From 9387d2ce0812a7a1378bb017d740beaede71741b Mon Sep 17 00:00:00 2001 From: Miroslav Date: Wed, 11 Jan 2012 21:07:43 +0100 Subject: [PATCH] Fix typo --- policy-F16.patch | 90 +++++++++++++++++++++++------------------------- 1 file changed, 44 insertions(+), 46 deletions(-) diff --git a/policy-F16.patch b/policy-F16.patch index d7cffee1..bb248881 100644 --- a/policy-F16.patch +++ b/policy-F16.patch @@ -72307,7 +72307,7 @@ index 94fd8dd..5a52670 100644 + read_fifo_files_pattern($1, init_var_run_t, init_var_run_t) +') diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te -index 29a9565..92781d7 100644 +index 29a9565..6251491 100644 --- a/policy/modules/system/init.te +++ b/policy/modules/system/init.te @@ -16,6 +16,34 @@ gen_require(` @@ -72449,7 +72449,7 @@ index 29a9565..92781d7 100644 mcs_process_set_categories(init_t) mcs_killall(init_t) -@@ -151,10 +201,19 @@ mls_file_read_all_levels(init_t) +@@ -151,34 +201,50 @@ mls_file_read_all_levels(init_t) mls_file_write_all_levels(init_t) mls_process_write_down(init_t) mls_fd_use_all_levels(init_t) @@ -72470,9 +72470,10 @@ index 29a9565..92781d7 100644 # Run init scripts. init_domtrans_script(init_t) -@@ -162,23 +221,29 @@ init_domtrans_script(init_t) + libs_rw_ld_so_cache(init_t) ++logging_create_devlog_dev(init_t) logging_send_syslog_msg(init_t) +logging_send_audit_msgs(init_t) logging_rw_generic_logs(init_t) @@ -72501,7 +72502,7 @@ index 29a9565..92781d7 100644 corecmd_shell_domtrans(init_t, initrc_t) ',` # Run the shell in the sysadm role for single-user mode. -@@ -186,16 +251,144 @@ tunable_policy(`init_upstart',` +@@ -186,16 +252,141 @@ tunable_policy(`init_upstart',` sysadm_shell_domtrans(init_t) ') @@ -72609,9 +72610,6 @@ index 29a9565..92781d7 100644 + systemd_manage_all_unit_files(init_t) + systemd_logger_stream_connect(init_t) + -+ # needs to remain -+ logging_create_devlog_dev(init_t) -+ + create_sock_files_pattern(init_t, init_sock_file_type, init_sock_file_type) + +') @@ -72648,7 +72646,7 @@ index 29a9565..92781d7 100644 ') optional_policy(` -@@ -203,6 +396,17 @@ optional_policy(` +@@ -203,6 +394,17 @@ optional_policy(` ') optional_policy(` @@ -72666,7 +72664,7 @@ index 29a9565..92781d7 100644 unconfined_domain(init_t) ') -@@ -212,7 +416,8 @@ optional_policy(` +@@ -212,7 +414,8 @@ optional_policy(` # allow initrc_t self:process { getpgid setsched setpgid setrlimit getsched }; @@ -72676,7 +72674,7 @@ index 29a9565..92781d7 100644 dontaudit initrc_t self:capability sys_module; # sysctl is triggering this allow initrc_t self:passwd rootok; allow initrc_t self:key manage_key_perms; -@@ -241,12 +446,15 @@ manage_fifo_files_pattern(initrc_t, initrc_state_t, initrc_state_t) +@@ -241,12 +444,15 @@ manage_fifo_files_pattern(initrc_t, initrc_state_t, initrc_state_t) allow initrc_t initrc_var_run_t:file manage_file_perms; files_pid_filetrans(initrc_t, initrc_var_run_t, file) @@ -72692,7 +72690,7 @@ index 29a9565..92781d7 100644 init_write_initctl(initrc_t) -@@ -258,20 +466,32 @@ kernel_change_ring_buffer_level(initrc_t) +@@ -258,20 +464,32 @@ kernel_change_ring_buffer_level(initrc_t) kernel_clear_ring_buffer(initrc_t) kernel_get_sysvipc_info(initrc_t) kernel_read_all_sysctls(initrc_t) @@ -72729,7 +72727,7 @@ index 29a9565..92781d7 100644 corenet_tcp_sendrecv_all_ports(initrc_t) corenet_udp_sendrecv_all_ports(initrc_t) corenet_tcp_connect_all_ports(initrc_t) -@@ -279,6 +499,7 @@ corenet_sendrecv_all_client_packets(initrc_t) +@@ -279,6 +497,7 @@ corenet_sendrecv_all_client_packets(initrc_t) dev_read_rand(initrc_t) dev_read_urand(initrc_t) @@ -72737,7 +72735,7 @@ index 29a9565..92781d7 100644 dev_write_kmsg(initrc_t) dev_write_rand(initrc_t) dev_write_urand(initrc_t) -@@ -289,8 +510,10 @@ dev_write_framebuffer(initrc_t) +@@ -289,8 +508,10 @@ dev_write_framebuffer(initrc_t) dev_read_realtime_clock(initrc_t) dev_read_sound_mixer(initrc_t) dev_write_sound_mixer(initrc_t) @@ -72748,7 +72746,7 @@ index 29a9565..92781d7 100644 dev_delete_lvm_control_dev(initrc_t) dev_manage_generic_symlinks(initrc_t) dev_manage_generic_files(initrc_t) -@@ -298,13 +521,13 @@ dev_manage_generic_files(initrc_t) +@@ -298,13 +519,13 @@ dev_manage_generic_files(initrc_t) dev_delete_generic_symlinks(initrc_t) dev_getattr_all_blk_files(initrc_t) dev_getattr_all_chr_files(initrc_t) @@ -72764,7 +72762,7 @@ index 29a9565..92781d7 100644 domain_sigchld_all_domains(initrc_t) domain_read_all_domains_state(initrc_t) domain_getattr_all_domains(initrc_t) -@@ -316,6 +539,7 @@ domain_dontaudit_getattr_all_udp_sockets(initrc_t) +@@ -316,6 +537,7 @@ domain_dontaudit_getattr_all_udp_sockets(initrc_t) domain_dontaudit_getattr_all_tcp_sockets(initrc_t) domain_dontaudit_getattr_all_dgram_sockets(initrc_t) domain_dontaudit_getattr_all_pipes(initrc_t) @@ -72772,7 +72770,7 @@ index 29a9565..92781d7 100644 files_getattr_all_dirs(initrc_t) files_getattr_all_files(initrc_t) -@@ -323,8 +547,10 @@ files_getattr_all_symlinks(initrc_t) +@@ -323,8 +545,10 @@ files_getattr_all_symlinks(initrc_t) files_getattr_all_pipes(initrc_t) files_getattr_all_sockets(initrc_t) files_purge_tmp(initrc_t) @@ -72784,7 +72782,7 @@ index 29a9565..92781d7 100644 files_delete_all_pids(initrc_t) files_delete_all_pid_dirs(initrc_t) files_read_etc_files(initrc_t) -@@ -340,8 +566,12 @@ files_list_isid_type_dirs(initrc_t) +@@ -340,8 +564,12 @@ files_list_isid_type_dirs(initrc_t) files_mounton_isid_type_dirs(initrc_t) files_list_default(initrc_t) files_mounton_default(initrc_t) @@ -72798,7 +72796,7 @@ index 29a9565..92781d7 100644 fs_list_inotifyfs(initrc_t) fs_register_binary_executable_type(initrc_t) # rhgb-console writes to ramfs -@@ -351,8 +581,12 @@ fs_mount_all_fs(initrc_t) +@@ -351,8 +579,12 @@ fs_mount_all_fs(initrc_t) fs_unmount_all_fs(initrc_t) fs_remount_all_fs(initrc_t) fs_getattr_all_fs(initrc_t) @@ -72811,7 +72809,7 @@ index 29a9565..92781d7 100644 mcs_ptrace_all(initrc_t) mcs_killall(initrc_t) mcs_process_set_categories(initrc_t) -@@ -363,6 +597,7 @@ mls_process_read_up(initrc_t) +@@ -363,6 +595,7 @@ mls_process_read_up(initrc_t) mls_process_write_down(initrc_t) mls_rangetrans_source(initrc_t) mls_fd_share_all_levels(initrc_t) @@ -72819,7 +72817,7 @@ index 29a9565..92781d7 100644 selinux_get_enforce_mode(initrc_t) -@@ -374,6 +609,7 @@ term_use_all_terms(initrc_t) +@@ -374,6 +607,7 @@ term_use_all_terms(initrc_t) term_reset_tty_labels(initrc_t) auth_rw_login_records(initrc_t) @@ -72827,7 +72825,7 @@ index 29a9565..92781d7 100644 auth_setattr_login_records(initrc_t) auth_rw_lastlog(initrc_t) auth_read_pam_pid(initrc_t) -@@ -394,18 +630,17 @@ logging_read_audit_config(initrc_t) +@@ -394,18 +628,17 @@ logging_read_audit_config(initrc_t) miscfiles_read_localization(initrc_t) # slapd needs to read cert files from its initscript @@ -72849,7 +72847,7 @@ index 29a9565..92781d7 100644 ifdef(`distro_debian',` dev_setattr_generic_dirs(initrc_t) -@@ -458,6 +693,10 @@ ifdef(`distro_gentoo',` +@@ -458,6 +691,10 @@ ifdef(`distro_gentoo',` sysnet_setattr_config(initrc_t) optional_policy(` @@ -72860,7 +72858,7 @@ index 29a9565..92781d7 100644 alsa_read_lib(initrc_t) ') -@@ -478,7 +717,7 @@ ifdef(`distro_redhat',` +@@ -478,7 +715,7 @@ ifdef(`distro_redhat',` # Red Hat systems seem to have a stray # fd open from the initrd @@ -72869,7 +72867,7 @@ index 29a9565..92781d7 100644 files_dontaudit_read_root_files(initrc_t) # These seem to be from the initrd -@@ -493,6 +732,7 @@ ifdef(`distro_redhat',` +@@ -493,6 +730,7 @@ ifdef(`distro_redhat',` files_create_boot_dirs(initrc_t) files_create_boot_flag(initrc_t) files_rw_boot_symlinks(initrc_t) @@ -72877,7 +72875,7 @@ index 29a9565..92781d7 100644 # wants to read /.fonts directory files_read_default_files(initrc_t) files_mountpoint(initrc_tmp_t) -@@ -522,8 +762,34 @@ ifdef(`distro_redhat',` +@@ -522,8 +760,34 @@ ifdef(`distro_redhat',` ') optional_policy(` @@ -72912,7 +72910,7 @@ index 29a9565..92781d7 100644 ') optional_policy(` -@@ -531,10 +797,22 @@ ifdef(`distro_redhat',` +@@ -531,10 +795,22 @@ ifdef(`distro_redhat',` rpc_write_exports(initrc_t) rpc_manage_nfs_state_data(initrc_t) ') @@ -72935,7 +72933,7 @@ index 29a9565..92781d7 100644 ') optional_policy(` -@@ -549,6 +827,39 @@ ifdef(`distro_suse',` +@@ -549,6 +825,39 @@ ifdef(`distro_suse',` ') ') @@ -72975,7 +72973,7 @@ index 29a9565..92781d7 100644 optional_policy(` amavis_search_lib(initrc_t) amavis_setattr_pid_files(initrc_t) -@@ -561,6 +872,8 @@ optional_policy(` +@@ -561,6 +870,8 @@ optional_policy(` optional_policy(` apache_read_config(initrc_t) apache_list_modules(initrc_t) @@ -72984,7 +72982,7 @@ index 29a9565..92781d7 100644 ') optional_policy(` -@@ -577,6 +890,7 @@ optional_policy(` +@@ -577,6 +888,7 @@ optional_policy(` optional_policy(` cgroup_stream_connect_cgred(initrc_t) @@ -72992,7 +72990,7 @@ index 29a9565..92781d7 100644 ') optional_policy(` -@@ -589,6 +903,17 @@ optional_policy(` +@@ -589,6 +901,17 @@ optional_policy(` ') optional_policy(` @@ -73010,7 +73008,7 @@ index 29a9565..92781d7 100644 dev_getattr_printer_dev(initrc_t) cups_read_log(initrc_t) -@@ -605,9 +930,13 @@ optional_policy(` +@@ -605,9 +928,13 @@ optional_policy(` dbus_connect_system_bus(initrc_t) dbus_system_bus_client(initrc_t) dbus_read_config(initrc_t) @@ -73024,7 +73022,7 @@ index 29a9565..92781d7 100644 ') optional_policy(` -@@ -632,6 +961,10 @@ optional_policy(` +@@ -632,6 +959,10 @@ optional_policy(` ') optional_policy(` @@ -73035,7 +73033,7 @@ index 29a9565..92781d7 100644 gpm_setattr_gpmctl(initrc_t) ') -@@ -649,6 +982,11 @@ optional_policy(` +@@ -649,6 +980,11 @@ optional_policy(` ') optional_policy(` @@ -73047,7 +73045,7 @@ index 29a9565..92781d7 100644 inn_exec_config(initrc_t) ') -@@ -689,6 +1027,7 @@ optional_policy(` +@@ -689,6 +1025,7 @@ optional_policy(` lpd_list_spool(initrc_t) lpd_read_config(initrc_t) @@ -73055,7 +73053,7 @@ index 29a9565..92781d7 100644 ') optional_policy(` -@@ -706,7 +1045,13 @@ optional_policy(` +@@ -706,7 +1043,13 @@ optional_policy(` ') optional_policy(` @@ -73069,7 +73067,7 @@ index 29a9565..92781d7 100644 mta_dontaudit_read_spool_symlinks(initrc_t) ') -@@ -729,6 +1074,10 @@ optional_policy(` +@@ -729,6 +1072,10 @@ optional_policy(` ') optional_policy(` @@ -73080,7 +73078,7 @@ index 29a9565..92781d7 100644 postgresql_manage_db(initrc_t) postgresql_read_config(initrc_t) ') -@@ -738,10 +1087,20 @@ optional_policy(` +@@ -738,10 +1085,20 @@ optional_policy(` ') optional_policy(` @@ -73101,7 +73099,7 @@ index 29a9565..92781d7 100644 quota_manage_flags(initrc_t) ') -@@ -750,6 +1109,10 @@ optional_policy(` +@@ -750,6 +1107,10 @@ optional_policy(` ') optional_policy(` @@ -73112,7 +73110,7 @@ index 29a9565..92781d7 100644 fs_write_ramfs_sockets(initrc_t) fs_search_ramfs(initrc_t) -@@ -771,8 +1134,6 @@ optional_policy(` +@@ -771,8 +1132,6 @@ optional_policy(` # bash tries ioctl for some reason files_dontaudit_ioctl_all_pids(initrc_t) @@ -73121,7 +73119,7 @@ index 29a9565..92781d7 100644 ') optional_policy(` -@@ -781,6 +1142,10 @@ optional_policy(` +@@ -781,6 +1140,10 @@ optional_policy(` ') optional_policy(` @@ -73132,7 +73130,7 @@ index 29a9565..92781d7 100644 # shorewall-init script run /var/lib/shorewall/firewall shorewall_lib_domtrans(initrc_t) ') -@@ -790,10 +1155,12 @@ optional_policy(` +@@ -790,10 +1153,12 @@ optional_policy(` squid_manage_logs(initrc_t) ') @@ -73145,7 +73143,7 @@ index 29a9565..92781d7 100644 optional_policy(` ssh_dontaudit_read_server_keys(initrc_t) -@@ -805,7 +1172,6 @@ optional_policy(` +@@ -805,7 +1170,6 @@ optional_policy(` ') optional_policy(` @@ -73153,7 +73151,7 @@ index 29a9565..92781d7 100644 udev_manage_pid_files(initrc_t) udev_manage_rules_files(initrc_t) ') -@@ -815,11 +1181,26 @@ optional_policy(` +@@ -815,11 +1179,26 @@ optional_policy(` ') optional_policy(` @@ -73181,7 +73179,7 @@ index 29a9565..92781d7 100644 ifdef(`distro_redhat',` # system-config-services causes avc messages that should be dontaudited -@@ -829,6 +1210,18 @@ optional_policy(` +@@ -829,6 +1208,18 @@ optional_policy(` optional_policy(` mono_domtrans(initrc_t) ') @@ -73200,7 +73198,7 @@ index 29a9565..92781d7 100644 ') optional_policy(` -@@ -844,6 +1237,10 @@ optional_policy(` +@@ -844,6 +1235,10 @@ optional_policy(` ') optional_policy(` @@ -73211,7 +73209,7 @@ index 29a9565..92781d7 100644 # Set device ownerships/modes. xserver_setattr_console_pipes(initrc_t) -@@ -854,3 +1251,161 @@ optional_policy(` +@@ -854,3 +1249,161 @@ optional_policy(` optional_policy(` zebra_read_config(initrc_t) ')