- allow alsactl to read kernel state
This commit is contained in:
parent
fc35770056
commit
9ffb88eba3
@ -166,7 +166,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te
|
|||||||
logging_log_file(acct_data_t)
|
logging_log_file(acct_data_t)
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc serefpolicy-2.6.4/policy/modules/admin/alsa.fc
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc serefpolicy-2.6.4/policy/modules/admin/alsa.fc
|
||||||
--- nsaserefpolicy/policy/modules/admin/alsa.fc 2006-11-16 17:15:26.000000000 -0500
|
--- nsaserefpolicy/policy/modules/admin/alsa.fc 2006-11-16 17:15:26.000000000 -0500
|
||||||
+++ serefpolicy-2.6.4/policy/modules/admin/alsa.fc 2007-05-16 17:44:09.000000000 -0400
|
+++ serefpolicy-2.6.4/policy/modules/admin/alsa.fc 2007-05-17 12:16:25.000000000 -0400
|
||||||
@@ -1,4 +1,7 @@
|
@@ -1,4 +1,7 @@
|
||||||
|
|
||||||
/etc/alsa/pcm(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0)
|
/etc/alsa/pcm(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0)
|
||||||
@ -177,8 +177,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc
|
|||||||
+/sbin/alsactl -- gen_context(system_u:object_r:alsa_exec_t,s0)
|
+/sbin/alsactl -- gen_context(system_u:object_r:alsa_exec_t,s0)
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-2.6.4/policy/modules/admin/alsa.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-2.6.4/policy/modules/admin/alsa.te
|
||||||
--- nsaserefpolicy/policy/modules/admin/alsa.te 2007-01-02 12:57:51.000000000 -0500
|
--- nsaserefpolicy/policy/modules/admin/alsa.te 2007-01-02 12:57:51.000000000 -0500
|
||||||
+++ serefpolicy-2.6.4/policy/modules/admin/alsa.te 2007-05-16 17:47:00.000000000 -0400
|
+++ serefpolicy-2.6.4/policy/modules/admin/alsa.te 2007-05-17 11:22:07.000000000 -0400
|
||||||
@@ -20,16 +20,20 @@
|
@@ -20,20 +20,23 @@
|
||||||
# Local policy
|
# Local policy
|
||||||
#
|
#
|
||||||
|
|
||||||
@ -199,12 +199,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te
|
|||||||
+files_search_home(alsa_t)
|
+files_search_home(alsa_t)
|
||||||
files_read_etc_files(alsa_t)
|
files_read_etc_files(alsa_t)
|
||||||
|
|
||||||
term_use_generic_ptys(alsa_t)
|
-term_use_generic_ptys(alsa_t)
|
||||||
@@ -44,7 +48,14 @@
|
-term_dontaudit_use_unallocated_ttys(alsa_t)
|
||||||
|
+kernel_read_system_state(alsa_t)
|
||||||
|
|
||||||
|
libs_use_ld_so(alsa_t)
|
||||||
|
libs_use_shared_libs(alsa_t)
|
||||||
|
@@ -44,7 +47,17 @@
|
||||||
|
|
||||||
userdom_manage_unpriv_user_semaphores(alsa_t)
|
userdom_manage_unpriv_user_semaphores(alsa_t)
|
||||||
userdom_manage_unpriv_user_shared_mem(alsa_t)
|
userdom_manage_unpriv_user_shared_mem(alsa_t)
|
||||||
+userdom_search_generic_user_home_dirs(alsa_t)
|
+userdom_search_generic_user_home_dirs(alsa_t)
|
||||||
|
+
|
||||||
|
+term_use_generic_ptys(alsa_t)
|
||||||
|
+term_dontaudit_use_unallocated_ttys(alsa_t)
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
nscd_socket_use(alsa_t)
|
nscd_socket_use(alsa_t)
|
||||||
@ -3371,8 +3379,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
|
|||||||
+')
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-2.6.4/policy/modules/services/ftp.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-2.6.4/policy/modules/services/ftp.te
|
||||||
--- nsaserefpolicy/policy/modules/services/ftp.te 2007-04-23 09:36:01.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/ftp.te 2007-04-23 09:36:01.000000000 -0400
|
||||||
+++ serefpolicy-2.6.4/policy/modules/services/ftp.te 2007-05-08 09:59:33.000000000 -0400
|
+++ serefpolicy-2.6.4/policy/modules/services/ftp.te 2007-05-17 13:03:23.000000000 -0400
|
||||||
@@ -223,10 +223,15 @@
|
@@ -168,6 +168,7 @@
|
||||||
|
libs_use_shared_libs(ftpd_t)
|
||||||
|
|
||||||
|
logging_send_syslog_msg(ftpd_t)
|
||||||
|
+logging_send_audit_msg(ftpd_t)
|
||||||
|
|
||||||
|
miscfiles_read_localization(ftpd_t)
|
||||||
|
miscfiles_read_public_files(ftpd_t)
|
||||||
|
@@ -223,10 +224,15 @@
|
||||||
userdom_manage_all_users_home_content_dirs(ftpd_t)
|
userdom_manage_all_users_home_content_dirs(ftpd_t)
|
||||||
userdom_manage_all_users_home_content_files(ftpd_t)
|
userdom_manage_all_users_home_content_files(ftpd_t)
|
||||||
userdom_manage_all_users_home_content_symlinks(ftpd_t)
|
userdom_manage_all_users_home_content_symlinks(ftpd_t)
|
||||||
@ -4406,7 +4422,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
|
|||||||
# for scripts
|
# for scripts
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.6.4/policy/modules/services/procmail.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.6.4/policy/modules/services/procmail.te
|
||||||
--- nsaserefpolicy/policy/modules/services/procmail.te 2007-04-23 09:36:01.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/procmail.te 2007-04-23 09:36:01.000000000 -0400
|
||||||
+++ serefpolicy-2.6.4/policy/modules/services/procmail.te 2007-05-08 09:59:33.000000000 -0400
|
+++ serefpolicy-2.6.4/policy/modules/services/procmail.te 2007-05-17 12:20:51.000000000 -0400
|
||||||
@@ -10,6 +10,7 @@
|
@@ -10,6 +10,7 @@
|
||||||
type procmail_exec_t;
|
type procmail_exec_t;
|
||||||
domain_type(procmail_t)
|
domain_type(procmail_t)
|
||||||
@ -4426,7 +4442,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
|
|||||||
# for a bug in the postfix local program
|
# for a bug in the postfix local program
|
||||||
postfix_dontaudit_rw_local_tcp_sockets(procmail_t)
|
postfix_dontaudit_rw_local_tcp_sockets(procmail_t)
|
||||||
postfix_dontaudit_use_fds(procmail_t)
|
postfix_dontaudit_use_fds(procmail_t)
|
||||||
@@ -124,3 +129,5 @@
|
@@ -119,8 +124,11 @@
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
corenet_udp_bind_generic_port(procmail_t)
|
||||||
|
+ corenet_dontaudit_udp_bind_all_ports(procmail_t)
|
||||||
|
|
||||||
|
spamassassin_exec(procmail_t)
|
||||||
spamassassin_exec_client(procmail_t)
|
spamassassin_exec_client(procmail_t)
|
||||||
spamassassin_read_lib_files(procmail_t)
|
spamassassin_read_lib_files(procmail_t)
|
||||||
')
|
')
|
||||||
@ -4848,7 +4870,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
|
|||||||
|
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-2.6.4/policy/modules/services/samba.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-2.6.4/policy/modules/services/samba.if
|
||||||
--- nsaserefpolicy/policy/modules/services/samba.if 2007-01-02 12:57:43.000000000 -0500
|
--- nsaserefpolicy/policy/modules/services/samba.if 2007-01-02 12:57:43.000000000 -0500
|
||||||
+++ serefpolicy-2.6.4/policy/modules/services/samba.if 2007-05-08 10:02:45.000000000 -0400
|
+++ serefpolicy-2.6.4/policy/modules/services/samba.if 2007-05-17 13:05:00.000000000 -0400
|
||||||
@@ -177,6 +177,27 @@
|
@@ -177,6 +177,27 @@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@ -4996,7 +5018,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
|
|||||||
+')
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.6.4/policy/modules/services/samba.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.6.4/policy/modules/services/samba.te
|
||||||
--- nsaserefpolicy/policy/modules/services/samba.te 2007-04-23 09:36:01.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/samba.te 2007-04-23 09:36:01.000000000 -0400
|
||||||
+++ serefpolicy-2.6.4/policy/modules/services/samba.te 2007-05-08 10:04:12.000000000 -0400
|
+++ serefpolicy-2.6.4/policy/modules/services/samba.te 2007-05-17 13:03:49.000000000 -0400
|
||||||
@@ -28,6 +28,35 @@
|
@@ -28,6 +28,35 @@
|
||||||
## </desc>
|
## </desc>
|
||||||
gen_tunable(samba_share_nfs,false)
|
gen_tunable(samba_share_nfs,false)
|
||||||
|
@ -17,7 +17,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 2.6.4
|
Version: 2.6.4
|
||||||
Release: 5%{?dist}
|
Release: 6%{?dist}
|
||||||
License: GPL
|
License: GPL
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -359,6 +359,9 @@ semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu May 17 2007 Dan Walsh <dwalsh@redhat.com> 2.6.4-6
|
||||||
|
- allow alsactl to read kernel state
|
||||||
|
|
||||||
* Wed May 16 2007 Dan Walsh <dwalsh@redhat.com> 2.6.4-5
|
* Wed May 16 2007 Dan Walsh <dwalsh@redhat.com> 2.6.4-5
|
||||||
- More fixes for alsactl
|
- More fixes for alsactl
|
||||||
- Transition from hal and modutils
|
- Transition from hal and modutils
|
||||||
|
Loading…
Reference in New Issue
Block a user