rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Update to upstream

Browse Source
This commit is contained in:
Daniel J Walsh 2009-07-16 11:24:55 +00:00
parent 722d1eba15
commit 8bc824d749
1 changed files with 21 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
policy-F12.patch
View File

@ -18509,7 +18509,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.6.22/policy/modules/services/rsync.te diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.6.22/policy/modules/services/rsync.te
--- nsaserefpolicy/policy/modules/services/rsync.te 2009-07-14 14:19:57.000000000 -0400 --- nsaserefpolicy/policy/modules/services/rsync.te 2009-07-14 14:19:57.000000000 -0400
+++ serefpolicy-3.6.22/policy/modules/services/rsync.te 2009-07-15 14:06:36.000000000 -0400 +++ serefpolicy-3.6.22/policy/modules/services/rsync.te 2009-07-16 07:21:18.000000000 -0400
@@ -8,6 +8,13 @@ @@ -8,6 +8,13 @@
## <desc> ## <desc>
@ -18524,7 +18524,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Allow rsync to export any files/directories read only. ## Allow rsync to export any files/directories read only.
## </p> ## </p>
## </desc> ## </desc>
@@ -126,4 +133,16 @@ @@ -126,4 +133,19 @@
auth_read_all_symlinks_except_shadow(rsync_t) auth_read_all_symlinks_except_shadow(rsync_t)
auth_tunable_read_shadow(rsync_t) auth_tunable_read_shadow(rsync_t)
') ')
@ -18535,7 +18535,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ manage_dirs_pattern(rsync_t, rsync_data_t, rsync_data_t) + manage_dirs_pattern(rsync_t, rsync_data_t, rsync_data_t)
+ manage_files_pattern(rsync_t, rsync_data_t, rsync_data_t) + manage_files_pattern(rsync_t, rsync_data_t, rsync_data_t)
+ manage_lnk_files_pattern(rsync_t, rsync_data_t, rsync_data_t) + manage_lnk_files_pattern(rsync_t, rsync_data_t, rsync_data_t)
+ optional_policy(` +')
+
+optional_policy(`
+ tunable_policy(`rsync_client',`
+ ssh_exec(rsync_t) + ssh_exec(rsync_t)
+ ') + ')
+') +')
@ -23821,12 +23824,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ +
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.6.22/policy/modules/system/authlogin.if diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.6.22/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2009-07-14 14:19:57.000000000 -0400 --- nsaserefpolicy/policy/modules/system/authlogin.if 2009-07-14 14:19:57.000000000 -0400
+++ serefpolicy-3.6.22/policy/modules/system/authlogin.if 2009-07-15 14:06:36.000000000 -0400 +++ serefpolicy-3.6.22/policy/modules/system/authlogin.if 2009-07-16 07:17:46.000000000 -0400
@@ -40,17 +40,77 @@ @@ -40,17 +40,76 @@
## </summary> ## </summary>
## </param> ## </param>
# #
+interface(`auth_use_pam',` +interface(`auth_use_pam',`
+
+ # for SSP/ProPolice + # for SSP/ProPolice
+ dev_read_urand($1) + dev_read_urand($1)
+ # for encrypted homedir + # for encrypted homedir
@ -23894,13 +23898,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $1 self:process setkeycreate; + allow $1 self:process setkeycreate;
+ allow $1 self:key manage_key_perms; + allow $1 self:key manage_key_perms;
+ userdom_manage_all_users_keys($1) + userdom_manage_all_users_keys($1)
+
+ auth_use_pam($1)
+ +
files_list_var_lib($1) files_list_var_lib($1)
manage_files_pattern($1, var_auth_t, var_auth_t) manage_files_pattern($1, var_auth_t, var_auth_t)
@@ -62,8 +122,6 @@ @@ -62,8 +121,6 @@
manage_sock_files_pattern($1, auth_cache_t, auth_cache_t) manage_sock_files_pattern($1, auth_cache_t, auth_cache_t)
files_var_filetrans($1, auth_cache_t, dir) files_var_filetrans($1, auth_cache_t, dir)
@ -23909,7 +23911,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# for fingerprint readers # for fingerprint readers
dev_rw_input_dev($1) dev_rw_input_dev($1)
dev_rw_generic_usb_dev($1) dev_rw_generic_usb_dev($1)
@@ -86,27 +144,45 @@ @@ -86,27 +143,44 @@
mls_process_set_level($1) mls_process_set_level($1)
mls_fd_share_all_levels($1) mls_fd_share_all_levels($1)
@ -23923,6 +23925,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- auth_exec_pam($1) - auth_exec_pam($1)
- auth_use_nsswitch($1) - auth_use_nsswitch($1)
+ auth_manage_pam_pid($1) + auth_manage_pam_pid($1)
+ auth_use_pam($1)
init_rw_utmp($1) init_rw_utmp($1)
@ -23945,11 +23948,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ ') + ')
+ +
+ optional_policy(` + optional_policy(`
+ optional_policy(`
+ oddjob_dbus_chat($1) + oddjob_dbus_chat($1)
+ oddjob_domtrans_mkhomedir($1) + oddjob_domtrans_mkhomedir($1)
+ ') + ')
+ ')
+ +
+ optional_policy(` + optional_policy(`
+ corecmd_exec_bin($1) + corecmd_exec_bin($1)
@ -23968,7 +23969,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
') ')
') ')
@@ -305,19 +381,16 @@ @@ -305,19 +379,16 @@
dev_read_rand($1) dev_read_rand($1)
dev_read_urand($1) dev_read_urand($1)
@ -23993,7 +23994,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
') ')
optional_policy(` optional_policy(`
@@ -328,6 +401,29 @@ @@ -328,6 +399,29 @@
optional_policy(` optional_policy(`
samba_stream_connect_winbind($1) samba_stream_connect_winbind($1)
') ')
@ -24023,7 +24024,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
') ')
######################################## ########################################
@@ -352,6 +448,7 @@ @@ -352,6 +446,7 @@
auth_domtrans_chk_passwd($1) auth_domtrans_chk_passwd($1)
role $2 types chkpwd_t; role $2 types chkpwd_t;
@ -24031,7 +24032,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
') ')
######################################## ########################################
@@ -1129,6 +1226,32 @@ @@ -1129,6 +1224,32 @@
######################################## ########################################
## <summary> ## <summary>
@ -24064,7 +24065,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Manage all files on the filesystem, except ## Manage all files on the filesystem, except
## the shadow passwords and listed exceptions. ## the shadow passwords and listed exceptions.
## </summary> ## </summary>
@@ -1254,6 +1377,25 @@ @@ -1254,6 +1375,25 @@
######################################## ########################################
## <summary> ## <summary>
@ -24090,7 +24091,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Do not audit attempts to write to ## Do not audit attempts to write to
## login records files. ## login records files.
## </summary> ## </summary>
@@ -1395,6 +1537,14 @@ @@ -1395,6 +1535,14 @@
') ')
optional_policy(` optional_policy(`
@ -24105,7 +24106,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
nis_use_ypbind($1) nis_use_ypbind($1)
') ')
@@ -1403,8 +1553,17 @@ @@ -1403,8 +1551,17 @@
') ')
optional_policy(` optional_policy(`