- More fixes for alsactl
This commit is contained in:
Daniel J Walsh
parent
cf806ebda9
commit
88c8465c87
|
|
@ -166,22 +166,52 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te
|
|||
logging_log_file(acct_data_t)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc serefpolicy-2.6.4/policy/modules/admin/alsa.fc
|
||||
--- nsaserefpolicy/policy/modules/admin/alsa.fc 2006-11-16 17:15:26.000000000 -0500
|
||||
+++ serefpolicy-2.6.4/policy/modules/admin/alsa.fc 2007-05-08 09:59:33.000000000 -0400
|
||||
@@ -1,4 +1,5 @@
|
||||
+++ serefpolicy-2.6.4/policy/modules/admin/alsa.fc 2007-05-16 17:44:09.000000000 -0400
|
||||
@@ -1,4 +1,7 @@
|
||||
|
||||
/etc/alsa/pcm(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0)
|
||||
+/etc/asound(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0)
|
||||
+/etc/asound\.state gen_context(system_u:object_r:alsa_etc_rw_t,s0)
|
||||
|
||||
/usr/bin/ainit -- gen_context(system_u:object_r:alsa_exec_t,s0)
|
||||
+/sbin/alsactl -- gen_context(system_u:object_r:alsa_exec_t,s0)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-2.6.4/policy/modules/admin/alsa.te
|
||||
--- nsaserefpolicy/policy/modules/admin/alsa.te 2007-01-02 12:57:51.000000000 -0500
|
||||
+++ serefpolicy-2.6.4/policy/modules/admin/alsa.te 2007-05-16 17:09:24.000000000 -0400
|
||||
@@ -48,3 +48,8 @@
|
||||
+++ serefpolicy-2.6.4/policy/modules/admin/alsa.te 2007-05-16 17:47:00.000000000 -0400
|
||||
@@ -20,16 +20,20 @@
|
||||
# Local policy
|
||||
#
|
||||
|
||||
-allow alsa_t self:capability { setgid setuid ipc_owner };
|
||||
+allow alsa_t self:capability { dac_read_search dac_override setgid setuid ipc_owner };
|
||||
dontaudit alsa_t self:capability sys_admin;
|
||||
allow alsa_t self:sem create_sem_perms;
|
||||
allow alsa_t self:shm create_shm_perms;
|
||||
allow alsa_t self:unix_stream_socket create_stream_socket_perms;
|
||||
allow alsa_t self:unix_dgram_socket create_socket_perms;
|
||||
|
||||
+dev_read_sound(alsa_t)
|
||||
+dev_write_sound(alsa_t)
|
||||
+
|
||||
manage_files_pattern(alsa_t,alsa_etc_rw_t,alsa_etc_rw_t)
|
||||
manage_lnk_files_pattern(alsa_t,alsa_etc_rw_t,alsa_etc_rw_t)
|
||||
|
||||
+files_search_home(alsa_t)
|
||||
files_read_etc_files(alsa_t)
|
||||
|
||||
term_use_generic_ptys(alsa_t)
|
||||
@@ -44,7 +48,14 @@
|
||||
|
||||
userdom_manage_unpriv_user_semaphores(alsa_t)
|
||||
userdom_manage_unpriv_user_shared_mem(alsa_t)
|
||||
+userdom_search_generic_user_home_dirs(alsa_t)
|
||||
|
||||
optional_policy(`
|
||||
nscd_socket_use(alsa_t)
|
||||
')
|
||||
+
|
||||
+optional_policy(`
|
||||
+ hal_use_fds(alsa_t)
|
||||
+ hal_write_log(alsa_t)
|
||||
+')
|
||||
+
|
||||
|
|
@ -1402,8 +1432,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
|
|||
+')
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.6.4/policy/modules/kernel/files.fc
|
||||
--- nsaserefpolicy/policy/modules/kernel/files.fc 2006-11-16 17:15:04.000000000 -0500
|
||||
+++ serefpolicy-2.6.4/policy/modules/kernel/files.fc 2007-05-08 09:59:33.000000000 -0400
|
||||
@@ -54,6 +54,7 @@
|
||||
+++ serefpolicy-2.6.4/policy/modules/kernel/files.fc 2007-05-16 17:44:33.000000000 -0400
|
||||
@@ -45,7 +45,6 @@
|
||||
/etc -d gen_context(system_u:object_r:etc_t,s0)
|
||||
/etc/.* gen_context(system_u:object_r:etc_t,s0)
|
||||
/etc/\.fstab\.hal\..+ -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
-/etc/asound\.state -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/blkid(/.*)? gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/fstab\.REVOKE -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/HOSTNAME -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
@@ -54,6 +53,7 @@
|
||||
/etc/issue\.net -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/localtime -l gen_context(system_u:object_r:etc_t,s0)
|
||||
/etc/mtab -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
|
|
@ -3381,7 +3419,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
|
|||
+
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-2.6.4/policy/modules/services/hal.if
|
||||
--- nsaserefpolicy/policy/modules/services/hal.if 2007-02-19 11:32:53.000000000 -0500
|
||||
+++ serefpolicy-2.6.4/policy/modules/services/hal.if 2007-05-14 15:45:53.000000000 -0400
|
||||
+++ serefpolicy-2.6.4/policy/modules/services/hal.if 2007-05-16 17:46:44.000000000 -0400
|
||||
@@ -208,3 +208,98 @@
|
||||
files_search_pids($1)
|
||||
allow $1 hald_var_run_t:file rw_file_perms;
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@
|
|||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 2.6.4
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
License: GPL
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
|
|
@ -359,6 +359,9 @@ semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed May 16 2007 Dan Walsh <dwalsh@redhat.com> 2.6.4-4
|
||||
- More fixes for alsactl
|
||||
|
||||
* Wed May 16 2007 Dan Walsh <dwalsh@redhat.com> 2.6.4-3
|
||||
- Fixes for suspend resume.
|
||||
- insmod domtrans to alsactl
|
||||
|
|
|
|||
Loading…
Reference in New Issue