-3.6.16/policy/modules/kernel/kernel.if 2009-06-19 06:12:19.000000000 -0400
|
||||
@@ -1807,7 +1807,7 @@
|
||||
')
|
||||
|
||||
@ -13004,7 +12973,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
## <param name="domain">
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.6.16/policy/modules/services/dnsmasq.te
|
||||
--- nsaserefpolicy/policy/modules/services/dnsmasq.te 2009-03-23 13:47:11.000000000 -0400
|
||||
+++ serefpolicy-3.6.16/policy/modules/services/dnsmasq.te 2009-06-12 15:59:08.000000000 -0400
|
||||
+++ serefpolicy-3.6.16/policy/modules/services/dnsmasq.te 2009-06-19 07:12:42.000000000 -0400
|
||||
@@ -42,8 +42,7 @@
|
||||
files_pid_filetrans(dnsmasq_t, dnsmasq_var_run_t, file)
|
||||
|
||||
@ -13015,7 +12984,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
corenet_all_recvfrom_unlabeled(dnsmasq_t)
|
||||
corenet_all_recvfrom_netlabel(dnsmasq_t)
|
||||
@@ -84,6 +83,14 @@
|
||||
@@ -84,6 +83,18 @@
|
||||
userdom_dontaudit_search_user_home_dirs(dnsmasq_t)
|
||||
|
||||
optional_policy(`
|
||||
@ -13023,6 +12992,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+')
|
||||
+
|
||||
+optional_policy(`
|
||||
+ dbus_system_bus_client(dnsmasq_t)
|
||||
+')
|
||||
+
|
||||
+optional_policy(`
|
||||
+ tftp_read_content(dnsmasq_t)
|
||||
+')
|
||||
+
|
||||
@ -13687,8 +13660,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+')
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.te serefpolicy-3.6.16/policy/modules/services/gnomeclock.te
|
||||
--- nsaserefpolicy/policy/modules/services/gnomeclock.te 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ serefpolicy-3.6.16/policy/modules/services/gnomeclock.te 2009-06-12 15:59:08.000000000 -0400
|
||||
@@ -0,0 +1,49 @@
|
||||
+++ serefpolicy-3.6.16/policy/modules/services/gnomeclock.te 2009-06-19 05:26:32.000000000 -0400
|
||||
@@ -0,0 +1,50 @@
|
||||
+policy_module(gnomeclock, 1.0.0)
|
||||
+########################################
|
||||
+#
|
||||
@ -13733,6 +13706,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+')
|
||||
+
|
||||
+optional_policy(`
|
||||
+ polkit_dbus_chat(gnomeclock_t)
|
||||
+ polkit_domtrans_auth(gnomeclock_t)
|
||||
+ polkit_read_lib(gnomeclock_t)
|
||||
+ polkit_read_reload(gnomeclock_t)
|
||||
@ -14494,27 +14468,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
optional_policy(`
|
||||
cron_system_entry(mailman_queue_t, mailman_queue_exec_t)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.fc serefpolicy-3.6.16/policy/modules/services/milter.fc
|
||||
--- nsaserefpolicy/policy/modules/services/milter.fc 2009-05-21 08:43:08.000000000 -0400
|
||||
+++ serefpolicy-3.6.16/policy/modules/services/milter.fc 2009-06-12 15:59:08.000000000 -0400
|
||||
@@ -1,8 +1,15 @@
|
||||
/usr/sbin/milter-regex -- gen_context(system_u:object_r:regex_milter_exec_t,s0)
|
||||
-/var/spool/milter-regex(/.*)? gen_context(system_u:object_r:regex_milter_data_t,s0)
|
||||
-
|
||||
/usr/sbin/spamass-milter -- gen_context(system_u:object_r:spamass_milter_exec_t,s0)
|
||||
+/usr/sbin/milter-greylist -- gen_context(system_u:object_r:greylist_milter_exec_t,s0)
|
||||
+
|
||||
+/var/spool/milter-regex(/.*)? gen_context(system_u:object_r:regex_milter_data_t,s0)
|
||||
|
||||
/var/lib/spamass-milter(/.*)? gen_context(system_u:object_r:spamass_milter_state_t,s0)
|
||||
+/var/lib/milter-greylist(/.*)? gen_context(system_u:object_r:greylist_milter_data_t,s0)
|
||||
+/var/lib/miltermilter.* gen_context(system_u:object_r:spamass_milter_state_t,s0)
|
||||
+
|
||||
+/var/run/milter.* -- gen_context(system_u:object_r:spamass_milter_data_t,s0)
|
||||
+/var/run/milter-greylist(/.*)? gen_context(system_u:object_r:greylist_milter_data_t,s0)
|
||||
+/var/run/milter-greylist\.pid -- gen_context(system_u:object_r:greylist_milter_data_t,s0)
|
||||
/var/run/spamass-milter(/.*)? gen_context(system_u:object_r:spamass_milter_data_t,s0)
|
||||
/var/run/spamass-milter\.pid -- gen_context(system_u:object_r:spamass_milter_data_t,s0)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.if serefpolicy-3.6.16/policy/modules/services/milter.if
|
||||
--- nsaserefpolicy/policy/modules/services/milter.if 2009-05-21 08:43:08.000000000 -0400
|
||||
+++ serefpolicy-3.6.16/policy/modules/services/milter.if 2009-06-12 15:59:08.000000000 -0400
|
||||
@ -14527,50 +14480,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
allow $1_milter_t self:fifo_file rw_fifo_file_perms;
|
||||
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.te serefpolicy-3.6.16/policy/modules/services/milter.te
|
||||
--- nsaserefpolicy/policy/modules/services/milter.te 2009-05-21 08:43:08.000000000 -0400
|
||||
+++ serefpolicy-3.6.16/policy/modules/services/milter.te 2009-06-12 15:59:08.000000000 -0400
|
||||
@@ -63,3 +63,40 @@
|
||||
|
||||
# The main job of the milter is to pipe spam through spamc and act on the result
|
||||
spamassassin_domtrans_client(spamass_milter_t)
|
||||
+
|
||||
+########################################
|
||||
+#
|
||||
+# milter-greylist Declarations
|
||||
+#
|
||||
+
|
||||
+milter_template(greylist)
|
||||
+
|
||||
+########################################
|
||||
+#
|
||||
+# milter-greylist local policy
|
||||
+# ensure smtp clients retry mail like real MTAs and not spamware
|
||||
+# http://hcpnet.free.fr/milter-greylist/
|
||||
+#
|
||||
+
|
||||
+# Look up username for dropping privs
|
||||
+auth_use_nsswitch(greylist_milter_t)
|
||||
+
|
||||
+# It creates a pid file /var/run/milter-greylist.pid
|
||||
+files_pid_filetrans(greylist_milter_t, greylist_milter_data_t, file)
|
||||
+
|
||||
+# It removes any existing socket (not owned by root) whilst running as root,
|
||||
+# fixes permissions, renices itself and then calls setgid() and setuid() to
|
||||
+# drop privileges
|
||||
+kernel_read_kernel_sysctls(greylist_milter_t)
|
||||
+allow greylist_milter_t self:capability { chown dac_override setgid setuid sys_nice };
|
||||
+allow greylist_milter_t self:process { setsched getsched };
|
||||
+
|
||||
+# Allow the milter to read a GeoIP database in /usr/share
|
||||
+files_read_usr_files(greylist_milter_t)
|
||||
+
|
||||
+# The milter runs from /var/lib/milter-greylist and maintains files there
|
||||
+files_search_var_lib(greylist_milter_t);
|
||||
+
|
||||
+# Config is in /etc/mail/greylist.conf
|
||||
+mta_read_config(greylist_milter_t)
|
||||
+
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.6.16/policy/modules/services/mta.fc
|
||||
--- nsaserefpolicy/policy/modules/services/mta.fc 2008-09-12 10:48:05.000000000 -0400
|
||||
+++ serefpolicy-3.6.16/policy/modules/services/mta.fc 2009-06-12 15:59:08.000000000 -0400
|
||||
@ -18123,7 +18032,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
# /sbin
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.6.16/policy/modules/services/ppp.if
|
||||
--- nsaserefpolicy/policy/modules/services/ppp.if 2008-11-11 16:13:46.000000000 -0500
|
||||
+++ serefpolicy-3.6.16/policy/modules/services/ppp.if 2009-06-15 15:36:20.000000000 -0400
|
||||
+++ serefpolicy-3.6.16/policy/modules/services/ppp.if 2009-06-18 15:55:53.000000000 -0400
|
||||
@@ -58,6 +58,25 @@
|
||||
|
||||
########################################
|
||||
@ -23031,8 +22940,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.6.16/policy/modules/services/virt.te
|
||||
--- nsaserefpolicy/policy/modules/services/virt.te 2009-01-19 11:06:49.000000000 -0500
|
||||
+++ serefpolicy-3.6.16/policy/modules/services/virt.te 2009-06-16 11:25:30.000000000 -0400
|
||||
@@ -8,19 +8,31 @@
|
||||
+++ serefpolicy-3.6.16/policy/modules/services/virt.te 2009-06-19 07:22:38.000000000 -0400
|
||||
@@ -8,19 +8,38 @@
|
||||
|
||||
## <desc>
|
||||
## <p>
|
||||
@ -23053,6 +22962,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
-attribute virt_image_type;
|
||||
+## <desc>
|
||||
+## <p>
|
||||
+## Allow svirt to use usb devices
|
||||
+## </p>
|
||||
+## </desc>
|
||||
+gen_tunable(virt_use_usb, true)
|
||||
+
|
||||
+## <desc>
|
||||
+## <p>
|
||||
+## Allow svirt to manage device configuration, (pci)
|
||||
+## </p>
|
||||
+## </desc>
|
||||
@ -23067,7 +22983,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
type virt_etc_t;
|
||||
files_config_file(virt_etc_t)
|
||||
@@ -29,8 +41,13 @@
|
||||
@@ -29,8 +48,13 @@
|
||||
files_type(virt_etc_rw_t)
|
||||
|
||||
# virt Image files
|
||||
@ -23083,7 +22999,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
type virt_log_t;
|
||||
logging_log_file(virt_log_t)
|
||||
@@ -48,17 +65,39 @@
|
||||
@@ -48,17 +72,39 @@
|
||||
type virtd_initrc_exec_t;
|
||||
init_script_file(virtd_initrc_exec_t)
|
||||
|
||||
@ -23125,7 +23041,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
read_files_pattern(virtd_t, virt_etc_t, virt_etc_t)
|
||||
read_lnk_files_pattern(virtd_t, virt_etc_t, virt_etc_t)
|
||||
|
||||
@@ -67,7 +106,11 @@
|
||||
@@ -67,7 +113,11 @@
|
||||
manage_lnk_files_pattern(virtd_t, virt_etc_rw_t, virt_etc_rw_t)
|
||||
filetrans_pattern(virtd_t, virt_etc_t, virt_etc_rw_t, dir)
|
||||
|
||||
@ -23138,7 +23054,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
manage_dirs_pattern(virtd_t, virt_log_t, virt_log_t)
|
||||
manage_files_pattern(virtd_t, virt_log_t, virt_log_t)
|
||||
@@ -86,6 +129,7 @@
|
||||
@@ -86,6 +136,7 @@
|
||||
kernel_read_network_state(virtd_t)
|
||||
kernel_rw_net_sysctls(virtd_t)
|
||||
kernel_load_module(virtd_t)
|
||||
@ -23146,7 +23062,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
corecmd_exec_bin(virtd_t)
|
||||
corecmd_exec_shell(virtd_t)
|
||||
@@ -96,30 +140,51 @@
|
||||
@@ -96,30 +147,51 @@
|
||||
corenet_tcp_sendrecv_generic_node(virtd_t)
|
||||
corenet_tcp_sendrecv_all_ports(virtd_t)
|
||||
corenet_tcp_bind_generic_node(virtd_t)
|
||||
@ -23201,7 +23117,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
term_use_ptmx(virtd_t)
|
||||
|
||||
auth_use_nsswitch(virtd_t)
|
||||
@@ -129,7 +194,15 @@
|
||||
@@ -129,7 +201,15 @@
|
||||
|
||||
logging_send_syslog_msg(virtd_t)
|
||||
|
||||
@ -23217,7 +23133,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
tunable_policy(`virt_use_nfs',`
|
||||
fs_manage_nfs_dirs(virtd_t)
|
||||
@@ -167,22 +240,34 @@
|
||||
@@ -167,22 +247,34 @@
|
||||
dnsmasq_domtrans(virtd_t)
|
||||
dnsmasq_signal(virtd_t)
|
||||
dnsmasq_kill(virtd_t)
|
||||
@ -23236,8 +23152,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+optional_policy(`
|
||||
+ kerberos_keytab_template(virtd, virtd_t)
|
||||
+')
|
||||
+
|
||||
+optional_policy(`
|
||||
|
||||
optional_policy(`
|
||||
- qemu_domtrans(virtd_t)
|
||||
+ lvm_domtrans(virtd_t)
|
||||
+')
|
||||
+
|
||||
@ -23246,9 +23163,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+ polkit_domtrans_resolve(virtd_t)
|
||||
+ polkit_read_lib(virtd_t)
|
||||
+')
|
||||
|
||||
optional_policy(`
|
||||
- qemu_domtrans(virtd_t)
|
||||
+
|
||||
+optional_policy(`
|
||||
+ qemu_spec_domtrans(virtd_t, svirt_t)
|
||||
qemu_read_state(virtd_t)
|
||||
qemu_signal(virtd_t)
|
||||
@ -23257,7 +23173,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -195,8 +280,86 @@
|
||||
@@ -195,8 +287,92 @@
|
||||
|
||||
xen_stream_connect(virtd_t)
|
||||
xen_stream_connect_xenstore(virtd_t)
|
||||
@ -23326,6 +23242,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+ dev_rw_sysfs(svirt_t)
|
||||
+')
|
||||
+
|
||||
+tunable_policy(`virt_use_usb',`
|
||||
+ dev_rw_usbfs(svirt_t)
|
||||
+ fs_manage_dos_dirs(svirt_t)
|
||||
+ fs_manage_dos_files(svirt_t)
|
||||
+')
|
||||
+
|
||||
+tunable_policy(`virt_use_nfs',`
|
||||
+ fs_manage_nfs_dirs(svirt_t)
|
||||
+ fs_manage_nfs_files(svirt_t)
|
||||
@ -25185,9 +25107,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.6.16/policy/modules/system/authlogin.te
|
||||
--- nsaserefpolicy/policy/modules/system/authlogin.te 2009-06-12 15:45:03.000000000 -0400
|
||||
--- nsaserefpolicy/policy/modules/system/authlogin.te 2009-06-19 07:33:00.000000000 -0400
|
||||
+++ serefpolicy-3.6.16/policy/modules/system/authlogin.te 2009-06-12 15:59:08.000000000 -0400
|
||||
@@ -124,9 +124,18 @@
|
||||
@@ -125,9 +124,18 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
@ -19,8 +19,8 @@
|
||||
%define CHECKPOLICYVER 2.0.16-3
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.6.16
|
||||
Release: 4%{?dist}
|
||||
Version: 3.6.17
|
||||
Release: 1%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
@ -183,7 +183,7 @@ fi;
|
||||
|
||||
%description
|
||||
SELinux Reference Policy - modular.
|
||||
Based off of reference policy: Checked out revision 2996.
|
||||
Based off of reference policy: Checked out revision 3000.
|
||||
|
||||
%build
|
||||
|
||||
@ -473,6 +473,11 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Jun 19 2009 Dan Walsh <dwalsh@redhat.com> 3.6.17-1
|
||||
- Update to upstream
|
||||
- Additional mail ports
|
||||
- Add virt_use_usb boolean for svirt
|
||||
|
||||
* Thu Jun 18 2009 Dan Walsh <dwalsh@redhat.com> 3.6.16-4
|
||||
- Fix mcs rules to include chr_file and blk_file
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user