- Update policy for mozilla_plugin_t
This commit is contained in:
Dan Walsh
parent
66ec626d23
commit
63265668f0
|
|
@ -4846,7 +4846,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
|
|||
## </summary>
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.8.8/policy/modules/apps/mozilla.te
|
||||
--- nsaserefpolicy/policy/modules/apps/mozilla.te 2010-07-27 16:06:04.000000000 -0400
|
||||
+++ serefpolicy-3.8.8/policy/modules/apps/mozilla.te 2010-08-23 17:17:34.000000000 -0400
|
||||
+++ serefpolicy-3.8.8/policy/modules/apps/mozilla.te 2010-08-23 17:58:35.000000000 -0400
|
||||
@@ -25,6 +25,7 @@
|
||||
type mozilla_home_t;
|
||||
typealias mozilla_home_t alias { user_mozilla_home_t staff_mozilla_home_t sysadm_mozilla_home_t };
|
||||
|
|
@ -4910,7 +4910,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
|
|||
pulseaudio_exec(mozilla_t)
|
||||
pulseaudio_stream_connect(mozilla_t)
|
||||
pulseaudio_manage_home_files(mozilla_t)
|
||||
@@ -266,3 +284,17 @@
|
||||
@@ -266,3 +284,42 @@
|
||||
optional_policy(`
|
||||
thunderbird_domtrans(mozilla_t)
|
||||
')
|
||||
|
|
@ -4919,15 +4919,40 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
|
|||
+#
|
||||
+# mozilla_plugin local policy
|
||||
+#
|
||||
+allow mozilla_plugin_t self:process setsched;
|
||||
+
|
||||
+allow mozilla_plugin_t self:sem create_sem_perms;
|
||||
+allow mozilla_plugin_t self:shm create_shm_perms;
|
||||
+allow mozilla_plugin_t self:fifo_file manage_fifo_file_perms;
|
||||
+allow mozilla_plugin_t self:unix_stream_socket create_stream_socket_perms;
|
||||
+
|
||||
+domain_use_interactive_fds(mozilla_plugin_t)
|
||||
+read_files_pattern(mozilla_plugin_t, mozilla_home_t, mozilla_home_t)
|
||||
+
|
||||
+files_read_etc_files(mozilla_plugin_t)
|
||||
+kernel_request_load_module(podsleuth_plugin_t)
|
||||
+
|
||||
+corecmd_exec_bin(mozilla_plugin_t)
|
||||
+corecmd_exec_shell(mozilla_plugin_t)
|
||||
+
|
||||
+dev_read_urand(mozilla_plugin_t)
|
||||
+
|
||||
+domain_use_interactive_fds(mozilla_plugin_t)
|
||||
+domain_dontaudit_read_all_domains_state(mozilla_plugin_t)
|
||||
+
|
||||
+files_read_config_files(mozilla_plugin_t)
|
||||
+files_read_usr_files(mozilla_plugin_t)
|
||||
+
|
||||
+miscfiles_read_localization(mozilla_plugin_t)
|
||||
+allow mozilla_plugin_t self:process setsched;
|
||||
+
|
||||
+allow mozilla_plugin_t self:unix_stream_socket connectto;
|
||||
+
|
||||
+optional_policy(`
|
||||
+ nsplugin_domtrans(mozilla_plugin_t)
|
||||
+')
|
||||
+
|
||||
+optional_policy(`
|
||||
+ xserver_read_xdm_pid(mozilla_plugin_t)
|
||||
+')
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.if serefpolicy-3.8.8/policy/modules/apps/mplayer.if
|
||||
--- nsaserefpolicy/policy/modules/apps/mplayer.if 2010-07-27 16:06:04.000000000 -0400
|
||||
+++ serefpolicy-3.8.8/policy/modules/apps/mplayer.if 2010-07-30 14:06:53.000000000 -0400
|
||||
|
|
@ -5026,7 +5051,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
|
|||
+/usr/lib(64)?/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:nsplugin_rw_t,s0)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.8.8/policy/modules/apps/nsplugin.if
|
||||
--- nsaserefpolicy/policy/modules/apps/nsplugin.if 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ serefpolicy-3.8.8/policy/modules/apps/nsplugin.if 2010-08-10 07:28:28.000000000 -0400
|
||||
+++ serefpolicy-3.8.8/policy/modules/apps/nsplugin.if 2010-08-23 17:57:01.000000000 -0400
|
||||
@@ -0,0 +1,391 @@
|
||||
+
|
||||
+## <summary>policy for nsplugin</summary>
|
||||
|
|
@ -5892,7 +5917,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffi
|
|||
+
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.8.8/policy/modules/apps/podsleuth.te
|
||||
--- nsaserefpolicy/policy/modules/apps/podsleuth.te 2010-07-27 16:06:04.000000000 -0400
|
||||
+++ serefpolicy-3.8.8/policy/modules/apps/podsleuth.te 2010-08-11 08:27:39.000000000 -0400
|
||||
+++ serefpolicy-3.8.8/policy/modules/apps/podsleuth.te 2010-08-23 17:51:56.000000000 -0400
|
||||
@@ -27,7 +27,7 @@
|
||||
# podsleuth local policy
|
||||
#
|
||||
|
|
@ -27737,7 +27762,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
+
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.8.8/policy/modules/services/xserver.if
|
||||
--- nsaserefpolicy/policy/modules/services/xserver.if 2010-07-27 16:06:06.000000000 -0400
|
||||
+++ serefpolicy-3.8.8/policy/modules/services/xserver.if 2010-07-30 14:06:53.000000000 -0400
|
||||
+++ serefpolicy-3.8.8/policy/modules/services/xserver.if 2010-08-23 17:59:07.000000000 -0400
|
||||
@@ -19,9 +19,10 @@
|
||||
interface(`xserver_restricted_role',`
|
||||
gen_require(`
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@
|
|||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.8.8
|
||||
Release: 18%{?dist}
|
||||
Release: 19%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
|
|
@ -469,6 +469,9 @@ exit 0
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Aug 23 2010 Dan Walsh <dwalsh@redhat.com> 3.8.8-19
|
||||
- Update policy for mozilla_plugin_t
|
||||
|
||||
* Mon Aug 23 2010 Dan Walsh <dwalsh@redhat.com> 3.8.8-18
|
||||
- Allow clamscan to read proc_t
|
||||
- Allow mount_t to write to debufs_t dir
|
||||
|
|
|
|||
Loading…
Reference in New Issue