- Fix context for VirtualBox
This commit is contained in:
Daniel J Walsh
parent
8bc824d749
commit
8da0248476
@ -7612,8 +7612,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+
|
+
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.fc serefpolicy-3.6.22/policy/modules/roles/unconfineduser.fc
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.fc serefpolicy-3.6.22/policy/modules/roles/unconfineduser.fc
|
||||||
--- nsaserefpolicy/policy/modules/roles/unconfineduser.fc 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/roles/unconfineduser.fc 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.6.22/policy/modules/roles/unconfineduser.fc 2009-07-15 14:06:36.000000000 -0400
|
+++ serefpolicy-3.6.22/policy/modules/roles/unconfineduser.fc 2009-07-19 11:59:51.000000000 -0400
|
||||||
@@ -0,0 +1,38 @@
|
@@ -0,0 +1,37 @@
|
||||||
+# Add programs here which should not be confined by SELinux
|
+# Add programs here which should not be confined by SELinux
|
||||||
+# e.g.:
|
+# e.g.:
|
||||||
+# /usr/local/bin/appsrv -- gen_context(system_u:object_r:unconfined_exec_t,s0)
|
+# /usr/local/bin/appsrv -- gen_context(system_u:object_r:unconfined_exec_t,s0)
|
||||||
@ -7622,8 +7622,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+/usr/bin/vncserver -- gen_context(system_u:object_r:unconfined_notrans_exec_t,s0)
|
+/usr/bin/vncserver -- gen_context(system_u:object_r:unconfined_notrans_exec_t,s0)
|
||||||
+
|
+
|
||||||
+/usr/lib/ia32el/ia32x_loader -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
+/usr/lib/ia32el/ia32x_loader -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
||||||
+/usr/lib(64)/virtualbox/VirtualBox -- gen_context(system_u:object_r:execmem_ex
|
+/usr/lib(64)/virtualbox/VirtualBox -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
||||||
+ec_t,s0)
|
|
||||||
+
|
+
|
||||||
+/usr/local/RealPlayer/realplay\.bin -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
+/usr/local/RealPlayer/realplay\.bin -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
||||||
+
|
+
|
||||||
@ -20997,7 +20996,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+/root/\.ssh(/.*)? gen_context(system_u:object_r:home_ssh_t,s0)
|
+/root/\.ssh(/.*)? gen_context(system_u:object_r:home_ssh_t,s0)
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.6.22/policy/modules/services/ssh.if
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.6.22/policy/modules/services/ssh.if
|
||||||
--- nsaserefpolicy/policy/modules/services/ssh.if 2009-07-14 14:19:57.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/ssh.if 2009-07-14 14:19:57.000000000 -0400
|
||||||
+++ serefpolicy-3.6.22/policy/modules/services/ssh.if 2009-07-15 14:06:36.000000000 -0400
|
+++ serefpolicy-3.6.22/policy/modules/services/ssh.if 2009-07-19 10:53:47.000000000 -0400
|
||||||
@@ -36,6 +36,7 @@
|
@@ -36,6 +36,7 @@
|
||||||
gen_require(`
|
gen_require(`
|
||||||
attribute ssh_server;
|
attribute ssh_server;
|
||||||
@ -21110,7 +21109,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
- allow $1_t self:capability { kill sys_chroot sys_resource chown dac_override fowner fsetid setgid setuid sys_tty_config };
|
- allow $1_t self:capability { kill sys_chroot sys_resource chown dac_override fowner fsetid setgid setuid sys_tty_config };
|
||||||
+ allow $1_t self:capability { kill sys_chroot sys_resource chown dac_override fowner fsetid net_admin setgid setuid sys_tty_config };
|
+ allow $1_t self:capability { kill sys_chroot sys_resource chown dac_override fowner fsetid net_admin setgid setuid sys_tty_config };
|
||||||
allow $1_t self:fifo_file rw_fifo_file_perms;
|
allow $1_t self:fifo_file rw_fifo_file_perms;
|
||||||
allow $1_t self:process { signal setsched setrlimit setexec };
|
- allow $1_t self:process { signal setsched setrlimit setexec };
|
||||||
|
+ allow $1_t self:process { signal getsched setsched setrlimit setexec };
|
||||||
allow $1_t self:tcp_socket create_stream_socket_perms;
|
allow $1_t self:tcp_socket create_stream_socket_perms;
|
||||||
allow $1_t self:udp_socket create_socket_perms;
|
allow $1_t self:udp_socket create_socket_perms;
|
||||||
# ssh agent connections:
|
# ssh agent connections:
|
||||||
|
|||||||
@ -20,7 +20,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.6.22
|
Version: 3.6.22
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -475,6 +475,9 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sun Jul 19 2009 Dan Walsh <dwalsh@redhat.com> 3.6.22-2
|
||||||
|
- Fix context for VirtualBox
|
||||||
|
|
||||||
* Tue Jul 14 2009 Dan Walsh <dwalsh@redhat.com> 3.6.22-1
|
* Tue Jul 14 2009 Dan Walsh <dwalsh@redhat.com> 3.6.22-1
|
||||||
- Update to upstream
|
- Update to upstream
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user