- Fix squidGuard labeling
This commit is contained in:
parent
2eec438a0b
commit
81794767c6
@ -18513,7 +18513,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+
|
+
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.6.6/policy/modules/services/postfix.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.6.6/policy/modules/services/postfix.te
|
||||||
--- nsaserefpolicy/policy/modules/services/postfix.te 2009-01-19 11:07:34.000000000 -0500
|
--- nsaserefpolicy/policy/modules/services/postfix.te 2009-01-19 11:07:34.000000000 -0500
|
||||||
+++ serefpolicy-3.6.6/policy/modules/services/postfix.te 2009-02-16 13:18:06.000000000 -0500
|
+++ serefpolicy-3.6.6/policy/modules/services/postfix.te 2009-02-17 08:27:34.000000000 -0500
|
||||||
@@ -6,6 +6,15 @@
|
@@ -6,6 +6,15 @@
|
||||||
# Declarations
|
# Declarations
|
||||||
#
|
#
|
||||||
@ -18829,7 +18829,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
mailman_read_data_files(postfix_smtpd_t)
|
mailman_read_data_files(postfix_smtpd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -572,7 +666,7 @@
|
@@ -572,12 +666,13 @@
|
||||||
files_tmp_filetrans(postfix_virtual_t, postfix_virtual_tmp_t, { file dir })
|
files_tmp_filetrans(postfix_virtual_t, postfix_virtual_tmp_t, { file dir })
|
||||||
|
|
||||||
# connect to master process
|
# connect to master process
|
||||||
@ -18838,6 +18838,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
|
|
||||||
corecmd_exec_shell(postfix_virtual_t)
|
corecmd_exec_shell(postfix_virtual_t)
|
||||||
corecmd_exec_bin(postfix_virtual_t)
|
corecmd_exec_bin(postfix_virtual_t)
|
||||||
|
|
||||||
|
files_read_etc_files(postfix_virtual_t)
|
||||||
|
+files_read_usr_files(postfix_virtual_t)
|
||||||
|
|
||||||
|
mta_read_aliases(postfix_virtual_t)
|
||||||
|
mta_delete_spool(postfix_virtual_t)
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.fc serefpolicy-3.6.6/policy/modules/services/postgresql.fc
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.fc serefpolicy-3.6.6/policy/modules/services/postgresql.fc
|
||||||
--- nsaserefpolicy/policy/modules/services/postgresql.fc 2008-08-14 13:08:27.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/postgresql.fc 2008-08-14 13:08:27.000000000 -0400
|
||||||
+++ serefpolicy-3.6.6/policy/modules/services/postgresql.fc 2009-02-16 13:18:06.000000000 -0500
|
+++ serefpolicy-3.6.6/policy/modules/services/postgresql.fc 2009-02-16 13:18:06.000000000 -0500
|
||||||
@ -22455,6 +22461,21 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.fc serefpolicy-3.6.6/policy/modules/services/squid.fc
|
||||||
|
--- nsaserefpolicy/policy/modules/services/squid.fc 2008-10-08 19:00:27.000000000 -0400
|
||||||
|
+++ serefpolicy-3.6.6/policy/modules/services/squid.fc 2009-02-17 09:06:28.000000000 -0500
|
||||||
|
@@ -6,7 +6,11 @@
|
||||||
|
/usr/sbin/squid -- gen_context(system_u:object_r:squid_exec_t,s0)
|
||||||
|
/usr/share/squid(/.*)? gen_context(system_u:object_r:squid_conf_t,s0)
|
||||||
|
|
||||||
|
+/var/squidGuard(/.*)? gen_context(system_u:object_r:squid_cache_t,s0)
|
||||||
|
/var/cache/squid(/.*)? gen_context(system_u:object_r:squid_cache_t,s0)
|
||||||
|
+
|
||||||
|
/var/log/squid(/.*)? gen_context(system_u:object_r:squid_log_t,s0)
|
||||||
|
+/var/log/squidGuard(/.*)? gen_context(system_u:object_r:squid_log_t,s0)
|
||||||
|
+
|
||||||
|
/var/run/squid\.pid -- gen_context(system_u:object_r:squid_var_run_t,s0)
|
||||||
|
/var/spool/squid(/.*)? gen_context(system_u:object_r:squid_cache_t,s0)
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.if serefpolicy-3.6.6/policy/modules/services/squid.if
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.if serefpolicy-3.6.6/policy/modules/services/squid.if
|
||||||
--- nsaserefpolicy/policy/modules/services/squid.if 2008-11-11 16:13:45.000000000 -0500
|
--- nsaserefpolicy/policy/modules/services/squid.if 2008-11-11 16:13:45.000000000 -0500
|
||||||
+++ serefpolicy-3.6.6/policy/modules/services/squid.if 2009-02-16 13:18:06.000000000 -0500
|
+++ serefpolicy-3.6.6/policy/modules/services/squid.if 2009-02-16 13:18:06.000000000 -0500
|
||||||
@ -26077,7 +26098,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
allow iscsid_t iscsi_tmp_t:dir manage_dir_perms;
|
allow iscsid_t iscsi_tmp_t:dir manage_dir_perms;
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.6/policy/modules/system/libraries.fc
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.6/policy/modules/system/libraries.fc
|
||||||
--- nsaserefpolicy/policy/modules/system/libraries.fc 2009-01-05 15:39:43.000000000 -0500
|
--- nsaserefpolicy/policy/modules/system/libraries.fc 2009-01-05 15:39:43.000000000 -0500
|
||||||
+++ serefpolicy-3.6.6/policy/modules/system/libraries.fc 2009-02-16 13:18:06.000000000 -0500
|
+++ serefpolicy-3.6.6/policy/modules/system/libraries.fc 2009-02-17 08:47:24.000000000 -0500
|
||||||
@@ -60,12 +60,15 @@
|
@@ -60,12 +60,15 @@
|
||||||
#
|
#
|
||||||
# /opt
|
# /opt
|
||||||
@ -26169,6 +26190,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
/usr/lib(64)?/libSDL-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib(64)?/libSDL-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/usr/lib(64)?/xorg/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib(64)?/xorg/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/usr/X11R6/lib/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/X11R6/lib/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
|
@@ -233,7 +250,7 @@
|
||||||
|
/usr/lib(64)?/php/modules/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
|
|
||||||
|
# Livna.org packages: xmms-mp3, ffmpeg, xvidcore, xine-lib, gsm, lame
|
||||||
|
-/usr/lib(64)?.*/libmpg123\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
|
+/usr/lib(64)?.*/libmpg123\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
|
/usr/lib(64)?/codecs/drv[1-9c]\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
|
/usr/lib(64)?/libpostproc\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
|
/usr/lib(64)?/libavformat.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
@@ -246,12 +263,13 @@
|
@@ -246,12 +263,13 @@
|
||||||
|
|
||||||
# Flash plugin, Macromedia
|
# Flash plugin, Macromedia
|
||||||
@ -31490,7 +31520,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+')
|
+')
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.6.6/policy/support/obj_perm_sets.spt
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.6.6/policy/support/obj_perm_sets.spt
|
||||||
--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2008-10-16 17:21:16.000000000 -0400
|
--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2008-10-16 17:21:16.000000000 -0400
|
||||||
+++ serefpolicy-3.6.6/policy/support/obj_perm_sets.spt 2009-02-16 13:18:06.000000000 -0500
|
+++ serefpolicy-3.6.6/policy/support/obj_perm_sets.spt 2009-02-17 08:43:20.000000000 -0500
|
||||||
@@ -179,20 +179,20 @@
|
@@ -179,20 +179,20 @@
|
||||||
#
|
#
|
||||||
# Directory (dir)
|
# Directory (dir)
|
||||||
@ -31521,6 +31551,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
|
|
||||||
#
|
#
|
||||||
# Regular file (file)
|
# Regular file (file)
|
||||||
|
@@ -225,7 +225,7 @@
|
||||||
|
define(`create_lnk_file_perms',`{ create getattr }')
|
||||||
|
define(`rename_lnk_file_perms',`{ getattr rename }')
|
||||||
|
define(`delete_lnk_file_perms',`{ getattr unlink }')
|
||||||
|
-define(`manage_lnk_file_perms',`{ create read getattr setattr unlink rename }')
|
||||||
|
+define(`manage_lnk_file_perms',`{ create read getattr setattr link unlink rename }')
|
||||||
|
define(`relabelfrom_lnk_file_perms',`{ getattr relabelfrom }')
|
||||||
|
define(`relabelto_lnk_file_perms',`{ getattr relabelto }')
|
||||||
|
define(`relabel_lnk_file_perms',`{ getattr relabelfrom relabelto }')
|
||||||
@@ -312,3 +312,13 @@
|
@@ -312,3 +312,13 @@
|
||||||
#
|
#
|
||||||
define(`client_stream_socket_perms', `{ create ioctl read getattr write setattr append bind getopt setopt shutdown }')
|
define(`client_stream_socket_perms', `{ create ioctl read getattr write setattr append bind getopt setopt shutdown }')
|
||||||
|
@ -20,7 +20,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.6.6
|
Version: 3.6.6
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -444,6 +444,9 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Feb 17 2009 Dan Walsh <dwalsh@redhat.com> 3.6.6-2
|
||||||
|
- Fix squidGuard labeling
|
||||||
|
|
||||||
* Wed Feb 11 2009 Dan Walsh <dwalsh@redhat.com> 3.6.6-1
|
* Wed Feb 11 2009 Dan Walsh <dwalsh@redhat.com> 3.6.6-1
|
||||||
- Re-add corenet_in_generic_if(unlabeled_t)
|
- Re-add corenet_in_generic_if(unlabeled_t)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user