rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Policy update should not modify local contexts

Browse Source
This commit is contained in:
Dan Walsh 2011-10-21 10:28:58 -04:00
parent 37b75a051e
commit 62727652eb
1 changed files with 24 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
policy-F16.patch
View File

@ -322,18 +322,10 @@ index 63ef90e..a535b31 100644
') ')
diff --git a/policy/modules/admin/alsa.if b/policy/modules/admin/alsa.if diff --git a/policy/modules/admin/alsa.if b/policy/modules/admin/alsa.if
index 1392679..e75873a 100644 index 1392679..7793407 100644
--- a/policy/modules/admin/alsa.if --- a/policy/modules/admin/alsa.if
+++ b/policy/modules/admin/alsa.if +++ b/policy/modules/admin/alsa.if
@@ -148,6 +148,7 @@ interface(`alsa_manage_home_files',` @@ -206,3 +206,47 @@ interface(`alsa_read_lib',`
userdom_search_user_home_dirs($1)
allow $1 alsa_home_t:file manage_file_perms;
+ alsa_filetrans_home_content(unpriv_userdomain)
')
########################################
@@ -206,3 +207,47 @@ interface(`alsa_read_lib',`
files_search_var_lib($1) files_search_var_lib($1)
read_files_pattern($1, alsa_var_lib_t, alsa_var_lib_t) read_files_pattern($1, alsa_var_lib_t, alsa_var_lib_t)
') ')
@ -20678,10 +20670,10 @@ index be4de58..7e8b6ec 100644
init_exec(secadm_t) init_exec(secadm_t)
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index 2be17d2..2c588ca 100644 index 2be17d2..a1913e8 100644
--- a/policy/modules/roles/staff.te --- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te +++ b/policy/modules/roles/staff.te
@@ -8,12 +8,55 @@ policy_module(staff, 2.2.0) @@ -8,12 +8,59 @@ policy_module(staff, 2.2.0)
role staff_r; role staff_r;
userdom_unpriv_user_template(staff) userdom_unpriv_user_template(staff)
@ -20733,11 +20725,15 @@ index 2be17d2..2c588ca 100644
+optional_policy(` +optional_policy(`
+ abrt_read_cache(staff_t) + abrt_read_cache(staff_t)
+') +')
+
+optional_policy(`
+ alsa_filetrans_home_content(staff_t)
+')
+ +
optional_policy(` optional_policy(`
apache_role(staff_r, staff_t) apache_role(staff_r, staff_t)
') ')
@@ -27,19 +70,113 @@ optional_policy(` @@ -27,19 +74,113 @@ optional_policy(`
') ')
optional_policy(` optional_policy(`
@ -20853,7 +20849,7 @@ index 2be17d2..2c588ca 100644
') ')
optional_policy(` optional_policy(`
@@ -48,10 +185,48 @@ optional_policy(` @@ -48,10 +189,48 @@ optional_policy(`
') ')
optional_policy(` optional_policy(`
@ -20902,7 +20898,7 @@ index 2be17d2..2c588ca 100644
xserver_role(staff_r, staff_t) xserver_role(staff_r, staff_t)
') ')
@@ -89,18 +264,10 @@ ifndef(`distro_redhat',` @@ -89,18 +268,10 @@ ifndef(`distro_redhat',`
') ')
optional_policy(` optional_policy(`
@ -20921,7 +20917,7 @@ index 2be17d2..2c588ca 100644
java_role(staff_r, staff_t) java_role(staff_r, staff_t)
') ')
@@ -121,10 +288,6 @@ ifndef(`distro_redhat',` @@ -121,10 +292,6 @@ ifndef(`distro_redhat',`
') ')
optional_policy(` optional_policy(`
@ -20932,7 +20928,7 @@ index 2be17d2..2c588ca 100644
pyzor_role(staff_r, staff_t) pyzor_role(staff_r, staff_t)
') ')
@@ -137,10 +300,6 @@ ifndef(`distro_redhat',` @@ -137,10 +304,6 @@ ifndef(`distro_redhat',`
') ')
optional_policy(` optional_policy(`
@ -20943,7 +20939,7 @@ index 2be17d2..2c588ca 100644
spamassassin_role(staff_r, staff_t) spamassassin_role(staff_r, staff_t)
') ')
@@ -172,3 +331,7 @@ ifndef(`distro_redhat',` @@ -172,3 +335,7 @@ ifndef(`distro_redhat',`
wireshark_role(staff_r, staff_t) wireshark_role(staff_r, staff_t)
') ')
') ')
@ -22632,10 +22628,10 @@ index 0000000..50c38f9
+gen_user(unconfined_u, user, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats) +gen_user(unconfined_u, user, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
+ +
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index e5bfdd4..50e49e6 100644 index e5bfdd4..59f013e 100644
--- a/policy/modules/roles/unprivuser.te --- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te +++ b/policy/modules/roles/unprivuser.te
@@ -12,15 +12,93 @@ role user_r; @@ -12,15 +12,97 @@ role user_r;
userdom_unpriv_user_template(user) userdom_unpriv_user_template(user)
@ -22652,6 +22648,10 @@ index e5bfdd4..50e49e6 100644
+optional_policy(` +optional_policy(`
+ abrt_read_cache(user_t) + abrt_read_cache(user_t)
+') +')
+
+optional_policy(`
+ alsa_filetrans_home_content(user_t)
+')
+ +
optional_policy(` optional_policy(`
apache_role(user_r, user_t) apache_role(user_r, user_t)
@ -22729,7 +22729,7 @@ index e5bfdd4..50e49e6 100644
vlock_run(user_t, user_r) vlock_run(user_t, user_r)
') ')
@@ -62,19 +140,11 @@ ifndef(`distro_redhat',` @@ -62,19 +144,11 @@ ifndef(`distro_redhat',`
') ')
optional_policy(` optional_policy(`
@ -22750,7 +22750,7 @@ index e5bfdd4..50e49e6 100644
') ')
optional_policy(` optional_policy(`
@@ -98,10 +168,6 @@ ifndef(`distro_redhat',` @@ -98,10 +172,6 @@ ifndef(`distro_redhat',`
') ')
optional_policy(` optional_policy(`
@ -22761,7 +22761,7 @@ index e5bfdd4..50e49e6 100644
postgresql_role(user_r, user_t) postgresql_role(user_r, user_t)
') ')
@@ -118,11 +184,7 @@ ifndef(`distro_redhat',` @@ -118,11 +188,7 @@ ifndef(`distro_redhat',`
') ')
optional_policy(` optional_policy(`
@ -22774,7 +22774,7 @@ index e5bfdd4..50e49e6 100644
') ')
optional_policy(` optional_policy(`
@@ -157,3 +219,4 @@ ifndef(`distro_redhat',` @@ -157,3 +223,4 @@ ifndef(`distro_redhat',`
wireshark_role(user_r, user_t) wireshark_role(user_r, user_t)
') ')
') ')