From 9c4500b2f4b093ac01114ee7f7022674e893373b Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Tue, 12 Aug 2008 19:33:18 +0000 Subject: [PATCH] trunk: Glibc 2.7 fix from Vaclav Ovsik. --- Changelog | 1 + policy/modules/system/libraries.fc | 2 ++ policy/modules/system/libraries.te | 7 ++++++- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/Changelog b/Changelog index 3cd8425d..717b3097 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,4 @@ +- Glibc 2.7 fix from Vaclav Ovsik. - Samba/winbind update from Mike Edenfield. - Policy size optimization with a non-security file attribute from James Carter. diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc index 5b8fa1a8..87248dc1 100644 --- a/policy/modules/system/libraries.fc +++ b/policy/modules/system/libraries.fc @@ -296,6 +296,8 @@ HOME_DIR/.*/plugins/nprhapengine\.so.* -- gen_context(system_u:object_r:textrel_ # # /var # +/var/cache/ldconfig(/.*)? gen_context(system_u:object_r:ldconfig_cache_t,s0) + /var/ftp/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0) /var/ftp/lib(64)?/ld[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0) diff --git a/policy/modules/system/libraries.te b/policy/modules/system/libraries.te index 156e3772..11293278 100644 --- a/policy/modules/system/libraries.te +++ b/policy/modules/system/libraries.te @@ -1,5 +1,5 @@ -policy_module(libraries, 2.2.0) +policy_module(libraries, 2.2.1) ######################################## # @@ -23,6 +23,9 @@ type ldconfig_exec_t; init_system_domain(ldconfig_t,ldconfig_exec_t) role system_r types ldconfig_t; +type ldconfig_cache_t; +files_type(ldconfig_cache_t) + type ldconfig_tmp_t; files_tmp_file(ldconfig_tmp_t) @@ -51,6 +54,8 @@ optional_policy(` allow ldconfig_t self:capability sys_chroot; +manage_files_pattern(ldconfig_t, ldconfig_cache_t, ldconfig_cache_t) + allow ldconfig_t ld_so_cache_t:file manage_file_perms; files_etc_filetrans(ldconfig_t,ld_so_cache_t,file)