+- Add label for /var/lib/iscan/interpreter
+- Dont audit writes to leaked file descriptors or redirected output for nacl +- NetworkManager needs to write to /sys/class/net/ib*/mode
This commit is contained in:
parent
d17f759dd0
commit
7c693b0afa
114
policy-F16.patch
114
policy-F16.patch
@ -4870,10 +4870,10 @@ index 0000000..1553356
|
|||||||
+')
|
+')
|
||||||
diff --git a/policy/modules/apps/chrome.te b/policy/modules/apps/chrome.te
|
diff --git a/policy/modules/apps/chrome.te b/policy/modules/apps/chrome.te
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000..acb325c
|
index 0000000..aff461c
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/policy/modules/apps/chrome.te
|
+++ b/policy/modules/apps/chrome.te
|
||||||
@@ -0,0 +1,175 @@
|
@@ -0,0 +1,184 @@
|
||||||
+policy_module(chrome,1.0.0)
|
+policy_module(chrome,1.0.0)
|
||||||
+
|
+
|
||||||
+########################################
|
+########################################
|
||||||
@ -4903,6 +4903,10 @@ index 0000000..acb325c
|
|||||||
+# chrome_sandbox local policy
|
+# chrome_sandbox local policy
|
||||||
+#
|
+#
|
||||||
+allow chrome_sandbox_t self:capability { chown dac_override fsetid setgid setuid sys_admin sys_chroot };
|
+allow chrome_sandbox_t self:capability { chown dac_override fsetid setgid setuid sys_admin sys_chroot };
|
||||||
|
+tunable_policy(`deny_ptrace',`',`
|
||||||
|
+ allow chrome_sandbox_t self:capability sys_ptrace;
|
||||||
|
+')
|
||||||
|
+
|
||||||
+allow chrome_sandbox_t self:process { signal_perms setrlimit execmem execstack };
|
+allow chrome_sandbox_t self:process { signal_perms setrlimit execmem execstack };
|
||||||
+allow chrome_sandbox_t self:process setsched;
|
+allow chrome_sandbox_t self:process setsched;
|
||||||
+allow chrome_sandbox_t self:fifo_file manage_file_perms;
|
+allow chrome_sandbox_t self:fifo_file manage_file_perms;
|
||||||
@ -5049,6 +5053,11 @@ index 0000000..acb325c
|
|||||||
+userdom_rw_inherited_user_tmpfs_files(chrome_sandbox_nacl_t)
|
+userdom_rw_inherited_user_tmpfs_files(chrome_sandbox_nacl_t)
|
||||||
+userdom_execute_user_tmpfs_files(chrome_sandbox_nacl_t)
|
+userdom_execute_user_tmpfs_files(chrome_sandbox_nacl_t)
|
||||||
+userdom_read_inherited_user_tmp_files(chrome_sandbox_nacl_t)
|
+userdom_read_inherited_user_tmp_files(chrome_sandbox_nacl_t)
|
||||||
|
+
|
||||||
|
+optional_policy(`
|
||||||
|
+ gnome_dontaudit_write_config_files(chrome_sandbox_nacl_t)
|
||||||
|
+')
|
||||||
|
+
|
||||||
diff --git a/policy/modules/apps/cpufreqselector.te b/policy/modules/apps/cpufreqselector.te
|
diff --git a/policy/modules/apps/cpufreqselector.te b/policy/modules/apps/cpufreqselector.te
|
||||||
index 37475dd..6026789 100644
|
index 37475dd..6026789 100644
|
||||||
--- a/policy/modules/apps/cpufreqselector.te
|
--- a/policy/modules/apps/cpufreqselector.te
|
||||||
@ -5446,10 +5455,10 @@ index 00a19e3..9f6139c 100644
|
|||||||
+/usr/libexec/gnome-system-monitor-mechanism -- gen_context(system_u:object_r:gnomesystemmm_exec_t,s0)
|
+/usr/libexec/gnome-system-monitor-mechanism -- gen_context(system_u:object_r:gnomesystemmm_exec_t,s0)
|
||||||
+/usr/libexec/kde(3|4)/ksysguardprocesslist_helper -- gen_context(system_u:object_r:gnomesystemmm_exec_t,s0)
|
+/usr/libexec/kde(3|4)/ksysguardprocesslist_helper -- gen_context(system_u:object_r:gnomesystemmm_exec_t,s0)
|
||||||
diff --git a/policy/modules/apps/gnome.if b/policy/modules/apps/gnome.if
|
diff --git a/policy/modules/apps/gnome.if b/policy/modules/apps/gnome.if
|
||||||
index f5afe78..c57fc1e 100644
|
index f5afe78..45580b5 100644
|
||||||
--- a/policy/modules/apps/gnome.if
|
--- a/policy/modules/apps/gnome.if
|
||||||
+++ b/policy/modules/apps/gnome.if
|
+++ b/policy/modules/apps/gnome.if
|
||||||
@@ -1,44 +1,862 @@
|
@@ -1,44 +1,880 @@
|
||||||
## <summary>GNU network object model environment (GNOME)</summary>
|
## <summary>GNU network object model environment (GNOME)</summary>
|
||||||
|
|
||||||
-############################################################
|
-############################################################
|
||||||
@ -5684,6 +5693,24 @@ index f5afe78..c57fc1e 100644
|
|||||||
+
|
+
|
||||||
+########################################
|
+########################################
|
||||||
+## <summary>
|
+## <summary>
|
||||||
|
+## Dontaudit write gnome homedir content (.config)
|
||||||
|
+## </summary>
|
||||||
|
+## <param name="domain">
|
||||||
|
+## <summary>
|
||||||
|
+## Domain to not audit.
|
||||||
|
+## </summary>
|
||||||
|
+## </param>
|
||||||
|
+#
|
||||||
|
+interface(`gnome_dontaudit_write_config_files',`
|
||||||
|
+ gen_require(`
|
||||||
|
+ attribute gnome_home_type;
|
||||||
|
+ ')
|
||||||
|
+
|
||||||
|
+ dontaudit $1 gnome_home_type:file write;
|
||||||
|
+')
|
||||||
|
+
|
||||||
|
+########################################
|
||||||
|
+## <summary>
|
||||||
+## manage gnome homedir content (.config)
|
+## manage gnome homedir content (.config)
|
||||||
+## </summary>
|
+## </summary>
|
||||||
+## <param name="domain">
|
+## <param name="domain">
|
||||||
@ -6330,7 +6357,7 @@ index f5afe78..c57fc1e 100644
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -46,37 +864,92 @@ interface(`gnome_role',`
|
@@ -46,37 +882,92 @@ interface(`gnome_role',`
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -6434,7 +6461,7 @@ index f5afe78..c57fc1e 100644
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -84,37 +957,53 @@ template(`gnome_read_gconf_config',`
|
@@ -84,37 +975,53 @@ template(`gnome_read_gconf_config',`
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -6499,7 +6526,7 @@ index f5afe78..c57fc1e 100644
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -122,17 +1011,17 @@ interface(`gnome_stream_connect_gconf',`
|
@@ -122,17 +1029,17 @@ interface(`gnome_stream_connect_gconf',`
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -6521,7 +6548,7 @@ index f5afe78..c57fc1e 100644
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -140,51 +1029,298 @@ interface(`gnome_domtrans_gconfd',`
|
@@ -140,51 +1047,298 @@ interface(`gnome_domtrans_gconfd',`
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -12767,7 +12794,7 @@ index 223ad43..d95e720 100644
|
|||||||
rsync_exec(yam_t)
|
rsync_exec(yam_t)
|
||||||
')
|
')
|
||||||
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
|
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
|
||||||
index 3fae11a..cdd0dcf 100644
|
index 3fae11a..ab97bec 100644
|
||||||
--- a/policy/modules/kernel/corecommands.fc
|
--- a/policy/modules/kernel/corecommands.fc
|
||||||
+++ b/policy/modules/kernel/corecommands.fc
|
+++ b/policy/modules/kernel/corecommands.fc
|
||||||
@@ -1,7 +1,7 @@
|
@@ -1,7 +1,7 @@
|
||||||
@ -13050,18 +13077,19 @@ index 3fae11a..cdd0dcf 100644
|
|||||||
/usr/share/apache2/[^/]* -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/apache2/[^/]* -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -375,8 +412,8 @@ ifdef(`distro_suse', `
|
@@ -375,8 +412,9 @@ ifdef(`distro_suse', `
|
||||||
/var/ftp/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/var/ftp/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
|
||||||
/var/lib/asterisk/agi-bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/var/lib/asterisk/agi-bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
-/usr/lib/yp/.+ -- gen_context(system_u:object_r:bin_t,s0)
|
-/usr/lib/yp/.+ -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
-/usr/lib64/yp/.+ -- gen_context(system_u:object_r:bin_t,s0)
|
-/usr/lib64/yp/.+ -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
+/var/lib/iscan/interpreter gen_context(system_u:object_r:bin_t,s0)
|
||||||
+/usr/lib/ruby/gems(/.*)?/helper-scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
+/usr/lib/ruby/gems(/.*)?/helper-scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
+
|
+
|
||||||
|
|
||||||
/var/qmail/bin -d gen_context(system_u:object_r:bin_t,s0)
|
/var/qmail/bin -d gen_context(system_u:object_r:bin_t,s0)
|
||||||
/var/qmail/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/var/qmail/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
@@ -385,3 +422,12 @@ ifdef(`distro_suse', `
|
@@ -385,3 +423,12 @@ ifdef(`distro_suse', `
|
||||||
ifdef(`distro_suse',`
|
ifdef(`distro_suse',`
|
||||||
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
|
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
|
||||||
')
|
')
|
||||||
@ -41791,10 +41819,10 @@ index 9878499..8643cd3 100644
|
|||||||
- admin_pattern($1, jabberd_var_run_t)
|
- admin_pattern($1, jabberd_var_run_t)
|
||||||
')
|
')
|
||||||
diff --git a/policy/modules/services/jabber.te b/policy/modules/services/jabber.te
|
diff --git a/policy/modules/services/jabber.te b/policy/modules/services/jabber.te
|
||||||
index da2127e..a666df2 100644
|
index da2127e..24e20b0 100644
|
||||||
--- a/policy/modules/services/jabber.te
|
--- a/policy/modules/services/jabber.te
|
||||||
+++ b/policy/modules/services/jabber.te
|
+++ b/policy/modules/services/jabber.te
|
||||||
@@ -5,90 +5,150 @@ policy_module(jabber, 1.8.0)
|
@@ -5,90 +5,148 @@ policy_module(jabber, 1.8.0)
|
||||||
# Declarations
|
# Declarations
|
||||||
#
|
#
|
||||||
|
|
||||||
@ -41872,45 +41900,43 @@ index da2127e..a666df2 100644
|
|||||||
-corenet_sendrecv_jabber_interserver_server_packets(jabberd_t)
|
-corenet_sendrecv_jabber_interserver_server_packets(jabberd_t)
|
||||||
+manage_files_pattern(jabberd_router_t, jabberd_var_lib_t, jabberd_var_lib_t)
|
+manage_files_pattern(jabberd_router_t, jabberd_var_lib_t, jabberd_var_lib_t)
|
||||||
+manage_dirs_pattern(jabberd_router_t, jabberd_var_lib_t, jabberd_var_lib_t)
|
+manage_dirs_pattern(jabberd_router_t, jabberd_var_lib_t, jabberd_var_lib_t)
|
||||||
+
|
|
||||||
|
-dev_read_sysfs(jabberd_t)
|
||||||
|
-# For SSL
|
||||||
|
-dev_read_rand(jabberd_t)
|
||||||
+corenet_tcp_bind_jabber_client_port(jabberd_router_t)
|
+corenet_tcp_bind_jabber_client_port(jabberd_router_t)
|
||||||
+corenet_tcp_bind_jabber_router_port(jabberd_router_t)
|
+corenet_tcp_bind_jabber_router_port(jabberd_router_t)
|
||||||
+corenet_tcp_connect_jabber_router_port(jabberd_router_t)
|
+corenet_tcp_connect_jabber_router_port(jabberd_router_t)
|
||||||
+corenet_sendrecv_jabber_router_server_packets(jabberd_router_t)
|
+corenet_sendrecv_jabber_router_server_packets(jabberd_router_t)
|
||||||
+corenet_sendrecv_jabber_client_server_packets(jabberd_router_t)
|
+corenet_sendrecv_jabber_client_server_packets(jabberd_router_t)
|
||||||
+
|
|
||||||
+fs_getattr_all_fs(jabberd_router_t)
|
|
||||||
|
|
||||||
-dev_read_sysfs(jabberd_t)
|
|
||||||
-# For SSL
|
|
||||||
-dev_read_rand(jabberd_t)
|
|
||||||
+miscfiles_read_generic_certs(jabberd_router_t)
|
|
||||||
|
|
||||||
-domain_use_interactive_fds(jabberd_t)
|
-domain_use_interactive_fds(jabberd_t)
|
||||||
|
+fs_getattr_all_fs(jabberd_router_t)
|
||||||
|
|
||||||
|
-files_read_etc_files(jabberd_t)
|
||||||
|
-files_read_etc_runtime_files(jabberd_t)
|
||||||
|
+miscfiles_read_generic_certs(jabberd_router_t)
|
||||||
|
|
||||||
|
-fs_getattr_all_fs(jabberd_t)
|
||||||
|
-fs_search_auto_mountpoints(jabberd_t)
|
||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
+ kerberos_use(jabberd_router_t)
|
+ kerberos_use(jabberd_router_t)
|
||||||
+')
|
+')
|
||||||
|
|
||||||
-files_read_etc_files(jabberd_t)
|
-logging_send_syslog_msg(jabberd_t)
|
||||||
-files_read_etc_runtime_files(jabberd_t)
|
|
||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
+ nis_use_ypbind(jabberd_router_t)
|
+ nis_use_ypbind(jabberd_router_t)
|
||||||
+')
|
+')
|
||||||
|
|
||||||
-fs_getattr_all_fs(jabberd_t)
|
-miscfiles_read_localization(jabberd_t)
|
||||||
-fs_search_auto_mountpoints(jabberd_t)
|
|
||||||
+#####################################
|
+#####################################
|
||||||
+#
|
+#
|
||||||
+# Local policy for other jabberd components
|
+# Local policy for other jabberd components
|
||||||
+#
|
+#
|
||||||
|
+
|
||||||
-logging_send_syslog_msg(jabberd_t)
|
|
||||||
+manage_files_pattern(jabberd_t, jabberd_var_lib_t, jabberd_var_lib_t)
|
+manage_files_pattern(jabberd_t, jabberd_var_lib_t, jabberd_var_lib_t)
|
||||||
+manage_dirs_pattern(jabberd_t, jabberd_var_lib_t, jabberd_var_lib_t)
|
+manage_dirs_pattern(jabberd_t, jabberd_var_lib_t, jabberd_var_lib_t)
|
||||||
|
|
||||||
-miscfiles_read_localization(jabberd_t)
|
|
||||||
+kernel_read_system_state(jabberd_t)
|
|
||||||
|
|
||||||
-sysnet_read_config(jabberd_t)
|
-sysnet_read_config(jabberd_t)
|
||||||
+corenet_tcp_bind_jabber_interserver_port(jabberd_t)
|
+corenet_tcp_bind_jabber_interserver_port(jabberd_t)
|
||||||
+corenet_tcp_connect_jabber_router_port(jabberd_t)
|
+corenet_tcp_connect_jabber_router_port(jabberd_t)
|
||||||
@ -41926,8 +41952,8 @@ index da2127e..a666df2 100644
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
- seutil_sigchld_newrole(jabberd_t)
|
- seutil_sigchld_newrole(jabberd_t)
|
||||||
+ udev_read_db(jabberd_t)
|
+ udev_read_db(jabberd_t)
|
||||||
')
|
+')
|
||||||
|
+
|
||||||
+######################################
|
+######################################
|
||||||
+#
|
+#
|
||||||
+# Local policy for pyicq-t
|
+# Local policy for pyicq-t
|
||||||
@ -41942,8 +41968,6 @@ index da2127e..a666df2 100644
|
|||||||
+files_search_spool(pyicqt_t)
|
+files_search_spool(pyicqt_t)
|
||||||
+manage_files_pattern(pyicqt_t, pyicqt_var_spool_t, pyicqt_var_spool_t);
|
+manage_files_pattern(pyicqt_t, pyicqt_var_spool_t, pyicqt_var_spool_t);
|
||||||
+
|
+
|
||||||
+kernel_read_system_state(pyicqt_t)
|
|
||||||
+
|
|
||||||
+corenet_tcp_bind_jabber_router_port(pyicqt_t)
|
+corenet_tcp_bind_jabber_router_port(pyicqt_t)
|
||||||
+corenet_tcp_connect_jabber_router_port(pyicqt_t)
|
+corenet_tcp_connect_jabber_router_port(pyicqt_t)
|
||||||
+
|
+
|
||||||
@ -41960,14 +41984,14 @@ index da2127e..a666df2 100644
|
|||||||
+libs_use_shared_libs(pyicqt_t)
|
+libs_use_shared_libs(pyicqt_t)
|
||||||
+
|
+
|
||||||
+# needed for pyicq-t-mysql
|
+# needed for pyicq-t-mysql
|
||||||
optional_policy(`
|
+optional_policy(`
|
||||||
- udev_read_db(jabberd_t)
|
|
||||||
+ corenet_tcp_connect_mysqld_port(pyicqt_t)
|
+ corenet_tcp_connect_mysqld_port(pyicqt_t)
|
||||||
')
|
')
|
||||||
+
|
|
||||||
+optional_policy(`
|
optional_policy(`
|
||||||
|
- udev_read_db(jabberd_t)
|
||||||
+ sysnet_use_ldap(pyicqt_t)
|
+ sysnet_use_ldap(pyicqt_t)
|
||||||
+')
|
')
|
||||||
+
|
+
|
||||||
+#######################################
|
+#######################################
|
||||||
+#
|
+#
|
||||||
@ -41979,6 +42003,8 @@ index da2127e..a666df2 100644
|
|||||||
+allow jabberd_domain self:tcp_socket create_stream_socket_perms;
|
+allow jabberd_domain self:tcp_socket create_stream_socket_perms;
|
||||||
+allow jabberd_domain self:udp_socket create_socket_perms;
|
+allow jabberd_domain self:udp_socket create_socket_perms;
|
||||||
+
|
+
|
||||||
|
+kernel_read_system_state(jabberd_domain)
|
||||||
|
+
|
||||||
+corenet_all_recvfrom_unlabeled(jabberd_domain)
|
+corenet_all_recvfrom_unlabeled(jabberd_domain)
|
||||||
+corenet_all_recvfrom_netlabel(jabberd_domain)
|
+corenet_all_recvfrom_netlabel(jabberd_domain)
|
||||||
+corenet_tcp_sendrecv_generic_if(jabberd_domain)
|
+corenet_tcp_sendrecv_generic_if(jabberd_domain)
|
||||||
@ -47464,7 +47490,7 @@ index 2324d9e..8666a3c 100644
|
|||||||
+ files_pid_filetrans($1, NetworkManager_var_run_t, file, "nm-dhclient.-eth9.conf")
|
+ files_pid_filetrans($1, NetworkManager_var_run_t, file, "nm-dhclient.-eth9.conf")
|
||||||
+')
|
+')
|
||||||
diff --git a/policy/modules/services/networkmanager.te b/policy/modules/services/networkmanager.te
|
diff --git a/policy/modules/services/networkmanager.te b/policy/modules/services/networkmanager.te
|
||||||
index 0619395..e5fb258 100644
|
index 0619395..be38b9d 100644
|
||||||
--- a/policy/modules/services/networkmanager.te
|
--- a/policy/modules/services/networkmanager.te
|
||||||
+++ b/policy/modules/services/networkmanager.te
|
+++ b/policy/modules/services/networkmanager.te
|
||||||
@@ -12,6 +12,15 @@ init_daemon_domain(NetworkManager_t, NetworkManager_exec_t)
|
@@ -12,6 +12,15 @@ init_daemon_domain(NetworkManager_t, NetworkManager_exec_t)
|
||||||
@ -47534,7 +47560,13 @@ index 0619395..e5fb258 100644
|
|||||||
manage_files_pattern(NetworkManager_t, NetworkManager_tmp_t, NetworkManager_tmp_t)
|
manage_files_pattern(NetworkManager_t, NetworkManager_tmp_t, NetworkManager_tmp_t)
|
||||||
manage_sock_files_pattern(NetworkManager_t, NetworkManager_tmp_t, NetworkManager_tmp_t)
|
manage_sock_files_pattern(NetworkManager_t, NetworkManager_tmp_t, NetworkManager_tmp_t)
|
||||||
files_tmp_filetrans(NetworkManager_t, NetworkManager_tmp_t, { sock_file file })
|
files_tmp_filetrans(NetworkManager_t, NetworkManager_tmp_t, { sock_file file })
|
||||||
@@ -100,6 +129,7 @@ dev_read_rand(NetworkManager_t)
|
@@ -95,11 +124,12 @@ corenet_sendrecv_all_client_packets(NetworkManager_t)
|
||||||
|
corenet_rw_tun_tap_dev(NetworkManager_t)
|
||||||
|
corenet_getattr_ppp_dev(NetworkManager_t)
|
||||||
|
|
||||||
|
-dev_read_sysfs(NetworkManager_t)
|
||||||
|
+dev_rw_sysfs(NetworkManager_t)
|
||||||
|
dev_read_rand(NetworkManager_t)
|
||||||
dev_read_urand(NetworkManager_t)
|
dev_read_urand(NetworkManager_t)
|
||||||
dev_dontaudit_getattr_generic_blk_files(NetworkManager_t)
|
dev_dontaudit_getattr_generic_blk_files(NetworkManager_t)
|
||||||
dev_getattr_all_chr_files(NetworkManager_t)
|
dev_getattr_all_chr_files(NetworkManager_t)
|
||||||
|
@ -17,7 +17,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.10.0
|
Version: 3.10.0
|
||||||
Release: 68%{?dist}
|
Release: 69%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -470,6 +470,11 @@ SELinux Reference policy mls base module.
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Dec 14 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-69
|
||||||
|
- Add label for /var/lib/iscan/interpreter
|
||||||
|
- Dont audit writes to leaked file descriptors or redirected output for nacl
|
||||||
|
- NetworkManager needs to write to /sys/class/net/ib*/mode
|
||||||
|
|
||||||
* Tue Dec 13 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-68
|
* Tue Dec 13 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-68
|
||||||
- Allow abrt to request the kernel to load a module
|
- Allow abrt to request the kernel to load a module
|
||||||
- Make sure mozilla content is labeled correctly
|
- Make sure mozilla content is labeled correctly
|
||||||
|
Loading…
Reference in New Issue
Block a user