- Fix label on /var/lib/dokwiki
- Change permissive domains to enforcing - Fix libvirt policy to allow it to run on mls
This commit is contained in:
parent
be973dc3e8
commit
65c6e4c421
|
@ -226,8 +226,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/account
|
||||||
+')
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/accountsd.te serefpolicy-3.8.1/policy/modules/admin/accountsd.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/accountsd.te serefpolicy-3.8.1/policy/modules/admin/accountsd.te
|
||||||
--- nsaserefpolicy/policy/modules/admin/accountsd.te 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/admin/accountsd.te 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.8.1/policy/modules/admin/accountsd.te 2010-05-26 16:28:29.000000000 -0400
|
+++ serefpolicy-3.8.1/policy/modules/admin/accountsd.te 2010-05-27 12:01:15.000000000 -0400
|
||||||
@@ -0,0 +1,56 @@
|
@@ -0,0 +1,55 @@
|
||||||
+policy_module(accountsd,1.0.0)
|
+policy_module(accountsd,1.0.0)
|
||||||
+
|
+
|
||||||
+########################################
|
+########################################
|
||||||
|
@ -239,8 +239,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/account
|
||||||
+type accountsd_exec_t;
|
+type accountsd_exec_t;
|
||||||
+dbus_system_domain(accountsd_t, accountsd_exec_t)
|
+dbus_system_domain(accountsd_t, accountsd_exec_t)
|
||||||
+
|
+
|
||||||
+permissive accountsd_t;
|
|
||||||
+
|
|
||||||
+type accountsd_var_lib_t;
|
+type accountsd_var_lib_t;
|
||||||
+files_type(accountsd_var_lib_t)
|
+files_type(accountsd_var_lib_t)
|
||||||
+
|
+
|
||||||
|
@ -271,6 +269,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/account
|
||||||
+logging_set_loginuid(accountsd_t)
|
+logging_set_loginuid(accountsd_t)
|
||||||
+
|
+
|
||||||
+usermanage_domtrans_useradd(accountsd_t)
|
+usermanage_domtrans_useradd(accountsd_t)
|
||||||
|
+usermanage_domtrans_passwd(accountsd_t)
|
||||||
+
|
+
|
||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
+ consolekit_read_log(accountsd_t)
|
+ consolekit_read_log(accountsd_t)
|
||||||
|
@ -1129,8 +1128,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdow
|
||||||
+')
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdown.te serefpolicy-3.8.1/policy/modules/admin/shutdown.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdown.te serefpolicy-3.8.1/policy/modules/admin/shutdown.te
|
||||||
--- nsaserefpolicy/policy/modules/admin/shutdown.te 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/admin/shutdown.te 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.8.1/policy/modules/admin/shutdown.te 2010-05-26 16:28:29.000000000 -0400
|
+++ serefpolicy-3.8.1/policy/modules/admin/shutdown.te 2010-05-27 12:00:05.000000000 -0400
|
||||||
@@ -0,0 +1,63 @@
|
@@ -0,0 +1,61 @@
|
||||||
+policy_module(shutdown,1.0.0)
|
+policy_module(shutdown,1.0.0)
|
||||||
+
|
+
|
||||||
+########################################
|
+########################################
|
||||||
|
@ -1149,8 +1148,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdow
|
||||||
+type shutdown_var_run_t;
|
+type shutdown_var_run_t;
|
||||||
+files_pid_file(shutdown_var_run_t)
|
+files_pid_file(shutdown_var_run_t)
|
||||||
+
|
+
|
||||||
+permissive shutdown_t;
|
|
||||||
+
|
|
||||||
+########################################
|
+########################################
|
||||||
+#
|
+#
|
||||||
+# shutdown local policy
|
+# shutdown local policy
|
||||||
|
@ -1325,7 +1322,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreap
|
||||||
|
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.if serefpolicy-3.8.1/policy/modules/admin/usermanage.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.if serefpolicy-3.8.1/policy/modules/admin/usermanage.if
|
||||||
--- nsaserefpolicy/policy/modules/admin/usermanage.if 2009-07-14 14:19:57.000000000 -0400
|
--- nsaserefpolicy/policy/modules/admin/usermanage.if 2009-07-14 14:19:57.000000000 -0400
|
||||||
+++ serefpolicy-3.8.1/policy/modules/admin/usermanage.if 2010-05-26 16:28:29.000000000 -0400
|
+++ serefpolicy-3.8.1/policy/modules/admin/usermanage.if 2010-05-27 12:00:25.000000000 -0400
|
||||||
@@ -18,6 +18,10 @@
|
@@ -18,6 +18,10 @@
|
||||||
files_search_usr($1)
|
files_search_usr($1)
|
||||||
corecmd_search_bin($1)
|
corecmd_search_bin($1)
|
||||||
|
@ -5994,8 +5991,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepath
|
||||||
+')
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepathysofiasip.te serefpolicy-3.8.1/policy/modules/apps/telepathysofiasip.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepathysofiasip.te serefpolicy-3.8.1/policy/modules/apps/telepathysofiasip.te
|
||||||
--- nsaserefpolicy/policy/modules/apps/telepathysofiasip.te 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/apps/telepathysofiasip.te 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.8.1/policy/modules/apps/telepathysofiasip.te 2010-05-26 16:28:29.000000000 -0400
|
+++ serefpolicy-3.8.1/policy/modules/apps/telepathysofiasip.te 2010-05-27 11:58:52.000000000 -0400
|
||||||
@@ -0,0 +1,45 @@
|
@@ -0,0 +1,43 @@
|
||||||
+
|
+
|
||||||
+policy_module(telepathysofiasip,1.0.0)
|
+policy_module(telepathysofiasip,1.0.0)
|
||||||
+
|
+
|
||||||
|
@ -6008,8 +6005,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepath
|
||||||
+type telepathysofiasip_exec_t;
|
+type telepathysofiasip_exec_t;
|
||||||
+application_domain(telepathysofiasip_t, telepathysofiasip_exec_t)
|
+application_domain(telepathysofiasip_t, telepathysofiasip_exec_t)
|
||||||
+
|
+
|
||||||
+permissive telepathysofiasip_t;
|
|
||||||
+
|
|
||||||
+########################################
|
+########################################
|
||||||
+#
|
+#
|
||||||
+# telepathy-sofiasip local policy
|
+# telepathy-sofiasip local policy
|
||||||
|
@ -11330,8 +11325,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aicc
|
||||||
+')
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aiccu.te serefpolicy-3.8.1/policy/modules/services/aiccu.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aiccu.te serefpolicy-3.8.1/policy/modules/services/aiccu.te
|
||||||
--- nsaserefpolicy/policy/modules/services/aiccu.te 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/services/aiccu.te 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.8.1/policy/modules/services/aiccu.te 2010-05-26 16:28:29.000000000 -0400
|
+++ serefpolicy-3.8.1/policy/modules/services/aiccu.te 2010-05-27 11:58:06.000000000 -0400
|
||||||
@@ -0,0 +1,44 @@
|
@@ -0,0 +1,42 @@
|
||||||
+policy_module(aiccu,1.0.0)
|
+policy_module(aiccu,1.0.0)
|
||||||
+
|
+
|
||||||
+########################################
|
+########################################
|
||||||
|
@ -11343,8 +11338,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aicc
|
||||||
+type aiccu_exec_t;
|
+type aiccu_exec_t;
|
||||||
+init_daemon_domain(aiccu_t, aiccu_exec_t)
|
+init_daemon_domain(aiccu_t, aiccu_exec_t)
|
||||||
+
|
+
|
||||||
+permissive aiccu_t;
|
|
||||||
+
|
|
||||||
+type aiccu_initrc_exec_t;
|
+type aiccu_initrc_exec_t;
|
||||||
+init_script_file(aiccu_initrc_exec_t)
|
+init_script_file(aiccu_initrc_exec_t)
|
||||||
+
|
+
|
||||||
|
@ -11388,7 +11381,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aise
|
||||||
+userdom_rw_unpriv_user_shared_mem(aisexec_t)
|
+userdom_rw_unpriv_user_shared_mem(aisexec_t)
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.8.1/policy/modules/services/apache.fc
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.8.1/policy/modules/services/apache.fc
|
||||||
--- nsaserefpolicy/policy/modules/services/apache.fc 2010-04-06 15:15:38.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/apache.fc 2010-04-06 15:15:38.000000000 -0400
|
||||||
+++ serefpolicy-3.8.1/policy/modules/services/apache.fc 2010-05-26 16:28:29.000000000 -0400
|
+++ serefpolicy-3.8.1/policy/modules/services/apache.fc 2010-05-27 12:12:06.000000000 -0400
|
||||||
@@ -24,7 +24,6 @@
|
@@ -24,7 +24,6 @@
|
||||||
|
|
||||||
/usr/lib/apache-ssl/.+ -- gen_context(system_u:object_r:httpd_exec_t,s0)
|
/usr/lib/apache-ssl/.+ -- gen_context(system_u:object_r:httpd_exec_t,s0)
|
||||||
|
@ -11409,7 +11402,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
|
||||||
|
|
||||||
/var/lib/cacti/rra(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
|
/var/lib/cacti/rra(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
|
||||||
/var/lib/dav(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0)
|
/var/lib/dav(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0)
|
||||||
+/var/lib/dokuwiki(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_rw_t,s0)
|
+/var/lib/dokuwiki(/.*)? gen_context(system_u:object_r:httpd_sys_content_rw_t,s0)
|
||||||
/var/lib/drupal(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
|
/var/lib/drupal(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
|
||||||
/var/lib/htdig(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
|
/var/lib/htdig(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
|
||||||
/var/lib/httpd(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0)
|
/var/lib/httpd(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0)
|
||||||
|
@ -12633,8 +12626,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boin
|
||||||
+')
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boinc.te serefpolicy-3.8.1/policy/modules/services/boinc.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boinc.te serefpolicy-3.8.1/policy/modules/services/boinc.te
|
||||||
--- nsaserefpolicy/policy/modules/services/boinc.te 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/services/boinc.te 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.8.1/policy/modules/services/boinc.te 2010-05-27 10:11:10.000000000 -0400
|
+++ serefpolicy-3.8.1/policy/modules/services/boinc.te 2010-05-27 11:58:08.000000000 -0400
|
||||||
@@ -0,0 +1,95 @@
|
@@ -0,0 +1,93 @@
|
||||||
+
|
+
|
||||||
+policy_module(boinc,1.0.0)
|
+policy_module(boinc,1.0.0)
|
||||||
+
|
+
|
||||||
|
@ -12647,8 +12640,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boin
|
||||||
+type boinc_exec_t;
|
+type boinc_exec_t;
|
||||||
+init_daemon_domain(boinc_t, boinc_exec_t)
|
+init_daemon_domain(boinc_t, boinc_exec_t)
|
||||||
+
|
+
|
||||||
+permissive boinc_t;
|
|
||||||
+
|
|
||||||
+type boinc_initrc_exec_t;
|
+type boinc_initrc_exec_t;
|
||||||
+init_script_file(boinc_initrc_exec_t)
|
+init_script_file(boinc_initrc_exec_t)
|
||||||
+
|
+
|
||||||
|
@ -17229,8 +17220,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pira
|
||||||
+')
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/piranha.te serefpolicy-3.8.1/policy/modules/services/piranha.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/piranha.te serefpolicy-3.8.1/policy/modules/services/piranha.te
|
||||||
--- nsaserefpolicy/policy/modules/services/piranha.te 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/services/piranha.te 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.8.1/policy/modules/services/piranha.te 2010-05-26 16:28:29.000000000 -0400
|
+++ serefpolicy-3.8.1/policy/modules/services/piranha.te 2010-05-27 11:58:27.000000000 -0400
|
||||||
@@ -0,0 +1,187 @@
|
@@ -0,0 +1,182 @@
|
||||||
+
|
+
|
||||||
+policy_module(piranha,1.0.0)
|
+policy_module(piranha,1.0.0)
|
||||||
+
|
+
|
||||||
|
@ -17259,11 +17250,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pira
|
||||||
+
|
+
|
||||||
+piranha_domain_template(web)
|
+piranha_domain_template(web)
|
||||||
+
|
+
|
||||||
+permissive piranha_fos_t;
|
|
||||||
+permissive piranha_lvs_t;
|
|
||||||
+permissive piranha_pulse_t;
|
|
||||||
+permissive piranha_web_t;
|
|
||||||
+
|
|
||||||
+type piranha_etc_rw_t;
|
+type piranha_etc_rw_t;
|
||||||
+files_type(piranha_etc_rw_t)
|
+files_type(piranha_etc_rw_t)
|
||||||
+
|
+
|
||||||
|
@ -18684,8 +18670,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpid
|
||||||
+')
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpidd.te serefpolicy-3.8.1/policy/modules/services/qpidd.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpidd.te serefpolicy-3.8.1/policy/modules/services/qpidd.te
|
||||||
--- nsaserefpolicy/policy/modules/services/qpidd.te 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/services/qpidd.te 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.8.1/policy/modules/services/qpidd.te 2010-05-26 16:28:29.000000000 -0400
|
+++ serefpolicy-3.8.1/policy/modules/services/qpidd.te 2010-05-27 11:58:34.000000000 -0400
|
||||||
@@ -0,0 +1,61 @@
|
@@ -0,0 +1,59 @@
|
||||||
+policy_module(qpidd,1.0.0)
|
+policy_module(qpidd,1.0.0)
|
||||||
+
|
+
|
||||||
+########################################
|
+########################################
|
||||||
|
@ -18697,8 +18683,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpid
|
||||||
+type qpidd_exec_t;
|
+type qpidd_exec_t;
|
||||||
+init_daemon_domain(qpidd_t, qpidd_exec_t)
|
+init_daemon_domain(qpidd_t, qpidd_exec_t)
|
||||||
+
|
+
|
||||||
+permissive qpidd_t;
|
|
||||||
+
|
|
||||||
+type qpidd_initrc_exec_t;
|
+type qpidd_initrc_exec_t;
|
||||||
+init_script_file(qpidd_initrc_exec_t)
|
+init_script_file(qpidd_initrc_exec_t)
|
||||||
+
|
+
|
||||||
|
@ -25250,7 +25234,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
|
||||||
')
|
')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.8.1/policy/modules/system/mount.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.8.1/policy/modules/system/mount.te
|
||||||
--- nsaserefpolicy/policy/modules/system/mount.te 2009-08-14 16:14:31.000000000 -0400
|
--- nsaserefpolicy/policy/modules/system/mount.te 2009-08-14 16:14:31.000000000 -0400
|
||||||
+++ serefpolicy-3.8.1/policy/modules/system/mount.te 2010-05-26 16:28:29.000000000 -0400
|
+++ serefpolicy-3.8.1/policy/modules/system/mount.te 2010-05-27 12:01:47.000000000 -0400
|
||||||
@@ -18,8 +18,15 @@
|
@@ -18,8 +18,15 @@
|
||||||
init_system_domain(mount_t, mount_exec_t)
|
init_system_domain(mount_t, mount_exec_t)
|
||||||
role system_r types mount_t;
|
role system_r types mount_t;
|
||||||
|
@ -25267,7 +25251,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
|
||||||
|
|
||||||
type mount_tmp_t;
|
type mount_tmp_t;
|
||||||
files_tmp_file(mount_tmp_t)
|
files_tmp_file(mount_tmp_t)
|
||||||
@@ -29,6 +36,19 @@
|
@@ -29,6 +36,17 @@
|
||||||
# policy--duplicate type declaration
|
# policy--duplicate type declaration
|
||||||
type unconfined_mount_t;
|
type unconfined_mount_t;
|
||||||
application_domain(unconfined_mount_t, mount_exec_t)
|
application_domain(unconfined_mount_t, mount_exec_t)
|
||||||
|
@ -25282,12 +25266,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
|
||||||
+type showmount_exec_t;
|
+type showmount_exec_t;
|
||||||
+application_domain(showmount_t, showmount_exec_t)
|
+application_domain(showmount_t, showmount_exec_t)
|
||||||
+role system_r types showmount_t;
|
+role system_r types showmount_t;
|
||||||
+
|
|
||||||
+permissive showmount_t;
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@@ -36,7 +56,11 @@
|
@@ -36,7 +54,11 @@
|
||||||
#
|
#
|
||||||
|
|
||||||
# setuid/setgid needed to mount cifs
|
# setuid/setgid needed to mount cifs
|
||||||
|
@ -25300,7 +25282,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
|
||||||
|
|
||||||
allow mount_t mount_loopback_t:file read_file_perms;
|
allow mount_t mount_loopback_t:file read_file_perms;
|
||||||
|
|
||||||
@@ -47,30 +71,50 @@
|
@@ -47,30 +69,50 @@
|
||||||
|
|
||||||
files_tmp_filetrans(mount_t, mount_tmp_t, { file dir })
|
files_tmp_filetrans(mount_t, mount_tmp_t, { file dir })
|
||||||
|
|
||||||
|
@ -25353,7 +25335,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
|
||||||
files_mount_all_file_type_fs(mount_t)
|
files_mount_all_file_type_fs(mount_t)
|
||||||
files_unmount_all_file_type_fs(mount_t)
|
files_unmount_all_file_type_fs(mount_t)
|
||||||
# for when /etc/mtab loses its type
|
# for when /etc/mtab loses its type
|
||||||
@@ -80,15 +124,18 @@
|
@@ -80,15 +122,18 @@
|
||||||
files_read_usr_files(mount_t)
|
files_read_usr_files(mount_t)
|
||||||
files_list_mnt(mount_t)
|
files_list_mnt(mount_t)
|
||||||
|
|
||||||
|
@ -25375,7 +25357,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
|
||||||
|
|
||||||
mls_file_read_all_levels(mount_t)
|
mls_file_read_all_levels(mount_t)
|
||||||
mls_file_write_all_levels(mount_t)
|
mls_file_write_all_levels(mount_t)
|
||||||
@@ -99,6 +146,7 @@
|
@@ -99,6 +144,7 @@
|
||||||
storage_raw_write_fixed_disk(mount_t)
|
storage_raw_write_fixed_disk(mount_t)
|
||||||
storage_raw_read_removable_device(mount_t)
|
storage_raw_read_removable_device(mount_t)
|
||||||
storage_raw_write_removable_device(mount_t)
|
storage_raw_write_removable_device(mount_t)
|
||||||
|
@ -25383,7 +25365,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
|
||||||
|
|
||||||
term_use_all_terms(mount_t)
|
term_use_all_terms(mount_t)
|
||||||
|
|
||||||
@@ -107,6 +155,8 @@
|
@@ -107,6 +153,8 @@
|
||||||
init_use_fds(mount_t)
|
init_use_fds(mount_t)
|
||||||
init_use_script_ptys(mount_t)
|
init_use_script_ptys(mount_t)
|
||||||
init_dontaudit_getattr_initctl(mount_t)
|
init_dontaudit_getattr_initctl(mount_t)
|
||||||
|
@ -25392,7 +25374,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
|
||||||
|
|
||||||
logging_send_syslog_msg(mount_t)
|
logging_send_syslog_msg(mount_t)
|
||||||
|
|
||||||
@@ -117,6 +167,12 @@
|
@@ -117,6 +165,12 @@
|
||||||
seutil_read_config(mount_t)
|
seutil_read_config(mount_t)
|
||||||
|
|
||||||
userdom_use_all_users_fds(mount_t)
|
userdom_use_all_users_fds(mount_t)
|
||||||
|
@ -25405,7 +25387,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
|
||||||
|
|
||||||
ifdef(`distro_redhat',`
|
ifdef(`distro_redhat',`
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -132,10 +188,17 @@
|
@@ -132,10 +186,17 @@
|
||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
|
@ -25423,7 +25405,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -165,6 +228,8 @@
|
@@ -165,6 +226,8 @@
|
||||||
fs_search_rpc(mount_t)
|
fs_search_rpc(mount_t)
|
||||||
|
|
||||||
rpc_stub(mount_t)
|
rpc_stub(mount_t)
|
||||||
|
@ -25432,7 +25414,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -172,6 +237,25 @@
|
@@ -172,6 +235,25 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
@ -25458,7 +25440,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
|
||||||
ifdef(`hide_broken_symptoms',`
|
ifdef(`hide_broken_symptoms',`
|
||||||
# for a bug in the X server
|
# for a bug in the X server
|
||||||
rhgb_dontaudit_rw_stream_sockets(mount_t)
|
rhgb_dontaudit_rw_stream_sockets(mount_t)
|
||||||
@@ -179,6 +263,11 @@
|
@@ -179,6 +261,11 @@
|
||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
|
@ -25470,7 +25452,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
|
||||||
# for kernel package installation
|
# for kernel package installation
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
rpm_rw_pipes(mount_t)
|
rpm_rw_pipes(mount_t)
|
||||||
@@ -186,6 +275,19 @@
|
@@ -186,6 +273,19 @@
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
samba_domtrans_smbmount(mount_t)
|
samba_domtrans_smbmount(mount_t)
|
||||||
|
@ -25490,7 +25472,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -194,6 +296,42 @@
|
@@ -194,6 +294,42 @@
|
||||||
#
|
#
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.8.1
|
Version: 3.8.1
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
|
@ -469,6 +469,11 @@ exit 0
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu May 27 2010 Dan Walsh <dwalsh@redhat.com> 3.8.1-2
|
||||||
|
- Fix label on /var/lib/dokwiki
|
||||||
|
- Change permissive domains to enforcing
|
||||||
|
- Fix libvirt policy to allow it to run on mls
|
||||||
|
|
||||||
* Tue May 25 2010 Dan Walsh <dwalsh@redhat.com> 3.8.1-1
|
* Tue May 25 2010 Dan Walsh <dwalsh@redhat.com> 3.8.1-1
|
||||||
- Update to upstream
|
- Update to upstream
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue