- Add context for dbus machine id
This commit is contained in:
Daniel J Walsh
parent
2fac1d6655
commit
9c038630bf
|
|
@ -143,6 +143,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 sere
|
|||
.TP
|
||||
chcon -t public_content_rw_t /var/ftp/incoming
|
||||
.TP
|
||||
Binary files nsaserefpolicy/myaudit.pp and serefpolicy-3.0.4/myaudit.pp differ
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-3.0.4/policy/flask/access_vectors
|
||||
--- nsaserefpolicy/policy/flask/access_vectors 2007-07-25 10:37:36.000000000 -0400
|
||||
+++ serefpolicy-3.0.4/policy/flask/access_vectors 2007-07-25 13:27:51.000000000 -0400
|
||||
|
|
@ -1616,7 +1617,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te
|
|||
+')
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.te serefpolicy-3.0.4/policy/modules/apps/loadkeys.te
|
||||
--- nsaserefpolicy/policy/modules/apps/loadkeys.te 2007-05-29 14:10:48.000000000 -0400
|
||||
+++ serefpolicy-3.0.4/policy/modules/apps/loadkeys.te 2007-07-25 13:27:51.000000000 -0400
|
||||
+++ serefpolicy-3.0.4/policy/modules/apps/loadkeys.te 2007-07-27 11:58:52.000000000 -0400
|
||||
@@ -30,7 +30,7 @@
|
||||
files_read_etc_runtime_files(loadkeys_t)
|
||||
|
||||
term_dontaudit_use_console(loadkeys_t)
|
||||
-term_dontaudit_use_unallocated_ttys(loadkeys_t)
|
||||
+term_use_unallocated_ttys(loadkeys_t)
|
||||
|
||||
init_dontaudit_use_script_ptys(loadkeys_t)
|
||||
|
||||
@@ -40,3 +40,8 @@
|
||||
locallogin_use_fds(loadkeys_t)
|
||||
|
||||
|
|
@ -2926,7 +2936,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amav
|
|||
optional_policy(`
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.0.4/policy/modules/services/apache.fc
|
||||
--- nsaserefpolicy/policy/modules/services/apache.fc 2007-05-29 14:10:57.000000000 -0400
|
||||
+++ serefpolicy-3.0.4/policy/modules/services/apache.fc 2007-07-25 13:27:51.000000000 -0400
|
||||
+++ serefpolicy-3.0.4/policy/modules/services/apache.fc 2007-07-26 14:42:51.000000000 -0400
|
||||
@@ -16,7 +16,6 @@
|
||||
|
||||
/usr/lib/apache-ssl/.+ -- gen_context(system_u:object_r:httpd_exec_t,s0)
|
||||
|
|
@ -2935,8 +2945,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
|
|||
/usr/lib(64)?/apache(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0)
|
||||
/usr/lib(64)?/apache2/modules(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0)
|
||||
/usr/lib(64)?/apache(2)?/suexec(2)? -- gen_context(system_u:object_r:httpd_suexec_exec_t,s0)
|
||||
@@ -73,3 +72,11 @@
|
||||
@@ -71,5 +70,14 @@
|
||||
|
||||
/var/www(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
|
||||
/var/www/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
|
||||
+/var/www/[^/]*/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
|
||||
/var/www/icons(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
|
||||
/var/www/perl(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
|
||||
+
|
||||
|
|
@ -3248,7 +3261,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
|
|||
+')
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.0.4/policy/modules/services/apache.te
|
||||
--- nsaserefpolicy/policy/modules/services/apache.te 2007-07-25 10:37:42.000000000 -0400
|
||||
+++ serefpolicy-3.0.4/policy/modules/services/apache.te 2007-07-26 10:06:52.000000000 -0400
|
||||
+++ serefpolicy-3.0.4/policy/modules/services/apache.te 2007-07-26 13:46:18.000000000 -0400
|
||||
@@ -30,6 +30,13 @@
|
||||
|
||||
## <desc>
|
||||
|
|
@ -3277,6 +3290,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
|
|||
gen_tunable(httpd_can_network_connect,false)
|
||||
|
||||
## <desc>
|
||||
@@ -97,7 +111,7 @@
|
||||
## Allow http daemon to communicate with the TTY
|
||||
## </p>
|
||||
## </desc>
|
||||
-gen_tunable(httpd_tty_comm,false)
|
||||
+gen_tunable(httpd_tty_comm,true)
|
||||
|
||||
## <desc>
|
||||
## <p>
|
||||
@@ -106,6 +120,27 @@
|
||||
## </desc>
|
||||
gen_tunable(httpd_unified,false)
|
||||
|
|
@ -4632,9 +4654,21 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.
|
|||
|
||||
miscfiles_read_localization(cvs_t)
|
||||
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.fc serefpolicy-3.0.4/policy/modules/services/dbus.fc
|
||||
--- nsaserefpolicy/policy/modules/services/dbus.fc 2007-05-29 14:10:57.000000000 -0400
|
||||
+++ serefpolicy-3.0.4/policy/modules/services/dbus.fc 2007-07-26 15:13:25.000000000 -0400
|
||||
@@ -5,6 +5,8 @@
|
||||
/bin/dbus-daemon -- gen_context(system_u:object_r:system_dbusd_exec_t,s0)
|
||||
/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
|
||||
|
||||
+/var/lib/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_lib_t,s0)
|
||||
+
|
||||
ifdef(`distro_redhat',`
|
||||
/var/named/chroot/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
|
||||
')
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.0.4/policy/modules/services/dbus.if
|
||||
--- nsaserefpolicy/policy/modules/services/dbus.if 2007-07-03 07:06:27.000000000 -0400
|
||||
+++ serefpolicy-3.0.4/policy/modules/services/dbus.if 2007-07-25 13:27:51.000000000 -0400
|
||||
+++ serefpolicy-3.0.4/policy/modules/services/dbus.if 2007-07-26 15:16:07.000000000 -0400
|
||||
@@ -50,6 +50,12 @@
|
||||
## </param>
|
||||
#
|
||||
|
|
@ -4676,7 +4710,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
|
|||
auth_read_pam_console_data($1_dbusd_t)
|
||||
|
||||
libs_use_ld_so($1_dbusd_t)
|
||||
@@ -205,6 +225,7 @@
|
||||
@@ -193,6 +213,7 @@
|
||||
gen_require(`
|
||||
type system_dbusd_t, system_dbusd_t;
|
||||
type system_dbusd_var_run_t;
|
||||
+ type system_dbusd_var_lib_t;
|
||||
class dbus send_msg;
|
||||
')
|
||||
|
||||
@@ -202,9 +223,12 @@
|
||||
# SE-DBus specific permissions
|
||||
allow $1_dbusd_system_t { system_dbusd_t self }:dbus send_msg;
|
||||
|
||||
+ read_files_pattern($2,system_dbusd_var_lib_t,system_dbusd_var_lib_t)
|
||||
+
|
||||
# For connecting to the bus
|
||||
files_search_pids($2)
|
||||
stream_connect_pattern($2,system_dbusd_var_run_t,system_dbusd_var_run_t,system_dbusd_t)
|
||||
|
|
@ -4684,7 +4731,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
|
|||
')
|
||||
|
||||
#######################################
|
||||
@@ -271,6 +292,32 @@
|
||||
@@ -271,6 +295,32 @@
|
||||
allow $2 $1_dbusd_t:dbus send_msg;
|
||||
')
|
||||
|
||||
|
|
@ -4717,7 +4764,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
|
|||
########################################
|
||||
## <summary>
|
||||
## Read dbus configuration.
|
||||
@@ -286,6 +333,7 @@
|
||||
@@ -286,6 +336,7 @@
|
||||
type dbusd_etc_t;
|
||||
')
|
||||
|
||||
|
|
@ -4725,7 +4772,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
|
|||
allow $1 dbusd_etc_t:file read_file_perms;
|
||||
')
|
||||
|
||||
@@ -346,3 +394,23 @@
|
||||
@@ -346,3 +397,23 @@
|
||||
|
||||
allow $1 system_dbusd_t:dbus *;
|
||||
')
|
||||
|
|
@ -4749,6 +4796,28 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
|
|||
+')
|
||||
+
|
||||
+
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.0.4/policy/modules/services/dbus.te
|
||||
--- nsaserefpolicy/policy/modules/services/dbus.te 2007-07-25 10:37:42.000000000 -0400
|
||||
+++ serefpolicy-3.0.4/policy/modules/services/dbus.te 2007-07-26 15:12:13.000000000 -0400
|
||||
@@ -23,6 +23,9 @@
|
||||
type system_dbusd_var_run_t;
|
||||
files_pid_file(system_dbusd_var_run_t)
|
||||
|
||||
+type system_dbusd_var_lib_t;
|
||||
+files_pid_file(system_dbusd_var_lib_t)
|
||||
+
|
||||
##############################
|
||||
#
|
||||
# Local policy
|
||||
@@ -48,6 +51,8 @@
|
||||
manage_files_pattern(system_dbusd_t,system_dbusd_tmp_t,system_dbusd_tmp_t)
|
||||
files_tmp_filetrans(system_dbusd_t, system_dbusd_tmp_t, { file dir })
|
||||
|
||||
+read_files_pattern(system_dbusd_t,system_dbusd_var_lib_t,system_dbusd_var_lib_t)
|
||||
+
|
||||
manage_files_pattern(system_dbusd_t,system_dbusd_var_run_t,system_dbusd_var_run_t)
|
||||
manage_sock_files_pattern(system_dbusd_t,system_dbusd_var_run_t,system_dbusd_var_run_t)
|
||||
files_pid_filetrans(system_dbusd_t,system_dbusd_var_run_t,file)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.te serefpolicy-3.0.4/policy/modules/services/dhcp.te
|
||||
--- nsaserefpolicy/policy/modules/services/dhcp.te 2007-07-25 10:37:42.000000000 -0400
|
||||
+++ serefpolicy-3.0.4/policy/modules/services/dhcp.te 2007-07-25 13:27:51.000000000 -0400
|
||||
|
|
@ -7663,7 +7732,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||
')
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.0.4/policy/modules/system/authlogin.if
|
||||
--- nsaserefpolicy/policy/modules/system/authlogin.if 2007-07-25 10:37:42.000000000 -0400
|
||||
+++ serefpolicy-3.0.4/policy/modules/system/authlogin.if 2007-07-26 10:17:19.000000000 -0400
|
||||
+++ serefpolicy-3.0.4/policy/modules/system/authlogin.if 2007-07-27 13:58:33.000000000 -0400
|
||||
@@ -26,7 +26,8 @@
|
||||
type $1_chkpwd_t, can_read_shadow_passwords;
|
||||
application_domain($1_chkpwd_t,chkpwd_exec_t)
|
||||
|
|
@ -7823,7 +7892,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||
files_list_var_lib($1)
|
||||
|
||||
miscfiles_read_certs($1)
|
||||
@@ -1381,3 +1437,166 @@
|
||||
@@ -1381,3 +1437,163 @@
|
||||
typeattribute $1 can_write_shadow_passwords;
|
||||
typeattribute $1 can_relabelto_shadow_passwords;
|
||||
')
|
||||
|
|
@ -7899,10 +7968,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||
+ type updpwd_t, updpwd_exec_t;
|
||||
+ ')
|
||||
+
|
||||
+ domain_auto_trans($1,updpwd_exec_t,updpwd_t)
|
||||
+ allow updpwd_t $1:fd use;
|
||||
+ allow updpwd_t $1:fifo_file rw_file_perms;
|
||||
+ allow updpwd_t $1:process sigchld;
|
||||
+ domtrans_pattern($1,updpwd_exec_t,updpwd_t)
|
||||
+ auth_dontaudit_read_shadow($1)
|
||||
+
|
||||
+')
|
||||
|
|
@ -7992,7 +8058,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||
+
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.0.4/policy/modules/system/authlogin.te
|
||||
--- nsaserefpolicy/policy/modules/system/authlogin.te 2007-07-25 10:37:42.000000000 -0400
|
||||
+++ serefpolicy-3.0.4/policy/modules/system/authlogin.te 2007-07-25 13:27:51.000000000 -0400
|
||||
+++ serefpolicy-3.0.4/policy/modules/system/authlogin.te 2007-07-27 13:45:53.000000000 -0400
|
||||
@@ -9,6 +9,13 @@
|
||||
attribute can_read_shadow_passwords;
|
||||
attribute can_write_shadow_passwords;
|
||||
|
|
@ -8007,7 +8073,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||
|
||||
type chkpwd_exec_t;
|
||||
application_executable_file(chkpwd_exec_t)
|
||||
@@ -159,6 +166,8 @@
|
||||
@@ -67,6 +74,10 @@
|
||||
authlogin_common_auth_domain_template(system)
|
||||
role system_r types system_chkpwd_t;
|
||||
|
||||
+# Read only version of updpwd
|
||||
+domain_entry_file(system_chkpwd_t,updpwd_exec_t)
|
||||
+
|
||||
+
|
||||
########################################
|
||||
#
|
||||
# PAM local policy
|
||||
@@ -159,6 +170,8 @@
|
||||
dev_setattr_mouse_dev(pam_console_t)
|
||||
dev_getattr_power_mgmt_dev(pam_console_t)
|
||||
dev_setattr_power_mgmt_dev(pam_console_t)
|
||||
|
|
@ -8016,7 +8093,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||
dev_getattr_scanner_dev(pam_console_t)
|
||||
dev_setattr_scanner_dev(pam_console_t)
|
||||
dev_getattr_sound_dev(pam_console_t)
|
||||
@@ -236,7 +245,7 @@
|
||||
@@ -236,7 +249,7 @@
|
||||
|
||||
optional_policy(`
|
||||
xserver_read_xdm_pid(pam_console_t)
|
||||
|
|
@ -8025,7 +8102,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||
')
|
||||
|
||||
########################################
|
||||
@@ -302,3 +311,30 @@
|
||||
@@ -302,3 +315,30 @@
|
||||
xserver_use_xdm_fds(utempter_t)
|
||||
xserver_rw_xdm_pipes(utempter_t)
|
||||
')
|
||||
|
|
@ -8093,7 +8170,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/brctl.
|
|||
+')
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/brctl.te serefpolicy-3.0.4/policy/modules/system/brctl.te
|
||||
--- nsaserefpolicy/policy/modules/system/brctl.te 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ serefpolicy-3.0.4/policy/modules/system/brctl.te 2007-07-25 16:13:13.000000000 -0400
|
||||
+++ serefpolicy-3.0.4/policy/modules/system/brctl.te 2007-07-27 13:35:00.000000000 -0400
|
||||
@@ -0,0 +1,50 @@
|
||||
+policy_module(brctl,1.0.0)
|
||||
+
|
||||
|
|
@ -8117,7 +8194,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/brctl.
|
|||
+allow brctl_t self:tcp_socket create_socket_perms;
|
||||
+allow brctl_t self:unix_dgram_socket create_socket_perms;
|
||||
+
|
||||
+dev_list_sysfs(brctl_t)
|
||||
+dev_read_sysfs(brctl_t)
|
||||
+
|
||||
+# Init script handling
|
||||
+domain_use_interactive_fds(brctl_t)
|
||||
|
|
@ -8353,7 +8430,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostna
|
|||
+')
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.0.4/policy/modules/system/init.if
|
||||
--- nsaserefpolicy/policy/modules/system/init.if 2007-07-25 10:37:42.000000000 -0400
|
||||
+++ serefpolicy-3.0.4/policy/modules/system/init.if 2007-07-25 13:27:51.000000000 -0400
|
||||
+++ serefpolicy-3.0.4/policy/modules/system/init.if 2007-07-26 13:45:02.000000000 -0400
|
||||
@@ -194,9 +194,13 @@
|
||||
gen_require(`
|
||||
type initrc_t;
|
||||
|
|
@ -8982,7 +9059,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
|
|||
+
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.0.4/policy/modules/system/logging.te
|
||||
--- nsaserefpolicy/policy/modules/system/logging.te 2007-07-25 10:37:42.000000000 -0400
|
||||
+++ serefpolicy-3.0.4/policy/modules/system/logging.te 2007-07-25 13:27:51.000000000 -0400
|
||||
+++ serefpolicy-3.0.4/policy/modules/system/logging.te 2007-07-26 14:57:10.000000000 -0400
|
||||
@@ -7,10 +7,15 @@
|
||||
#
|
||||
|
||||
|
|
@ -9015,7 +9092,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
|
|||
type syslogd_var_run_t;
|
||||
files_pid_file(syslogd_var_run_t)
|
||||
|
||||
@@ -59,19 +70,23 @@
|
||||
@@ -59,19 +70,25 @@
|
||||
init_ranged_daemon_domain(auditd_t,auditd_exec_t,mls_systemhigh)
|
||||
')
|
||||
|
||||
|
|
@ -9027,12 +9104,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
|
|||
+
|
||||
########################################
|
||||
#
|
||||
# Auditd local policy
|
||||
-# Auditd local policy
|
||||
+# Auditctl local policy
|
||||
#
|
||||
|
||||
-allow auditctl_t self:capability { audit_write audit_control };
|
||||
-allow auditctl_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay nlmsg_readpriv };
|
||||
-
|
||||
+allow auditctl_t self:capability { fsetid dac_read_search dac_override };
|
||||
|
||||
read_files_pattern(auditctl_t,auditd_etc_t,auditd_etc_t)
|
||||
allow auditctl_t auditd_etc_t:dir list_dir_perms;
|
||||
|
||||
|
|
@ -9042,7 +9121,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
|
|||
files_read_etc_files(auditctl_t)
|
||||
|
||||
kernel_read_kernel_sysctls(auditctl_t)
|
||||
@@ -91,6 +106,7 @@
|
||||
@@ -91,6 +108,7 @@
|
||||
|
||||
locallogin_dontaudit_use_fds(auditctl_t)
|
||||
|
||||
|
|
@ -9050,7 +9129,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
|
|||
logging_send_syslog_msg(auditctl_t)
|
||||
|
||||
########################################
|
||||
@@ -98,12 +114,11 @@
|
||||
@@ -98,12 +116,11 @@
|
||||
# Auditd local policy
|
||||
#
|
||||
|
||||
|
|
@ -9064,7 +9143,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
|
|||
allow auditd_t self:fifo_file rw_file_perms;
|
||||
|
||||
allow auditd_t auditd_etc_t:dir list_dir_perms;
|
||||
@@ -141,6 +156,7 @@
|
||||
@@ -141,6 +158,7 @@
|
||||
|
||||
init_telinit(auditd_t)
|
||||
|
||||
|
|
@ -9072,7 +9151,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
|
|||
logging_send_syslog_msg(auditd_t)
|
||||
|
||||
libs_use_ld_so(auditd_t)
|
||||
@@ -157,6 +173,8 @@
|
||||
@@ -157,6 +175,8 @@
|
||||
|
||||
userdom_dontaudit_use_unpriv_user_fds(auditd_t)
|
||||
userdom_dontaudit_search_sysadm_home_dirs(auditd_t)
|
||||
|
|
@ -9081,7 +9160,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
|
|||
|
||||
optional_policy(`
|
||||
seutil_sigchld_newrole(auditd_t)
|
||||
@@ -243,12 +261,18 @@
|
||||
@@ -243,12 +263,18 @@
|
||||
allow syslogd_t self:udp_socket create_socket_perms;
|
||||
allow syslogd_t self:tcp_socket create_stream_socket_perms;
|
||||
|
||||
|
|
@ -9100,7 +9179,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
|
|||
# Allow access for syslog-ng
|
||||
allow syslogd_t var_log_t:dir { create setattr };
|
||||
|
||||
@@ -257,6 +281,9 @@
|
||||
@@ -257,6 +283,9 @@
|
||||
manage_files_pattern(syslogd_t,syslogd_tmp_t,syslogd_tmp_t)
|
||||
files_tmp_filetrans(syslogd_t,syslogd_tmp_t,{ dir file })
|
||||
|
||||
|
|
@ -9110,7 +9189,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
|
|||
allow syslogd_t syslogd_var_run_t:file manage_file_perms;
|
||||
files_pid_filetrans(syslogd_t,syslogd_var_run_t,file)
|
||||
|
||||
@@ -314,6 +341,7 @@
|
||||
@@ -314,6 +343,7 @@
|
||||
domain_use_interactive_fds(syslogd_t)
|
||||
|
||||
files_read_etc_files(syslogd_t)
|
||||
|
|
@ -9344,7 +9423,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
|
|||
+')
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.0.4/policy/modules/system/mount.te
|
||||
--- nsaserefpolicy/policy/modules/system/mount.te 2007-07-25 10:37:42.000000000 -0400
|
||||
+++ serefpolicy-3.0.4/policy/modules/system/mount.te 2007-07-25 13:27:51.000000000 -0400
|
||||
+++ serefpolicy-3.0.4/policy/modules/system/mount.te 2007-07-26 13:15:01.000000000 -0400
|
||||
@@ -8,6 +8,13 @@
|
||||
|
||||
## <desc>
|
||||
|
|
@ -9428,7 +9507,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
|
|||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -201,4 +219,53 @@
|
||||
@@ -201,4 +219,54 @@
|
||||
optional_policy(`
|
||||
files_etc_filetrans_etc_runtime(unconfined_mount_t,file)
|
||||
unconfined_domain(unconfined_mount_t)
|
||||
|
|
@ -9450,6 +9529,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
|
|||
+corecmd_exec_shell(mount_ntfs_t)
|
||||
+
|
||||
+files_read_etc_files(mount_ntfs_t)
|
||||
+files_search_all(mount_ntfs_t)
|
||||
+
|
||||
+libs_use_ld_so(mount_ntfs_t)
|
||||
+libs_use_shared_libs(mount_ntfs_t)
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@
|
|||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.0.4
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: GPL
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
|
|
@ -359,6 +359,9 @@ exit 0
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Jul 23 2007 Dan Walsh <dwalsh@redhat.com> 3.0.4-2
|
||||
- Add context for dbus machine id
|
||||
|
||||
* Tue Jul 23 2007 Dan Walsh <dwalsh@redhat.com> 3.0.4-1
|
||||
- Update with latest changes from upstream
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue