trunk: 7 patches from Fedora policy, cherry picked by david hrdeman.

This commit is contained in:
Chris PeBenito 2008-07-24 23:56:03 +00:00
parent 0bfccda4e8
commit 6224fc1485
10 changed files with 47 additions and 8 deletions

View File

@ -1,3 +1,5 @@
- Several misc changes from the Fedora policy, cherry picked by David
Hrdeman.
- Large whitespace fix from Dominick Grift.
- Pam_mount fix for local login from Stefan Schulze Frielinghaus.
- Issuing commands to upstart is over a datagram socket, not the initctl

View File

@ -0,0 +1,9 @@
system_r:crond_t:s0 unconfined_r:unconfined_t:s0
system_r:initrc_t:s0 unconfined_r:unconfined_t:s0
system_r:local_login_t:s0 unconfined_r:unconfined_t:s0
system_r:remote_login_t:s0 unconfined_r:unconfined_t:s0
system_r:rshd_t:s0 unconfined_r:unconfined_t:s0
system_r:sshd_t:s0 unconfined_r:unconfined_t:s0
system_r:sysadm_su_t:s0 unconfined_r:unconfined_t:s0
system_r:unconfined_t:s0 unconfined_r:unconfined_t:s0
system_r:xdm_t:s0 unconfined_r:unconfined_t:s0

View File

@ -0,0 +1,9 @@
system_r:crond_t:s0 unconfined_r:unconfined_t:s0
system_r:initrc_t:s0 unconfined_r:unconfined_t:s0
system_r:local_login_t:s0 unconfined_r:unconfined_t:s0
system_r:remote_login_t:s0 unconfined_r:unconfined_t:s0
system_r:rshd_t:s0 unconfined_r:unconfined_t:s0
system_r:sshd_t:s0 unconfined_r:unconfined_t:s0
system_r:sysadm_su_t:s0 unconfined_r:unconfined_t:s0
system_r:unconfined_t:s0 unconfined_r:unconfined_t:s0
system_r:xdm_t:s0 unconfined_r:unconfined_t:s0

View File

@ -0,0 +1,9 @@
system_r:crond_t unconfined_r:unconfined_t
system_r:initrc_t unconfined_r:unconfined_t
system_r:local_login_t unconfined_r:unconfined_t
system_r:remote_login_t unconfined_r:unconfined_t
system_r:rshd_t unconfined_r:unconfined_t
system_r:sshd_t unconfined_r:unconfined_t
system_r:sysadm_su_t unconfined_r:unconfined_t
system_r:unconfined_t unconfined_r:unconfined_t
system_r:xdm_t unconfined_r:unconfined_t

View File

@ -1,5 +1,5 @@
policy_module(kismet, 1.0.0)
policy_module(kismet, 1.0.1)
########################################
#
@ -26,6 +26,7 @@ logging_log_file(kismet_log_t)
#
allow kismet_t self:capability { net_admin setuid setgid };
allow kismet_t self:packet_socket create_socket_perms;
manage_files_pattern(kismet_t, kismet_log_t, kismet_log_t)
allow kismet_t kismet_log_t:dir setattr;

View File

@ -1,5 +1,5 @@
policy_module(slocate, 1.7.0)
policy_module(slocate, 1.7.1)
#################################
#
@ -47,6 +47,7 @@ files_read_etc_files(locate_t)
fs_getattr_all_fs(locate_t)
fs_getattr_all_files(locate_t)
fs_list_all(locate_t)
fs_list_inotifyfs(locate_t)
# getpwnam
auth_use_nsswitch(locate_t)

View File

@ -1,5 +1,5 @@
policy_module(secadm, 1.0.0)
policy_module(secadm, 1.0.1)
########################################
#
@ -47,6 +47,10 @@ optional_policy(`
auditadm_role_change_template(secadm)
')
optional_policy(`
dmesg_exec(secadm_t)
')
optional_policy(`
netlabel_run_mgmt(secadm_t, secadm_r, { secadm_tty_device_t secadm_devpts_t })
')

View File

@ -1,5 +1,5 @@
policy_module(apm, 1.7.0)
policy_module(apm, 1.7.1)
########################################
#
@ -190,6 +190,10 @@ optional_policy(`
optional_policy(`
dbus_stub(apmd_t)
optional_policy(`
consolekit_dbus_chat(apmd_t)
')
optional_policy(`
networkmanager_dbus_chat(apmd_t)
')

View File

@ -1,5 +1,5 @@
policy_module(openca, 1.1.0)
policy_module(openca, 1.1.1)
########################################
#
@ -18,7 +18,7 @@ role system_r types openca_ca_t;
# /etc/openca standard files
type openca_etc_t;
files_type(openca_etc_t)
files_config_file(openca_etc_t)
# /etc/openca template files
type openca_etc_in_t;

View File

@ -1,5 +1,5 @@
policy_module(portslave, 1.4.0)
policy_module(portslave, 1.4.1)
########################################
#
@ -12,7 +12,7 @@ init_domain(portslave_t, portslave_exec_t)
init_daemon_domain(portslave_t, portslave_exec_t)
type portslave_etc_t;
files_type(portslave_etc_t)
files_config_file(portslave_etc_t)
type portslave_lock_t;
files_lock_file(portslave_lock_t)