rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Fix bug in mozilla policy to allow xguest transition

Browse Source 
- This will fix the
This commit is contained in:
Daniel J Walsh 2008-03-14 21:17:21 +00:00
parent a6e1280791
commit 97081dcb9d
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
policy-20071130.patch
View File

@ -29997,7 +29997,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0) +/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.3.1/policy/modules/system/userdomain.if diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.3.1/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-02-15 09:52:56.000000000 -0500 --- nsaserefpolicy/policy/modules/system/userdomain.if 2008-02-15 09:52:56.000000000 -0500
+++ serefpolicy-3.3.1/policy/modules/system/userdomain.if 2008-03-14 10:48:11.000000000 -0400 +++ serefpolicy-3.3.1/policy/modules/system/userdomain.if 2008-03-14 14:50:39.000000000 -0400
@@ -29,9 +29,14 @@ @@ -29,9 +29,14 @@
') ')
@ -32368,11 +32368,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+# +#
+interface(`userdom_list_user_files',` +interface(`userdom_list_user_files',`
+ gen_require(` + gen_require(`
+ attribute $1_home_type; + attribute user_home_type;
+ ') + ')
+ +
+ allow $2 $1_home_type:dir search_dir_perms; + allow $2 user_home_type:dir search_dir_perms;
+ allow $2 $1_home_type:file getattr; + allow $2 user_home_type:file getattr;
+') +')
+ +
+######################################## +########################################

4
selinux-policy.spec
View File

@ -121,7 +121,7 @@ echo -n > %{buildroot}%{_sysconfdir}/selinux/%1/contexts/customizable_types \
%verify(not mtime) %{_sysconfdir}/selinux/%1/modules/semanage.read.LOCK \ %verify(not mtime) %{_sysconfdir}/selinux/%1/modules/semanage.read.LOCK \
%verify(not mtime) %{_sysconfdir}/selinux/%1/modules/semanage.trans.LOCK \ %verify(not mtime) %{_sysconfdir}/selinux/%1/modules/semanage.trans.LOCK \
%attr(700,root,root) %dir %{_sysconfdir}/selinux/%1/modules/active \ %attr(700,root,root) %dir %{_sysconfdir}/selinux/%1/modules/active \
#%verify(not md5 size mtime) %attr(600,root,root) %config(noreplace) %{_sysconfdir}/selinux/%1/modules/active/ seusers \ #%verify(not md5 size mtime) %attr(600,root,root) %config(noreplace) %{_sysconfdir}/selinux/%1/modules/active/seusers \
%dir %{_sysconfdir}/selinux/%1/policy/ \ %dir %{_sysconfdir}/selinux/%1/policy/ \
%ghost %{_sysconfdir}/selinux/%1/policy/policy.* \ %ghost %{_sysconfdir}/selinux/%1/policy/policy.* \
%dir %{_sysconfdir}/selinux/%1/contexts \ %dir %{_sysconfdir}/selinux/%1/contexts \
@ -252,7 +252,7 @@ SETLOCALDEFS=0
ln -sf ../selinux/config /etc/sysconfig/selinux ln -sf ../selinux/config /etc/sysconfig/selinux
restorecon /etc/selinux/config 2> /dev/null || : restorecon /etc/selinux/config 2> /dev/null || :
else else
. /etc/selinux/config . /etc/selinux/config
# if first time update booleans.local needs to be copied to sandbox # if first time update booleans.local needs to be copied to sandbox
[ -f /etc/selinux/${SELINUXTYPE}/booleans.local ] && mv /etc/selinux/${SELINUXTYPE}/booleans.local /etc/selinux/targeted/modules/active/ [ -f /etc/selinux/${SELINUXTYPE}/booleans.local ] && mv /etc/selinux/${SELINUXTYPE}/booleans.local /etc/selinux/targeted/modules/active/
[ -f /etc/selinux/${SELINUXTYPE}/seusers ] && cp -f /etc/selinux/${SELINUXTYPE}/seusers /etc/selinux/${SELINUXTYPE}/modules/active/seusers [ -f /etc/selinux/${SELINUXTYPE}/seusers ] && cp -f /etc/selinux/${SELINUXTYPE}/seusers /etc/selinux/${SELINUXTYPE}/modules/active/seusers