rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Mon Aug 24 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-144

Browse Source 
- Allow pmlogger to create pmlogger.primary.socket link file. BZ(1254080)
- Allow NetworkManager send sigkill to dnssec-trigger. BZ(1251764)
- Add interface dnssec_trigger_sigkill
- Allow smsd use usb ttys. BZ(#1250536)
- Fix postfix_spool_maildrop_t,postfix_spool_flush_t contexts in postfix.fc file.
- Revert default_range change in targeted policy
- Allow systemd-sysctl cap. sys_ptrace  BZ(1253926)
This commit is contained in:
Lukas Vrabec 2015-08-24 11:25:02 +02:00
parent f5f6812fa4
commit 96de5661d2
3 changed files with 77 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
policy-rawhide-base.patch
View File

@ -1052,17 +1052,10 @@ index 4705ab6..b82865c 100644
+## </desc> +## </desc>
+gen_tunable(mount_anyfile, false) +gen_tunable(mount_anyfile, false)
diff --git a/policy/mcs b/policy/mcs diff --git a/policy/mcs b/policy/mcs
index 216b3d1..064ec83 100644 index 216b3d1..78e56ed 100644
--- a/policy/mcs --- a/policy/mcs
+++ b/policy/mcs +++ b/policy/mcs
@@ -1,4 +1,6 @@ @@ -69,53 +69,56 @@ gen_levels(1,mcs_num_cats)
ifdef(`enable_mcs',`
+default_range dir_file_class_set target low;
+
#
# Define sensitivities
#
@@ -69,53 +71,56 @@ gen_levels(1,mcs_num_cats)
# - /proc/pid operations are not constrained. # - /proc/pid operations are not constrained.
mlsconstrain file { read ioctl lock execute execute_no_trans } mlsconstrain file { read ioctl lock execute execute_no_trans }
@ -1139,7 +1132,7 @@ index 216b3d1..064ec83 100644
mlsconstrain process { signal } mlsconstrain process { signal }
(( h1 dom h2 ) or ( t1 != mcs_constrained_type )); (( h1 dom h2 ) or ( t1 != mcs_constrained_type ));
@@ -135,6 +140,9 @@ mlsconstrain { db_database db_schema db_table db_sequence db_view db_procedure d @@ -135,6 +138,9 @@ mlsconstrain { db_database db_schema db_table db_sequence db_view db_procedure d
mlsconstrain { db_tuple } { insert relabelto } mlsconstrain { db_tuple } { insert relabelto }
(( h1 dom h2 ) and ( l2 eq h2 )); (( h1 dom h2 ) and ( l2 eq h2 ));
@ -1149,7 +1142,7 @@ index 216b3d1..064ec83 100644
# Access control for any database objects based on MCS rules. # Access control for any database objects based on MCS rules.
mlsconstrain db_database { drop getattr setattr relabelfrom access install_module load_module get_param set_param } mlsconstrain db_database { drop getattr setattr relabelfrom access install_module load_module get_param set_param }
( h1 dom h2 ); ( h1 dom h2 );
@@ -166,4 +174,23 @@ mlsconstrain db_language { drop getattr setattr relabelfrom execute } @@ -166,4 +172,23 @@ mlsconstrain db_language { drop getattr setattr relabelfrom execute }
mlsconstrain db_blob { drop getattr setattr relabelfrom read write import export } mlsconstrain db_blob { drop getattr setattr relabelfrom read write import export }
( h1 dom h2 ); ( h1 dom h2 );
@ -44536,7 +44529,7 @@ index 0000000..cde0261
+') +')
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
new file mode 100644 new file mode 100644
index 0000000..11cbcf8 index 0000000..dff8d54
--- /dev/null --- /dev/null
+++ b/policy/modules/system/systemd.te +++ b/policy/modules/system/systemd.te
@@ -0,0 +1,723 @@ @@ -0,0 +1,723 @@
@ -45209,7 +45202,7 @@ index 0000000..11cbcf8
+# +#
+# systemd_sysctl domains local policy +# systemd_sysctl domains local policy
+# +#
+allow systemd_sysctl_t self:capability { net_admin sys_admin sys_rawio }; +allow systemd_sysctl_t self:capability { net_admin sys_admin sys_ptrace sys_rawio };
+allow systemd_sysctl_t self:unix_dgram_socket create_socket_perms; +allow systemd_sysctl_t self:unix_dgram_socket create_socket_perms;
+kernel_dgram_send(systemd_sysctl_t) +kernel_dgram_send(systemd_sysctl_t)
+kernel_request_load_module(systemd_sysctl_t) +kernel_request_load_module(systemd_sysctl_t)

99
policy-rawhide-contrib.patch
View File

@ -25387,10 +25387,10 @@ index 0000000..1714fa6
+/var/run/dnssec.* gen_context(system_u:object_r:dnssec_trigger_var_run_t,s0) +/var/run/dnssec.* gen_context(system_u:object_r:dnssec_trigger_var_run_t,s0)
diff --git a/dnssec.if b/dnssec.if diff --git a/dnssec.if b/dnssec.if
new file mode 100644 new file mode 100644
index 0000000..a846ce0 index 0000000..d22ed69
--- /dev/null --- /dev/null
+++ b/dnssec.if +++ b/dnssec.if
@@ -0,0 +1,104 @@ @@ -0,0 +1,123 @@
+ +
+## <summary>policy for dnssec_trigger</summary> +## <summary>policy for dnssec_trigger</summary>
+ +
@ -25474,6 +25474,25 @@ index 0000000..a846ce0
+ +
+######################################## +########################################
+## <summary> +## <summary>
+## Send sigkill to dnssec_trigger.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+#
+interface(`dnssec_trigger_sigkill',`
+ gen_require(`
+ type dnssec_trigger_t;
+ ')
+
+ allow $1 dnssec_trigger_t:process sigkill;
+')
+
+########################################
+## <summary>
+## All of the rules required to administrate +## All of the rules required to administrate
+## an dnssec_trigger environment +## an dnssec_trigger environment
+## </summary> +## </summary>
@ -56978,7 +56997,7 @@ index 86dc29d..7380935 100644
+ logging_log_filetrans($1, NetworkManager_var_lib_t, file, "wpa_supplicant.log") + logging_log_filetrans($1, NetworkManager_var_lib_t, file, "wpa_supplicant.log")
') ')
diff --git a/networkmanager.te b/networkmanager.te diff --git a/networkmanager.te b/networkmanager.te
index 55f2009..e6182a2 100644 index 55f2009..b84767b 100644
--- a/networkmanager.te --- a/networkmanager.te
+++ b/networkmanager.te +++ b/networkmanager.te
@@ -9,15 +9,18 @@ type NetworkManager_t; @@ -9,15 +9,18 @@ type NetworkManager_t;
@ -57055,11 +57074,11 @@ index 55f2009..e6182a2 100644
+can_exec(NetworkManager_t, NetworkManager_exec_t) +can_exec(NetworkManager_t, NetworkManager_exec_t)
+#wicd +#wicd
+can_exec(NetworkManager_t, wpa_cli_exec_t) +can_exec(NetworkManager_t, wpa_cli_exec_t)
+
+list_dirs_pattern(NetworkManager_t, NetworkManager_initrc_exec_t, NetworkManager_initrc_exec_t) +list_dirs_pattern(NetworkManager_t, NetworkManager_initrc_exec_t, NetworkManager_initrc_exec_t)
+read_files_pattern(NetworkManager_t, NetworkManager_initrc_exec_t, NetworkManager_initrc_exec_t) +read_files_pattern(NetworkManager_t, NetworkManager_initrc_exec_t, NetworkManager_initrc_exec_t)
+read_lnk_files_pattern(NetworkManager_t, NetworkManager_initrc_exec_t, NetworkManager_initrc_exec_t) +read_lnk_files_pattern(NetworkManager_t, NetworkManager_initrc_exec_t, NetworkManager_initrc_exec_t)
+
+list_dirs_pattern(NetworkManager_t, NetworkManager_etc_t, NetworkManager_etc_t) +list_dirs_pattern(NetworkManager_t, NetworkManager_etc_t, NetworkManager_etc_t)
+read_files_pattern(NetworkManager_t, NetworkManager_etc_t, NetworkManager_etc_t) +read_files_pattern(NetworkManager_t, NetworkManager_etc_t, NetworkManager_etc_t)
+read_lnk_files_pattern(NetworkManager_t, NetworkManager_etc_t, NetworkManager_etc_t) +read_lnk_files_pattern(NetworkManager_t, NetworkManager_etc_t, NetworkManager_etc_t)
@ -57138,7 +57157,7 @@ index 55f2009..e6182a2 100644
fs_getattr_all_fs(NetworkManager_t) fs_getattr_all_fs(NetworkManager_t)
fs_search_auto_mountpoints(NetworkManager_t) fs_search_auto_mountpoints(NetworkManager_t)
fs_list_inotifyfs(NetworkManager_t) fs_list_inotifyfs(NetworkManager_t)
@@ -140,18 +160,35 @@ mls_file_read_all_levels(NetworkManager_t) @@ -140,18 +160,36 @@ mls_file_read_all_levels(NetworkManager_t)
selinux_dontaudit_search_fs(NetworkManager_t) selinux_dontaudit_search_fs(NetworkManager_t)
@ -57169,13 +57188,14 @@ index 55f2009..e6182a2 100644
+libs_exec_ldconfig(NetworkManager_t) +libs_exec_ldconfig(NetworkManager_t)
+ +
logging_send_syslog_msg(NetworkManager_t) logging_send_syslog_msg(NetworkManager_t)
+logging_send_audit_msgs(NetworkManager_t)
miscfiles_read_generic_certs(NetworkManager_t) miscfiles_read_generic_certs(NetworkManager_t)
-miscfiles_read_localization(NetworkManager_t) -miscfiles_read_localization(NetworkManager_t)
seutil_read_config(NetworkManager_t) seutil_read_config(NetworkManager_t)
@@ -166,21 +203,34 @@ sysnet_kill_dhcpc(NetworkManager_t) @@ -166,21 +204,34 @@ sysnet_kill_dhcpc(NetworkManager_t)
sysnet_read_dhcpc_state(NetworkManager_t) sysnet_read_dhcpc_state(NetworkManager_t)
sysnet_delete_dhcpc_state(NetworkManager_t) sysnet_delete_dhcpc_state(NetworkManager_t)
sysnet_search_dhcp_state(NetworkManager_t) sysnet_search_dhcp_state(NetworkManager_t)
@ -57214,7 +57234,7 @@ index 55f2009..e6182a2 100644
') ')
optional_policy(` optional_policy(`
@@ -196,10 +246,6 @@ optional_policy(` @@ -196,10 +247,6 @@ optional_policy(`
') ')
optional_policy(` optional_policy(`
@ -57225,7 +57245,7 @@ index 55f2009..e6182a2 100644
consoletype_exec(NetworkManager_t) consoletype_exec(NetworkManager_t)
') ')
@@ -210,17 +256,16 @@ optional_policy(` @@ -210,16 +257,11 @@ optional_policy(`
optional_policy(` optional_policy(`
dbus_system_domain(NetworkManager_t, NetworkManager_exec_t) dbus_system_domain(NetworkManager_t, NetworkManager_exec_t)
@ -57236,19 +57256,15 @@ index 55f2009..e6182a2 100644
optional_policy(` optional_policy(`
consolekit_dbus_chat(NetworkManager_t) consolekit_dbus_chat(NetworkManager_t)
+ consolekit_read_pid_files(NetworkManager_t) - ')
') -
+')
- optional_policy(` - optional_policy(`
- policykit_dbus_chat(NetworkManager_t) - policykit_dbus_chat(NetworkManager_t)
- ') + consolekit_read_pid_files(NetworkManager_t)
+optional_policy(` ')
+ dnssec_trigger_domtrans(NetworkManager_t)
') ')
optional_policy(` @@ -231,10 +273,17 @@ optional_policy(`
@@ -231,10 +276,15 @@ optional_policy(`
dnsmasq_kill(NetworkManager_t) dnsmasq_kill(NetworkManager_t)
dnsmasq_signal(NetworkManager_t) dnsmasq_signal(NetworkManager_t)
dnsmasq_signull(NetworkManager_t) dnsmasq_signull(NetworkManager_t)
@ -57257,7 +57273,9 @@ index 55f2009..e6182a2 100644
optional_policy(` optional_policy(`
- gnome_stream_connect_all_gkeyringd(NetworkManager_t) - gnome_stream_connect_all_gkeyringd(NetworkManager_t)
+ dnssec_trigger_domtrans(NetworkManager_t)
+ dnssec_trigger_signull(NetworkManager_t) + dnssec_trigger_signull(NetworkManager_t)
+ dnssec_trigger_sigkill(NetworkManager_t)
+') +')
+ +
+optional_policy(` +optional_policy(`
@ -57265,7 +57283,7 @@ index 55f2009..e6182a2 100644
') ')
optional_policy(` optional_policy(`
@@ -246,10 +296,26 @@ optional_policy(` @@ -246,10 +295,26 @@ optional_policy(`
') ')
optional_policy(` optional_policy(`
@ -57292,7 +57310,7 @@ index 55f2009..e6182a2 100644
') ')
optional_policy(` optional_policy(`
@@ -257,15 +323,19 @@ optional_policy(` @@ -257,15 +322,19 @@ optional_policy(`
') ')
optional_policy(` optional_policy(`
@ -57314,7 +57332,7 @@ index 55f2009..e6182a2 100644
') ')
optional_policy(` optional_policy(`
@@ -274,10 +344,17 @@ optional_policy(` @@ -274,10 +343,17 @@ optional_policy(`
nscd_signull(NetworkManager_t) nscd_signull(NetworkManager_t)
nscd_kill(NetworkManager_t) nscd_kill(NetworkManager_t)
nscd_initrc_domtrans(NetworkManager_t) nscd_initrc_domtrans(NetworkManager_t)
@ -57332,7 +57350,7 @@ index 55f2009..e6182a2 100644
') ')
optional_policy(` optional_policy(`
@@ -286,9 +363,12 @@ optional_policy(` @@ -286,9 +362,12 @@ optional_policy(`
openvpn_kill(NetworkManager_t) openvpn_kill(NetworkManager_t)
openvpn_signal(NetworkManager_t) openvpn_signal(NetworkManager_t)
openvpn_signull(NetworkManager_t) openvpn_signull(NetworkManager_t)
@ -57345,7 +57363,7 @@ index 55f2009..e6182a2 100644
policykit_domtrans_auth(NetworkManager_t) policykit_domtrans_auth(NetworkManager_t)
policykit_read_lib(NetworkManager_t) policykit_read_lib(NetworkManager_t)
policykit_read_reload(NetworkManager_t) policykit_read_reload(NetworkManager_t)
@@ -296,7 +376,7 @@ optional_policy(` @@ -296,7 +375,7 @@ optional_policy(`
') ')
optional_policy(` optional_policy(`
@ -57354,7 +57372,7 @@ index 55f2009..e6182a2 100644
') ')
optional_policy(` optional_policy(`
@@ -307,6 +387,7 @@ optional_policy(` @@ -307,6 +386,7 @@ optional_policy(`
ppp_signal(NetworkManager_t) ppp_signal(NetworkManager_t)
ppp_signull(NetworkManager_t) ppp_signull(NetworkManager_t)
ppp_read_config(NetworkManager_t) ppp_read_config(NetworkManager_t)
@ -57362,7 +57380,7 @@ index 55f2009..e6182a2 100644
') ')
optional_policy(` optional_policy(`
@@ -320,14 +401,21 @@ optional_policy(` @@ -320,14 +400,21 @@ optional_policy(`
') ')
optional_policy(` optional_policy(`
@ -57389,7 +57407,7 @@ index 55f2009..e6182a2 100644
') ')
optional_policy(` optional_policy(`
@@ -357,6 +445,4 @@ rw_sock_files_pattern(wpa_cli_t, NetworkManager_var_run_t, NetworkManager_var_ru @@ -357,6 +444,4 @@ rw_sock_files_pattern(wpa_cli_t, NetworkManager_var_run_t, NetworkManager_var_ru
init_dontaudit_use_fds(wpa_cli_t) init_dontaudit_use_fds(wpa_cli_t)
init_use_script_ptys(wpa_cli_t) init_use_script_ptys(wpa_cli_t)
@ -65817,10 +65835,10 @@ index 8176e4a..2df1789 100644
diff --git a/pcp.fc b/pcp.fc diff --git a/pcp.fc b/pcp.fc
new file mode 100644 new file mode 100644
index 0000000..9b8cb6b index 0000000..26a45e3
--- /dev/null --- /dev/null
+++ b/pcp.fc +++ b/pcp.fc
@@ -0,0 +1,28 @@ @@ -0,0 +1,29 @@
+/etc/rc\.d/init\.d/pmcd -- gen_context(system_u:object_r:pcp_pmcd_initrc_exec_t,s0) +/etc/rc\.d/init\.d/pmcd -- gen_context(system_u:object_r:pcp_pmcd_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/pmlogger -- gen_context(system_u:object_r:pcp_pmlogger_initrc_exec_t,s0) +/etc/rc\.d/init\.d/pmlogger -- gen_context(system_u:object_r:pcp_pmlogger_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/pmproxy -- gen_context(system_u:object_r:pcp_pmproxy_initrc_exec_t,s0) +/etc/rc\.d/init\.d/pmproxy -- gen_context(system_u:object_r:pcp_pmproxy_initrc_exec_t,s0)
@ -65849,6 +65867,7 @@ index 0000000..9b8cb6b
+ +
+/var/run/pcp(/.*)? gen_context(system_u:object_r:pcp_var_run_t,s0) +/var/run/pcp(/.*)? gen_context(system_u:object_r:pcp_var_run_t,s0)
+/var/run/pmcd\.socket -- gen_context(system_u:object_r:pcp_var_run_t,s0) +/var/run/pmcd\.socket -- gen_context(system_u:object_r:pcp_var_run_t,s0)
+/var/run/pmlogger\.primary\.socket -l gen_context(system_u:object_r:pcp_var_run_t,s0)
diff --git a/pcp.if b/pcp.if diff --git a/pcp.if b/pcp.if
new file mode 100644 new file mode 100644
index 0000000..80246e6 index 0000000..80246e6
@ -66001,10 +66020,10 @@ index 0000000..80246e6
+ +
diff --git a/pcp.te b/pcp.te diff --git a/pcp.te b/pcp.te
new file mode 100644 new file mode 100644
index 0000000..e24db6b index 0000000..684f7b0
--- /dev/null --- /dev/null
+++ b/pcp.te +++ b/pcp.te
@@ -0,0 +1,259 @@ @@ -0,0 +1,260 @@
+policy_module(pcp, 1.0.0) +policy_module(pcp, 1.0.0)
+ +
+######################################## +########################################
@ -66079,7 +66098,8 @@ index 0000000..e24db6b
+manage_dirs_pattern(pcp_domain, pcp_var_run_t, pcp_var_run_t) +manage_dirs_pattern(pcp_domain, pcp_var_run_t, pcp_var_run_t)
+manage_files_pattern(pcp_domain, pcp_var_run_t, pcp_var_run_t) +manage_files_pattern(pcp_domain, pcp_var_run_t, pcp_var_run_t)
+manage_sock_files_pattern(pcp_domain, pcp_var_run_t, pcp_var_run_t) +manage_sock_files_pattern(pcp_domain, pcp_var_run_t, pcp_var_run_t)
+files_pid_filetrans(pcp_domain, pcp_var_run_t, { dir file sock_file }) +manage_lnk_files_pattern(pcp_domain, pcp_var_run_t, pcp_var_run_t)
+files_pid_filetrans(pcp_domain, pcp_var_run_t, { dir file sock_file lnk_file })
+ +
+manage_dirs_pattern(pcp_domain, pcp_tmp_t, pcp_tmp_t) +manage_dirs_pattern(pcp_domain, pcp_tmp_t, pcp_tmp_t)
+manage_files_pattern(pcp_domain, pcp_tmp_t, pcp_tmp_t) +manage_files_pattern(pcp_domain, pcp_tmp_t, pcp_tmp_t)
@ -70497,7 +70517,7 @@ index cbe36c1..8ebeb87 100644
auth_domtrans_chk_passwd(portslave_t) auth_domtrans_chk_passwd(portslave_t)
diff --git a/postfix.fc b/postfix.fc diff --git a/postfix.fc b/postfix.fc
index c0e8785..c0e0959 100644 index c0e8785..3070aa0 100644
--- a/postfix.fc --- a/postfix.fc
+++ b/postfix.fc +++ b/postfix.fc
@@ -1,38 +1,38 @@ @@ -1,38 +1,38 @@
@ -70579,15 +70599,16 @@ index c0e8785..c0e0959 100644
-/var/spool/postfix/private(/.*)? gen_context(system_u:object_r:postfix_private_t,s0) -/var/spool/postfix/private(/.*)? gen_context(system_u:object_r:postfix_private_t,s0)
-/var/spool/postfix/public(/.*)? gen_context(system_u:object_r:postfix_public_t,s0) -/var/spool/postfix/public(/.*)? gen_context(system_u:object_r:postfix_public_t,s0)
-/var/spool/postfix/bounce(/.*)? gen_context(system_u:object_r:postfix_spool_bounce_t,s0) -/var/spool/postfix/bounce(/.*)? gen_context(system_u:object_r:postfix_spool_bounce_t,s0)
-/var/spool/postfix/flush(/.*)? gen_context(system_u:object_r:postfix_spool_flush_t,s0)
+/var/spool/postfix.* gen_context(system_u:object_r:postfix_spool_t,s0) +/var/spool/postfix.* gen_context(system_u:object_r:postfix_spool_t,s0)
+/var/spool/postfix/deferred(/.*)? gen_context(system_u:object_r:postfix_spool_maildrop_t,s0) +/var/spool/postfix/deferred(/.*)? gen_context(system_u:object_r:postfix_spool_t,s0)
+/var/spool/postfix/defer(/.*)? gen_context(system_u:object_r:postfix_spool_maildrop_t,s0) +/var/spool/postfix/defer(/.*)? gen_context(system_u:object_r:postfix_spool_t,s0)
+/var/spool/postfix/maildrop(/.*)? gen_context(system_u:object_r:postfix_spool_maildrop_t,s0) +/var/spool/postfix/maildrop(/.*)? gen_context(system_u:object_r:postfix_spool_t,s0)
+/var/spool/postfix/pid/.* gen_context(system_u:object_r:postfix_var_run_t,s0) +/var/spool/postfix/pid/.* gen_context(system_u:object_r:postfix_var_run_t,s0)
+/var/spool/postfix/private(/.*)? gen_context(system_u:object_r:postfix_private_t,s0) +/var/spool/postfix/private(/.*)? gen_context(system_u:object_r:postfix_private_t,s0)
+/var/spool/postfix/public(/.*)? gen_context(system_u:object_r:postfix_public_t,s0) +/var/spool/postfix/public(/.*)? gen_context(system_u:object_r:postfix_public_t,s0)
+/var/spool/postfix/bounce(/.*)? gen_context(system_u:object_r:postfix_spool_bounce_t,s0) +/var/spool/postfix/bounce(/.*)? gen_context(system_u:object_r:postfix_spool_bounce_t,s0)
/var/spool/postfix/flush(/.*)? gen_context(system_u:object_r:postfix_spool_flush_t,s0) +/var/spool/postfix/flush(/.*)? gen_context(system_u:object_r:postfix_spool_t,s0)
diff --git a/postfix.if b/postfix.if diff --git a/postfix.if b/postfix.if
index ded95ec..3cf7146 100644 index ded95ec..3cf7146 100644
--- a/postfix.if --- a/postfix.if
@ -97065,10 +97086,10 @@ index 0000000..52450c7
+') +')
diff --git a/smsd.te b/smsd.te diff --git a/smsd.te b/smsd.te
new file mode 100644 new file mode 100644
index 0000000..1fad7b8 index 0000000..d971935
--- /dev/null --- /dev/null
+++ b/smsd.te +++ b/smsd.te
@@ -0,0 +1,73 @@ @@ -0,0 +1,75 @@
+policy_module(smsd, 1.0.0) +policy_module(smsd, 1.0.0)
+ +
+######################################## +########################################
@ -97142,6 +97163,8 @@ index 0000000..1fad7b8
+logging_send_syslog_msg(smsd_t) +logging_send_syslog_msg(smsd_t)
+ +
+sysnet_dns_name_resolve(smsd_t) +sysnet_dns_name_resolve(smsd_t)
+
+term_use_usb_ttys(smsd_t)
diff --git a/smstools.if b/smstools.if diff --git a/smstools.if b/smstools.if
index cbfe369..6594af3 100644 index cbfe369..6594af3 100644
--- a/smstools.if --- a/smstools.if

11
selinux-policy.spec
View File

@ -19,7 +19,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.13.1 Version: 3.13.1
Release: 143%{?dist} Release: 144%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Source: serefpolicy-%{version}.tgz Source: serefpolicy-%{version}.tgz
@ -647,6 +647,15 @@ exit 0
%endif %endif
%changelog %changelog
* Mon Aug 24 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-144
- Allow pmlogger to create pmlogger.primary.socket link file. BZ(1254080)
- Allow NetworkManager send sigkill to dnssec-trigger. BZ(1251764)
- Add interface dnssec_trigger_sigkill
- Allow smsd use usb ttys. BZ(#1250536)
- Fix postfix_spool_maildrop_t,postfix_spool_flush_t contexts in postfix.fc file.
- Revert default_range change in targeted policy
- Allow systemd-sysctl cap. sys_ptrace BZ(1253926)
* Fri Aug 21 2015 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-143 * Fri Aug 21 2015 Miroslav Grepl <mgrepl@redhat.com> 3.13.1-143
- Add ipmievd policy creaed by vmojzis@redhat.com - Add ipmievd policy creaed by vmojzis@redhat.com
- Call kernel_load_module(vmware_host_t) to satisfy neverallow assertion for sys_moudle in MLS where unconfined is disabled. - Call kernel_load_module(vmware_host_t) to satisfy neverallow assertion for sys_moudle in MLS where unconfined is disabled.