- More fixes for devicekit
This commit is contained in:
Daniel J Walsh
parent
88d196d20f
commit
659e96fa65
@ -23477,7 +23477,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.6.4/policy/modules/services/xserver.te
|
||||
--- nsaserefpolicy/policy/modules/services/xserver.te 2009-01-19 11:06:49.000000000 -0500
|
||||
+++ serefpolicy-3.6.4/policy/modules/services/xserver.te 2009-02-04 10:49:48.000000000 -0500
|
||||
+++ serefpolicy-3.6.4/policy/modules/services/xserver.te 2009-02-04 11:20:11.000000000 -0500
|
||||
@@ -34,6 +34,13 @@
|
||||
|
||||
## <desc>
|
||||
@ -24112,7 +24112,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
# X Colormaps
|
||||
# can use the default colormap
|
||||
allow x_domain rootwindow_t:x_colormap { read use add_color };
|
||||
@@ -972,13 +1129,35 @@
|
||||
@@ -972,17 +1129,51 @@
|
||||
allow xserver_unconfined_type { x_domain xserver_t }:x_resource *;
|
||||
allow xserver_unconfined_type xevent_type:{ x_event x_synthetic_event } *;
|
||||
|
||||
@ -24152,13 +24152,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+
|
||||
+tunable_policy(`allow_xserver_execmem',`
|
||||
+ allow xserver_t self:process { execheap execmem execstack };
|
||||
')
|
||||
|
||||
#
|
||||
@@ -986,3 +1165,21 @@
|
||||
#
|
||||
allow xdm_t user_home_type:file unlink;
|
||||
') dnl end TODO
|
||||
+')
|
||||
+
|
||||
+# Hack to handle the problem of using the nvidia blobs
|
||||
+tunable_policy(`allow_execmem',`
|
||||
@ -24175,8 +24169,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+
|
||||
+tunable_policy(`use_samba_home_dirs',`
|
||||
+ fs_append_cifs_files(xdmhomewriter)
|
||||
+')
|
||||
+
|
||||
')
|
||||
|
||||
-#
|
||||
-# Wants to delete .xsession-errors file
|
||||
-#
|
||||
-allow xdm_t user_home_type:file unlink;
|
||||
-') dnl end TODO
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosremote.fc serefpolicy-3.6.4/policy/modules/services/zosremote.fc
|
||||
--- nsaserefpolicy/policy/modules/services/zosremote.fc 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ serefpolicy-3.6.4/policy/modules/services/zosremote.fc 2009-02-03 22:57:29.000000000 -0500
|
||||
|
||||
@ -20,7 +20,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.6.4
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
@ -444,6 +444,9 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Feb 4 2009 Dan Walsh <dwalsh@redhat.com> 3.6.4-2
|
||||
- More fixes for devicekit
|
||||
|
||||
* Tue Feb 3 2009 Dan Walsh <dwalsh@redhat.com> 3.6.4-1
|
||||
- Upgrade to latest upstream
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user