rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix broken build

Browse Source
This commit is contained in:
Lukas Vrabec 2017-09-14 09:30:02 +02:00
parent 83eed32c03
commit a73b2e2ece
2 changed files with 28 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
policy-rawhide-base.patch
View File

@ -33773,7 +33773,7 @@ index 247958765..890e1e293 100644
/var/(db|adm)/sudo(/.*)? gen_context(system_u:object_r:pam_var_run_t,s0) /var/(db|adm)/sudo(/.*)? gen_context(system_u:object_r:pam_var_run_t,s0)
/var/lib/sudo(/.*)? gen_context(system_u:object_r:pam_var_run_t,s0) /var/lib/sudo(/.*)? gen_context(system_u:object_r:pam_var_run_t,s0)
diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
index 3efd5b669..190c29841 100644 index 3efd5b669..a8cb6df3d 100644
--- a/policy/modules/system/authlogin.if --- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if +++ b/policy/modules/system/authlogin.if
@@ -23,11 +23,17 @@ interface(`auth_role',` @@ -23,11 +23,17 @@ interface(`auth_role',`
@ -34088,7 +34088,7 @@ index 3efd5b669..190c29841 100644
## Read the shadow passwords file (/etc/shadow) ## Read the shadow passwords file (/etc/shadow)
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
@@ -664,6 +777,10 @@ interface(`auth_manage_shadow',` @@ -664,6 +777,11 @@ interface(`auth_manage_shadow',`
allow $1 shadow_t:file manage_file_perms; allow $1 shadow_t:file manage_file_perms;
typeattribute $1 can_read_shadow_passwords, can_write_shadow_passwords; typeattribute $1 can_read_shadow_passwords, can_write_shadow_passwords;
@ -34096,10 +34096,11 @@ index 3efd5b669..190c29841 100644
+ files_var_filetrans($1, shadow_t, file, "shadow-") + files_var_filetrans($1, shadow_t, file, "shadow-")
+ files_etc_filetrans($1, shadow_t, file, "gshadow") + files_etc_filetrans($1, shadow_t, file, "gshadow")
+ files_etc_filetrans($1, shadow_t, file, "nshadow") + files_etc_filetrans($1, shadow_t, file, "nshadow")
+ files_etc_filetrans($1, shadow_t, file, "opasswd")
') ')
####################################### #######################################
@@ -763,7 +880,50 @@ interface(`auth_rw_faillog',` @@ -763,7 +881,50 @@ interface(`auth_rw_faillog',`
') ')
logging_search_logs($1) logging_search_logs($1)
@ -34151,7 +34152,7 @@ index 3efd5b669..190c29841 100644
') ')
####################################### #######################################
@@ -824,9 +984,29 @@ interface(`auth_rw_lastlog',` @@ -824,9 +985,29 @@ interface(`auth_rw_lastlog',`
allow $1 lastlog_t:file { rw_file_perms lock setattr }; allow $1 lastlog_t:file { rw_file_perms lock setattr };
') ')
@ -34182,7 +34183,7 @@ index 3efd5b669..190c29841 100644
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
## <summary> ## <summary>
@@ -834,12 +1014,27 @@ interface(`auth_rw_lastlog',` @@ -834,12 +1015,27 @@ interface(`auth_rw_lastlog',`
## </summary> ## </summary>
## </param> ## </param>
# #
@ -34213,7 +34214,7 @@ index 3efd5b669..190c29841 100644
') ')
######################################## ########################################
@@ -854,15 +1049,15 @@ interface(`auth_domtrans_pam',` @@ -854,15 +1050,15 @@ interface(`auth_domtrans_pam',`
# #
interface(`auth_signal_pam',` interface(`auth_signal_pam',`
gen_require(` gen_require(`
@ -34232,7 +34233,7 @@ index 3efd5b669..190c29841 100644
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
## <summary> ## <summary>
@@ -875,13 +1070,33 @@ interface(`auth_signal_pam',` @@ -875,13 +1071,33 @@ interface(`auth_signal_pam',`
## </summary> ## </summary>
## </param> ## </param>
# #
@ -34270,7 +34271,7 @@ index 3efd5b669..190c29841 100644
') ')
######################################## ########################################
@@ -959,9 +1174,30 @@ interface(`auth_manage_var_auth',` @@ -959,9 +1175,30 @@ interface(`auth_manage_var_auth',`
') ')
files_search_var($1) files_search_var($1)
@ -34304,7 +34305,7 @@ index 3efd5b669..190c29841 100644
') ')
######################################## ########################################
@@ -1040,6 +1276,10 @@ interface(`auth_manage_pam_pid',` @@ -1040,6 +1277,10 @@ interface(`auth_manage_pam_pid',`
files_search_pids($1) files_search_pids($1)
allow $1 pam_var_run_t:dir manage_dir_perms; allow $1 pam_var_run_t:dir manage_dir_perms;
allow $1 pam_var_run_t:file manage_file_perms; allow $1 pam_var_run_t:file manage_file_perms;
@ -34315,7 +34316,7 @@ index 3efd5b669..190c29841 100644
') ')
######################################## ########################################
@@ -1176,6 +1416,7 @@ interface(`auth_manage_pam_console_data',` @@ -1176,6 +1417,7 @@ interface(`auth_manage_pam_console_data',`
files_search_pids($1) files_search_pids($1)
manage_files_pattern($1, pam_var_console_t, pam_var_console_t) manage_files_pattern($1, pam_var_console_t, pam_var_console_t)
manage_lnk_files_pattern($1, pam_var_console_t, pam_var_console_t) manage_lnk_files_pattern($1, pam_var_console_t, pam_var_console_t)
@ -34323,7 +34324,7 @@ index 3efd5b669..190c29841 100644
') ')
####################################### #######################################
@@ -1576,6 +1817,25 @@ interface(`auth_setattr_login_records',` @@ -1576,6 +1818,25 @@ interface(`auth_setattr_login_records',`
######################################## ########################################
## <summary> ## <summary>
@ -34349,7 +34350,7 @@ index 3efd5b669..190c29841 100644
## Read login records files (/var/log/wtmp). ## Read login records files (/var/log/wtmp).
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
@@ -1726,24 +1986,63 @@ interface(`auth_manage_login_records',` @@ -1726,24 +1987,63 @@ interface(`auth_manage_login_records',`
logging_rw_generic_log_dirs($1) logging_rw_generic_log_dirs($1)
allow $1 wtmp_t:file manage_file_perms; allow $1 wtmp_t:file manage_file_perms;
@ -34417,7 +34418,7 @@ index 3efd5b669..190c29841 100644
') ')
######################################## ########################################
@@ -1767,11 +2066,13 @@ interface(`auth_relabel_login_records',` @@ -1767,11 +2067,13 @@ interface(`auth_relabel_login_records',`
## <infoflow type="both" weight="10"/> ## <infoflow type="both" weight="10"/>
# #
interface(`auth_use_nsswitch',` interface(`auth_use_nsswitch',`
@ -34434,7 +34435,7 @@ index 3efd5b669..190c29841 100644
') ')
######################################## ########################################
@@ -1805,3 +2106,298 @@ interface(`auth_unconfined',` @@ -1805,3 +2107,298 @@ interface(`auth_unconfined',`
typeattribute $1 can_write_shadow_passwords; typeattribute $1 can_write_shadow_passwords;
typeattribute $1 can_relabelto_shadow_passwords; typeattribute $1 can_relabelto_shadow_passwords;
') ')
@ -34734,7 +34735,7 @@ index 3efd5b669..190c29841 100644
+ allow $1 login_pgm:key manage_key_perms; + allow $1 login_pgm:key manage_key_perms;
+') +')
diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
index 09b791dcc..385cd6d79 100644 index 09b791dcc..2d255df93 100644
--- a/policy/modules/system/authlogin.te --- a/policy/modules/system/authlogin.te
+++ b/policy/modules/system/authlogin.te +++ b/policy/modules/system/authlogin.te
@@ -5,6 +5,19 @@ policy_module(authlogin, 2.5.1) @@ -5,6 +5,19 @@ policy_module(authlogin, 2.5.1)
@ -34949,12 +34950,11 @@ index 09b791dcc..385cd6d79 100644
allow updpwd_t self:process setfscreate; allow updpwd_t self:process setfscreate;
allow updpwd_t self:fifo_file rw_fifo_file_perms; allow updpwd_t self:fifo_file rw_fifo_file_perms;
allow updpwd_t self:unix_stream_socket create_stream_socket_perms; allow updpwd_t self:unix_stream_socket create_stream_socket_perms;
@@ -341,6 +362,12 @@ kernel_read_system_state(updpwd_t) @@ -341,6 +362,11 @@ kernel_read_system_state(updpwd_t)
dev_read_urand(updpwd_t) dev_read_urand(updpwd_t)
files_manage_etc_files(updpwd_t) files_manage_etc_files(updpwd_t)
+auth_manage_passwd(updpwd_t) +auth_manage_passwd(updpwd_t)
+auth_filetrans_named_content(updpwd_t)
+ +
+mls_file_read_all_levels(updpwd_t) +mls_file_read_all_levels(updpwd_t)
+mls_file_write_all_levels(updpwd_t) +mls_file_write_all_levels(updpwd_t)
@ -34962,7 +34962,7 @@ index 09b791dcc..385cd6d79 100644
term_dontaudit_use_console(updpwd_t) term_dontaudit_use_console(updpwd_t)
term_dontaudit_use_unallocated_ttys(updpwd_t) term_dontaudit_use_unallocated_ttys(updpwd_t)
@@ -350,9 +377,7 @@ auth_use_nsswitch(updpwd_t) @@ -350,9 +376,7 @@ auth_use_nsswitch(updpwd_t)
logging_send_syslog_msg(updpwd_t) logging_send_syslog_msg(updpwd_t)
@ -34973,7 +34973,7 @@ index 09b791dcc..385cd6d79 100644
ifdef(`distro_ubuntu',` ifdef(`distro_ubuntu',`
optional_policy(` optional_policy(`
@@ -380,13 +405,15 @@ term_dontaudit_use_all_ttys(utempter_t) @@ -380,13 +404,15 @@ term_dontaudit_use_all_ttys(utempter_t)
term_dontaudit_use_all_ptys(utempter_t) term_dontaudit_use_all_ptys(utempter_t)
term_dontaudit_use_ptmx(utempter_t) term_dontaudit_use_ptmx(utempter_t)
@ -34990,7 +34990,7 @@ index 09b791dcc..385cd6d79 100644
# Allow utemper to write to /tmp/.xses-* # Allow utemper to write to /tmp/.xses-*
userdom_write_user_tmp_files(utempter_t) userdom_write_user_tmp_files(utempter_t)
@@ -397,19 +424,29 @@ ifdef(`distro_ubuntu',` @@ -397,19 +423,29 @@ ifdef(`distro_ubuntu',`
') ')
optional_policy(` optional_policy(`
@ -35024,7 +35024,7 @@ index 09b791dcc..385cd6d79 100644
files_list_var_lib(nsswitch_domain) files_list_var_lib(nsswitch_domain)
# read /etc/nsswitch.conf # read /etc/nsswitch.conf
@@ -417,15 +454,42 @@ files_read_etc_files(nsswitch_domain) @@ -417,15 +453,42 @@ files_read_etc_files(nsswitch_domain)
sysnet_dns_name_resolve(nsswitch_domain) sysnet_dns_name_resolve(nsswitch_domain)
@ -35069,7 +35069,7 @@ index 09b791dcc..385cd6d79 100644
ldap_stream_connect(nsswitch_domain) ldap_stream_connect(nsswitch_domain)
') ')
') ')
@@ -438,6 +502,7 @@ optional_policy(` @@ -438,6 +501,7 @@ optional_policy(`
likewise_stream_connect_lsassd(nsswitch_domain) likewise_stream_connect_lsassd(nsswitch_domain)
') ')
@ -35077,7 +35077,7 @@ index 09b791dcc..385cd6d79 100644
optional_policy(` optional_policy(`
kerberos_use(nsswitch_domain) kerberos_use(nsswitch_domain)
') ')
@@ -456,10 +521,159 @@ optional_policy(` @@ -456,10 +520,159 @@ optional_policy(`
optional_policy(` optional_policy(`
sssd_stream_connect(nsswitch_domain) sssd_stream_connect(nsswitch_domain)

10
policy-rawhide-contrib.patch
View File

@ -23508,7 +23508,7 @@ index 62d22cb46..c0c2ed47d 100644
+ manage_dirs_pattern($1, session_dbusd_tmp_t, session_dbusd_tmp_t) + manage_dirs_pattern($1, session_dbusd_tmp_t, session_dbusd_tmp_t)
') ')
diff --git a/dbus.te b/dbus.te diff --git a/dbus.te b/dbus.te
index c9998c80d..131d809ae 100644 index c9998c80d..d7910970e 100644
--- a/dbus.te --- a/dbus.te
+++ b/dbus.te +++ b/dbus.te
@@ -4,17 +4,15 @@ gen_require(` @@ -4,17 +4,15 @@ gen_require(`
@ -23657,7 +23657,7 @@ index c9998c80d..131d809ae 100644
+init_domtrans_script(system_dbusd_t) +init_domtrans_script(system_dbusd_t)
+init_rw_stream_sockets(system_dbusd_t) +init_rw_stream_sockets(system_dbusd_t)
+init_status(system_dbusd_t) +init_status(system_dbusd_t)
+init_start_system(system_dbusd_t) # needed by dbus-broker +init_start(system_dbusd_t) # needed by dbus-broker
logging_send_audit_msgs(system_dbusd_t) logging_send_audit_msgs(system_dbusd_t)
logging_send_syslog_msg(system_dbusd_t) logging_send_syslog_msg(system_dbusd_t)
@ -43317,7 +43317,7 @@ index 000000000..bd7e7fa17
+') +')
diff --git a/keepalived.te b/keepalived.te diff --git a/keepalived.te b/keepalived.te
new file mode 100644 new file mode 100644
index 000000000..7395ac19a index 000000000..e5b8b3bbf
--- /dev/null --- /dev/null
+++ b/keepalived.te +++ b/keepalived.te
@@ -0,0 +1,100 @@ @@ -0,0 +1,100 @@
@ -43346,8 +43346,8 @@ index 000000000..7395ac19a
+# keepalived local policy +# keepalived local policy
+# +#
+ +
+allow keepalived_t self:capability { net_admin net_raw kill dac_read_search setpgid sys_ptrace }; +allow keepalived_t self:capability { net_admin net_raw kill dac_read_search sys_ptrace };
+allow keepalived_t self:process { signal_perms }; +allow keepalived_t self:process { signal_perms setpgid };
+allow keepalived_t self:netlink_socket create_socket_perms; +allow keepalived_t self:netlink_socket create_socket_perms;
+allow keepalived_t self:netlink_generic_socket create_socket_perms; +allow keepalived_t self:netlink_generic_socket create_socket_perms;
+allow keepalived_t self:netlink_netfilter_socket create_socket_perms; +allow keepalived_t self:netlink_netfilter_socket create_socket_perms;