- Fix bug in mozilla policy to allow xguest transition
- This will fix the
This commit is contained in:
parent
a6e1280791
commit
97081dcb9d
@ -29997,7 +29997,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
||||
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.3.1/policy/modules/system/userdomain.if
|
||||
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-02-15 09:52:56.000000000 -0500
|
||||
+++ serefpolicy-3.3.1/policy/modules/system/userdomain.if 2008-03-14 10:48:11.000000000 -0400
|
||||
+++ serefpolicy-3.3.1/policy/modules/system/userdomain.if 2008-03-14 14:50:39.000000000 -0400
|
||||
@@ -29,9 +29,14 @@
|
||||
')
|
||||
|
||||
@ -32368,11 +32368,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
||||
+#
|
||||
+interface(`userdom_list_user_files',`
|
||||
+ gen_require(`
|
||||
+ attribute $1_home_type;
|
||||
+ attribute user_home_type;
|
||||
+ ')
|
||||
+
|
||||
+ allow $2 $1_home_type:dir search_dir_perms;
|
||||
+ allow $2 $1_home_type:file getattr;
|
||||
+ allow $2 user_home_type:dir search_dir_perms;
|
||||
+ allow $2 user_home_type:file getattr;
|
||||
+')
|
||||
+
|
||||
+########################################
|
||||
|
@ -121,7 +121,7 @@ echo -n > %{buildroot}%{_sysconfdir}/selinux/%1/contexts/customizable_types \
|
||||
%verify(not mtime) %{_sysconfdir}/selinux/%1/modules/semanage.read.LOCK \
|
||||
%verify(not mtime) %{_sysconfdir}/selinux/%1/modules/semanage.trans.LOCK \
|
||||
%attr(700,root,root) %dir %{_sysconfdir}/selinux/%1/modules/active \
|
||||
#%verify(not md5 size mtime) %attr(600,root,root) %config(noreplace) %{_sysconfdir}/selinux/%1/modules/active/ seusers \
|
||||
#%verify(not md5 size mtime) %attr(600,root,root) %config(noreplace) %{_sysconfdir}/selinux/%1/modules/active/seusers \
|
||||
%dir %{_sysconfdir}/selinux/%1/policy/ \
|
||||
%ghost %{_sysconfdir}/selinux/%1/policy/policy.* \
|
||||
%dir %{_sysconfdir}/selinux/%1/contexts \
|
||||
@ -252,7 +252,7 @@ SETLOCALDEFS=0
|
||||
ln -sf ../selinux/config /etc/sysconfig/selinux
|
||||
restorecon /etc/selinux/config 2> /dev/null || :
|
||||
else
|
||||
. /etc/selinux/config
|
||||
. /etc/selinux/config
|
||||
# if first time update booleans.local needs to be copied to sandbox
|
||||
[ -f /etc/selinux/${SELINUXTYPE}/booleans.local ] && mv /etc/selinux/${SELINUXTYPE}/booleans.local /etc/selinux/targeted/modules/active/
|
||||
[ -f /etc/selinux/${SELINUXTYPE}/seusers ] && cp -f /etc/selinux/${SELINUXTYPE}/seusers /etc/selinux/${SELINUXTYPE}/modules/active/seusers
|
||||
|
Loading…
Reference in New Issue
Block a user