- Allow cups to use generic usb
- fix inetd to be able to run random apps (git)
This commit is contained in:
parent
6178b36c7d
commit
779d23c7e4
@ -4287,7 +4287,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
|
||||
+/usr/local/Brother/inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,mls_systemhigh)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.0.3/policy/modules/services/cups.te
|
||||
--- nsaserefpolicy/policy/modules/services/cups.te 2007-07-03 07:06:27.000000000 -0400
|
||||
+++ serefpolicy-3.0.3/policy/modules/services/cups.te 2007-07-19 10:33:00.000000000 -0400
|
||||
+++ serefpolicy-3.0.3/policy/modules/services/cups.te 2007-07-20 09:22:00.000000000 -0400
|
||||
@@ -81,12 +81,11 @@
|
||||
# /usr/lib/cups/backend/serial needs sys_admin(?!)
|
||||
allow cupsd_t self:capability { sys_admin dac_override dac_read_search kill setgid setuid fsetid net_bind_service fowner chown dac_override sys_resource sys_tty_config };
|
||||
@ -4302,7 +4302,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
|
||||
allow cupsd_t self:tcp_socket create_stream_socket_perms;
|
||||
allow cupsd_t self:udp_socket create_socket_perms;
|
||||
allow cupsd_t self:appletalk_socket create_socket_perms;
|
||||
@@ -150,14 +149,16 @@
|
||||
@@ -150,14 +149,17 @@
|
||||
corenet_tcp_bind_reserved_port(cupsd_t)
|
||||
corenet_dontaudit_tcp_bind_all_reserved_ports(cupsd_t)
|
||||
corenet_tcp_connect_all_ports(cupsd_t)
|
||||
@ -4316,11 +4316,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
|
||||
dev_read_urand(cupsd_t)
|
||||
dev_read_sysfs(cupsd_t)
|
||||
-dev_read_usbfs(cupsd_t)
|
||||
+dev_rw_generic_usb_dev(cupsd_t)
|
||||
+dev_rw_usbfs(cupsd_t)
|
||||
dev_getattr_printer_dev(cupsd_t)
|
||||
|
||||
domain_read_all_domains_state(cupsd_t)
|
||||
@@ -176,6 +177,7 @@
|
||||
@@ -176,6 +178,7 @@
|
||||
term_search_ptys(cupsd_t)
|
||||
|
||||
auth_domtrans_chk_passwd(cupsd_t)
|
||||
@ -4328,7 +4329,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
|
||||
auth_dontaudit_read_pam_pid(cupsd_t)
|
||||
|
||||
# Filter scripts may be shell scripts, and may invoke progs like /bin/mktemp
|
||||
@@ -223,21 +225,45 @@
|
||||
@@ -223,21 +226,45 @@
|
||||
|
||||
sysnet_read_config(cupsd_t)
|
||||
|
||||
@ -4374,7 +4375,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
|
||||
cron_system_entry(cupsd_t, cupsd_exec_t)
|
||||
')
|
||||
|
||||
@@ -250,6 +276,10 @@
|
||||
@@ -250,6 +277,10 @@
|
||||
optional_policy(`
|
||||
hal_dbus_chat(cupsd_t)
|
||||
')
|
||||
@ -4385,7 +4386,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -265,16 +295,16 @@
|
||||
@@ -265,16 +296,16 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -4406,7 +4407,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
|
||||
seutil_sigchld_newrole(cupsd_t)
|
||||
')
|
||||
|
||||
@@ -379,6 +409,14 @@
|
||||
@@ -379,6 +410,14 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -4421,7 +4422,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
|
||||
cron_system_entry(cupsd_config_t, cupsd_config_exec_t)
|
||||
')
|
||||
|
||||
@@ -562,7 +600,7 @@
|
||||
@@ -562,7 +601,7 @@
|
||||
dev_read_urand(hplip_t)
|
||||
dev_read_rand(hplip_t)
|
||||
dev_rw_generic_usb_dev(hplip_t)
|
||||
@ -4430,7 +4431,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
|
||||
|
||||
fs_getattr_all_fs(hplip_t)
|
||||
fs_search_auto_mountpoints(hplip_t)
|
||||
@@ -589,8 +627,6 @@
|
||||
@@ -589,8 +628,6 @@
|
||||
userdom_dontaudit_search_sysadm_home_dirs(hplip_t)
|
||||
userdom_dontaudit_search_all_users_home_content(hplip_t)
|
||||
|
||||
@ -5072,7 +5073,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
|
||||
+dev_rw_input_dev(hald_keymap_t)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.te serefpolicy-3.0.3/policy/modules/services/inetd.te
|
||||
--- nsaserefpolicy/policy/modules/services/inetd.te 2007-07-03 07:06:26.000000000 -0400
|
||||
+++ serefpolicy-3.0.3/policy/modules/services/inetd.te 2007-07-19 17:08:18.000000000 -0400
|
||||
+++ serefpolicy-3.0.3/policy/modules/services/inetd.te 2007-07-20 09:21:48.000000000 -0400
|
||||
@@ -80,16 +80,21 @@
|
||||
corenet_udp_bind_comsat_port(inetd_t)
|
||||
corenet_tcp_bind_dbskkd_port(inetd_t)
|
||||
@ -7548,7 +7549,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
||||
')
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.0.3/policy/modules/system/authlogin.if
|
||||
--- nsaserefpolicy/policy/modules/system/authlogin.if 2007-06-15 14:54:34.000000000 -0400
|
||||
+++ serefpolicy-3.0.3/policy/modules/system/authlogin.if 2007-07-19 10:36:40.000000000 -0400
|
||||
+++ serefpolicy-3.0.3/policy/modules/system/authlogin.if 2007-07-20 11:12:25.000000000 -0400
|
||||
@@ -27,7 +27,8 @@
|
||||
domain_type($1_chkpwd_t)
|
||||
domain_entry_file($1_chkpwd_t,chkpwd_exec_t)
|
||||
@ -7591,7 +7592,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
||||
# for SSP/ProPolice
|
||||
dev_read_urand($1)
|
||||
|
||||
@@ -197,22 +207,26 @@
|
||||
@@ -197,22 +207,27 @@
|
||||
mls_fd_share_all_levels($1)
|
||||
|
||||
auth_domtrans_chk_passwd($1)
|
||||
@ -7603,6 +7604,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
||||
- auth_append_faillog($1)
|
||||
+ auth_rw_faillog($1)
|
||||
auth_exec_pam($1)
|
||||
+ auth_use_nsswitch($1)
|
||||
|
||||
init_rw_utmp($1)
|
||||
|
||||
@ -7619,7 +7621,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
||||
')
|
||||
')
|
||||
|
||||
@@ -310,9 +324,6 @@
|
||||
@@ -310,9 +325,6 @@
|
||||
type system_chkpwd_t, chkpwd_exec_t, shadow_t;
|
||||
')
|
||||
|
||||
@ -7629,7 +7631,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
||||
corecmd_search_bin($1)
|
||||
domtrans_pattern($1,chkpwd_exec_t,system_chkpwd_t)
|
||||
|
||||
@@ -348,6 +359,37 @@
|
||||
@@ -348,6 +360,37 @@
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
@ -7667,7 +7669,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
||||
## Get the attributes of the shadow passwords file.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
@@ -696,6 +738,24 @@
|
||||
@@ -696,6 +739,24 @@
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
@ -7692,7 +7694,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
||||
## Execute pam programs in the PAM domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
@@ -1319,14 +1379,9 @@
|
||||
@@ -1319,14 +1380,9 @@
|
||||
## </param>
|
||||
#
|
||||
interface(`auth_use_nsswitch',`
|
||||
@ -7707,7 +7709,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
||||
files_list_var_lib($1)
|
||||
|
||||
miscfiles_read_certs($1)
|
||||
@@ -1382,3 +1437,114 @@
|
||||
@@ -1382,3 +1438,114 @@
|
||||
typeattribute $1 can_write_shadow_passwords;
|
||||
typeattribute $1 can_relabelto_shadow_passwords;
|
||||
')
|
||||
|
@ -17,7 +17,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.0.3
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: GPL
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
@ -359,6 +359,10 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Jul 20 2007 Dan Walsh <dwalsh@redhat.com> 3.0.3-3
|
||||
- Allow cups to use generic usb
|
||||
- fix inetd to be able to run random apps (git)
|
||||
|
||||
* Thu Jul 19 2007 Dan Walsh <dwalsh@redhat.com> 3.0.3-2
|
||||
- Add proper contexts for rsyslogd
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user