- Fix squidGuard labeling

This commit is contained in:
Daniel J Walsh 2009-02-17 14:07:10 +00:00
parent 2eec438a0b
commit 81794767c6
2 changed files with 47 additions and 5 deletions

View File

@ -18513,7 +18513,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ +
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.6.6/policy/modules/services/postfix.te diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.6.6/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2009-01-19 11:07:34.000000000 -0500 --- nsaserefpolicy/policy/modules/services/postfix.te 2009-01-19 11:07:34.000000000 -0500
+++ serefpolicy-3.6.6/policy/modules/services/postfix.te 2009-02-16 13:18:06.000000000 -0500 +++ serefpolicy-3.6.6/policy/modules/services/postfix.te 2009-02-17 08:27:34.000000000 -0500
@@ -6,6 +6,15 @@ @@ -6,6 +6,15 @@
# Declarations # Declarations
# #
@ -18829,7 +18829,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
mailman_read_data_files(postfix_smtpd_t) mailman_read_data_files(postfix_smtpd_t)
') ')
@@ -572,7 +666,7 @@ @@ -572,12 +666,13 @@
files_tmp_filetrans(postfix_virtual_t, postfix_virtual_tmp_t, { file dir }) files_tmp_filetrans(postfix_virtual_t, postfix_virtual_tmp_t, { file dir })
# connect to master process # connect to master process
@ -18838,6 +18838,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corecmd_exec_shell(postfix_virtual_t) corecmd_exec_shell(postfix_virtual_t)
corecmd_exec_bin(postfix_virtual_t) corecmd_exec_bin(postfix_virtual_t)
files_read_etc_files(postfix_virtual_t)
+files_read_usr_files(postfix_virtual_t)
mta_read_aliases(postfix_virtual_t)
mta_delete_spool(postfix_virtual_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.fc serefpolicy-3.6.6/policy/modules/services/postgresql.fc diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.fc serefpolicy-3.6.6/policy/modules/services/postgresql.fc
--- nsaserefpolicy/policy/modules/services/postgresql.fc 2008-08-14 13:08:27.000000000 -0400 --- nsaserefpolicy/policy/modules/services/postgresql.fc 2008-08-14 13:08:27.000000000 -0400
+++ serefpolicy-3.6.6/policy/modules/services/postgresql.fc 2009-02-16 13:18:06.000000000 -0500 +++ serefpolicy-3.6.6/policy/modules/services/postgresql.fc 2009-02-16 13:18:06.000000000 -0500
@ -22455,6 +22461,21 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
') ')
optional_policy(` optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.fc serefpolicy-3.6.6/policy/modules/services/squid.fc
--- nsaserefpolicy/policy/modules/services/squid.fc 2008-10-08 19:00:27.000000000 -0400
+++ serefpolicy-3.6.6/policy/modules/services/squid.fc 2009-02-17 09:06:28.000000000 -0500
@@ -6,7 +6,11 @@
/usr/sbin/squid -- gen_context(system_u:object_r:squid_exec_t,s0)
/usr/share/squid(/.*)? gen_context(system_u:object_r:squid_conf_t,s0)
+/var/squidGuard(/.*)? gen_context(system_u:object_r:squid_cache_t,s0)
/var/cache/squid(/.*)? gen_context(system_u:object_r:squid_cache_t,s0)
+
/var/log/squid(/.*)? gen_context(system_u:object_r:squid_log_t,s0)
+/var/log/squidGuard(/.*)? gen_context(system_u:object_r:squid_log_t,s0)
+
/var/run/squid\.pid -- gen_context(system_u:object_r:squid_var_run_t,s0)
/var/spool/squid(/.*)? gen_context(system_u:object_r:squid_cache_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.if serefpolicy-3.6.6/policy/modules/services/squid.if diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.if serefpolicy-3.6.6/policy/modules/services/squid.if
--- nsaserefpolicy/policy/modules/services/squid.if 2008-11-11 16:13:45.000000000 -0500 --- nsaserefpolicy/policy/modules/services/squid.if 2008-11-11 16:13:45.000000000 -0500
+++ serefpolicy-3.6.6/policy/modules/services/squid.if 2009-02-16 13:18:06.000000000 -0500 +++ serefpolicy-3.6.6/policy/modules/services/squid.if 2009-02-16 13:18:06.000000000 -0500
@ -26077,7 +26098,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow iscsid_t iscsi_tmp_t:dir manage_dir_perms; allow iscsid_t iscsi_tmp_t:dir manage_dir_perms;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.6/policy/modules/system/libraries.fc diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.6/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2009-01-05 15:39:43.000000000 -0500 --- nsaserefpolicy/policy/modules/system/libraries.fc 2009-01-05 15:39:43.000000000 -0500
+++ serefpolicy-3.6.6/policy/modules/system/libraries.fc 2009-02-16 13:18:06.000000000 -0500 +++ serefpolicy-3.6.6/policy/modules/system/libraries.fc 2009-02-17 08:47:24.000000000 -0500
@@ -60,12 +60,15 @@ @@ -60,12 +60,15 @@
# #
# /opt # /opt
@ -26169,6 +26190,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/lib(64)?/libSDL-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/libSDL-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/xorg/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/xorg/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/X11R6/lib/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/X11R6/lib/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -233,7 +250,7 @@
/usr/lib(64)?/php/modules/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
# Livna.org packages: xmms-mp3, ffmpeg, xvidcore, xine-lib, gsm, lame
-/usr/lib(64)?.*/libmpg123\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib(64)?.*/libmpg123\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/codecs/drv[1-9c]\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libpostproc\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libavformat.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -246,12 +263,13 @@ @@ -246,12 +263,13 @@
# Flash plugin, Macromedia # Flash plugin, Macromedia
@ -31490,7 +31520,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+') +')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.6.6/policy/support/obj_perm_sets.spt diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.6.6/policy/support/obj_perm_sets.spt
--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2008-10-16 17:21:16.000000000 -0400 --- nsaserefpolicy/policy/support/obj_perm_sets.spt 2008-10-16 17:21:16.000000000 -0400
+++ serefpolicy-3.6.6/policy/support/obj_perm_sets.spt 2009-02-16 13:18:06.000000000 -0500 +++ serefpolicy-3.6.6/policy/support/obj_perm_sets.spt 2009-02-17 08:43:20.000000000 -0500
@@ -179,20 +179,20 @@ @@ -179,20 +179,20 @@
# #
# Directory (dir) # Directory (dir)
@ -31521,6 +31551,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# #
# Regular file (file) # Regular file (file)
@@ -225,7 +225,7 @@
define(`create_lnk_file_perms',`{ create getattr }')
define(`rename_lnk_file_perms',`{ getattr rename }')
define(`delete_lnk_file_perms',`{ getattr unlink }')
-define(`manage_lnk_file_perms',`{ create read getattr setattr unlink rename }')
+define(`manage_lnk_file_perms',`{ create read getattr setattr link unlink rename }')
define(`relabelfrom_lnk_file_perms',`{ getattr relabelfrom }')
define(`relabelto_lnk_file_perms',`{ getattr relabelto }')
define(`relabel_lnk_file_perms',`{ getattr relabelfrom relabelto }')
@@ -312,3 +312,13 @@ @@ -312,3 +312,13 @@
# #
define(`client_stream_socket_perms', `{ create ioctl read getattr write setattr append bind getopt setopt shutdown }') define(`client_stream_socket_perms', `{ create ioctl read getattr write setattr append bind getopt setopt shutdown }')

View File

@ -20,7 +20,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.6.6 Version: 3.6.6
Release: 1%{?dist} Release: 2%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Source: serefpolicy-%{version}.tgz Source: serefpolicy-%{version}.tgz
@ -444,6 +444,9 @@ exit 0
%endif %endif
%changelog %changelog
* Tue Feb 17 2009 Dan Walsh <dwalsh@redhat.com> 3.6.6-2
- Fix squidGuard labeling
* Wed Feb 11 2009 Dan Walsh <dwalsh@redhat.com> 3.6.6-1 * Wed Feb 11 2009 Dan Walsh <dwalsh@redhat.com> 3.6.6-1
- Re-add corenet_in_generic_if(unlabeled_t) - Re-add corenet_in_generic_if(unlabeled_t)