rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Update rhcs policy

Browse Source
This commit is contained in:
Daniel J Walsh 2009-09-29 20:51:16 +00:00
parent 5b96313949
commit 7f2ac12f13
1 changed files with 18 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
policy-F12.patch
View File

@ -388,7 +388,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/bin/online_update -- gen_context(system_u:object_r:rpm_exec_t,s0) /usr/bin/online_update -- gen_context(system_u:object_r:rpm_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.6.32/policy/modules/admin/rpm.if diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.6.32/policy/modules/admin/rpm.if
--- nsaserefpolicy/policy/modules/admin/rpm.if 2009-07-14 14:19:57.000000000 -0400 --- nsaserefpolicy/policy/modules/admin/rpm.if 2009-07-14 14:19:57.000000000 -0400
+++ serefpolicy-3.6.32/policy/modules/admin/rpm.if 2009-09-29 10:11:37.000000000 -0400 +++ serefpolicy-3.6.32/policy/modules/admin/rpm.if 2009-09-29 16:46:01.000000000 -0400
@@ -13,11 +13,34 @@ @@ -13,11 +13,34 @@
interface(`rpm_domtrans',` interface(`rpm_domtrans',`
gen_require(` gen_require(`
@ -2593,8 +2593,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib(64)?/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:nsplugin_rw_t,s0) +/usr/lib(64)?/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:nsplugin_rw_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.6.32/policy/modules/apps/nsplugin.if diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.6.32/policy/modules/apps/nsplugin.if
--- nsaserefpolicy/policy/modules/apps/nsplugin.if 1969-12-31 19:00:00.000000000 -0500 --- nsaserefpolicy/policy/modules/apps/nsplugin.if 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.6.32/policy/modules/apps/nsplugin.if 2009-09-29 15:46:41.000000000 -0400 +++ serefpolicy-3.6.32/policy/modules/apps/nsplugin.if 2009-09-29 16:37:24.000000000 -0400
@@ -0,0 +1,322 @@ @@ -0,0 +1,323 @@
+ +
+## <summary>policy for nsplugin</summary> +## <summary>policy for nsplugin</summary>
+ +
@ -2680,6 +2680,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ type nsplugin_config_t; + type nsplugin_config_t;
+ class x_drawable all_x_drawable_perms; + class x_drawable all_x_drawable_perms;
+ class x_resource all_x_resource_perms; + class x_resource all_x_resource_perms;
+ class dbus send_msg;
+ ') + ')
+ +
+ role $1 types nsplugin_t; + role $1 types nsplugin_t;
@ -8398,7 +8399,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## All of the rules required to administrate ## All of the rules required to administrate
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.6.32/policy/modules/services/abrt.te diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.6.32/policy/modules/services/abrt.te
--- nsaserefpolicy/policy/modules/services/abrt.te 2009-09-16 09:09:20.000000000 -0400 --- nsaserefpolicy/policy/modules/services/abrt.te 2009-09-16 09:09:20.000000000 -0400
+++ serefpolicy-3.6.32/policy/modules/services/abrt.te 2009-09-24 11:54:43.000000000 -0400 +++ serefpolicy-3.6.32/policy/modules/services/abrt.te 2009-09-29 16:46:09.000000000 -0400
@@ -75,6 +75,7 @@ @@ -75,6 +75,7 @@
corecmd_exec_bin(abrt_t) corecmd_exec_bin(abrt_t)
@ -8407,7 +8408,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_tcp_connect_http_port(abrt_t) corenet_tcp_connect_http_port(abrt_t)
@@ -105,13 +106,20 @@ @@ -105,13 +106,22 @@
dbus_system_bus_client(abrt_t) dbus_system_bus_client(abrt_t)
') ')
@ -8420,6 +8421,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- rpm_manage_db(abrt_t) - rpm_manage_db(abrt_t)
- rpm_domtrans(abrt_t) - rpm_domtrans(abrt_t)
+ rpm_manage_cache(abrt_t) + rpm_manage_cache(abrt_t)
+ rpm_read_db(abrt_t)
+ rpm_dontaudit_manage_db(abrt_t)
+ rpm_domtrans_debuginfo(abrt_t) + rpm_domtrans_debuginfo(abrt_t)
+ rpm_signull(abrt_t) + rpm_signull(abrt_t)
') ')
@ -12124,7 +12127,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.6.32/policy/modules/services/dovecot.te diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.6.32/policy/modules/services/dovecot.te
--- nsaserefpolicy/policy/modules/services/dovecot.te 2009-08-14 16:14:31.000000000 -0400 --- nsaserefpolicy/policy/modules/services/dovecot.te 2009-08-14 16:14:31.000000000 -0400
+++ serefpolicy-3.6.32/policy/modules/services/dovecot.te 2009-09-16 10:03:09.000000000 -0400 +++ serefpolicy-3.6.32/policy/modules/services/dovecot.te 2009-09-29 16:39:40.000000000 -0400
@@ -103,6 +103,7 @@ @@ -103,6 +103,7 @@
dev_read_urand(dovecot_t) dev_read_urand(dovecot_t)
@ -12133,6 +12136,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
fs_search_auto_mountpoints(dovecot_t) fs_search_auto_mountpoints(dovecot_t)
fs_list_inotifyfs(dovecot_t) fs_list_inotifyfs(dovecot_t)
@@ -159,7 +160,7 @@
#
allow dovecot_auth_t self:capability { chown dac_override setgid setuid };
-allow dovecot_auth_t self:process signal_perms;
+allow dovecot_auth_t self:process { signal_perms getcap setcap };
allow dovecot_auth_t self:fifo_file rw_fifo_file_perms;
allow dovecot_auth_t self:unix_dgram_socket create_socket_perms;
allow dovecot_auth_t self:unix_stream_socket create_stream_socket_perms;
@@ -220,9 +221,15 @@ @@ -220,9 +221,15 @@
') ')