- Update to latest from upstream
This commit is contained in:
parent
8cd496f1d6
commit
810e69636e
|
@ -5978,8 +5978,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fuserm
|
||||||
\ No newline at end of file
|
\ No newline at end of file
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fusermount.te serefpolicy-2.6.4/policy/modules/system/fusermount.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fusermount.te serefpolicy-2.6.4/policy/modules/system/fusermount.te
|
||||||
--- nsaserefpolicy/policy/modules/system/fusermount.te 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/system/fusermount.te 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-2.6.4/policy/modules/system/fusermount.te 2007-05-08 09:59:33.000000000 -0400
|
+++ serefpolicy-2.6.4/policy/modules/system/fusermount.te 2007-05-14 15:36:32.000000000 -0400
|
||||||
@@ -0,0 +1,50 @@
|
@@ -0,0 +1,51 @@
|
||||||
+policy_module(fusermount,1.0.0)
|
+policy_module(fusermount,1.0.0)
|
||||||
+
|
+
|
||||||
+########################################
|
+########################################
|
||||||
|
@ -6019,6 +6019,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fuserm
|
||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
+ hal_write_log(fusermount_t)
|
+ hal_write_log(fusermount_t)
|
||||||
+ hal_use_fds(fusermount_t)
|
+ hal_use_fds(fusermount_t)
|
||||||
|
+ hal_rw_pipes(fusermount_t)
|
||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
|
@ -6304,7 +6305,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
|
||||||
+')
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.6.4/policy/modules/system/libraries.fc
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.6.4/policy/modules/system/libraries.fc
|
||||||
--- nsaserefpolicy/policy/modules/system/libraries.fc 2007-05-04 12:19:22.000000000 -0400
|
--- nsaserefpolicy/policy/modules/system/libraries.fc 2007-05-04 12:19:22.000000000 -0400
|
||||||
+++ serefpolicy-2.6.4/policy/modules/system/libraries.fc 2007-05-08 09:59:33.000000000 -0400
|
+++ serefpolicy-2.6.4/policy/modules/system/libraries.fc 2007-05-14 14:18:52.000000000 -0400
|
||||||
@@ -81,8 +81,8 @@
|
@@ -81,8 +81,8 @@
|
||||||
/opt/cisco-vpnclient/lib/libvpnapi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/opt/cisco-vpnclient/lib/libvpnapi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/opt/netbeans(.*/)?jdk.*/linux/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/opt/netbeans(.*/)?jdk.*/linux/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
|
@ -6315,7 +6316,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
|
||||||
|
|
||||||
ifdef(`distro_gentoo',`
|
ifdef(`distro_gentoo',`
|
||||||
# despite the extensions, they are actually libs
|
# despite the extensions, they are actually libs
|
||||||
@@ -132,8 +132,10 @@
|
@@ -132,13 +132,16 @@
|
||||||
|
|
||||||
/usr/(.*/)?nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/(.*/)?nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
|
|
||||||
|
@ -6327,6 +6328,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
|
||||||
|
|
||||||
/usr/(.*/)?lib(64)?(/.*)?/nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/(.*/)?lib(64)?(/.*)?/nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/usr/lib(64)?(/.*)?/nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib(64)?(/.*)?/nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
|
/usr/lib(64)?/libsipphoneapi\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
|
/usr/lib(64)?/ati-fglrx/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
|
+/usr/lib(64)?/xorg/libGL\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
|
/usr/lib(64)?/(nvidia/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
|
/usr/lib(64)?/fglrx/libGL\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
|
/usr/lib(64)?/libGLU\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-2.6.4/policy/modules/system/libraries.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-2.6.4/policy/modules/system/libraries.te
|
||||||
--- nsaserefpolicy/policy/modules/system/libraries.te 2007-05-04 12:19:23.000000000 -0400
|
--- nsaserefpolicy/policy/modules/system/libraries.te 2007-05-04 12:19:23.000000000 -0400
|
||||||
+++ serefpolicy-2.6.4/policy/modules/system/libraries.te 2007-05-08 09:59:33.000000000 -0400
|
+++ serefpolicy-2.6.4/policy/modules/system/libraries.te 2007-05-08 09:59:33.000000000 -0400
|
||||||
|
@ -6789,7 +6796,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
|
||||||
+')
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.6.4/policy/modules/system/mount.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.6.4/policy/modules/system/mount.te
|
||||||
--- nsaserefpolicy/policy/modules/system/mount.te 2007-04-23 09:36:02.000000000 -0400
|
--- nsaserefpolicy/policy/modules/system/mount.te 2007-04-23 09:36:02.000000000 -0400
|
||||||
+++ serefpolicy-2.6.4/policy/modules/system/mount.te 2007-05-08 09:59:33.000000000 -0400
|
+++ serefpolicy-2.6.4/policy/modules/system/mount.te 2007-05-14 15:36:25.000000000 -0400
|
||||||
@@ -9,6 +9,13 @@
|
@@ -9,6 +9,13 @@
|
||||||
ifdef(`targeted_policy',`
|
ifdef(`targeted_policy',`
|
||||||
## <desc>
|
## <desc>
|
||||||
|
@ -6844,7 +6851,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
|
||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -205,3 +222,52 @@
|
@@ -205,3 +222,53 @@
|
||||||
files_etc_filetrans_etc_runtime(unconfined_mount_t,file)
|
files_etc_filetrans_etc_runtime(unconfined_mount_t,file)
|
||||||
unconfined_domain(unconfined_mount_t)
|
unconfined_domain(unconfined_mount_t)
|
||||||
')
|
')
|
||||||
|
@ -6891,6 +6898,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
|
||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
+ hal_write_log(mount_ntfs_t)
|
+ hal_write_log(mount_ntfs_t)
|
||||||
+ hal_use_fds(mount_ntfs_t)
|
+ hal_use_fds(mount_ntfs_t)
|
||||||
|
+ hal_rw_pipes(mount_ntfs_t)
|
||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
+ifdef(`targeted_policy',`
|
+ifdef(`targeted_policy',`
|
||||||
|
@ -8117,7 +8125,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
||||||
')
|
')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-2.6.4/policy/modules/system/xen.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-2.6.4/policy/modules/system/xen.if
|
||||||
--- nsaserefpolicy/policy/modules/system/xen.if 2007-01-02 12:57:49.000000000 -0500
|
--- nsaserefpolicy/policy/modules/system/xen.if 2007-01-02 12:57:49.000000000 -0500
|
||||||
+++ serefpolicy-2.6.4/policy/modules/system/xen.if 2007-05-11 18:25:10.000000000 -0400
|
+++ serefpolicy-2.6.4/policy/modules/system/xen.if 2007-05-14 15:38:19.000000000 -0400
|
||||||
@@ -72,12 +72,35 @@
|
@@ -72,12 +72,35 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
|
@ -8154,7 +8162,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if
|
||||||
## Do not audit attempts to read and write
|
## Do not audit attempts to read and write
|
||||||
## Xen unix domain stream sockets. These
|
## Xen unix domain stream sockets. These
|
||||||
## are leaked file descriptors.
|
## are leaked file descriptors.
|
||||||
@@ -151,3 +174,45 @@
|
@@ -151,3 +174,25 @@
|
||||||
|
|
||||||
domtrans_pattern($1,xm_exec_t,xm_t)
|
domtrans_pattern($1,xm_exec_t,xm_t)
|
||||||
')
|
')
|
||||||
|
@ -8172,26 +8180,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if
|
||||||
+#
|
+#
|
||||||
+interface(`xen_read_image_files',`
|
+interface(`xen_read_image_files',`
|
||||||
+ gen_require(`
|
+ gen_require(`
|
||||||
+ type xen_image_t;
|
|
||||||
+ ')
|
|
||||||
+
|
|
||||||
+ files_list_var_lib($1)
|
|
||||||
+ read_files_pattern($1,xen_image_t,xen_image_t)
|
|
||||||
+')
|
|
||||||
+
|
|
||||||
+########################################
|
|
||||||
+## <summary>
|
|
||||||
+## Allow the specified domain to read
|
|
||||||
+## xend image files.
|
|
||||||
+## </summary>
|
|
||||||
+## <param name="domain">
|
|
||||||
+## <summary>
|
|
||||||
+## Domain allowed to transition.
|
|
||||||
+## </summary>
|
|
||||||
+## </param>
|
|
||||||
+#
|
|
||||||
+interface(`xen_read_image_files',`
|
|
||||||
+ gen_require(`
|
|
||||||
+ type xen_image_t, xend_var_lib_t;
|
+ type xen_image_t, xend_var_lib_t;
|
||||||
+ ')
|
+ ')
|
||||||
+
|
+
|
||||||
|
@ -8202,7 +8190,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if
|
||||||
+
|
+
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.6.4/policy/modules/system/xen.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.6.4/policy/modules/system/xen.te
|
||||||
--- nsaserefpolicy/policy/modules/system/xen.te 2007-04-23 09:36:02.000000000 -0400
|
--- nsaserefpolicy/policy/modules/system/xen.te 2007-04-23 09:36:02.000000000 -0400
|
||||||
+++ serefpolicy-2.6.4/policy/modules/system/xen.te 2007-05-14 13:27:09.000000000 -0400
|
+++ serefpolicy-2.6.4/policy/modules/system/xen.te 2007-05-14 15:40:20.000000000 -0400
|
||||||
@@ -25,6 +25,10 @@
|
@@ -25,6 +25,10 @@
|
||||||
domain_type(xend_t)
|
domain_type(xend_t)
|
||||||
init_daemon_domain(xend_t, xend_exec_t)
|
init_daemon_domain(xend_t, xend_exec_t)
|
||||||
|
@ -8236,8 +8224,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
|
||||||
manage_sock_files_pattern(xend_t,xend_var_log_t,xend_var_log_t)
|
manage_sock_files_pattern(xend_t,xend_var_log_t,xend_var_log_t)
|
||||||
logging_log_filetrans(xend_t,xend_var_log_t,{ sock_file file dir })
|
logging_log_filetrans(xend_t,xend_var_log_t,{ sock_file file dir })
|
||||||
|
|
||||||
+manage_files_Patter(xend_t,xend_tmp_t,xend_tmp_t)
|
+manage_files_pattern(xend_t,xend_tmp_t,xend_tmp_t)
|
||||||
+manage_dirs_Patter(xend_t,xend_tmp_t,xend_tmp_t)
|
+manage_dirs_pattern(xend_t,xend_tmp_t,xend_tmp_t)
|
||||||
+files_tmp_filetrans(xend_t, xend_tmp_t, { file dir })
|
+files_tmp_filetrans(xend_t, xend_tmp_t, { file dir })
|
||||||
+
|
+
|
||||||
# var/lib files for xend
|
# var/lib files for xend
|
||||||
|
|
|
@ -359,6 +359,9 @@ semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon May 14 2007 Dan Walsh <dwalsh@redhat.com> 2.6.4-1
|
||||||
|
- Update to latest from upstream
|
||||||
|
|
||||||
* Fri May 4 2007 Dan Walsh <dwalsh@redhat.com> 2.6.3-1
|
* Fri May 4 2007 Dan Walsh <dwalsh@redhat.com> 2.6.3-1
|
||||||
- Update to latest from upstream
|
- Update to latest from upstream
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue