- Allow smbd to use sys_admin
- Remove duplicate file context for tcfmgr
This commit is contained in:
parent
0daa8b731a
commit
6f256d240d
|
@ -7236,7 +7236,7 @@ index 82842a0..369c3b5 100644
|
||||||
dbus_system_bus_client($1_wm_t)
|
dbus_system_bus_client($1_wm_t)
|
||||||
dbus_session_bus_client($1_wm_t)
|
dbus_session_bus_client($1_wm_t)
|
||||||
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
|
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
|
||||||
index 0eb1d97..217bd0d 100644
|
index 0eb1d97..46af2a4 100644
|
||||||
--- a/policy/modules/kernel/corecommands.fc
|
--- a/policy/modules/kernel/corecommands.fc
|
||||||
+++ b/policy/modules/kernel/corecommands.fc
|
+++ b/policy/modules/kernel/corecommands.fc
|
||||||
@@ -9,8 +9,11 @@
|
@@ -9,8 +9,11 @@
|
||||||
|
@ -7340,15 +7340,7 @@ index 0eb1d97..217bd0d 100644
|
||||||
/usr/share/gnucash/finance-quote-check -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/gnucash/finance-quote-check -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/gnucash/finance-quote-helper -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/gnucash/finance-quote-helper -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
@@ -248,6 +273,7 @@ ifdef(`distro_gentoo',`
|
@@ -314,6 +339,7 @@ ifdef(`distro_redhat', `
|
||||||
/usr/share/shorewall-lite(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
|
||||||
/usr/share/shorewall6-lite(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
|
||||||
/usr/share/spamassassin/sa-update\.cron gen_context(system_u:object_r:bin_t,s0)
|
|
||||||
+/usr/share/texmf/texconfig/tcfmgr -- gen_context(system_u:object_r:bin_t,s0)
|
|
||||||
/usr/share/turboprint/lib(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
|
|
||||||
/usr/share/vhostmd/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
|
||||||
|
|
||||||
@@ -314,6 +340,7 @@ ifdef(`distro_redhat', `
|
|
||||||
/usr/share/texmf/web2c/mktexdir -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/texmf/web2c/mktexdir -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/texmf/web2c/mktexnam -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/texmf/web2c/mktexnam -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/texmf/web2c/mktexupd -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/texmf/web2c/mktexupd -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
@ -7356,7 +7348,7 @@ index 0eb1d97..217bd0d 100644
|
||||||
')
|
')
|
||||||
|
|
||||||
ifdef(`distro_suse', `
|
ifdef(`distro_suse', `
|
||||||
@@ -340,3 +367,27 @@ ifdef(`distro_suse', `
|
@@ -340,3 +366,27 @@ ifdef(`distro_suse', `
|
||||||
ifdef(`distro_suse',`
|
ifdef(`distro_suse',`
|
||||||
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
|
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
|
||||||
')
|
')
|
||||||
|
@ -30960,7 +30952,7 @@ index 82cb169..9e72970 100644
|
||||||
+ admin_pattern($1, samba_unconfined_script_exec_t)
|
+ admin_pattern($1, samba_unconfined_script_exec_t)
|
||||||
')
|
')
|
||||||
diff --git a/policy/modules/services/samba.te b/policy/modules/services/samba.te
|
diff --git a/policy/modules/services/samba.te b/policy/modules/services/samba.te
|
||||||
index e30bb63..8e36be0 100644
|
index e30bb63..6e627d6 100644
|
||||||
--- a/policy/modules/services/samba.te
|
--- a/policy/modules/services/samba.te
|
||||||
+++ b/policy/modules/services/samba.te
|
+++ b/policy/modules/services/samba.te
|
||||||
@@ -152,9 +152,6 @@ domain_entry_file(winbind_helper_t, winbind_helper_exec_t)
|
@@ -152,9 +152,6 @@ domain_entry_file(winbind_helper_t, winbind_helper_exec_t)
|
||||||
|
@ -30978,7 +30970,7 @@ index e30bb63..8e36be0 100644
|
||||||
# smbd Local policy
|
# smbd Local policy
|
||||||
#
|
#
|
||||||
-allow smbd_t self:capability { chown fowner setgid setuid sys_nice sys_resource lease dac_override dac_read_search };
|
-allow smbd_t self:capability { chown fowner setgid setuid sys_nice sys_resource lease dac_override dac_read_search };
|
||||||
+allow smbd_t self:capability { chown fowner kill setgid setuid sys_nice sys_resource lease dac_override dac_read_search };
|
+allow smbd_t self:capability { chown fowner kill setgid setuid sys_nice sys_admin sys_resource lease dac_override dac_read_search };
|
||||||
dontaudit smbd_t self:capability sys_tty_config;
|
dontaudit smbd_t self:capability sys_tty_config;
|
||||||
allow smbd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
|
allow smbd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
|
||||||
allow smbd_t self:process setrlimit;
|
allow smbd_t self:process setrlimit;
|
||||||
|
|
|
@ -21,7 +21,7 @@
|
||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.9.5
|
Version: 3.9.5
|
||||||
Release: 11%{?dist}
|
Release: 12%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
|
@ -470,6 +470,10 @@ exit 0
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Oct 7 2010 Dan Walsh <dwalsh@redhat.com> 3.9.5-12
|
||||||
|
- Allow smbd to use sys_admin
|
||||||
|
- Remove duplicate file context for tcfmgr
|
||||||
|
|
||||||
* Wed Oct 6 2010 Dan Walsh <dwalsh@redhat.com> 3.9.5-11
|
* Wed Oct 6 2010 Dan Walsh <dwalsh@redhat.com> 3.9.5-11
|
||||||
- Fix fusefs handling
|
- Fix fusefs handling
|
||||||
- Do not allow sandbox to manage nsplugin_rw_t
|
- Do not allow sandbox to manage nsplugin_rw_t
|
||||||
|
|
Loading…
Reference in New Issue