Add nscd inotify fix
This commit is contained in:
Daniel J Walsh
parent
43f9fcec3e
commit
6db69f086d
|
|
@ -19221,7 +19221,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
|
|||
+
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.4.2/policy/modules/services/nscd.te
|
||||
--- nsaserefpolicy/policy/modules/services/nscd.te 2008-06-12 23:25:05.000000000 -0400
|
||||
+++ serefpolicy-3.4.2/policy/modules/services/nscd.te 2008-07-02 08:47:04.000000000 -0400
|
||||
+++ serefpolicy-3.4.2/policy/modules/services/nscd.te 2008-07-09 07:41:41.000000000 -0400
|
||||
@@ -23,19 +23,22 @@
|
||||
type nscd_log_t;
|
||||
logging_log_file(nscd_log_t)
|
||||
|
|
@ -19257,7 +19257,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
|
|||
kernel_read_kernel_sysctls(nscd_t)
|
||||
kernel_list_proc(nscd_t)
|
||||
kernel_read_proc_symlinks(nscd_t)
|
||||
@@ -73,6 +78,7 @@
|
||||
@@ -60,6 +65,7 @@
|
||||
|
||||
fs_getattr_all_fs(nscd_t)
|
||||
fs_search_auto_mountpoints(nscd_t)
|
||||
+fs_list_inotifyfs(nscd_t)
|
||||
|
||||
# for when /etc/passwd has just been updated and has the wrong type
|
||||
auth_getattr_shadow(nscd_t)
|
||||
@@ -73,6 +79,7 @@
|
||||
corenet_udp_sendrecv_all_nodes(nscd_t)
|
||||
corenet_tcp_sendrecv_all_ports(nscd_t)
|
||||
corenet_udp_sendrecv_all_ports(nscd_t)
|
||||
|
|
@ -19265,7 +19273,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
|
|||
corenet_tcp_connect_all_ports(nscd_t)
|
||||
corenet_sendrecv_all_client_packets(nscd_t)
|
||||
corenet_rw_tun_tap_dev(nscd_t)
|
||||
@@ -84,6 +90,7 @@
|
||||
@@ -84,6 +91,7 @@
|
||||
selinux_compute_relabel_context(nscd_t)
|
||||
selinux_compute_user_contexts(nscd_t)
|
||||
domain_use_interactive_fds(nscd_t)
|
||||
|
|
@ -19273,7 +19281,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
|
|||
|
||||
files_read_etc_files(nscd_t)
|
||||
files_read_generic_tmp_symlinks(nscd_t)
|
||||
@@ -93,6 +100,7 @@
|
||||
@@ -93,6 +101,7 @@
|
||||
libs_use_ld_so(nscd_t)
|
||||
libs_use_shared_libs(nscd_t)
|
||||
|
||||
|
|
@ -19281,7 +19289,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
|
|||
logging_send_syslog_msg(nscd_t)
|
||||
|
||||
miscfiles_read_localization(nscd_t)
|
||||
@@ -108,6 +116,14 @@
|
||||
@@ -108,6 +117,14 @@
|
||||
sysadm_dontaudit_search_home_dirs(nscd_t)
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -19296,7 +19304,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
|
|||
udev_read_db(nscd_t)
|
||||
')
|
||||
|
||||
@@ -115,3 +131,12 @@
|
||||
@@ -115,3 +132,12 @@
|
||||
xen_dontaudit_rw_unix_stream_sockets(nscd_t)
|
||||
xen_append_log(nscd_t)
|
||||
')
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@
|
|||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.4.2
|
||||
Release: 13%{?dist}
|
||||
Release: 14%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
|
|
@ -278,7 +278,7 @@ SELinux Reference policy targeted base module.
|
|||
%post targeted
|
||||
if [ $1 -eq 1 ]; then
|
||||
%loadpolicy targeted
|
||||
semanage user -a -S targeted -P user -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u
|
||||
bnsemanage user -a -S targeted -P user -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u
|
||||
semanage login -m -S targeted -s "unconfined_u" -r s0-s0:c0.c1023 __default__
|
||||
semanage login -m -S targeted -s "unconfined_u" -r s0-s0:c0.c1023 root
|
||||
semanage user -a -S targeted -P user -R guest_r guest_u
|
||||
|
|
@ -375,6 +375,9 @@ exit 0
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Jul 9 2008 Dan Walsh <dwalsh@redhat.com> 3.4.2-14
|
||||
- Add inotify support to nscd
|
||||
|
||||
* Tue Jul 8 2008 Dan Walsh <dwalsh@redhat.com> 3.4.2-13
|
||||
- Allow unconfined_t to setfcap
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue