- More fixes for alsactl
This commit is contained in:
Daniel J Walsh
parent
cf806ebda9
commit
88c8465c87
@ -166,22 +166,52 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te
|
|||||||
logging_log_file(acct_data_t)
|
logging_log_file(acct_data_t)
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc serefpolicy-2.6.4/policy/modules/admin/alsa.fc
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc serefpolicy-2.6.4/policy/modules/admin/alsa.fc
|
||||||
--- nsaserefpolicy/policy/modules/admin/alsa.fc 2006-11-16 17:15:26.000000000 -0500
|
--- nsaserefpolicy/policy/modules/admin/alsa.fc 2006-11-16 17:15:26.000000000 -0500
|
||||||
+++ serefpolicy-2.6.4/policy/modules/admin/alsa.fc 2007-05-08 09:59:33.000000000 -0400
|
+++ serefpolicy-2.6.4/policy/modules/admin/alsa.fc 2007-05-16 17:44:09.000000000 -0400
|
||||||
@@ -1,4 +1,5 @@
|
@@ -1,4 +1,7 @@
|
||||||
|
|
||||||
/etc/alsa/pcm(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0)
|
/etc/alsa/pcm(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0)
|
||||||
+/etc/asound(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0)
|
+/etc/asound(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0)
|
||||||
|
+/etc/asound\.state gen_context(system_u:object_r:alsa_etc_rw_t,s0)
|
||||||
|
|
||||||
/usr/bin/ainit -- gen_context(system_u:object_r:alsa_exec_t,s0)
|
/usr/bin/ainit -- gen_context(system_u:object_r:alsa_exec_t,s0)
|
||||||
|
+/sbin/alsactl -- gen_context(system_u:object_r:alsa_exec_t,s0)
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-2.6.4/policy/modules/admin/alsa.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-2.6.4/policy/modules/admin/alsa.te
|
||||||
--- nsaserefpolicy/policy/modules/admin/alsa.te 2007-01-02 12:57:51.000000000 -0500
|
--- nsaserefpolicy/policy/modules/admin/alsa.te 2007-01-02 12:57:51.000000000 -0500
|
||||||
+++ serefpolicy-2.6.4/policy/modules/admin/alsa.te 2007-05-16 17:09:24.000000000 -0400
|
+++ serefpolicy-2.6.4/policy/modules/admin/alsa.te 2007-05-16 17:47:00.000000000 -0400
|
||||||
@@ -48,3 +48,8 @@
|
@@ -20,16 +20,20 @@
|
||||||
|
# Local policy
|
||||||
|
#
|
||||||
|
|
||||||
|
-allow alsa_t self:capability { setgid setuid ipc_owner };
|
||||||
|
+allow alsa_t self:capability { dac_read_search dac_override setgid setuid ipc_owner };
|
||||||
|
dontaudit alsa_t self:capability sys_admin;
|
||||||
|
allow alsa_t self:sem create_sem_perms;
|
||||||
|
allow alsa_t self:shm create_shm_perms;
|
||||||
|
allow alsa_t self:unix_stream_socket create_stream_socket_perms;
|
||||||
|
allow alsa_t self:unix_dgram_socket create_socket_perms;
|
||||||
|
|
||||||
|
+dev_read_sound(alsa_t)
|
||||||
|
+dev_write_sound(alsa_t)
|
||||||
|
+
|
||||||
|
manage_files_pattern(alsa_t,alsa_etc_rw_t,alsa_etc_rw_t)
|
||||||
|
manage_lnk_files_pattern(alsa_t,alsa_etc_rw_t,alsa_etc_rw_t)
|
||||||
|
|
||||||
|
+files_search_home(alsa_t)
|
||||||
|
files_read_etc_files(alsa_t)
|
||||||
|
|
||||||
|
term_use_generic_ptys(alsa_t)
|
||||||
|
@@ -44,7 +48,14 @@
|
||||||
|
|
||||||
|
userdom_manage_unpriv_user_semaphores(alsa_t)
|
||||||
|
userdom_manage_unpriv_user_shared_mem(alsa_t)
|
||||||
|
+userdom_search_generic_user_home_dirs(alsa_t)
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
nscd_socket_use(alsa_t)
|
nscd_socket_use(alsa_t)
|
||||||
')
|
')
|
||||||
+
|
+
|
||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
|
+ hal_use_fds(alsa_t)
|
||||||
+ hal_write_log(alsa_t)
|
+ hal_write_log(alsa_t)
|
||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
@ -1402,8 +1432,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
|
|||||||
+')
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.6.4/policy/modules/kernel/files.fc
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.6.4/policy/modules/kernel/files.fc
|
||||||
--- nsaserefpolicy/policy/modules/kernel/files.fc 2006-11-16 17:15:04.000000000 -0500
|
--- nsaserefpolicy/policy/modules/kernel/files.fc 2006-11-16 17:15:04.000000000 -0500
|
||||||
+++ serefpolicy-2.6.4/policy/modules/kernel/files.fc 2007-05-08 09:59:33.000000000 -0400
|
+++ serefpolicy-2.6.4/policy/modules/kernel/files.fc 2007-05-16 17:44:33.000000000 -0400
|
||||||
@@ -54,6 +54,7 @@
|
@@ -45,7 +45,6 @@
|
||||||
|
/etc -d gen_context(system_u:object_r:etc_t,s0)
|
||||||
|
/etc/.* gen_context(system_u:object_r:etc_t,s0)
|
||||||
|
/etc/\.fstab\.hal\..+ -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||||
|
-/etc/asound\.state -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||||
|
/etc/blkid(/.*)? gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||||
|
/etc/fstab\.REVOKE -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||||
|
/etc/HOSTNAME -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||||
|
@@ -54,6 +53,7 @@
|
||||||
/etc/issue\.net -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
/etc/issue\.net -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||||
/etc/localtime -l gen_context(system_u:object_r:etc_t,s0)
|
/etc/localtime -l gen_context(system_u:object_r:etc_t,s0)
|
||||||
/etc/mtab -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
/etc/mtab -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||||
@ -3381,7 +3419,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
|
|||||||
+
|
+
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-2.6.4/policy/modules/services/hal.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-2.6.4/policy/modules/services/hal.if
|
||||||
--- nsaserefpolicy/policy/modules/services/hal.if 2007-02-19 11:32:53.000000000 -0500
|
--- nsaserefpolicy/policy/modules/services/hal.if 2007-02-19 11:32:53.000000000 -0500
|
||||||
+++ serefpolicy-2.6.4/policy/modules/services/hal.if 2007-05-14 15:45:53.000000000 -0400
|
+++ serefpolicy-2.6.4/policy/modules/services/hal.if 2007-05-16 17:46:44.000000000 -0400
|
||||||
@@ -208,3 +208,98 @@
|
@@ -208,3 +208,98 @@
|
||||||
files_search_pids($1)
|
files_search_pids($1)
|
||||||
allow $1 hald_var_run_t:file rw_file_perms;
|
allow $1 hald_var_run_t:file rw_file_perms;
|
||||||
|
|||||||
@ -17,7 +17,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 2.6.4
|
Version: 2.6.4
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
License: GPL
|
License: GPL
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -359,6 +359,9 @@ semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed May 16 2007 Dan Walsh <dwalsh@redhat.com> 2.6.4-4
|
||||||
|
- More fixes for alsactl
|
||||||
|
|
||||||
* Wed May 16 2007 Dan Walsh <dwalsh@redhat.com> 2.6.4-3
|
* Wed May 16 2007 Dan Walsh <dwalsh@redhat.com> 2.6.4-3
|
||||||
- Fixes for suspend resume.
|
- Fixes for suspend resume.
|
||||||
- insmod domtrans to alsactl
|
- insmod domtrans to alsactl
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user