- Update to upstream
This commit is contained in:
Daniel J Walsh
parent
722d1eba15
commit
8bc824d749
@ -18509,7 +18509,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.6.22/policy/modules/services/rsync.te
|
||||
--- nsaserefpolicy/policy/modules/services/rsync.te 2009-07-14 14:19:57.000000000 -0400
|
||||
+++ serefpolicy-3.6.22/policy/modules/services/rsync.te 2009-07-15 14:06:36.000000000 -0400
|
||||
+++ serefpolicy-3.6.22/policy/modules/services/rsync.te 2009-07-16 07:21:18.000000000 -0400
|
||||
@@ -8,6 +8,13 @@
|
||||
|
||||
## <desc>
|
||||
@ -18524,7 +18524,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
## Allow rsync to export any files/directories read only.
|
||||
## </p>
|
||||
## </desc>
|
||||
@@ -126,4 +133,16 @@
|
||||
@@ -126,4 +133,19 @@
|
||||
auth_read_all_symlinks_except_shadow(rsync_t)
|
||||
auth_tunable_read_shadow(rsync_t)
|
||||
')
|
||||
@ -18535,7 +18535,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+ manage_dirs_pattern(rsync_t, rsync_data_t, rsync_data_t)
|
||||
+ manage_files_pattern(rsync_t, rsync_data_t, rsync_data_t)
|
||||
+ manage_lnk_files_pattern(rsync_t, rsync_data_t, rsync_data_t)
|
||||
+ optional_policy(`
|
||||
+')
|
||||
+
|
||||
+optional_policy(`
|
||||
+ tunable_policy(`rsync_client',`
|
||||
+ ssh_exec(rsync_t)
|
||||
+ ')
|
||||
+')
|
||||
@ -23821,12 +23824,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.6.22/policy/modules/system/authlogin.if
|
||||
--- nsaserefpolicy/policy/modules/system/authlogin.if 2009-07-14 14:19:57.000000000 -0400
|
||||
+++ serefpolicy-3.6.22/policy/modules/system/authlogin.if 2009-07-15 14:06:36.000000000 -0400
|
||||
@@ -40,17 +40,77 @@
|
||||
+++ serefpolicy-3.6.22/policy/modules/system/authlogin.if 2009-07-16 07:17:46.000000000 -0400
|
||||
@@ -40,17 +40,76 @@
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
+interface(`auth_use_pam',`
|
||||
+
|
||||
+ # for SSP/ProPolice
|
||||
+ dev_read_urand($1)
|
||||
+ # for encrypted homedir
|
||||
@ -23894,13 +23898,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+ allow $1 self:process setkeycreate;
|
||||
+ allow $1 self:key manage_key_perms;
|
||||
+ userdom_manage_all_users_keys($1)
|
||||
+
|
||||
+ auth_use_pam($1)
|
||||
+
|
||||
files_list_var_lib($1)
|
||||
manage_files_pattern($1, var_auth_t, var_auth_t)
|
||||
|
||||
@@ -62,8 +122,6 @@
|
||||
@@ -62,8 +121,6 @@
|
||||
manage_sock_files_pattern($1, auth_cache_t, auth_cache_t)
|
||||
files_var_filetrans($1, auth_cache_t, dir)
|
||||
|
||||
@ -23909,7 +23911,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
# for fingerprint readers
|
||||
dev_rw_input_dev($1)
|
||||
dev_rw_generic_usb_dev($1)
|
||||
@@ -86,27 +144,45 @@
|
||||
@@ -86,27 +143,44 @@
|
||||
mls_process_set_level($1)
|
||||
mls_fd_share_all_levels($1)
|
||||
|
||||
@ -23923,6 +23925,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
- auth_exec_pam($1)
|
||||
- auth_use_nsswitch($1)
|
||||
+ auth_manage_pam_pid($1)
|
||||
+ auth_use_pam($1)
|
||||
|
||||
init_rw_utmp($1)
|
||||
|
||||
@ -23945,10 +23948,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+ ')
|
||||
+
|
||||
+ optional_policy(`
|
||||
+ optional_policy(`
|
||||
+ oddjob_dbus_chat($1)
|
||||
+ oddjob_domtrans_mkhomedir($1)
|
||||
+ ')
|
||||
+ oddjob_dbus_chat($1)
|
||||
+ oddjob_domtrans_mkhomedir($1)
|
||||
+ ')
|
||||
+
|
||||
+ optional_policy(`
|
||||
@ -23968,7 +23969,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
')
|
||||
|
||||
@@ -305,19 +381,16 @@
|
||||
@@ -305,19 +379,16 @@
|
||||
dev_read_rand($1)
|
||||
dev_read_urand($1)
|
||||
|
||||
@ -23993,7 +23994,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -328,6 +401,29 @@
|
||||
@@ -328,6 +399,29 @@
|
||||
optional_policy(`
|
||||
samba_stream_connect_winbind($1)
|
||||
')
|
||||
@ -24023,7 +24024,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -352,6 +448,7 @@
|
||||
@@ -352,6 +446,7 @@
|
||||
|
||||
auth_domtrans_chk_passwd($1)
|
||||
role $2 types chkpwd_t;
|
||||
@ -24031,7 +24032,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -1129,6 +1226,32 @@
|
||||
@@ -1129,6 +1224,32 @@
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
@ -24064,7 +24065,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
## Manage all files on the filesystem, except
|
||||
## the shadow passwords and listed exceptions.
|
||||
## </summary>
|
||||
@@ -1254,6 +1377,25 @@
|
||||
@@ -1254,6 +1375,25 @@
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
@ -24090,7 +24091,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
## Do not audit attempts to write to
|
||||
## login records files.
|
||||
## </summary>
|
||||
@@ -1395,6 +1537,14 @@
|
||||
@@ -1395,6 +1535,14 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -24105,7 +24106,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
nis_use_ypbind($1)
|
||||
')
|
||||
|
||||
@@ -1403,8 +1553,17 @@
|
||||
@@ -1403,8 +1551,17 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
||||
Loading…
Reference in New Issue
Block a user