rpms
/
selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Fixes for libvirt

This commit is contained in:
Daniel J Walsh 2008-02-04 21:41:59 +00:00
parent 380f3cb7b1
commit 881d64a16e
2 changed files with 127 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

229
policy-20071130.patch
View File

@ -2107,8 +2107,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te
+typealias user_gconf_tmp_t alias unconfined_gconf_tmp_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc serefpolicy-3.2.6/policy/modules/apps/gpg.fc
--- nsaserefpolicy/policy/modules/apps/gpg.fc 2007-10-12 08:56:02.000000000 -0400
+++ serefpolicy-3.2.6/policy/modules/apps/gpg.fc 2008-02-01 16:01:42.000000000 -0500
@@ -1,6 +1,6 @@
+++ serefpolicy-3.2.6/policy/modules/apps/gpg.fc 2008-02-04 15:34:00.000000000 -0500
@@ -1,9 +1,9 @@
-HOME_DIR/\.gnupg(/.+)? gen_context(system_u:object_r:ROLE_gpg_secret_t,s0)
+HOME_DIR/\.gnupg(/.+)? gen_context(system_u:object_r:user_gpg_secret_t,s0)
@ -2117,6 +2117,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc s
/usr/bin/gpg-agent -- gen_context(system_u:object_r:gpg_agent_exec_t,s0)
/usr/bin/kgpg -- gen_context(system_u:object_r:gpg_exec_t,s0)
/usr/bin/pinentry.* -- gen_context(system_u:object_r:pinentry_exec_t,s0)
-/usr/lib/gnupg/.* -- gen_context(system_u:object_r:gpg_exec_t,s0)
-/usr/lib/gnupg/gpgkeys.* -- gen_context(system_u:object_r:gpg_helper_exec_t,s0)
+/usr/lib(64)?/gnupg/.* -- gen_context(system_u:object_r:gpg_exec_t,s0)
+/usr/lib(64)?/gnupg/gpgkeys.* -- gen_context(system_u:object_r:gpg_helper_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if serefpolicy-3.2.6/policy/modules/apps/gpg.if
--- nsaserefpolicy/policy/modules/apps/gpg.if 2007-07-23 10:20:12.000000000 -0400
+++ serefpolicy-3.2.6/policy/modules/apps/gpg.if 2008-02-01 16:01:42.000000000 -0500
@ -5677,7 +5682,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
files_mountpoint(vxfs_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.2.6/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2007-10-29 18:02:31.000000000 -0400
+++ serefpolicy-3.2.6/policy/modules/kernel/kernel.if 2008-02-01 16:01:42.000000000 -0500
+++ serefpolicy-3.2.6/policy/modules/kernel/kernel.if 2008-02-04 15:09:55.000000000 -0500
@@ -851,9 +851,8 @@
type proc_t, proc_afs_t;
')
@ -5846,7 +5851,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storag
/dev/gscd -b gen_context(system_u:object_r:removable_device_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-3.2.6/policy/modules/kernel/storage.if
--- nsaserefpolicy/policy/modules/kernel/storage.if 2007-10-29 18:02:31.000000000 -0400
+++ serefpolicy-3.2.6/policy/modules/kernel/storage.if 2008-02-01 16:01:42.000000000 -0500
+++ serefpolicy-3.2.6/policy/modules/kernel/storage.if 2008-02-04 15:32:13.000000000 -0500
@@ -81,6 +81,26 @@
########################################
@ -15678,12 +15683,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/priv
# Local Policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.fc serefpolicy-3.2.6/policy/modules/services/procmail.fc
--- nsaserefpolicy/policy/modules/services/procmail.fc 2006-11-16 17:15:21.000000000 -0500
+++ serefpolicy-3.2.6/policy/modules/services/procmail.fc 2008-02-01 16:01:42.000000000 -0500
+++ serefpolicy-3.2.6/policy/modules/services/procmail.fc 2008-02-04 13:41:13.000000000 -0500
@@ -1,2 +1,5 @@
/usr/bin/procmail -- gen_context(system_u:object_r:procmail_exec_t,s0)
+
+/var/log/procmail\.log -- gen_context(system_u:object_r:procmail_log_t,s0)
+/var/log/procmail\.log.* -- gen_context(system_u:object_r:procmail_log_t,s0)
+/var/log/procmail(/.*)? gen_context(system_u:object_r:procmail_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.if serefpolicy-3.2.6/policy/modules/services/procmail.if
--- nsaserefpolicy/policy/modules/services/procmail.if 2007-01-02 12:57:43.000000000 -0500
@ -18271,7 +18276,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.2.6/policy/modules/services/snmp.te
--- nsaserefpolicy/policy/modules/services/snmp.te 2007-12-19 05:32:17.000000000 -0500
+++ serefpolicy-3.2.6/policy/modules/services/snmp.te 2008-02-01 16:01:42.000000000 -0500
+++ serefpolicy-3.2.6/policy/modules/services/snmp.te 2008-02-04 16:34:35.000000000 -0500
@@ -18,6 +18,9 @@
type snmpd_var_lib_t;
files_type(snmpd_var_lib_t)
@ -18282,7 +18287,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp
########################################
#
# Local policy
@@ -81,8 +84,7 @@
@@ -45,6 +48,7 @@
kernel_read_device_sysctls(snmpd_t)
kernel_read_kernel_sysctls(snmpd_t)
+kernel_read_fs_sysctls(snmpd_t)
kernel_read_net_sysctls(snmpd_t)
kernel_read_proc_symlinks(snmpd_t)
kernel_read_system_state(snmpd_t)
@@ -81,8 +85,7 @@
files_read_usr_files(snmpd_t)
files_read_etc_runtime_files(snmpd_t)
files_search_home(snmpd_t)
@ -23613,8 +23626,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.i
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.te serefpolicy-3.2.6/policy/modules/system/qemu.te
--- nsaserefpolicy/policy/modules/system/qemu.te 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.2.6/policy/modules/system/qemu.te 2008-02-02 17:19:03.000000000 -0500
@@ -0,0 +1,58 @@
+++ serefpolicy-3.2.6/policy/modules/system/qemu.te 2008-02-04 15:32:35.000000000 -0500
@@ -0,0 +1,60 @@
+policy_module(qemu,1.0.0)
+
+########################################
@ -23662,7 +23675,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.t
+files_search_all(qemu_t)
+
+fs_rw_anon_inodefs_files(qemu_t)
+fs_rw_removable_blk_files(qemu_t)
+
+storage_raw_write_removable_device(qemu_t)
+storage_raw_read_removable_device(qemu_t)
+
+term_use_ptmx(qemu_t)
+term_getattr_pty_fs(qemu_t)
@ -25107,7 +25122,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.2.6/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-11-29 13:29:35.000000000 -0500
+++ serefpolicy-3.2.6/policy/modules/system/userdomain.if 2008-02-04 08:23:21.000000000 -0500
+++ serefpolicy-3.2.6/policy/modules/system/userdomain.if 2008-02-04 15:10:20.000000000 -0500
@@ -29,9 +29,14 @@
')
@ -25124,7 +25139,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
corecmd_shell_entry_type($1_t)
corecmd_bin_entry_type($1_t)
domain_user_exemption_target($1_t)
@@ -45,66 +50,71 @@
@@ -45,66 +50,73 @@
type $1_tty_device_t;
term_user_tty($1_t,$1_tty_device_t)
@ -25178,6 +25193,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+ application_exec_all($1_usertype)
+
+ kernel_read_kernel_sysctls($1_usertype)
+ kernel_read_all_sysctls($1_usertype)
+
+ kernel_dontaudit_list_unlabeled($1_usertype)
+ kernel_dontaudit_getattr_unlabeled_files($1_usertype)
+ kernel_dontaudit_getattr_unlabeled_symlinks($1_usertype)
@ -25249,7 +25266,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
tunable_policy(`allow_execmem',`
# Allow loading DSOs that require executable stack.
@@ -115,6 +125,10 @@
@@ -115,6 +127,10 @@
# Allow making the stack executable via mprotect.
allow $1_t self:process execstack;
')
@ -25260,7 +25277,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
#######################################
@@ -141,33 +155,13 @@
@@ -141,33 +157,13 @@
#
template(`userdom_ro_home_template',`
gen_require(`
@ -25299,7 +25316,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
##############################
#
@@ -175,13 +169,13 @@
@@ -175,13 +171,13 @@
#
# read-only home directory
@ -25320,7 +25337,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
files_list_home($1_t)
tunable_policy(`use_nfs_home_dirs',`
@@ -231,30 +225,14 @@
@@ -231,30 +227,14 @@
#
template(`userdom_manage_home_template',`
gen_require(`
@ -25357,7 +25374,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
##############################
#
@@ -262,43 +240,44 @@
@@ -262,43 +242,44 @@
#
# full control of the home directory
@ -25430,7 +25447,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
')
@@ -316,14 +295,20 @@
@@ -316,14 +297,20 @@
## <rolebase/>
#
template(`userdom_exec_home_template',`
@ -25456,7 +25473,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
')
@@ -341,11 +326,10 @@
@@ -341,11 +328,10 @@
## <rolebase/>
#
template(`userdom_poly_home_template',`
@ -25472,7 +25489,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
#######################################
@@ -369,18 +353,18 @@
@@ -369,18 +355,18 @@
#
template(`userdom_manage_tmp_template',`
gen_require(`
@ -25501,7 +25518,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
#######################################
@@ -396,7 +380,13 @@
@@ -396,7 +382,13 @@
## <rolebase/>
#
template(`userdom_exec_tmp_template',`
@ -25516,7 +25533,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
#######################################
@@ -510,10 +500,6 @@
@@ -510,10 +502,6 @@
## <rolebase/>
#
template(`userdom_exec_generic_pgms_template',`
@ -25527,7 +25544,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
corecmd_exec_bin($1_t)
')
@@ -531,9 +517,6 @@
@@ -531,9 +519,6 @@
## <rolebase/>
#
template(`userdom_basic_networking_template',`
@ -25537,7 +25554,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
allow $1_t self:tcp_socket create_stream_socket_perms;
allow $1_t self:udp_socket create_socket_perms;
@@ -548,10 +531,6 @@
@@ -548,10 +533,6 @@
corenet_udp_sendrecv_all_ports($1_t)
corenet_tcp_connect_all_ports($1_t)
corenet_sendrecv_all_client_packets($1_t)
@ -25548,7 +25565,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
#######################################
@@ -568,30 +547,29 @@
@@ -568,30 +549,29 @@
#
template(`userdom_xwindows_client_template',`
gen_require(`
@ -25595,7 +25612,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
#######################################
@@ -686,183 +664,192 @@
@@ -686,183 +666,192 @@
dontaudit $1_t self:netlink_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
@ -25869,7 +25886,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
optional_policy(`
@@ -889,6 +876,8 @@
@@ -889,6 +878,8 @@
## </param>
#
template(`userdom_login_user_template', `
@ -25878,7 +25895,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
userdom_base_user_template($1)
userdom_manage_home_template($1)
@@ -917,26 +906,26 @@
@@ -917,26 +908,26 @@
allow $1_t self:context contains;
@ -25919,7 +25936,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
auth_dontaudit_write_login_records($1_t)
@@ -944,43 +933,43 @@
@@ -944,43 +935,43 @@
# The library functions always try to open read-write first,
# then fall back to read-only if it fails.
@ -25981,7 +25998,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
')
@@ -1014,9 +1003,6 @@
@@ -1014,9 +1005,6 @@
domain_interactive_fd($1_t)
typeattribute $1_devpts_t user_ptynode;
@ -25991,7 +26008,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
typeattribute $1_tty_device_t user_ttynode;
##############################
@@ -1025,16 +1011,29 @@
@@ -1025,16 +1013,29 @@
#
# privileged home directory writers
@ -26027,7 +26044,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
#######################################
@@ -1062,6 +1061,13 @@
@@ -1062,6 +1063,13 @@
userdom_restricted_user_template($1)
@ -26041,7 +26058,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
userdom_xwindows_client_template($1)
##############################
@@ -1070,14 +1076,14 @@
@@ -1070,14 +1078,14 @@
#
authlogin_per_role_template($1, $1_t, $1_r)
@ -26061,7 +26078,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
logging_dontaudit_send_audit_msgs($1_t)
# Need to to this just so screensaver will work. Should be moved to screensaver domain
@@ -1085,32 +1091,17 @@
@@ -1085,32 +1093,17 @@
selinux_get_enforce_mode($1_t)
optional_policy(`
@ -26101,7 +26118,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
')
@@ -1121,10 +1112,10 @@
@@ -1121,10 +1114,10 @@
## </summary>
## <desc>
## <p>
@ -26116,7 +26133,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## This template creates a user domain, types, and
## rules for the user's tty, pty, home directories,
## tmp, and tmpfs files.
@@ -1187,12 +1178,11 @@
@@ -1187,12 +1180,11 @@
# and may change other protocols
tunable_policy(`user_tcp_server',`
corenet_tcp_bind_all_nodes($1_t)
@ -26131,7 +26148,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
# Run pppd in pppd_t by default for user
@@ -1201,7 +1191,7 @@
@@ -1201,7 +1193,7 @@
')
optional_policy(`
@ -26140,7 +26157,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
')
@@ -1278,8 +1268,6 @@
@@ -1278,8 +1270,6 @@
# Manipulate other users crontab.
allow $1_t self:passwd crontab;
@ -26149,7 +26166,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
kernel_read_software_raid_state($1_t)
kernel_getattr_core_if($1_t)
kernel_getattr_message_if($1_t)
@@ -1357,13 +1345,6 @@
@@ -1357,13 +1347,6 @@
# But presently necessary for installing the file_contexts file.
seutil_manage_bin_policy($1_t)
@ -26163,7 +26180,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
optional_policy(`
userhelper_exec($1_t)
')
@@ -1416,6 +1397,7 @@
@@ -1416,6 +1399,7 @@
dev_relabel_all_dev_nodes($1)
files_create_boot_flag($1)
@ -26171,7 +26188,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
# Necessary for managing /boot/efi
fs_manage_dos_files($1)
@@ -1781,10 +1763,14 @@
@@ -1781,10 +1765,14 @@
template(`userdom_user_home_content',`
gen_require(`
attribute $1_file_type;
@ -26187,7 +26204,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -1880,11 +1866,11 @@
@@ -1880,11 +1868,11 @@
#
template(`userdom_search_user_home_dirs',`
gen_require(`
@ -26201,7 +26218,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -1914,11 +1900,11 @@
@@ -1914,11 +1902,11 @@
#
template(`userdom_list_user_home_dirs',`
gen_require(`
@ -26215,7 +26232,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -1962,12 +1948,12 @@
@@ -1962,12 +1950,12 @@
#
template(`userdom_user_home_domtrans',`
gen_require(`
@ -26231,7 +26248,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -1997,10 +1983,10 @@
@@ -1997,10 +1985,10 @@
#
template(`userdom_dontaudit_list_user_home_dirs',`
gen_require(`
@ -26244,7 +26261,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -2032,11 +2018,47 @@
@@ -2032,11 +2020,47 @@
#
template(`userdom_manage_user_home_content_dirs',`
gen_require(`
@ -26294,7 +26311,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -2068,10 +2090,10 @@
@@ -2068,10 +2092,10 @@
#
template(`userdom_dontaudit_setattr_user_home_content_files',`
gen_require(`
@ -26307,7 +26324,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -2101,11 +2123,11 @@
@@ -2101,11 +2125,11 @@
#
template(`userdom_read_user_home_content_files',`
gen_require(`
@ -26321,7 +26338,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -2135,11 +2157,11 @@
@@ -2135,11 +2159,11 @@
#
template(`userdom_dontaudit_read_user_home_content_files',`
gen_require(`
@ -26336,7 +26353,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -2169,10 +2191,10 @@
@@ -2169,10 +2193,10 @@
#
template(`userdom_dontaudit_write_user_home_content_files',`
gen_require(`
@ -26349,7 +26366,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -2202,11 +2224,11 @@
@@ -2202,11 +2226,11 @@
#
template(`userdom_read_user_home_content_symlinks',`
gen_require(`
@ -26363,7 +26380,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -2236,11 +2258,11 @@
@@ -2236,11 +2260,11 @@
#
template(`userdom_exec_user_home_content_files',`
gen_require(`
@ -26377,7 +26394,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -2270,10 +2292,10 @@
@@ -2270,10 +2294,10 @@
#
template(`userdom_dontaudit_exec_user_home_content_files',`
gen_require(`
@ -26390,7 +26407,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -2305,12 +2327,12 @@
@@ -2305,12 +2329,12 @@
#
template(`userdom_manage_user_home_content_files',`
gen_require(`
@ -26406,7 +26423,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -2342,10 +2364,10 @@
@@ -2342,10 +2366,10 @@
#
template(`userdom_dontaudit_manage_user_home_content_dirs',`
gen_require(`
@ -26419,7 +26436,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -2377,12 +2399,12 @@
@@ -2377,12 +2401,12 @@
#
template(`userdom_manage_user_home_content_symlinks',`
gen_require(`
@ -26435,7 +26452,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -2414,12 +2436,12 @@
@@ -2414,12 +2438,12 @@
#
template(`userdom_manage_user_home_content_pipes',`
gen_require(`
@ -26451,7 +26468,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -2451,12 +2473,12 @@
@@ -2451,12 +2475,12 @@
#
template(`userdom_manage_user_home_content_sockets',`
gen_require(`
@ -26467,7 +26484,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -2501,11 +2523,11 @@
@@ -2501,11 +2525,11 @@
#
template(`userdom_user_home_dir_filetrans',`
gen_require(`
@ -26481,7 +26498,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -2550,11 +2572,11 @@
@@ -2550,11 +2574,11 @@
#
template(`userdom_user_home_content_filetrans',`
gen_require(`
@ -26495,7 +26512,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -2594,11 +2616,11 @@
@@ -2594,11 +2618,11 @@
#
template(`userdom_user_home_dir_filetrans_user_home_content',`
gen_require(`
@ -26509,7 +26526,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -2628,11 +2650,11 @@
@@ -2628,11 +2652,11 @@
#
template(`userdom_write_user_tmp_sockets',`
gen_require(`
@ -26523,7 +26540,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -2662,11 +2684,11 @@
@@ -2662,11 +2686,11 @@
#
template(`userdom_list_user_tmp',`
gen_require(`
@ -26537,7 +26554,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -2698,10 +2720,10 @@
@@ -2698,10 +2722,10 @@
#
template(`userdom_dontaudit_list_user_tmp',`
gen_require(`
@ -26550,7 +26567,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -2733,10 +2755,10 @@
@@ -2733,10 +2757,10 @@
#
template(`userdom_dontaudit_manage_user_tmp_dirs',`
gen_require(`
@ -26563,7 +26580,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -2766,12 +2788,12 @@
@@ -2766,12 +2790,12 @@
#
template(`userdom_read_user_tmp_files',`
gen_require(`
@ -26579,7 +26596,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -2803,10 +2825,10 @@
@@ -2803,10 +2827,10 @@
#
template(`userdom_dontaudit_read_user_tmp_files',`
gen_require(`
@ -26592,7 +26609,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -2838,10 +2860,48 @@
@@ -2838,10 +2862,48 @@
#
template(`userdom_dontaudit_append_user_tmp_files',`
gen_require(`
@ -26643,7 +26660,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -2871,12 +2931,12 @@
@@ -2871,12 +2933,12 @@
#
template(`userdom_rw_user_tmp_files',`
gen_require(`
@ -26659,7 +26676,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -2908,10 +2968,10 @@
@@ -2908,10 +2970,10 @@
#
template(`userdom_dontaudit_manage_user_tmp_files',`
gen_require(`
@ -26672,7 +26689,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -2943,12 +3003,12 @@
@@ -2943,12 +3005,12 @@
#
template(`userdom_read_user_tmp_symlinks',`
gen_require(`
@ -26688,7 +26705,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -2980,11 +3040,11 @@
@@ -2980,11 +3042,11 @@
#
template(`userdom_manage_user_tmp_dirs',`
gen_require(`
@ -26702,7 +26719,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -3016,11 +3076,11 @@
@@ -3016,11 +3078,11 @@
#
template(`userdom_manage_user_tmp_files',`
gen_require(`
@ -26716,7 +26733,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -3052,11 +3112,11 @@
@@ -3052,11 +3114,11 @@
#
template(`userdom_manage_user_tmp_symlinks',`
gen_require(`
@ -26730,7 +26747,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -3088,11 +3148,11 @@
@@ -3088,11 +3150,11 @@
#
template(`userdom_manage_user_tmp_pipes',`
gen_require(`
@ -26744,7 +26761,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -3124,11 +3184,11 @@
@@ -3124,11 +3186,11 @@
#
template(`userdom_manage_user_tmp_sockets',`
gen_require(`
@ -26758,7 +26775,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -3173,10 +3233,10 @@
@@ -3173,10 +3235,10 @@
#
template(`userdom_user_tmp_filetrans',`
gen_require(`
@ -26771,7 +26788,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
files_search_tmp($2)
')
@@ -3217,10 +3277,10 @@
@@ -3217,10 +3279,10 @@
#
template(`userdom_tmp_filetrans_user_tmp',`
gen_require(`
@ -26784,7 +26801,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -3248,6 +3308,42 @@
@@ -3248,6 +3310,42 @@
## </summary>
## </param>
#
@ -26827,7 +26844,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
template(`userdom_rw_user_tmpfs_files',`
gen_require(`
type $1_tmpfs_t;
@@ -4225,11 +4321,11 @@
@@ -4225,11 +4323,11 @@
#
interface(`userdom_search_staff_home_dirs',`
gen_require(`
@ -26841,7 +26858,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -4245,10 +4341,10 @@
@@ -4245,10 +4343,10 @@
#
interface(`userdom_dontaudit_search_staff_home_dirs',`
gen_require(`
@ -26854,7 +26871,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -4264,11 +4360,11 @@
@@ -4264,11 +4362,11 @@
#
interface(`userdom_manage_staff_home_dirs',`
gen_require(`
@ -26868,7 +26885,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -4283,16 +4379,16 @@
@@ -4283,16 +4381,16 @@
#
interface(`userdom_relabelto_staff_home_dirs',`
gen_require(`
@ -26888,7 +26905,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## users home directory.
## </summary>
## <param name="domain">
@@ -4301,12 +4397,27 @@
@@ -4301,12 +4399,27 @@
## </summary>
## </param>
#
@ -26919,7 +26936,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -4321,13 +4432,13 @@
@@ -4321,13 +4434,13 @@
#
interface(`userdom_read_staff_home_content_files',`
gen_require(`
@ -26937,7 +26954,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -4525,10 +4636,10 @@
@@ -4525,10 +4638,10 @@
#
interface(`userdom_getattr_sysadm_home_dirs',`
gen_require(`
@ -26950,7 +26967,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -4545,10 +4656,10 @@
@@ -4545,10 +4658,10 @@
#
interface(`userdom_dontaudit_getattr_sysadm_home_dirs',`
gen_require(`
@ -26963,7 +26980,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -4563,10 +4674,10 @@
@@ -4563,10 +4676,10 @@
#
interface(`userdom_search_sysadm_home_dirs',`
gen_require(`
@ -26976,7 +26993,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -4582,10 +4693,10 @@
@@ -4582,10 +4695,10 @@
#
interface(`userdom_dontaudit_search_sysadm_home_dirs',`
gen_require(`
@ -26989,7 +27006,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -4600,10 +4711,10 @@
@@ -4600,10 +4713,10 @@
#
interface(`userdom_list_sysadm_home_dirs',`
gen_require(`
@ -27002,7 +27019,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -4619,10 +4730,10 @@
@@ -4619,10 +4732,10 @@
#
interface(`userdom_dontaudit_list_sysadm_home_dirs',`
gen_require(`
@ -27015,7 +27032,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -4638,12 +4749,11 @@
@@ -4638,12 +4751,11 @@
#
interface(`userdom_dontaudit_read_sysadm_home_content_files',`
gen_require(`
@ -27031,7 +27048,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -4670,10 +4780,10 @@
@@ -4670,10 +4782,10 @@
#
interface(`userdom_sysadm_home_dir_filetrans',`
gen_require(`
@ -27044,7 +27061,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -4688,10 +4798,10 @@
@@ -4688,10 +4800,10 @@
#
interface(`userdom_search_sysadm_home_content_dirs',`
gen_require(`
@ -27057,7 +27074,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -4706,13 +4816,13 @@
@@ -4706,13 +4818,13 @@
#
interface(`userdom_read_sysadm_home_content_files',`
gen_require(`
@ -27075,7 +27092,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -4748,11 +4858,49 @@
@@ -4748,11 +4860,49 @@
#
interface(`userdom_search_all_users_home_dirs',`
gen_require(`
@ -27126,7 +27143,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -4772,6 +4920,14 @@
@@ -4772,6 +4922,14 @@
files_list_home($1)
allow $1 home_dir_type:dir list_dir_perms;
@ -27141,7 +27158,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
@@ -4833,6 +4989,26 @@
@@ -4833,6 +4991,26 @@
########################################
## <summary>
@ -27168,7 +27185,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## Create, read, write, and delete all directories
## in all users home directories.
## </summary>
@@ -4853,6 +5029,25 @@
@@ -4853,6 +5031,25 @@
########################################
## <summary>
@ -27194,7 +27211,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## Create, read, write, and delete all files
## in all users home directories.
## </summary>
@@ -4873,6 +5068,26 @@
@@ -4873,6 +5070,26 @@
########################################
## <summary>
@ -27221,7 +27238,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## Create, read, write, and delete all symlinks
## in all users home directories.
## </summary>
@@ -5109,7 +5324,7 @@
@@ -5109,7 +5326,7 @@
#
interface(`userdom_relabelto_generic_user_home_dirs',`
gen_require(`
@ -27230,7 +27247,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
files_search_home($1)
@@ -5298,6 +5513,50 @@
@@ -5298,6 +5515,50 @@
########################################
## <summary>
@ -27281,7 +27298,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## Create, read, write, and delete directories in
## unprivileged users home directories.
## </summary>
@@ -5503,6 +5762,42 @@
@@ -5503,6 +5764,42 @@
########################################
## <summary>
@ -27324,7 +27341,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## Read and write unprivileged user ttys.
## </summary>
## <param name="domain">
@@ -5668,6 +5963,42 @@
@@ -5668,6 +5965,42 @@
########################################
## <summary>
@ -27367,7 +27384,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## Send a dbus message to all user domains.
## </summary>
## <param name="domain">
@@ -5698,3 +6029,277 @@
@@ -5698,3 +6031,277 @@
interface(`userdom_unconfined',`
refpolicywarn(`$0($*) has been deprecated.')
')

5
selinux-policy.spec
View File

@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.2.6
Release: 4%{?dist}
Release: 5%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@ -387,6 +387,9 @@ exit 0
%endif
%changelog
* Mon Feb 4 2008 Dan Walsh <dwalsh@redhat.com> 3.2.6-5
- Fixes for libvirt
* Sun Feb 3 2008 Dan Walsh <dwalsh@redhat.com> 3.2.6-4
- Fixes for nsplugin