rpms
/
selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Merge Upstream

This commit is contained in:
Daniel J Walsh 2008-05-30 20:27:06 +00:00
parent accaa35926
commit 9ed55bda90
2 changed files with 27 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
policy-20080509.patch
View File

@ -26444,7 +26444,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.4.1/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2008-05-19 10:26:37.000000000 -0400
+++ serefpolicy-3.4.1/policy/modules/services/xserver.te 2008-05-30 16:11:13.428347000 -0400
+++ serefpolicy-3.4.1/policy/modules/services/xserver.te 2008-05-30 16:26:02.967410000 -0400
@@ -8,6 +8,14 @@
## <desc>
@ -26496,13 +26496,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
type xdm_tmp_t;
files_tmp_file(xdm_tmp_t)
typealias xdm_tmp_t alias ice_tmp_t;
@@ -122,6 +143,24 @@
@@ -122,6 +143,27 @@
type xserver_log_t;
logging_log_file(xserver_log_t)
+type fonts_cache_home_t, fonts_cache_type;
+userdom_user_home_content(user,fonts_cache_home_t)
+
+type fonts_home_t, fonts_type;
+userdom_user_home_content(user,fonts_home_t)
+
+type fonts_config_home_t, fonts_config_type;
+userdom_user_home_content(user,fonts_config_home_t)
+
@ -26521,7 +26524,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
xserver_common_domain_template(xdm)
xserver_common_x_domain_template(xdm,xdm,xdm_t)
init_system_domain(xdm_xserver_t,xserver_exec_t)
@@ -142,6 +181,7 @@
@@ -142,6 +184,7 @@
allow xdm_t self:capability { setgid setuid sys_resource kill sys_tty_config mknod chown dac_override dac_read_search fowner fsetid ipc_owner sys_nice sys_rawio net_bind_service };
allow xdm_t self:process { setexec setpgid getsched setsched setrlimit signal_perms setkeycreate };
@ -26529,7 +26532,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
allow xdm_t self:fifo_file rw_fifo_file_perms;
allow xdm_t self:shm create_shm_perms;
allow xdm_t self:sem create_sem_perms;
@@ -154,6 +194,8 @@
@@ -154,6 +197,8 @@
allow xdm_t self:key { search link write };
allow xdm_t xconsole_device_t:fifo_file { getattr setattr };
@ -26538,7 +26541,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
# Allow gdm to run gdm-binary
can_exec(xdm_t, xdm_exec_t)
@@ -169,6 +211,8 @@
@@ -169,6 +214,8 @@
manage_files_pattern(xdm_t,xdm_tmp_t,xdm_tmp_t)
manage_sock_files_pattern(xdm_t,xdm_tmp_t,xdm_tmp_t)
files_tmp_filetrans(xdm_t, xdm_tmp_t, { file dir sock_file })
@ -26547,7 +26550,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
manage_dirs_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
manage_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
@@ -176,15 +220,24 @@
@@ -176,15 +223,24 @@
manage_fifo_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
manage_sock_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
fs_tmpfs_filetrans(xdm_t,xdm_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
@ -26574,7 +26577,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
allow xdm_t xdm_xserver_t:process signal;
allow xdm_t xdm_xserver_t:unix_stream_socket connectto;
@@ -198,6 +251,7 @@
@@ -198,6 +254,7 @@
allow xdm_t xdm_xserver_t:process { noatsecure siginh rlimitinh signal sigkill };
allow xdm_t xdm_xserver_t:shm rw_shm_perms;
@ -26582,7 +26585,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
# connect to xdm xserver over stream socket
stream_connect_pattern(xdm_t,xdm_xserver_tmp_t,xdm_xserver_tmp_t,xdm_xserver_t)
@@ -229,6 +283,7 @@
@@ -229,6 +286,7 @@
corenet_udp_sendrecv_all_ports(xdm_t)
corenet_tcp_bind_all_nodes(xdm_t)
corenet_udp_bind_all_nodes(xdm_t)
@ -26590,7 +26593,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
corenet_tcp_connect_all_ports(xdm_t)
corenet_sendrecv_all_client_packets(xdm_t)
# xdm tries to bind to biff_port_t
@@ -241,6 +296,7 @@
@@ -241,6 +299,7 @@
dev_getattr_mouse_dev(xdm_t)
dev_setattr_mouse_dev(xdm_t)
dev_rw_apm_bios(xdm_t)
@ -26598,7 +26601,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
dev_setattr_apm_bios_dev(xdm_t)
dev_rw_dri(xdm_t)
dev_rw_agp(xdm_t)
@@ -253,14 +309,15 @@
@@ -253,14 +312,15 @@
dev_setattr_video_dev(xdm_t)
dev_getattr_scanner_dev(xdm_t)
dev_setattr_scanner_dev(xdm_t)
@ -26616,7 +26619,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
files_read_etc_files(xdm_t)
files_read_var_files(xdm_t)
@@ -271,9 +328,13 @@
@@ -271,9 +331,13 @@
files_read_usr_files(xdm_t)
# Poweroff wants to create the /poweroff file when run from xdm
files_create_boot_flag(xdm_t)
@ -26630,7 +26633,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
storage_dontaudit_read_fixed_disk(xdm_t)
storage_dontaudit_write_fixed_disk(xdm_t)
@@ -282,6 +343,7 @@
@@ -282,6 +346,7 @@
storage_dontaudit_raw_write_removable_device(xdm_t)
storage_dontaudit_setattr_removable_dev(xdm_t)
storage_dontaudit_rw_scsi_generic(xdm_t)
@ -26638,7 +26641,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
term_setattr_console(xdm_t)
term_use_unallocated_ttys(xdm_t)
@@ -290,6 +352,7 @@
@@ -290,6 +355,7 @@
auth_domtrans_pam_console(xdm_t)
auth_manage_pam_pid(xdm_t)
auth_manage_pam_console_data(xdm_t)
@ -26646,7 +26649,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
auth_rw_faillog(xdm_t)
auth_write_login_records(xdm_t)
@@ -301,21 +364,25 @@
@@ -301,21 +367,25 @@
libs_exec_lib_files(xdm_t)
logging_read_generic_logs(xdm_t)
@ -26677,7 +26680,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
xserver_rw_session_template(xdm,xdm_t,xdm_tmpfs_t)
xserver_unconfined(xdm_t)
@@ -348,10 +415,12 @@
@@ -348,10 +418,12 @@
optional_policy(`
alsa_domtrans(xdm_t)
@ -26690,7 +26693,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
')
optional_policy(`
@@ -359,6 +428,19 @@
@@ -359,6 +431,19 @@
')
optional_policy(`
@ -26710,7 +26713,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
# Talk to the console mouse server.
gpm_stream_connect(xdm_t)
gpm_setattr_gpmctl(xdm_t)
@@ -369,6 +451,10 @@
@@ -369,6 +454,10 @@
')
optional_policy(`
@ -26721,7 +26724,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
loadkeys_exec(xdm_t)
')
@@ -382,16 +468,25 @@
@@ -382,16 +471,25 @@
')
optional_policy(`
@ -26748,7 +26751,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
ifndef(`distro_redhat',`
allow xdm_t self:process { execheap execmem };
@@ -427,7 +522,7 @@
@@ -427,7 +525,7 @@
allow xdm_xserver_t xdm_var_lib_t:file { getattr read };
dontaudit xdm_xserver_t xdm_var_lib_t:dir search;
@ -26757,7 +26760,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
# Label pid and temporary files with derived types.
manage_files_pattern(xdm_xserver_t,xdm_tmp_t,xdm_tmp_t)
@@ -439,6 +534,15 @@
@@ -439,6 +537,15 @@
can_exec(xdm_xserver_t, xkb_var_lib_t)
files_search_var_lib(xdm_xserver_t)
@ -26773,7 +26776,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
# VNC v4 module in X server
corenet_tcp_bind_vnc_port(xdm_xserver_t)
@@ -450,10 +554,19 @@
@@ -450,10 +557,19 @@
# xdm_xserver_t may no longer have any reason
# to read ROLE_home_t - examine this in more detail
# (xauth?)
@ -26794,7 +26797,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs(xdm_xserver_t)
fs_manage_nfs_files(xdm_xserver_t)
@@ -467,6 +580,22 @@
@@ -467,6 +583,22 @@
')
optional_policy(`
@ -26817,7 +26820,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
resmgr_stream_connect(xdm_t)
')
@@ -476,16 +605,32 @@
@@ -476,16 +608,32 @@
')
optional_policy(`

2
sources
View File

@ -1 +1 @@
b0174321ec3ee349bedfa8d4422b6bf2 serefpolicy-3.4.1.tgz
5a1211d6182c84aa9da2fc92324e8b21 serefpolicy-3.4.1.tgz