- Allow kpropd to create tmp files
This commit is contained in:
parent
93dc66eaeb
commit
9850f4d30d
@ -836,6 +836,13 @@ mount = base
|
||||
#
|
||||
mozilla = module
|
||||
|
||||
# Layer: services
|
||||
# Module: nslcd
|
||||
#
|
||||
# Policy for nslcd
|
||||
#
|
||||
nslcd = module
|
||||
|
||||
# Layer: apps
|
||||
# Module: nsplugin
|
||||
#
|
||||
|
134
policy-F12.patch
134
policy-F12.patch
@ -2832,7 +2832,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.6.18/policy/modules/apps/mozilla.te
|
||||
--- nsaserefpolicy/policy/modules/apps/mozilla.te 2009-01-19 11:03:28.000000000 -0500
|
||||
+++ serefpolicy-3.6.18/policy/modules/apps/mozilla.te 2009-06-20 06:49:47.000000000 -0400
|
||||
+++ serefpolicy-3.6.18/policy/modules/apps/mozilla.te 2009-06-24 08:35:55.000000000 -0400
|
||||
@@ -105,6 +105,7 @@
|
||||
# Should not need other ports
|
||||
corenet_dontaudit_tcp_sendrecv_generic_port(mozilla_t)
|
||||
@ -2849,7 +2849,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
logging_send_syslog_msg(mozilla_t)
|
||||
|
||||
@@ -243,6 +245,8 @@
|
||||
@@ -143,6 +145,7 @@
|
||||
userdom_manage_user_tmp_dirs(mozilla_t)
|
||||
userdom_manage_user_tmp_files(mozilla_t)
|
||||
userdom_manage_user_tmp_sockets(mozilla_t)
|
||||
+userdom_use_user_ptys(mozilla_t)
|
||||
|
||||
xserver_user_x_domain_template(mozilla, mozilla_t, mozilla_tmpfs_t)
|
||||
xserver_dontaudit_read_xdm_tmp_files(mozilla_t)
|
||||
@@ -243,6 +246,8 @@
|
||||
|
||||
optional_policy(`
|
||||
gnome_stream_connect_gconf(mozilla_t)
|
||||
@ -2858,7 +2866,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -263,5 +267,10 @@
|
||||
@@ -263,5 +268,10 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -14343,7 +14351,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
########################################
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.6.18/policy/modules/services/kerberos.te
|
||||
--- nsaserefpolicy/policy/modules/services/kerberos.te 2009-03-23 13:47:11.000000000 -0400
|
||||
+++ serefpolicy-3.6.18/policy/modules/services/kerberos.te 2009-06-20 06:49:47.000000000 -0400
|
||||
+++ serefpolicy-3.6.18/policy/modules/services/kerberos.te 2009-06-23 16:51:48.000000000 -0400
|
||||
@@ -33,6 +33,7 @@
|
||||
type kpropd_t;
|
||||
type kpropd_exec_t;
|
||||
@ -14362,13 +14370,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
########################################
|
||||
#
|
||||
# kadmind local policy
|
||||
@@ -281,7 +285,9 @@
|
||||
@@ -281,7 +285,13 @@
|
||||
|
||||
allow kpropd_t krb5_keytab_t:file read_file_perms;
|
||||
|
||||
+manage_files_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_lock_t)
|
||||
manage_files_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_principal_t)
|
||||
+filetrans_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_lock_t, file)
|
||||
+
|
||||
+manage_dirs_pattern(kpropd_t, krb5kdc_tmp_t, krb5kdc_tmp_t)
|
||||
+manage_files_pattern(kpropd_t, krb5kdc_tmp_t, krb5kdc_tmp_t)
|
||||
+files_tmp_filetrans(kpropd_t, krb5kdc_tmp_t, { file dir })
|
||||
|
||||
corecmd_exec_bin(kpropd_t)
|
||||
|
||||
@ -16949,8 +16961,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+/var/lib/misc/PolicyKit.reload gen_context(system_u:object_r:polkit_reload_t,s0)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.if serefpolicy-3.6.18/policy/modules/services/polkit.if
|
||||
--- nsaserefpolicy/policy/modules/services/polkit.if 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ serefpolicy-3.6.18/policy/modules/services/polkit.if 2009-06-20 06:49:47.000000000 -0400
|
||||
@@ -0,0 +1,241 @@
|
||||
+++ serefpolicy-3.6.18/policy/modules/services/polkit.if 2009-06-24 08:29:05.000000000 -0400
|
||||
@@ -0,0 +1,242 @@
|
||||
+
|
||||
+## <summary>policy for polkit_auth</summary>
|
||||
+
|
||||
@ -17170,6 +17182,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+ polkit_run_grant($2, $1)
|
||||
+ polkit_read_lib($2)
|
||||
+ polkit_read_reload($2)
|
||||
+ polkit_dbus_chat($2)
|
||||
+')
|
||||
+
|
||||
+########################################
|
||||
@ -23396,7 +23409,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
/var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.6.18/policy/modules/services/xserver.if
|
||||
--- nsaserefpolicy/policy/modules/services/xserver.if 2009-01-05 15:39:43.000000000 -0500
|
||||
+++ serefpolicy-3.6.18/policy/modules/services/xserver.if 2009-06-20 06:49:47.000000000 -0400
|
||||
+++ serefpolicy-3.6.18/policy/modules/services/xserver.if 2009-06-24 08:47:55.000000000 -0400
|
||||
@@ -90,7 +90,7 @@
|
||||
allow $2 xauth_home_t:file manage_file_perms;
|
||||
allow $2 xauth_home_t:file { relabelfrom relabelto };
|
||||
@ -23689,7 +23702,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
domtrans_pattern($1, xserver_exec_t, xserver_t)
|
||||
')
|
||||
|
||||
@@ -1159,6 +1263,275 @@
|
||||
@@ -1159,6 +1263,276 @@
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
@ -23859,6 +23872,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+ xserver_read_xdm_tmp_files($1)
|
||||
+ xserver_xdm_stream_connect($1)
|
||||
+ xserver_setattr_xdm_tmp_dirs($1)
|
||||
+ xserver_read_xdm_pid($1)
|
||||
+
|
||||
+ allow $1 xdm_t:x_client { getattr destroy };
|
||||
+ allow $1 xdm_t:x_drawable { read receive get_property getattr send list_child add_child };
|
||||
@ -23965,7 +23979,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
## Interface to provide X object permissions on a given X server to
|
||||
## an X client domain. Gives the domain complete control over the
|
||||
## display.
|
||||
@@ -1172,7 +1545,103 @@
|
||||
@@ -1172,7 +1546,103 @@
|
||||
interface(`xserver_unconfined',`
|
||||
gen_require(`
|
||||
attribute xserver_unconfined_type;
|
||||
@ -29177,7 +29191,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+/dev/shm/mono.* gen_context(system_u:object_r:user_tmpfs_t,s0)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.18/policy/modules/system/userdomain.if
|
||||
--- nsaserefpolicy/policy/modules/system/userdomain.if 2009-01-19 11:07:34.000000000 -0500
|
||||
+++ serefpolicy-3.6.18/policy/modules/system/userdomain.if 2009-06-20 06:49:47.000000000 -0400
|
||||
+++ serefpolicy-3.6.18/policy/modules/system/userdomain.if 2009-06-24 08:35:26.000000000 -0400
|
||||
@@ -30,8 +30,9 @@
|
||||
')
|
||||
|
||||
@ -30100,18 +30114,28 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
logging_dontaudit_send_audit_msgs($1_t)
|
||||
|
||||
# Need to to this just so screensaver will work. Should be moved to screensaver domain
|
||||
@@ -899,28 +961,33 @@
|
||||
@@ -899,28 +961,43 @@
|
||||
selinux_get_enforce_mode($1_t)
|
||||
|
||||
optional_policy(`
|
||||
- alsa_read_rw_config($1_t)
|
||||
+ alsa_read_rw_config($1_usertype)
|
||||
+ ')
|
||||
+
|
||||
+ optional_policy(`
|
||||
+ apache_role($1_r, $1_usertype)
|
||||
+ ')
|
||||
+
|
||||
+ optional_policy(`
|
||||
+ devicekit_dbus_chat($1_usertype)
|
||||
+ devicekit_power_dbus_chat($1_usertype)
|
||||
+ devicekit_disk_dbus_chat($1_usertype)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
- dbus_role_template($1, $1_r, $1_t)
|
||||
- dbus_system_bus_client($1_t)
|
||||
+ apache_role($1_r, $1_usertype)
|
||||
+ gnomeclock_dbus_chat($1_t)
|
||||
+ ')
|
||||
|
||||
optional_policy(`
|
||||
@ -30141,7 +30165,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
')
|
||||
|
||||
@@ -954,8 +1021,8 @@
|
||||
@@ -954,8 +1031,8 @@
|
||||
# Declarations
|
||||
#
|
||||
|
||||
@ -30151,7 +30175,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
userdom_common_user_template($1)
|
||||
|
||||
##############################
|
||||
@@ -964,11 +1031,12 @@
|
||||
@@ -964,11 +1041,12 @@
|
||||
#
|
||||
|
||||
# port access is audited even if dac would not have allowed it, so dontaudit it here
|
||||
@ -30166,7 +30190,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
# cjp: why?
|
||||
files_read_kernel_symbol_table($1_t)
|
||||
|
||||
@@ -986,37 +1054,55 @@
|
||||
@@ -986,37 +1064,55 @@
|
||||
')
|
||||
')
|
||||
|
||||
@ -30236,7 +30260,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
#######################################
|
||||
@@ -1050,7 +1136,7 @@
|
||||
@@ -1050,7 +1146,7 @@
|
||||
#
|
||||
template(`userdom_admin_user_template',`
|
||||
gen_require(`
|
||||
@ -30245,7 +30269,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
##############################
|
||||
@@ -1059,8 +1145,7 @@
|
||||
@@ -1059,8 +1155,7 @@
|
||||
#
|
||||
|
||||
# Inherit rules for ordinary users.
|
||||
@ -30255,7 +30279,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
domain_obj_id_change_exemption($1_t)
|
||||
role system_r types $1_t;
|
||||
@@ -1083,7 +1168,8 @@
|
||||
@@ -1083,7 +1178,8 @@
|
||||
# Skip authentication when pam_rootok is specified.
|
||||
allow $1_t self:passwd rootok;
|
||||
|
||||
@ -30265,7 +30289,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
kernel_read_software_raid_state($1_t)
|
||||
kernel_getattr_core_if($1_t)
|
||||
@@ -1099,6 +1185,7 @@
|
||||
@@ -1099,6 +1195,7 @@
|
||||
kernel_sigstop_unlabeled($1_t)
|
||||
kernel_signull_unlabeled($1_t)
|
||||
kernel_sigchld_unlabeled($1_t)
|
||||
@ -30273,7 +30297,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
corenet_tcp_bind_generic_port($1_t)
|
||||
# allow setting up tunnels
|
||||
@@ -1106,8 +1193,6 @@
|
||||
@@ -1106,8 +1203,6 @@
|
||||
|
||||
dev_getattr_generic_blk_files($1_t)
|
||||
dev_getattr_generic_chr_files($1_t)
|
||||
@ -30282,7 +30306,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
# Allow MAKEDEV to work
|
||||
dev_create_all_blk_files($1_t)
|
||||
dev_create_all_chr_files($1_t)
|
||||
@@ -1162,20 +1247,6 @@
|
||||
@@ -1162,20 +1257,6 @@
|
||||
# But presently necessary for installing the file_contexts file.
|
||||
seutil_manage_bin_policy($1_t)
|
||||
|
||||
@ -30303,7 +30327,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
optional_policy(`
|
||||
postgresql_unconfined($1_t)
|
||||
')
|
||||
@@ -1221,6 +1292,7 @@
|
||||
@@ -1221,6 +1302,7 @@
|
||||
dev_relabel_all_dev_nodes($1)
|
||||
|
||||
files_create_boot_flag($1)
|
||||
@ -30311,7 +30335,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
# Necessary for managing /boot/efi
|
||||
fs_manage_dos_files($1)
|
||||
@@ -1286,11 +1358,15 @@
|
||||
@@ -1286,11 +1368,15 @@
|
||||
interface(`userdom_user_home_content',`
|
||||
gen_require(`
|
||||
type user_home_t;
|
||||
@ -30327,7 +30351,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -1387,7 +1463,7 @@
|
||||
@@ -1387,7 +1473,7 @@
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
@ -30336,7 +30360,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
@@ -1420,6 +1496,14 @@
|
||||
@@ -1420,6 +1506,14 @@
|
||||
|
||||
allow $1 user_home_dir_t:dir list_dir_perms;
|
||||
files_search_home($1)
|
||||
@ -30351,7 +30375,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -1435,9 +1519,11 @@
|
||||
@@ -1435,9 +1529,11 @@
|
||||
interface(`userdom_dontaudit_list_user_home_dirs',`
|
||||
gen_require(`
|
||||
type user_home_dir_t;
|
||||
@ -30363,7 +30387,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -1494,6 +1580,25 @@
|
||||
@@ -1494,6 +1590,25 @@
|
||||
allow $1 user_home_dir_t:dir relabelto;
|
||||
')
|
||||
|
||||
@ -30389,7 +30413,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
########################################
|
||||
## <summary>
|
||||
## Create directories in the home dir root with
|
||||
@@ -1568,6 +1673,8 @@
|
||||
@@ -1568,6 +1683,8 @@
|
||||
')
|
||||
|
||||
dontaudit $1 user_home_t:dir search_dir_perms;
|
||||
@ -30398,7 +30422,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -1643,6 +1750,7 @@
|
||||
@@ -1643,6 +1760,7 @@
|
||||
type user_home_dir_t, user_home_t;
|
||||
')
|
||||
|
||||
@ -30406,7 +30430,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
read_files_pattern($1, { user_home_dir_t user_home_t }, user_home_t)
|
||||
files_search_home($1)
|
||||
')
|
||||
@@ -1741,30 +1849,80 @@
|
||||
@@ -1741,30 +1859,80 @@
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
@ -30497,7 +30521,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -1787,6 +1945,46 @@
|
||||
@@ -1787,6 +1955,46 @@
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
@ -30544,7 +30568,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
## Create, read, write, and delete files
|
||||
## in a user home subdirectory.
|
||||
## </summary>
|
||||
@@ -1799,6 +1997,7 @@
|
||||
@@ -1799,6 +2007,7 @@
|
||||
interface(`userdom_manage_user_home_content_files',`
|
||||
gen_require(`
|
||||
type user_home_dir_t, user_home_t;
|
||||
@ -30552,7 +30576,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
manage_files_pattern($1, user_home_t, user_home_t)
|
||||
@@ -2328,7 +2527,7 @@
|
||||
@@ -2328,7 +2537,7 @@
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
@ -30561,7 +30585,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
@@ -2682,16 +2881,17 @@
|
||||
@@ -2682,11 +2891,32 @@
|
||||
#
|
||||
interface(`userdom_search_user_home_content',`
|
||||
gen_require(`
|
||||
@ -30573,35 +30597,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
files_list_home($1)
|
||||
- allow $1 { user_home_dir_t user_home_t }:dir search_dir_perms;
|
||||
+ allow $1 { user_home_dir_t user_home_type }:dir search_dir_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
-## Send general signals to unprivileged user domains.
|
||||
+## List users home directories.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
@@ -2699,12 +2899,32 @@
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
-interface(`userdom_signal_unpriv_users',`
|
||||
+interface(`userdom_list_user_home_content',`
|
||||
gen_require(`
|
||||
- attribute unpriv_userdomain;
|
||||
+ type user_home_dir_t;
|
||||
+ attribute user_home_type;
|
||||
')
|
||||
|
||||
- allow $1 unpriv_userdomain:process signal;
|
||||
+ files_list_home($1)
|
||||
+ allow $1 { user_home_dir_t user_home_type }:dir list_dir_perms;
|
||||
+')
|
||||
+
|
||||
+########################################
|
||||
+## <summary>
|
||||
+## Send general signals to unprivileged user domains.
|
||||
+## List users home directories.
|
||||
+## </summary>
|
||||
+## <param name="domain">
|
||||
+## <summary>
|
||||
@ -30609,16 +30609,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+## </summary>
|
||||
+## </param>
|
||||
+#
|
||||
+interface(`userdom_signal_unpriv_users',`
|
||||
+interface(`userdom_list_user_home_content',`
|
||||
+ gen_require(`
|
||||
+ attribute unpriv_userdomain;
|
||||
+ type user_home_dir_t;
|
||||
+ attribute user_home_type;
|
||||
+ ')
|
||||
+
|
||||
+ allow $1 unpriv_userdomain:process signal;
|
||||
+ files_list_home($1)
|
||||
+ allow $1 { user_home_dir_t user_home_type }:dir list_dir_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -2814,7 +3034,25 @@
|
||||
@@ -2814,7 +3044,25 @@
|
||||
type user_tmp_t;
|
||||
')
|
||||
|
||||
@ -30645,7 +30647,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -2851,6 +3089,7 @@
|
||||
@@ -2851,6 +3099,7 @@
|
||||
')
|
||||
|
||||
read_files_pattern($1,userdomain,userdomain)
|
||||
@ -30653,7 +30655,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
kernel_search_proc($1)
|
||||
')
|
||||
|
||||
@@ -2981,3 +3220,481 @@
|
||||
@@ -2981,3 +3230,481 @@
|
||||
|
||||
allow $1 userdomain:dbus send_msg;
|
||||
')
|
||||
|
@ -20,7 +20,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.6.19
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
@ -295,7 +295,7 @@ Summary: SELinux targeted base policy
|
||||
Provides: selinux-policy-base
|
||||
Group: System Environment/Base
|
||||
Obsoletes: selinux-policy-targeted-sources < 2
|
||||
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
|
||||
Requires(pre): policycoreutils-python >= %{POLICYCOREUTILSVER}
|
||||
Requires(pre): coreutils
|
||||
Requires(pre): selinux-policy = %{version}-%{release}
|
||||
Conflicts: audispd-plugins <= 1.7.7-1
|
||||
@ -381,7 +381,7 @@ exit 0
|
||||
Summary: SELinux minimum base policy
|
||||
Provides: selinux-policy-base
|
||||
Group: System Environment/Base
|
||||
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
|
||||
Requires(pre): policycoreutils-python >= %{POLICYCOREUTILSVER}
|
||||
Requires(pre): coreutils
|
||||
Requires(pre): selinux-policy = %{version}-%{release}
|
||||
|
||||
@ -415,7 +415,7 @@ exit 0
|
||||
Summary: SELinux olpc base policy
|
||||
Group: System Environment/Base
|
||||
Provides: selinux-policy-base
|
||||
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
|
||||
Requires(pre): policycoreutils-python >= %{POLICYCOREUTILSVER}
|
||||
Requires(pre): coreutils
|
||||
Requires(pre): selinux-policy = %{version}-%{release}
|
||||
|
||||
@ -446,7 +446,7 @@ Group: System Environment/Base
|
||||
Provides: selinux-policy-base
|
||||
Obsoletes: selinux-policy-mls-sources < 2
|
||||
Requires: policycoreutils-newrole >= %{POLICYCOREUTILSVER} setransd
|
||||
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
|
||||
Requires(pre): policycoreutils-python >= %{POLICYCOREUTILSVER}
|
||||
Requires(pre): coreutils
|
||||
Requires(pre): selinux-policy = %{version}-%{release}
|
||||
|
||||
@ -473,6 +473,9 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Jun 23 2009 Dan Walsh <dwalsh@redhat.com> 3.6.19-3
|
||||
- Allow kpropd to create tmp files
|
||||
|
||||
* Tue Jun 23 2009 Dan Walsh <dwalsh@redhat.com> 3.6.19-2
|
||||
- Fix last duplicate /var/log/rpmpkgs
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user