* Mon Nov 30 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-161
- Set default value as true in boolean mozilla_plugin_can_network_connect. BZ(1286177)
This commit is contained in:
parent
e5fd601a61
commit
71a663b812
Binary file not shown.
@ -15416,7 +15416,7 @@ index d7c11a0..6b3331d 100644
|
|||||||
/var/run/shm/.* <<none>>
|
/var/run/shm/.* <<none>>
|
||||||
-')
|
-')
|
||||||
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
|
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
|
||||||
index 8416beb..4d615ff 100644
|
index 8416beb..cdeecad 100644
|
||||||
--- a/policy/modules/kernel/filesystem.if
|
--- a/policy/modules/kernel/filesystem.if
|
||||||
+++ b/policy/modules/kernel/filesystem.if
|
+++ b/policy/modules/kernel/filesystem.if
|
||||||
@@ -631,6 +631,27 @@ interface(`fs_getattr_cgroup',`
|
@@ -631,6 +631,27 @@ interface(`fs_getattr_cgroup',`
|
||||||
@ -16467,39 +16467,48 @@ index 8416beb..4d615ff 100644
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -2234,18 +2587,533 @@ interface(`fs_mount_iso9660_fs',`
|
@@ -2234,18 +2587,17 @@ interface(`fs_mount_iso9660_fs',`
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
-interface(`fs_remount_iso9660_fs',`
|
-interface(`fs_remount_iso9660_fs',`
|
||||||
+interface(`fs_manage_hugetlbfs_dirs',`
|
+interface(`fs_manage_hugetlbfs_dirs',`
|
||||||
+ gen_require(`
|
gen_require(`
|
||||||
|
- type iso9660_t;
|
||||||
+ type hugetlbfs_t;
|
+ type hugetlbfs_t;
|
||||||
+ ')
|
')
|
||||||
+
|
|
||||||
|
- allow $1 iso9660_t:filesystem remount;
|
||||||
+ manage_dirs_pattern($1, hugetlbfs_t, hugetlbfs_t)
|
+ manage_dirs_pattern($1, hugetlbfs_t, hugetlbfs_t)
|
||||||
+')
|
')
|
||||||
+
|
|
||||||
+########################################
|
########################################
|
||||||
+## <summary>
|
## <summary>
|
||||||
|
-## Unmount an iso9660 filesystem, which
|
||||||
|
-## is usually used on CDs.
|
||||||
+## Read hugetlbfs files.
|
+## Read hugetlbfs files.
|
||||||
+## </summary>
|
## </summary>
|
||||||
+## <param name="domain">
|
## <param name="domain">
|
||||||
+## <summary>
|
## <summary>
|
||||||
+## Domain allowed access.
|
@@ -2253,38 +2605,557 @@ interface(`fs_remount_iso9660_fs',`
|
||||||
+## </summary>
|
## </summary>
|
||||||
+## </param>
|
## </param>
|
||||||
+#
|
#
|
||||||
|
-interface(`fs_unmount_iso9660_fs',`
|
||||||
+interface(`fs_read_hugetlbfs_files',`
|
+interface(`fs_read_hugetlbfs_files',`
|
||||||
+ gen_require(`
|
gen_require(`
|
||||||
|
- type iso9660_t;
|
||||||
+ type hugetlbfs_t;
|
+ type hugetlbfs_t;
|
||||||
+ ')
|
')
|
||||||
+
|
|
||||||
|
- allow $1 iso9660_t:filesystem unmount;
|
||||||
+ read_files_pattern($1, hugetlbfs_t, hugetlbfs_t)
|
+ read_files_pattern($1, hugetlbfs_t, hugetlbfs_t)
|
||||||
+')
|
')
|
||||||
+
|
|
||||||
+########################################
|
########################################
|
||||||
+## <summary>
|
## <summary>
|
||||||
|
-## Get the attributes of an iso9660
|
||||||
|
-## filesystem, which is usually used on CDs.
|
||||||
+## Read and write hugetlbfs files.
|
+## Read and write hugetlbfs files.
|
||||||
+## </summary>
|
+## </summary>
|
||||||
+## <param name="domain">
|
+## <param name="domain">
|
||||||
@ -16987,48 +16996,39 @@ index 8416beb..4d615ff 100644
|
|||||||
+## </param>
|
+## </param>
|
||||||
+#
|
+#
|
||||||
+interface(`fs_write_kdbus_files', `
|
+interface(`fs_write_kdbus_files', `
|
||||||
gen_require(`
|
+ gen_require(`
|
||||||
- type iso9660_t;
|
|
||||||
+ type kdbusfs_t;
|
+ type kdbusfs_t;
|
||||||
')
|
+ ')
|
||||||
|
+
|
||||||
- allow $1 iso9660_t:filesystem remount;
|
|
||||||
+ write_files_pattern($1, kdbusfs_t, kdbusfs_t)
|
+ write_files_pattern($1, kdbusfs_t, kdbusfs_t)
|
||||||
+ fs_search_tmpfs($1)
|
+ fs_search_tmpfs($1)
|
||||||
+ dev_search_sysfs($1)
|
+ dev_search_sysfs($1)
|
||||||
')
|
+')
|
||||||
|
+
|
||||||
########################################
|
+########################################
|
||||||
## <summary>
|
+## <summary>
|
||||||
-## Unmount an iso9660 filesystem, which
|
|
||||||
-## is usually used on CDs.
|
|
||||||
+## Read and write kdbusfs files.
|
+## Read and write kdbusfs files.
|
||||||
## </summary>
|
+## </summary>
|
||||||
## <param name="domain">
|
+## <param name="domain">
|
||||||
## <summary>
|
+## <summary>
|
||||||
@@ -2253,38 +3121,41 @@ interface(`fs_remount_iso9660_fs',`
|
+## Domain allowed access.
|
||||||
## </summary>
|
+## </summary>
|
||||||
## </param>
|
+## </param>
|
||||||
#
|
+#
|
||||||
-interface(`fs_unmount_iso9660_fs',`
|
|
||||||
+interface(`fs_rw_kdbus_files',`
|
+interface(`fs_rw_kdbus_files',`
|
||||||
gen_require(`
|
+ gen_require(`
|
||||||
- type iso9660_t;
|
|
||||||
+ type kdbusfs_t;
|
+ type kdbusfs_t;
|
||||||
+
|
+
|
||||||
')
|
+ ')
|
||||||
|
+
|
||||||
- allow $1 iso9660_t:filesystem unmount;
|
|
||||||
+ read_lnk_files_pattern($1, kdbusfs_t, kdbusfs_t)
|
+ read_lnk_files_pattern($1, kdbusfs_t, kdbusfs_t)
|
||||||
+ rw_files_pattern($1, kdbusfs_t, kdbusfs_t)
|
+ rw_files_pattern($1, kdbusfs_t, kdbusfs_t)
|
||||||
+ fs_search_tmpfs($1)
|
+ fs_search_tmpfs($1)
|
||||||
+ dev_search_sysfs($1)
|
+ dev_search_sysfs($1)
|
||||||
')
|
+')
|
||||||
|
+
|
||||||
########################################
|
+########################################
|
||||||
## <summary>
|
+## <summary>
|
||||||
-## Get the attributes of an iso9660
|
|
||||||
-## filesystem, which is usually used on CDs.
|
|
||||||
+## Do not audit attempts to open,
|
+## Do not audit attempts to open,
|
||||||
+## get attributes, read and write
|
+## get attributes, read and write
|
||||||
+## cgroup files.
|
+## cgroup files.
|
||||||
@ -17265,7 +17265,7 @@ index 8416beb..4d615ff 100644
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -2719,6 +3685,47 @@ interface(`fs_search_rpc',`
|
@@ -2719,6 +3685,65 @@ interface(`fs_search_rpc',`
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -17309,11 +17309,29 @@ index 8416beb..4d615ff 100644
|
|||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
+########################################
|
+########################################
|
||||||
|
+## <summary>
|
||||||
|
+## Relabel directory on removable storage.
|
||||||
|
+## </summary>
|
||||||
|
+## <param name="domain">
|
||||||
|
+## <summary>
|
||||||
|
+## Domain allowed access.
|
||||||
|
+## </summary>
|
||||||
|
+## </param>
|
||||||
|
+#
|
||||||
|
+interface(`fs_relabel_pstore_dirs',`
|
||||||
|
+ gen_require(`
|
||||||
|
+ type pstore_t;
|
||||||
|
+ ')
|
||||||
|
+
|
||||||
|
+ relabel_dirs_pattern($1, pstore_t, pstore_t)
|
||||||
|
+')
|
||||||
|
+
|
||||||
|
+########################################
|
||||||
+## <summary>
|
+## <summary>
|
||||||
## Search removable storage directories.
|
## Search removable storage directories.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
@@ -2741,7 +3748,7 @@ interface(`fs_search_removable',`
|
@@ -2741,7 +3766,7 @@ interface(`fs_search_removable',`
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -17322,7 +17340,7 @@ index 8416beb..4d615ff 100644
|
|||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@@ -2777,7 +3784,7 @@ interface(`fs_read_removable_files',`
|
@@ -2777,7 +3802,7 @@ interface(`fs_read_removable_files',`
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -17331,7 +17349,7 @@ index 8416beb..4d615ff 100644
|
|||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@@ -2970,6 +3977,7 @@ interface(`fs_manage_nfs_dirs',`
|
@@ -2970,6 +3995,7 @@ interface(`fs_manage_nfs_dirs',`
|
||||||
type nfs_t;
|
type nfs_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -17339,7 +17357,7 @@ index 8416beb..4d615ff 100644
|
|||||||
allow $1 nfs_t:dir manage_dir_perms;
|
allow $1 nfs_t:dir manage_dir_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -3010,6 +4018,7 @@ interface(`fs_manage_nfs_files',`
|
@@ -3010,6 +4036,7 @@ interface(`fs_manage_nfs_files',`
|
||||||
type nfs_t;
|
type nfs_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -17347,7 +17365,7 @@ index 8416beb..4d615ff 100644
|
|||||||
manage_files_pattern($1, nfs_t, nfs_t)
|
manage_files_pattern($1, nfs_t, nfs_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -3050,6 +4059,7 @@ interface(`fs_manage_nfs_symlinks',`
|
@@ -3050,6 +4077,7 @@ interface(`fs_manage_nfs_symlinks',`
|
||||||
type nfs_t;
|
type nfs_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -17355,7 +17373,7 @@ index 8416beb..4d615ff 100644
|
|||||||
manage_lnk_files_pattern($1, nfs_t, nfs_t)
|
manage_lnk_files_pattern($1, nfs_t, nfs_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -3137,6 +4147,24 @@ interface(`fs_nfs_domtrans',`
|
@@ -3137,6 +4165,24 @@ interface(`fs_nfs_domtrans',`
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -17380,7 +17398,7 @@ index 8416beb..4d615ff 100644
|
|||||||
## Mount a NFS server pseudo filesystem.
|
## Mount a NFS server pseudo filesystem.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
@@ -3263,6 +4291,24 @@ interface(`fs_getattr_nfsd_files',`
|
@@ -3263,6 +4309,24 @@ interface(`fs_getattr_nfsd_files',`
|
||||||
getattr_files_pattern($1, nfsd_fs_t, nfsd_fs_t)
|
getattr_files_pattern($1, nfsd_fs_t, nfsd_fs_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -17405,7 +17423,7 @@ index 8416beb..4d615ff 100644
|
|||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Read and write NFS server files.
|
## Read and write NFS server files.
|
||||||
@@ -3283,6 +4329,24 @@ interface(`fs_rw_nfsd_fs',`
|
@@ -3283,6 +4347,24 @@ interface(`fs_rw_nfsd_fs',`
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -17430,7 +17448,7 @@ index 8416beb..4d615ff 100644
|
|||||||
## Allow the type to associate to ramfs filesystems.
|
## Allow the type to associate to ramfs filesystems.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="type">
|
## <param name="type">
|
||||||
@@ -3392,7 +4456,7 @@ interface(`fs_search_ramfs',`
|
@@ -3392,7 +4474,7 @@ interface(`fs_search_ramfs',`
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -17439,7 +17457,7 @@ index 8416beb..4d615ff 100644
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -3429,7 +4493,7 @@ interface(`fs_manage_ramfs_dirs',`
|
@@ -3429,7 +4511,7 @@ interface(`fs_manage_ramfs_dirs',`
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -17448,7 +17466,7 @@ index 8416beb..4d615ff 100644
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -3447,7 +4511,7 @@ interface(`fs_dontaudit_read_ramfs_files',`
|
@@ -3447,7 +4529,7 @@ interface(`fs_dontaudit_read_ramfs_files',`
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -17457,7 +17475,7 @@ index 8416beb..4d615ff 100644
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -3779,6 +4843,24 @@ interface(`fs_mount_tmpfs',`
|
@@ -3779,6 +4861,24 @@ interface(`fs_mount_tmpfs',`
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -17482,7 +17500,7 @@ index 8416beb..4d615ff 100644
|
|||||||
## Remount a tmpfs filesystem.
|
## Remount a tmpfs filesystem.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
@@ -3815,6 +4897,24 @@ interface(`fs_unmount_tmpfs',`
|
@@ -3815,6 +4915,24 @@ interface(`fs_unmount_tmpfs',`
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -17507,7 +17525,7 @@ index 8416beb..4d615ff 100644
|
|||||||
## Get the attributes of a tmpfs
|
## Get the attributes of a tmpfs
|
||||||
## filesystem.
|
## filesystem.
|
||||||
## </summary>
|
## </summary>
|
||||||
@@ -3839,39 +4939,76 @@ interface(`fs_getattr_tmpfs',`
|
@@ -3839,39 +4957,76 @@ interface(`fs_getattr_tmpfs',`
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="type">
|
## <param name="type">
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -17593,7 +17611,7 @@ index 8416beb..4d615ff 100644
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -3879,36 +5016,35 @@ interface(`fs_relabelfrom_tmpfs',`
|
@@ -3879,36 +5034,35 @@ interface(`fs_relabelfrom_tmpfs',`
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -17637,7 +17655,7 @@ index 8416beb..4d615ff 100644
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -3916,35 +5052,36 @@ interface(`fs_dontaudit_getattr_tmpfs_dirs',`
|
@@ -3916,35 +5070,36 @@ interface(`fs_dontaudit_getattr_tmpfs_dirs',`
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -17681,7 +17699,7 @@ index 8416beb..4d615ff 100644
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -3952,17 +5089,17 @@ interface(`fs_setattr_tmpfs_dirs',`
|
@@ -3952,17 +5107,17 @@ interface(`fs_setattr_tmpfs_dirs',`
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -17702,7 +17720,7 @@ index 8416beb..4d615ff 100644
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -3970,31 +5107,30 @@ interface(`fs_search_tmpfs',`
|
@@ -3970,31 +5125,30 @@ interface(`fs_search_tmpfs',`
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -17740,7 +17758,7 @@ index 8416beb..4d615ff 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -4105,7 +5241,7 @@ interface(`fs_dontaudit_rw_tmpfs_files',`
|
@@ -4105,7 +5259,7 @@ interface(`fs_dontaudit_rw_tmpfs_files',`
|
||||||
type tmpfs_t;
|
type tmpfs_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -17749,7 +17767,7 @@ index 8416beb..4d615ff 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -4165,6 +5301,24 @@ interface(`fs_rw_tmpfs_files',`
|
@@ -4165,6 +5319,24 @@ interface(`fs_rw_tmpfs_files',`
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -17774,7 +17792,7 @@ index 8416beb..4d615ff 100644
|
|||||||
## Read tmpfs link files.
|
## Read tmpfs link files.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
@@ -4202,7 +5356,7 @@ interface(`fs_rw_tmpfs_chr_files',`
|
@@ -4202,7 +5374,7 @@ interface(`fs_rw_tmpfs_chr_files',`
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -17783,7 +17801,7 @@ index 8416beb..4d615ff 100644
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -4221,6 +5375,60 @@ interface(`fs_dontaudit_use_tmpfs_chr_dev',`
|
@@ -4221,6 +5393,60 @@ interface(`fs_dontaudit_use_tmpfs_chr_dev',`
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -17844,7 +17862,7 @@ index 8416beb..4d615ff 100644
|
|||||||
## Relabel character nodes on tmpfs filesystems.
|
## Relabel character nodes on tmpfs filesystems.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
@@ -4278,6 +5486,44 @@ interface(`fs_relabel_tmpfs_blk_file',`
|
@@ -4278,6 +5504,44 @@ interface(`fs_relabel_tmpfs_blk_file',`
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -17889,7 +17907,7 @@ index 8416beb..4d615ff 100644
|
|||||||
## Read and write, create and delete generic
|
## Read and write, create and delete generic
|
||||||
## files on tmpfs filesystems.
|
## files on tmpfs filesystems.
|
||||||
## </summary>
|
## </summary>
|
||||||
@@ -4297,6 +5543,25 @@ interface(`fs_manage_tmpfs_files',`
|
@@ -4297,6 +5561,25 @@ interface(`fs_manage_tmpfs_files',`
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -17915,7 +17933,7 @@ index 8416beb..4d615ff 100644
|
|||||||
## Read and write, create and delete symbolic
|
## Read and write, create and delete symbolic
|
||||||
## links on tmpfs filesystems.
|
## links on tmpfs filesystems.
|
||||||
## </summary>
|
## </summary>
|
||||||
@@ -4407,6 +5672,25 @@ interface(`fs_search_xenfs',`
|
@@ -4407,6 +5690,25 @@ interface(`fs_search_xenfs',`
|
||||||
allow $1 xenfs_t:dir search_dir_perms;
|
allow $1 xenfs_t:dir search_dir_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -17941,7 +17959,7 @@ index 8416beb..4d615ff 100644
|
|||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Create, read, write, and delete directories
|
## Create, read, write, and delete directories
|
||||||
@@ -4503,6 +5787,8 @@ interface(`fs_mount_all_fs',`
|
@@ -4503,6 +5805,8 @@ interface(`fs_mount_all_fs',`
|
||||||
')
|
')
|
||||||
|
|
||||||
allow $1 filesystem_type:filesystem mount;
|
allow $1 filesystem_type:filesystem mount;
|
||||||
@ -17950,7 +17968,7 @@ index 8416beb..4d615ff 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -4549,7 +5835,7 @@ interface(`fs_unmount_all_fs',`
|
@@ -4549,7 +5853,7 @@ interface(`fs_unmount_all_fs',`
|
||||||
## <desc>
|
## <desc>
|
||||||
## <p>
|
## <p>
|
||||||
## Allow the specified domain to
|
## Allow the specified domain to
|
||||||
@ -17959,7 +17977,7 @@ index 8416beb..4d615ff 100644
|
|||||||
## Example attributes:
|
## Example attributes:
|
||||||
## </p>
|
## </p>
|
||||||
## <ul>
|
## <ul>
|
||||||
@@ -4596,6 +5882,26 @@ interface(`fs_dontaudit_getattr_all_fs',`
|
@@ -4596,6 +5900,26 @@ interface(`fs_dontaudit_getattr_all_fs',`
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -17986,7 +18004,7 @@ index 8416beb..4d615ff 100644
|
|||||||
## Get the quotas of all filesystems.
|
## Get the quotas of all filesystems.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
@@ -4671,6 +5977,25 @@ interface(`fs_getattr_all_dirs',`
|
@@ -4671,6 +5995,25 @@ interface(`fs_getattr_all_dirs',`
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -18012,7 +18030,7 @@ index 8416beb..4d615ff 100644
|
|||||||
## Search all directories with a filesystem type.
|
## Search all directories with a filesystem type.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
@@ -4912,3 +6237,63 @@ interface(`fs_unconfined',`
|
@@ -4912,3 +6255,63 @@ interface(`fs_unconfined',`
|
||||||
|
|
||||||
typeattribute $1 filesystem_unconfined_type;
|
typeattribute $1 filesystem_unconfined_type;
|
||||||
')
|
')
|
||||||
@ -33892,7 +33910,7 @@ index 79a45f6..af3877f 100644
|
|||||||
+ read_files_pattern($1, init_var_lib_t, init_var_lib_t)
|
+ read_files_pattern($1, init_var_lib_t, init_var_lib_t)
|
||||||
+')
|
+')
|
||||||
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
|
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
|
||||||
index 17eda24..34affdd 100644
|
index 17eda24..6d9bef0 100644
|
||||||
--- a/policy/modules/system/init.te
|
--- a/policy/modules/system/init.te
|
||||||
+++ b/policy/modules/system/init.te
|
+++ b/policy/modules/system/init.te
|
||||||
@@ -11,10 +11,31 @@ gen_require(`
|
@@ -11,10 +11,31 @@ gen_require(`
|
||||||
@ -34185,7 +34203,7 @@ index 17eda24..34affdd 100644
|
|||||||
|
|
||||||
ifdef(`distro_gentoo',`
|
ifdef(`distro_gentoo',`
|
||||||
allow init_t self:process { getcap setcap };
|
allow init_t self:process { getcap setcap };
|
||||||
@@ -186,29 +321,238 @@ ifdef(`distro_gentoo',`
|
@@ -186,29 +321,239 @@ ifdef(`distro_gentoo',`
|
||||||
')
|
')
|
||||||
|
|
||||||
ifdef(`distro_redhat',`
|
ifdef(`distro_redhat',`
|
||||||
@ -34317,6 +34335,7 @@ index 17eda24..34affdd 100644
|
|||||||
+fs_manage_cgroup_files(init_t)
|
+fs_manage_cgroup_files(init_t)
|
||||||
+fs_manage_hugetlbfs_dirs(init_t)
|
+fs_manage_hugetlbfs_dirs(init_t)
|
||||||
+fs_manage_tmpfs_dirs(init_t)
|
+fs_manage_tmpfs_dirs(init_t)
|
||||||
|
+fs_relabel_pstore_dirs(init_t)
|
||||||
+fs_relabel_tmpfs_dirs(init_t)
|
+fs_relabel_tmpfs_dirs(init_t)
|
||||||
+fs_relabel_tmpfs_files(init_t)
|
+fs_relabel_tmpfs_files(init_t)
|
||||||
+fs_relabel_tmpfs_fifo_files(init_t)
|
+fs_relabel_tmpfs_fifo_files(init_t)
|
||||||
@ -34433,7 +34452,7 @@ index 17eda24..34affdd 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -216,7 +560,31 @@ optional_policy(`
|
@@ -216,7 +561,31 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -34465,7 +34484,7 @@ index 17eda24..34affdd 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -225,9 +593,9 @@ optional_policy(`
|
@@ -225,9 +594,9 @@ optional_policy(`
|
||||||
#
|
#
|
||||||
|
|
||||||
allow initrc_t self:process { getpgid setsched setpgid setrlimit getsched };
|
allow initrc_t self:process { getpgid setsched setpgid setrlimit getsched };
|
||||||
@ -34477,7 +34496,7 @@ index 17eda24..34affdd 100644
|
|||||||
allow initrc_t self:passwd rootok;
|
allow initrc_t self:passwd rootok;
|
||||||
allow initrc_t self:key manage_key_perms;
|
allow initrc_t self:key manage_key_perms;
|
||||||
|
|
||||||
@@ -258,12 +626,16 @@ manage_fifo_files_pattern(initrc_t, initrc_state_t, initrc_state_t)
|
@@ -258,12 +627,16 @@ manage_fifo_files_pattern(initrc_t, initrc_state_t, initrc_state_t)
|
||||||
|
|
||||||
allow initrc_t initrc_var_run_t:file manage_file_perms;
|
allow initrc_t initrc_var_run_t:file manage_file_perms;
|
||||||
files_pid_filetrans(initrc_t, initrc_var_run_t, file)
|
files_pid_filetrans(initrc_t, initrc_var_run_t, file)
|
||||||
@ -34494,7 +34513,7 @@ index 17eda24..34affdd 100644
|
|||||||
|
|
||||||
manage_dirs_pattern(initrc_t, initrc_var_log_t, initrc_var_log_t)
|
manage_dirs_pattern(initrc_t, initrc_var_log_t, initrc_var_log_t)
|
||||||
manage_files_pattern(initrc_t, initrc_var_log_t, initrc_var_log_t)
|
manage_files_pattern(initrc_t, initrc_var_log_t, initrc_var_log_t)
|
||||||
@@ -279,23 +651,36 @@ kernel_change_ring_buffer_level(initrc_t)
|
@@ -279,23 +652,36 @@ kernel_change_ring_buffer_level(initrc_t)
|
||||||
kernel_clear_ring_buffer(initrc_t)
|
kernel_clear_ring_buffer(initrc_t)
|
||||||
kernel_get_sysvipc_info(initrc_t)
|
kernel_get_sysvipc_info(initrc_t)
|
||||||
kernel_read_all_sysctls(initrc_t)
|
kernel_read_all_sysctls(initrc_t)
|
||||||
@ -34537,7 +34556,7 @@ index 17eda24..34affdd 100644
|
|||||||
corenet_tcp_sendrecv_all_ports(initrc_t)
|
corenet_tcp_sendrecv_all_ports(initrc_t)
|
||||||
corenet_udp_sendrecv_all_ports(initrc_t)
|
corenet_udp_sendrecv_all_ports(initrc_t)
|
||||||
corenet_tcp_connect_all_ports(initrc_t)
|
corenet_tcp_connect_all_ports(initrc_t)
|
||||||
@@ -303,9 +688,11 @@ corenet_sendrecv_all_client_packets(initrc_t)
|
@@ -303,9 +689,11 @@ corenet_sendrecv_all_client_packets(initrc_t)
|
||||||
|
|
||||||
dev_read_rand(initrc_t)
|
dev_read_rand(initrc_t)
|
||||||
dev_read_urand(initrc_t)
|
dev_read_urand(initrc_t)
|
||||||
@ -34549,7 +34568,7 @@ index 17eda24..34affdd 100644
|
|||||||
dev_rw_sysfs(initrc_t)
|
dev_rw_sysfs(initrc_t)
|
||||||
dev_list_usbfs(initrc_t)
|
dev_list_usbfs(initrc_t)
|
||||||
dev_read_framebuffer(initrc_t)
|
dev_read_framebuffer(initrc_t)
|
||||||
@@ -313,8 +700,10 @@ dev_write_framebuffer(initrc_t)
|
@@ -313,8 +701,10 @@ dev_write_framebuffer(initrc_t)
|
||||||
dev_read_realtime_clock(initrc_t)
|
dev_read_realtime_clock(initrc_t)
|
||||||
dev_read_sound_mixer(initrc_t)
|
dev_read_sound_mixer(initrc_t)
|
||||||
dev_write_sound_mixer(initrc_t)
|
dev_write_sound_mixer(initrc_t)
|
||||||
@ -34560,7 +34579,7 @@ index 17eda24..34affdd 100644
|
|||||||
dev_delete_lvm_control_dev(initrc_t)
|
dev_delete_lvm_control_dev(initrc_t)
|
||||||
dev_manage_generic_symlinks(initrc_t)
|
dev_manage_generic_symlinks(initrc_t)
|
||||||
dev_manage_generic_files(initrc_t)
|
dev_manage_generic_files(initrc_t)
|
||||||
@@ -322,8 +711,7 @@ dev_manage_generic_files(initrc_t)
|
@@ -322,8 +712,7 @@ dev_manage_generic_files(initrc_t)
|
||||||
dev_delete_generic_symlinks(initrc_t)
|
dev_delete_generic_symlinks(initrc_t)
|
||||||
dev_getattr_all_blk_files(initrc_t)
|
dev_getattr_all_blk_files(initrc_t)
|
||||||
dev_getattr_all_chr_files(initrc_t)
|
dev_getattr_all_chr_files(initrc_t)
|
||||||
@ -34570,7 +34589,7 @@ index 17eda24..34affdd 100644
|
|||||||
|
|
||||||
domain_kill_all_domains(initrc_t)
|
domain_kill_all_domains(initrc_t)
|
||||||
domain_signal_all_domains(initrc_t)
|
domain_signal_all_domains(initrc_t)
|
||||||
@@ -332,7 +720,6 @@ domain_sigstop_all_domains(initrc_t)
|
@@ -332,7 +721,6 @@ domain_sigstop_all_domains(initrc_t)
|
||||||
domain_sigchld_all_domains(initrc_t)
|
domain_sigchld_all_domains(initrc_t)
|
||||||
domain_read_all_domains_state(initrc_t)
|
domain_read_all_domains_state(initrc_t)
|
||||||
domain_getattr_all_domains(initrc_t)
|
domain_getattr_all_domains(initrc_t)
|
||||||
@ -34578,7 +34597,7 @@ index 17eda24..34affdd 100644
|
|||||||
domain_getsession_all_domains(initrc_t)
|
domain_getsession_all_domains(initrc_t)
|
||||||
domain_use_interactive_fds(initrc_t)
|
domain_use_interactive_fds(initrc_t)
|
||||||
# for lsof which is used by alsa shutdown:
|
# for lsof which is used by alsa shutdown:
|
||||||
@@ -340,6 +727,7 @@ domain_dontaudit_getattr_all_udp_sockets(initrc_t)
|
@@ -340,6 +728,7 @@ domain_dontaudit_getattr_all_udp_sockets(initrc_t)
|
||||||
domain_dontaudit_getattr_all_tcp_sockets(initrc_t)
|
domain_dontaudit_getattr_all_tcp_sockets(initrc_t)
|
||||||
domain_dontaudit_getattr_all_dgram_sockets(initrc_t)
|
domain_dontaudit_getattr_all_dgram_sockets(initrc_t)
|
||||||
domain_dontaudit_getattr_all_pipes(initrc_t)
|
domain_dontaudit_getattr_all_pipes(initrc_t)
|
||||||
@ -34586,7 +34605,7 @@ index 17eda24..34affdd 100644
|
|||||||
|
|
||||||
files_getattr_all_dirs(initrc_t)
|
files_getattr_all_dirs(initrc_t)
|
||||||
files_getattr_all_files(initrc_t)
|
files_getattr_all_files(initrc_t)
|
||||||
@@ -347,14 +735,15 @@ files_getattr_all_symlinks(initrc_t)
|
@@ -347,14 +736,15 @@ files_getattr_all_symlinks(initrc_t)
|
||||||
files_getattr_all_pipes(initrc_t)
|
files_getattr_all_pipes(initrc_t)
|
||||||
files_getattr_all_sockets(initrc_t)
|
files_getattr_all_sockets(initrc_t)
|
||||||
files_purge_tmp(initrc_t)
|
files_purge_tmp(initrc_t)
|
||||||
@ -34604,7 +34623,7 @@ index 17eda24..34affdd 100644
|
|||||||
files_read_usr_files(initrc_t)
|
files_read_usr_files(initrc_t)
|
||||||
files_manage_urandom_seed(initrc_t)
|
files_manage_urandom_seed(initrc_t)
|
||||||
files_manage_generic_spool(initrc_t)
|
files_manage_generic_spool(initrc_t)
|
||||||
@@ -364,8 +753,12 @@ files_list_isid_type_dirs(initrc_t)
|
@@ -364,8 +754,12 @@ files_list_isid_type_dirs(initrc_t)
|
||||||
files_mounton_isid_type_dirs(initrc_t)
|
files_mounton_isid_type_dirs(initrc_t)
|
||||||
files_list_default(initrc_t)
|
files_list_default(initrc_t)
|
||||||
files_mounton_default(initrc_t)
|
files_mounton_default(initrc_t)
|
||||||
@ -34618,7 +34637,7 @@ index 17eda24..34affdd 100644
|
|||||||
fs_list_inotifyfs(initrc_t)
|
fs_list_inotifyfs(initrc_t)
|
||||||
fs_register_binary_executable_type(initrc_t)
|
fs_register_binary_executable_type(initrc_t)
|
||||||
# rhgb-console writes to ramfs
|
# rhgb-console writes to ramfs
|
||||||
@@ -375,10 +768,11 @@ fs_mount_all_fs(initrc_t)
|
@@ -375,10 +769,11 @@ fs_mount_all_fs(initrc_t)
|
||||||
fs_unmount_all_fs(initrc_t)
|
fs_unmount_all_fs(initrc_t)
|
||||||
fs_remount_all_fs(initrc_t)
|
fs_remount_all_fs(initrc_t)
|
||||||
fs_getattr_all_fs(initrc_t)
|
fs_getattr_all_fs(initrc_t)
|
||||||
@ -34632,7 +34651,7 @@ index 17eda24..34affdd 100644
|
|||||||
mcs_process_set_categories(initrc_t)
|
mcs_process_set_categories(initrc_t)
|
||||||
|
|
||||||
mls_file_read_all_levels(initrc_t)
|
mls_file_read_all_levels(initrc_t)
|
||||||
@@ -387,8 +781,10 @@ mls_process_read_up(initrc_t)
|
@@ -387,8 +782,10 @@ mls_process_read_up(initrc_t)
|
||||||
mls_process_write_down(initrc_t)
|
mls_process_write_down(initrc_t)
|
||||||
mls_rangetrans_source(initrc_t)
|
mls_rangetrans_source(initrc_t)
|
||||||
mls_fd_share_all_levels(initrc_t)
|
mls_fd_share_all_levels(initrc_t)
|
||||||
@ -34643,7 +34662,7 @@ index 17eda24..34affdd 100644
|
|||||||
|
|
||||||
storage_getattr_fixed_disk_dev(initrc_t)
|
storage_getattr_fixed_disk_dev(initrc_t)
|
||||||
storage_setattr_fixed_disk_dev(initrc_t)
|
storage_setattr_fixed_disk_dev(initrc_t)
|
||||||
@@ -398,6 +794,7 @@ term_use_all_terms(initrc_t)
|
@@ -398,6 +795,7 @@ term_use_all_terms(initrc_t)
|
||||||
term_reset_tty_labels(initrc_t)
|
term_reset_tty_labels(initrc_t)
|
||||||
|
|
||||||
auth_rw_login_records(initrc_t)
|
auth_rw_login_records(initrc_t)
|
||||||
@ -34651,7 +34670,7 @@ index 17eda24..34affdd 100644
|
|||||||
auth_setattr_login_records(initrc_t)
|
auth_setattr_login_records(initrc_t)
|
||||||
auth_rw_lastlog(initrc_t)
|
auth_rw_lastlog(initrc_t)
|
||||||
auth_read_pam_pid(initrc_t)
|
auth_read_pam_pid(initrc_t)
|
||||||
@@ -416,20 +813,18 @@ logging_read_all_logs(initrc_t)
|
@@ -416,20 +814,18 @@ logging_read_all_logs(initrc_t)
|
||||||
logging_append_all_logs(initrc_t)
|
logging_append_all_logs(initrc_t)
|
||||||
logging_read_audit_config(initrc_t)
|
logging_read_audit_config(initrc_t)
|
||||||
|
|
||||||
@ -34675,7 +34694,7 @@ index 17eda24..34affdd 100644
|
|||||||
|
|
||||||
ifdef(`distro_debian',`
|
ifdef(`distro_debian',`
|
||||||
dev_setattr_generic_dirs(initrc_t)
|
dev_setattr_generic_dirs(initrc_t)
|
||||||
@@ -451,7 +846,6 @@ ifdef(`distro_gentoo',`
|
@@ -451,7 +847,6 @@ ifdef(`distro_gentoo',`
|
||||||
allow initrc_t self:process setfscreate;
|
allow initrc_t self:process setfscreate;
|
||||||
dev_create_null_dev(initrc_t)
|
dev_create_null_dev(initrc_t)
|
||||||
dev_create_zero_dev(initrc_t)
|
dev_create_zero_dev(initrc_t)
|
||||||
@ -34683,7 +34702,7 @@ index 17eda24..34affdd 100644
|
|||||||
term_create_console_dev(initrc_t)
|
term_create_console_dev(initrc_t)
|
||||||
|
|
||||||
# unfortunately /sbin/rc does stupid tricks
|
# unfortunately /sbin/rc does stupid tricks
|
||||||
@@ -486,6 +880,10 @@ ifdef(`distro_gentoo',`
|
@@ -486,6 +881,10 @@ ifdef(`distro_gentoo',`
|
||||||
sysnet_setattr_config(initrc_t)
|
sysnet_setattr_config(initrc_t)
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -34694,7 +34713,7 @@ index 17eda24..34affdd 100644
|
|||||||
alsa_read_lib(initrc_t)
|
alsa_read_lib(initrc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -506,7 +904,7 @@ ifdef(`distro_redhat',`
|
@@ -506,7 +905,7 @@ ifdef(`distro_redhat',`
|
||||||
|
|
||||||
# Red Hat systems seem to have a stray
|
# Red Hat systems seem to have a stray
|
||||||
# fd open from the initrd
|
# fd open from the initrd
|
||||||
@ -34703,7 +34722,7 @@ index 17eda24..34affdd 100644
|
|||||||
files_dontaudit_read_root_files(initrc_t)
|
files_dontaudit_read_root_files(initrc_t)
|
||||||
|
|
||||||
# These seem to be from the initrd
|
# These seem to be from the initrd
|
||||||
@@ -521,6 +919,7 @@ ifdef(`distro_redhat',`
|
@@ -521,6 +920,7 @@ ifdef(`distro_redhat',`
|
||||||
files_create_boot_dirs(initrc_t)
|
files_create_boot_dirs(initrc_t)
|
||||||
files_create_boot_flag(initrc_t)
|
files_create_boot_flag(initrc_t)
|
||||||
files_rw_boot_symlinks(initrc_t)
|
files_rw_boot_symlinks(initrc_t)
|
||||||
@ -34711,7 +34730,7 @@ index 17eda24..34affdd 100644
|
|||||||
# wants to read /.fonts directory
|
# wants to read /.fonts directory
|
||||||
files_read_default_files(initrc_t)
|
files_read_default_files(initrc_t)
|
||||||
files_mountpoint(initrc_tmp_t)
|
files_mountpoint(initrc_tmp_t)
|
||||||
@@ -541,6 +940,7 @@ ifdef(`distro_redhat',`
|
@@ -541,6 +941,7 @@ ifdef(`distro_redhat',`
|
||||||
miscfiles_rw_localization(initrc_t)
|
miscfiles_rw_localization(initrc_t)
|
||||||
miscfiles_setattr_localization(initrc_t)
|
miscfiles_setattr_localization(initrc_t)
|
||||||
miscfiles_relabel_localization(initrc_t)
|
miscfiles_relabel_localization(initrc_t)
|
||||||
@ -34719,7 +34738,7 @@ index 17eda24..34affdd 100644
|
|||||||
|
|
||||||
miscfiles_read_fonts(initrc_t)
|
miscfiles_read_fonts(initrc_t)
|
||||||
miscfiles_read_hwdata(initrc_t)
|
miscfiles_read_hwdata(initrc_t)
|
||||||
@@ -550,8 +950,44 @@ ifdef(`distro_redhat',`
|
@@ -550,8 +951,44 @@ ifdef(`distro_redhat',`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -34764,7 +34783,7 @@ index 17eda24..34affdd 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -559,14 +995,31 @@ ifdef(`distro_redhat',`
|
@@ -559,14 +996,31 @@ ifdef(`distro_redhat',`
|
||||||
rpc_write_exports(initrc_t)
|
rpc_write_exports(initrc_t)
|
||||||
rpc_manage_nfs_state_data(initrc_t)
|
rpc_manage_nfs_state_data(initrc_t)
|
||||||
')
|
')
|
||||||
@ -34796,7 +34815,7 @@ index 17eda24..34affdd 100644
|
|||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -577,6 +1030,39 @@ ifdef(`distro_suse',`
|
@@ -577,6 +1031,39 @@ ifdef(`distro_suse',`
|
||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -34836,7 +34855,7 @@ index 17eda24..34affdd 100644
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
amavis_search_lib(initrc_t)
|
amavis_search_lib(initrc_t)
|
||||||
amavis_setattr_pid_files(initrc_t)
|
amavis_setattr_pid_files(initrc_t)
|
||||||
@@ -589,6 +1075,8 @@ optional_policy(`
|
@@ -589,6 +1076,8 @@ optional_policy(`
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
apache_read_config(initrc_t)
|
apache_read_config(initrc_t)
|
||||||
apache_list_modules(initrc_t)
|
apache_list_modules(initrc_t)
|
||||||
@ -34845,7 +34864,7 @@ index 17eda24..34affdd 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -610,6 +1098,7 @@ optional_policy(`
|
@@ -610,6 +1099,7 @@ optional_policy(`
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
cgroup_stream_connect_cgred(initrc_t)
|
cgroup_stream_connect_cgred(initrc_t)
|
||||||
@ -34853,7 +34872,7 @@ index 17eda24..34affdd 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -626,6 +1115,17 @@ optional_policy(`
|
@@ -626,6 +1116,17 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -34871,7 +34890,7 @@ index 17eda24..34affdd 100644
|
|||||||
dev_getattr_printer_dev(initrc_t)
|
dev_getattr_printer_dev(initrc_t)
|
||||||
|
|
||||||
cups_read_log(initrc_t)
|
cups_read_log(initrc_t)
|
||||||
@@ -642,9 +1142,13 @@ optional_policy(`
|
@@ -642,9 +1143,13 @@ optional_policy(`
|
||||||
dbus_connect_system_bus(initrc_t)
|
dbus_connect_system_bus(initrc_t)
|
||||||
dbus_system_bus_client(initrc_t)
|
dbus_system_bus_client(initrc_t)
|
||||||
dbus_read_config(initrc_t)
|
dbus_read_config(initrc_t)
|
||||||
@ -34885,7 +34904,7 @@ index 17eda24..34affdd 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -657,15 +1161,11 @@ optional_policy(`
|
@@ -657,15 +1162,11 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -34903,7 +34922,7 @@ index 17eda24..34affdd 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -686,6 +1186,15 @@ optional_policy(`
|
@@ -686,6 +1187,15 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -34919,7 +34938,7 @@ index 17eda24..34affdd 100644
|
|||||||
inn_exec_config(initrc_t)
|
inn_exec_config(initrc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -726,6 +1235,7 @@ optional_policy(`
|
@@ -726,6 +1236,7 @@ optional_policy(`
|
||||||
lpd_list_spool(initrc_t)
|
lpd_list_spool(initrc_t)
|
||||||
|
|
||||||
lpd_read_config(initrc_t)
|
lpd_read_config(initrc_t)
|
||||||
@ -34927,7 +34946,7 @@ index 17eda24..34affdd 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -743,7 +1253,13 @@ optional_policy(`
|
@@ -743,7 +1254,13 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -34942,7 +34961,7 @@ index 17eda24..34affdd 100644
|
|||||||
mta_dontaudit_read_spool_symlinks(initrc_t)
|
mta_dontaudit_read_spool_symlinks(initrc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -766,6 +1282,10 @@ optional_policy(`
|
@@ -766,6 +1283,10 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -34953,7 +34972,7 @@ index 17eda24..34affdd 100644
|
|||||||
postgresql_manage_db(initrc_t)
|
postgresql_manage_db(initrc_t)
|
||||||
postgresql_read_config(initrc_t)
|
postgresql_read_config(initrc_t)
|
||||||
')
|
')
|
||||||
@@ -775,10 +1295,20 @@ optional_policy(`
|
@@ -775,10 +1296,20 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -34974,7 +34993,7 @@ index 17eda24..34affdd 100644
|
|||||||
quota_manage_flags(initrc_t)
|
quota_manage_flags(initrc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -787,6 +1317,10 @@ optional_policy(`
|
@@ -787,6 +1318,10 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -34985,7 +35004,7 @@ index 17eda24..34affdd 100644
|
|||||||
fs_write_ramfs_sockets(initrc_t)
|
fs_write_ramfs_sockets(initrc_t)
|
||||||
fs_search_ramfs(initrc_t)
|
fs_search_ramfs(initrc_t)
|
||||||
|
|
||||||
@@ -808,8 +1342,6 @@ optional_policy(`
|
@@ -808,8 +1343,6 @@ optional_policy(`
|
||||||
# bash tries ioctl for some reason
|
# bash tries ioctl for some reason
|
||||||
files_dontaudit_ioctl_all_pids(initrc_t)
|
files_dontaudit_ioctl_all_pids(initrc_t)
|
||||||
|
|
||||||
@ -34994,7 +35013,7 @@ index 17eda24..34affdd 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -818,6 +1350,10 @@ optional_policy(`
|
@@ -818,6 +1351,10 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -35005,7 +35024,7 @@ index 17eda24..34affdd 100644
|
|||||||
# shorewall-init script run /var/lib/shorewall/firewall
|
# shorewall-init script run /var/lib/shorewall/firewall
|
||||||
shorewall_lib_domtrans(initrc_t)
|
shorewall_lib_domtrans(initrc_t)
|
||||||
')
|
')
|
||||||
@@ -827,10 +1363,12 @@ optional_policy(`
|
@@ -827,10 +1364,12 @@ optional_policy(`
|
||||||
squid_manage_logs(initrc_t)
|
squid_manage_logs(initrc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -35018,7 +35037,7 @@ index 17eda24..34affdd 100644
|
|||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
ssh_dontaudit_read_server_keys(initrc_t)
|
ssh_dontaudit_read_server_keys(initrc_t)
|
||||||
@@ -857,21 +1395,60 @@ optional_policy(`
|
@@ -857,21 +1396,60 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -35080,7 +35099,7 @@ index 17eda24..34affdd 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -887,6 +1464,10 @@ optional_policy(`
|
@@ -887,6 +1465,10 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -35091,7 +35110,7 @@ index 17eda24..34affdd 100644
|
|||||||
# Set device ownerships/modes.
|
# Set device ownerships/modes.
|
||||||
xserver_setattr_console_pipes(initrc_t)
|
xserver_setattr_console_pipes(initrc_t)
|
||||||
|
|
||||||
@@ -897,3 +1478,218 @@ optional_policy(`
|
@@ -897,3 +1479,218 @@ optional_policy(`
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
zebra_read_config(initrc_t)
|
zebra_read_config(initrc_t)
|
||||||
')
|
')
|
||||||
|
@ -50403,7 +50403,7 @@ index 6194b80..e27c53d 100644
|
|||||||
')
|
')
|
||||||
+
|
+
|
||||||
diff --git a/mozilla.te b/mozilla.te
|
diff --git a/mozilla.te b/mozilla.te
|
||||||
index 11ac8e4..cee5091 100644
|
index 11ac8e4..b341bb0 100644
|
||||||
--- a/mozilla.te
|
--- a/mozilla.te
|
||||||
+++ b/mozilla.te
|
+++ b/mozilla.te
|
||||||
@@ -6,17 +6,56 @@ policy_module(mozilla, 2.8.0)
|
@@ -6,17 +6,56 @@ policy_module(mozilla, 2.8.0)
|
||||||
@ -50419,7 +50419,7 @@ index 11ac8e4..cee5091 100644
|
|||||||
+## </p>
|
+## </p>
|
||||||
## </desc>
|
## </desc>
|
||||||
-gen_tunable(mozilla_execstack, false)
|
-gen_tunable(mozilla_execstack, false)
|
||||||
+gen_tunable(mozilla_plugin_can_network_connect, false)
|
+gen_tunable(mozilla_plugin_can_network_connect, true)
|
||||||
+
|
+
|
||||||
+## <desc>
|
+## <desc>
|
||||||
+## <p>
|
+## <p>
|
||||||
|
@ -19,7 +19,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.13.1
|
Version: 3.13.1
|
||||||
Release: 160%{?dist}
|
Release: 161%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -664,6 +664,9 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Nov 30 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-161
|
||||||
|
- Set default value as true in boolean mozilla_plugin_can_network_connect. BZ(1286177)
|
||||||
|
|
||||||
* Tue Nov 24 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-160
|
* Tue Nov 24 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-160
|
||||||
- Allow apcupsd sending mails about battery state. BZ(1274018)
|
- Allow apcupsd sending mails about battery state. BZ(1274018)
|
||||||
- Allow pcp_pmcd_t domain transition to lvm_t. BZ(1277779)
|
- Allow pcp_pmcd_t domain transition to lvm_t. BZ(1277779)
|
||||||
|
Loading…
Reference in New Issue
Block a user