- Update rhcs policy

This commit is contained in:
Daniel J Walsh 2009-09-29 20:51:16 +00:00
parent 5b96313949
commit 7f2ac12f13

View File

@ -388,7 +388,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/bin/online_update -- gen_context(system_u:object_r:rpm_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.6.32/policy/modules/admin/rpm.if
--- nsaserefpolicy/policy/modules/admin/rpm.if 2009-07-14 14:19:57.000000000 -0400
+++ serefpolicy-3.6.32/policy/modules/admin/rpm.if 2009-09-29 10:11:37.000000000 -0400
+++ serefpolicy-3.6.32/policy/modules/admin/rpm.if 2009-09-29 16:46:01.000000000 -0400
@@ -13,11 +13,34 @@
interface(`rpm_domtrans',`
gen_require(`
@ -2593,8 +2593,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib(64)?/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:nsplugin_rw_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.6.32/policy/modules/apps/nsplugin.if
--- nsaserefpolicy/policy/modules/apps/nsplugin.if 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.6.32/policy/modules/apps/nsplugin.if 2009-09-29 15:46:41.000000000 -0400
@@ -0,0 +1,322 @@
+++ serefpolicy-3.6.32/policy/modules/apps/nsplugin.if 2009-09-29 16:37:24.000000000 -0400
@@ -0,0 +1,323 @@
+
+## <summary>policy for nsplugin</summary>
+
@ -2680,6 +2680,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ type nsplugin_config_t;
+ class x_drawable all_x_drawable_perms;
+ class x_resource all_x_resource_perms;
+ class dbus send_msg;
+ ')
+
+ role $1 types nsplugin_t;
@ -8398,7 +8399,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## All of the rules required to administrate
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.6.32/policy/modules/services/abrt.te
--- nsaserefpolicy/policy/modules/services/abrt.te 2009-09-16 09:09:20.000000000 -0400
+++ serefpolicy-3.6.32/policy/modules/services/abrt.te 2009-09-24 11:54:43.000000000 -0400
+++ serefpolicy-3.6.32/policy/modules/services/abrt.te 2009-09-29 16:46:09.000000000 -0400
@@ -75,6 +75,7 @@
corecmd_exec_bin(abrt_t)
@ -8407,7 +8408,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_tcp_connect_http_port(abrt_t)
@@ -105,13 +106,20 @@
@@ -105,13 +106,22 @@
dbus_system_bus_client(abrt_t)
')
@ -8420,6 +8421,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- rpm_manage_db(abrt_t)
- rpm_domtrans(abrt_t)
+ rpm_manage_cache(abrt_t)
+ rpm_read_db(abrt_t)
+ rpm_dontaudit_manage_db(abrt_t)
+ rpm_domtrans_debuginfo(abrt_t)
+ rpm_signull(abrt_t)
')
@ -12124,7 +12127,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.6.32/policy/modules/services/dovecot.te
--- nsaserefpolicy/policy/modules/services/dovecot.te 2009-08-14 16:14:31.000000000 -0400
+++ serefpolicy-3.6.32/policy/modules/services/dovecot.te 2009-09-16 10:03:09.000000000 -0400
+++ serefpolicy-3.6.32/policy/modules/services/dovecot.te 2009-09-29 16:39:40.000000000 -0400
@@ -103,6 +103,7 @@
dev_read_urand(dovecot_t)
@ -12133,6 +12136,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
fs_search_auto_mountpoints(dovecot_t)
fs_list_inotifyfs(dovecot_t)
@@ -159,7 +160,7 @@
#
allow dovecot_auth_t self:capability { chown dac_override setgid setuid };
-allow dovecot_auth_t self:process signal_perms;
+allow dovecot_auth_t self:process { signal_perms getcap setcap };
allow dovecot_auth_t self:fifo_file rw_fifo_file_perms;
allow dovecot_auth_t self:unix_dgram_socket create_socket_perms;
allow dovecot_auth_t self:unix_stream_socket create_stream_socket_perms;
@@ -220,9 +221,15 @@
')