- Fix mcs rules to include chr_file and blk_file

2009-06-18 20:01:47 +00:00 · 2009-06-18 20:01:47 +00:00 · 9386d6f55f
commit 9386d6f55f
parent e3bf6793cb
2 changed files with 9 additions and 4 deletions
--- a/policy-F12.patch
+++ b/policy-F12.patch
@ -300,12 +300,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-3.6.16/policy/mcs
 --- nsaserefpolicy/policy/mcs	2009-05-21 08:43:08.000000000 -0400
-+++ serefpolicy-3.6.16/policy/mcs	2009-06-12 15:59:08.000000000 -0400
+++ serefpolicy-3.6.16/policy/mcs	2009-06-18 12:58:31.000000000 -0400
-@@ -67,7 +67,7 @@
+@@ -66,8 +66,8 @@
 #
 # Note that getattr on files is always permitted.
 #
- mlsconstrain file { write setattr append unlink link rename ioctl lock execute relabelfrom }
+-mlsconstrain file { write setattr append unlink link rename ioctl lock execute relabelfrom }
 -	( h1 dom h2 );
 +mlsconstrain { file chr_file blk_file sock_file lnk_file fifo_file } { write setattr append unlink link rename ioctl lock execute relabelfrom }
 +	(( h1 dom h2 ) or ( t1 == mlsfilewrite ));
 mlsconstrain dir { create getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl }
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.16
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@ -473,6 +473,9 @@ exit 0
 %endif
 %changelog
 * Thu Jun 18 2009 Dan Walsh <dwalsh@redhat.com> 3.6.16-4
 - Fix mcs rules to include chr_file and blk_file
 * Tue Jun 16 2009 Dan Walsh <dwalsh@redhat.com> 3.6.16-3
 - Add label for udev-acl