* Fri Jan 11 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-3
- Allow gnomeclock to talk to puppet over dbus - Allow numad access discovered by Dominic - Add support for HOME_DIR/.maildir - Fix attribute_role for mozilla_plugin_t domain to allow staff_r to access this d - Allow udev to relabel udev_var_run_t lnk_files - New bin_t file in mcelog
This commit is contained in:
parent
0c265c3817
commit
a7dce2ac5c
@ -112432,7 +112432,7 @@ index 7590165..19aaaed 100644
|
|||||||
+ fs_mounton_fusefs(seunshare_domain)
|
+ fs_mounton_fusefs(seunshare_domain)
|
||||||
+')
|
+')
|
||||||
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
|
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
|
||||||
index 644d4d7..0c58f76 100644
|
index 644d4d7..f079522 100644
|
||||||
--- a/policy/modules/kernel/corecommands.fc
|
--- a/policy/modules/kernel/corecommands.fc
|
||||||
+++ b/policy/modules/kernel/corecommands.fc
|
+++ b/policy/modules/kernel/corecommands.fc
|
||||||
@@ -1,9 +1,10 @@
|
@@ -1,9 +1,10 @@
|
||||||
@ -112455,7 +112455,7 @@ index 644d4d7..0c58f76 100644
|
|||||||
/etc/avahi/.*\.action -- gen_context(system_u:object_r:bin_t,s0)
|
/etc/avahi/.*\.action -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
|
||||||
/etc/cipe/ip-up.* -- gen_context(system_u:object_r:bin_t,s0)
|
/etc/cipe/ip-up.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
@@ -69,6 +71,13 @@ ifdef(`distro_redhat',`
|
@@ -69,16 +71,25 @@ ifdef(`distro_redhat',`
|
||||||
/etc/kde/env(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/etc/kde/env(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
/etc/kde/shutdown(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/etc/kde/shutdown(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
|
||||||
@ -112469,7 +112469,11 @@ index 644d4d7..0c58f76 100644
|
|||||||
/etc/mail/make -- gen_context(system_u:object_r:bin_t,s0)
|
/etc/mail/make -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
|
||||||
/etc/mcelog/.*-error-trigger -- gen_context(system_u:object_r:bin_t,s0)
|
/etc/mcelog/.*-error-trigger -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
@@ -79,6 +88,7 @@ ifdef(`distro_redhat',`
|
/etc/mcelog/.*\.local -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
+/etc/mcelog/.*\.setup -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
|
||||||
|
ifdef(`distro_redhat',`
|
||||||
|
/etc/mcelog/triggers(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
')
|
')
|
||||||
|
|
||||||
/etc/mgetty\+sendfax/new_fax -- gen_context(system_u:object_r:bin_t,s0)
|
/etc/mgetty\+sendfax/new_fax -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
@ -112477,7 +112481,7 @@ index 644d4d7..0c58f76 100644
|
|||||||
|
|
||||||
/etc/netplug\.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/etc/netplug\.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
|
||||||
@@ -101,8 +111,6 @@ ifdef(`distro_redhat',`
|
@@ -101,8 +112,6 @@ ifdef(`distro_redhat',`
|
||||||
|
|
||||||
/etc/rc\.d/init\.d/functions -- gen_context(system_u:object_r:bin_t,s0)
|
/etc/rc\.d/init\.d/functions -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
|
||||||
@ -112486,7 +112490,7 @@ index 644d4d7..0c58f76 100644
|
|||||||
/etc/sysconfig/crond -- gen_context(system_u:object_r:bin_t,s0)
|
/etc/sysconfig/crond -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/etc/sysconfig/init -- gen_context(system_u:object_r:bin_t,s0)
|
/etc/sysconfig/init -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/etc/sysconfig/libvirtd -- gen_context(system_u:object_r:bin_t,s0)
|
/etc/sysconfig/libvirtd -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
@@ -134,10 +142,11 @@ ifdef(`distro_debian',`
|
@@ -134,10 +143,11 @@ ifdef(`distro_debian',`
|
||||||
|
|
||||||
/lib/readahead(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/lib/readahead(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
/lib/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:bin_t,s0)
|
/lib/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
@ -112499,7 +112503,7 @@ index 644d4d7..0c58f76 100644
|
|||||||
|
|
||||||
ifdef(`distro_gentoo',`
|
ifdef(`distro_gentoo',`
|
||||||
/lib/dhcpcd/dhcpcd-run-hooks -- gen_context(system_u:object_r:bin_t,s0)
|
/lib/dhcpcd/dhcpcd-run-hooks -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
@@ -151,7 +160,7 @@ ifdef(`distro_gentoo',`
|
@@ -151,7 +161,7 @@ ifdef(`distro_gentoo',`
|
||||||
#
|
#
|
||||||
# /sbin
|
# /sbin
|
||||||
#
|
#
|
||||||
@ -112508,7 +112512,7 @@ index 644d4d7..0c58f76 100644
|
|||||||
/sbin/.* gen_context(system_u:object_r:bin_t,s0)
|
/sbin/.* gen_context(system_u:object_r:bin_t,s0)
|
||||||
/sbin/insmod_ksymoops_clean -- gen_context(system_u:object_r:bin_t,s0)
|
/sbin/insmod_ksymoops_clean -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/sbin/mkfs\.cramfs -- gen_context(system_u:object_r:bin_t,s0)
|
/sbin/mkfs\.cramfs -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
@@ -167,6 +176,7 @@ ifdef(`distro_gentoo',`
|
@@ -167,6 +177,7 @@ ifdef(`distro_gentoo',`
|
||||||
/opt/(.*/)?sbin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/opt/(.*/)?sbin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
|
||||||
/opt/google/talkplugin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/opt/google/talkplugin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
@ -112516,7 +112520,7 @@ index 644d4d7..0c58f76 100644
|
|||||||
|
|
||||||
/opt/gutenprint/cups/lib/filter(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/opt/gutenprint/cups/lib/filter(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
|
||||||
@@ -178,33 +188,49 @@ ifdef(`distro_gentoo',`
|
@@ -178,33 +189,49 @@ ifdef(`distro_gentoo',`
|
||||||
/opt/vmware/workstation/lib/lib/wrapper-gtk24\.sh -- gen_context(system_u:object_r:bin_t,s0)
|
/opt/vmware/workstation/lib/lib/wrapper-gtk24\.sh -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -112575,7 +112579,7 @@ index 644d4d7..0c58f76 100644
|
|||||||
/usr/lib/dpkg/.+ -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib/dpkg/.+ -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/lib/emacsen-common/.* gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib/emacsen-common/.* gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/lib/gimp/.*/plug-ins(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib/gimp/.*/plug-ins(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
@@ -215,18 +241,28 @@ ifdef(`distro_gentoo',`
|
@@ -215,18 +242,28 @@ ifdef(`distro_gentoo',`
|
||||||
/usr/lib/mailman/mail(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib/mailman/mail(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/lib/mediawiki/math/texvc.* gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib/mediawiki/math/texvc.* gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/lib/misc/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib/misc/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
@ -112611,7 +112615,7 @@ index 644d4d7..0c58f76 100644
|
|||||||
/usr/lib/xfce4/exo-1/exo-compose-mail-1 -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib/xfce4/exo-1/exo-compose-mail-1 -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/lib/xfce4/exo-1/exo-helper-1 -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib/xfce4/exo-1/exo-helper-1 -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/lib/xfce4/panel/migrate -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib/xfce4/panel/migrate -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
@@ -241,10 +277,15 @@ ifdef(`distro_gentoo',`
|
@@ -241,10 +278,15 @@ ifdef(`distro_gentoo',`
|
||||||
/usr/lib/debug/sbin(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib/debug/sbin(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/lib/debug/usr/bin(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib/debug/usr/bin(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/lib/debug/usr/sbin(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib/debug/usr/sbin(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
@ -112627,7 +112631,7 @@ index 644d4d7..0c58f76 100644
|
|||||||
/usr/lib/[^/]*/run-mozilla\.sh -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib/[^/]*/run-mozilla\.sh -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/lib/[^/]*/mozilla-xremote-client -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib/[^/]*/mozilla-xremote-client -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/lib/thunderbird.*/mozilla-xremote-client -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib/thunderbird.*/mozilla-xremote-client -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
@@ -257,10 +298,17 @@ ifdef(`distro_gentoo',`
|
@@ -257,10 +299,17 @@ ifdef(`distro_gentoo',`
|
||||||
|
|
||||||
/usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
|
||||||
@ -112648,7 +112652,7 @@ index 644d4d7..0c58f76 100644
|
|||||||
/usr/sbin/scponlyc -- gen_context(system_u:object_r:shell_exec_t,s0)
|
/usr/sbin/scponlyc -- gen_context(system_u:object_r:shell_exec_t,s0)
|
||||||
/usr/sbin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
|
/usr/sbin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
|
||||||
/usr/sbin/smrsh -- gen_context(system_u:object_r:shell_exec_t,s0)
|
/usr/sbin/smrsh -- gen_context(system_u:object_r:shell_exec_t,s0)
|
||||||
@@ -276,10 +324,15 @@ ifdef(`distro_gentoo',`
|
@@ -276,10 +325,15 @@ ifdef(`distro_gentoo',`
|
||||||
/usr/share/cluster/.*\.sh gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/cluster/.*\.sh gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/cluster/ocf-shellfuncs -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/cluster/ocf-shellfuncs -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/cluster/svclib_nfslock -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/cluster/svclib_nfslock -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
@ -112664,7 +112668,7 @@ index 644d4d7..0c58f76 100644
|
|||||||
/usr/share/gnucash/finance-quote-check -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/gnucash/finance-quote-check -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/gnucash/finance-quote-helper -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/gnucash/finance-quote-helper -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
@@ -294,16 +347,21 @@ ifdef(`distro_gentoo',`
|
@@ -294,16 +348,21 @@ ifdef(`distro_gentoo',`
|
||||||
/usr/share/selinux/devel/policygentool -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/selinux/devel/policygentool -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/smolt/client(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/smolt/client(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/shorewall/compiler\.pl -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/shorewall/compiler\.pl -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
@ -112688,7 +112692,7 @@ index 644d4d7..0c58f76 100644
|
|||||||
|
|
||||||
ifdef(`distro_debian',`
|
ifdef(`distro_debian',`
|
||||||
/usr/lib/ConsoleKit/.* -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib/ConsoleKit/.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
@@ -321,8 +379,12 @@ ifdef(`distro_redhat', `
|
@@ -321,8 +380,12 @@ ifdef(`distro_redhat', `
|
||||||
/etc/gdm/[^/]+ -d gen_context(system_u:object_r:bin_t,s0)
|
/etc/gdm/[^/]+ -d gen_context(system_u:object_r:bin_t,s0)
|
||||||
/etc/gdm/[^/]+/.* gen_context(system_u:object_r:bin_t,s0)
|
/etc/gdm/[^/]+/.* gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
|
||||||
@ -112701,7 +112705,7 @@ index 644d4d7..0c58f76 100644
|
|||||||
/usr/lib/vmware-tools/(s)?bin32(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib/vmware-tools/(s)?bin32(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/lib/vmware-tools/(s)?bin64(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib/vmware-tools/(s)?bin64(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/authconfig/authconfig-gtk\.py -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/authconfig/authconfig-gtk\.py -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
@@ -332,9 +394,11 @@ ifdef(`distro_redhat', `
|
@@ -332,9 +395,11 @@ ifdef(`distro_redhat', `
|
||||||
/usr/share/clamav/clamd-gen -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/clamav/clamd-gen -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/clamav/freshclam-sleep -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/clamav/freshclam-sleep -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/createrepo(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/createrepo(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
@ -112713,7 +112717,7 @@ index 644d4d7..0c58f76 100644
|
|||||||
/usr/share/pwlib/make/ptlib-config -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/pwlib/make/ptlib-config -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/pydict/pydict\.py -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/pydict/pydict\.py -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
/usr/share/rhn/rhn_applet/applet\.py -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/share/rhn/rhn_applet/applet\.py -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
@@ -383,11 +447,15 @@ ifdef(`distro_suse', `
|
@@ -383,11 +448,15 @@ ifdef(`distro_suse', `
|
||||||
#
|
#
|
||||||
# /var
|
# /var
|
||||||
#
|
#
|
||||||
@ -112730,7 +112734,7 @@ index 644d4d7..0c58f76 100644
|
|||||||
/usr/lib/yp/.+ -- gen_context(system_u:object_r:bin_t,s0)
|
/usr/lib/yp/.+ -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
|
||||||
/var/qmail/bin -d gen_context(system_u:object_r:bin_t,s0)
|
/var/qmail/bin -d gen_context(system_u:object_r:bin_t,s0)
|
||||||
@@ -397,3 +465,12 @@ ifdef(`distro_suse', `
|
@@ -397,3 +466,12 @@ ifdef(`distro_suse', `
|
||||||
ifdef(`distro_suse',`
|
ifdef(`distro_suse',`
|
||||||
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
|
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
|
||||||
')
|
')
|
||||||
@ -142913,7 +142917,7 @@ index 0f64692..d7e8a01 100644
|
|||||||
|
|
||||||
########################################
|
########################################
|
||||||
diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
|
diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
|
||||||
index a5ec88b..6e4726f 100644
|
index a5ec88b..99fd5da 100644
|
||||||
--- a/policy/modules/system/udev.te
|
--- a/policy/modules/system/udev.te
|
||||||
+++ b/policy/modules/system/udev.te
|
+++ b/policy/modules/system/udev.te
|
||||||
@@ -17,14 +17,12 @@ init_daemon_domain(udev_t, udev_exec_t)
|
@@ -17,14 +17,12 @@ init_daemon_domain(udev_t, udev_exec_t)
|
||||||
@ -142954,7 +142958,7 @@ index a5ec88b..6e4726f 100644
|
|||||||
|
|
||||||
allow udev_t udev_exec_t:file write;
|
allow udev_t udev_exec_t:file write;
|
||||||
can_exec(udev_t, udev_exec_t)
|
can_exec(udev_t, udev_exec_t)
|
||||||
@@ -63,31 +64,35 @@ can_exec(udev_t, udev_helper_exec_t)
|
@@ -63,31 +64,36 @@ can_exec(udev_t, udev_helper_exec_t)
|
||||||
# read udev config
|
# read udev config
|
||||||
allow udev_t udev_etc_t:file read_file_perms;
|
allow udev_t udev_etc_t:file read_file_perms;
|
||||||
|
|
||||||
@ -142974,6 +142978,7 @@ index a5ec88b..6e4726f 100644
|
|||||||
-files_pid_filetrans(udev_t, udev_var_run_t, { dir file })
|
-files_pid_filetrans(udev_t, udev_var_run_t, { dir file })
|
||||||
+files_pid_filetrans(udev_t, udev_var_run_t, { file dir })
|
+files_pid_filetrans(udev_t, udev_var_run_t, { file dir })
|
||||||
+allow udev_t udev_var_run_t:file mounton;
|
+allow udev_t udev_var_run_t:file mounton;
|
||||||
|
+allow udev_t udev_var_run_t:lnk_file relabel_lnk_file_perms;
|
||||||
+dev_filetrans(udev_t, udev_var_run_t, { file lnk_file } )
|
+dev_filetrans(udev_t, udev_var_run_t, { file lnk_file } )
|
||||||
|
|
||||||
+kernel_load_module(udev_t)
|
+kernel_load_module(udev_t)
|
||||||
@ -142997,7 +143002,7 @@ index a5ec88b..6e4726f 100644
|
|||||||
|
|
||||||
#https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235182
|
#https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235182
|
||||||
kernel_rw_net_sysctls(udev_t)
|
kernel_rw_net_sysctls(udev_t)
|
||||||
@@ -98,6 +103,7 @@ corecmd_exec_all_executables(udev_t)
|
@@ -98,6 +104,7 @@ corecmd_exec_all_executables(udev_t)
|
||||||
|
|
||||||
dev_rw_sysfs(udev_t)
|
dev_rw_sysfs(udev_t)
|
||||||
dev_manage_all_dev_nodes(udev_t)
|
dev_manage_all_dev_nodes(udev_t)
|
||||||
@ -143005,7 +143010,7 @@ index a5ec88b..6e4726f 100644
|
|||||||
dev_rw_generic_files(udev_t)
|
dev_rw_generic_files(udev_t)
|
||||||
dev_delete_generic_files(udev_t)
|
dev_delete_generic_files(udev_t)
|
||||||
dev_search_usbfs(udev_t)
|
dev_search_usbfs(udev_t)
|
||||||
@@ -106,23 +112,31 @@ dev_relabel_all_dev_nodes(udev_t)
|
@@ -106,23 +113,31 @@ dev_relabel_all_dev_nodes(udev_t)
|
||||||
# preserved, instead of short circuiting the relabel
|
# preserved, instead of short circuiting the relabel
|
||||||
dev_relabel_generic_symlinks(udev_t)
|
dev_relabel_generic_symlinks(udev_t)
|
||||||
dev_manage_generic_symlinks(udev_t)
|
dev_manage_generic_symlinks(udev_t)
|
||||||
@ -143041,7 +143046,7 @@ index a5ec88b..6e4726f 100644
|
|||||||
|
|
||||||
mls_file_read_all_levels(udev_t)
|
mls_file_read_all_levels(udev_t)
|
||||||
mls_file_write_all_levels(udev_t)
|
mls_file_write_all_levels(udev_t)
|
||||||
@@ -144,17 +158,20 @@ auth_use_nsswitch(udev_t)
|
@@ -144,17 +159,20 @@ auth_use_nsswitch(udev_t)
|
||||||
init_read_utmp(udev_t)
|
init_read_utmp(udev_t)
|
||||||
init_dontaudit_write_utmp(udev_t)
|
init_dontaudit_write_utmp(udev_t)
|
||||||
init_getattr_initctl(udev_t)
|
init_getattr_initctl(udev_t)
|
||||||
@ -143063,7 +143068,7 @@ index a5ec88b..6e4726f 100644
|
|||||||
|
|
||||||
seutil_read_config(udev_t)
|
seutil_read_config(udev_t)
|
||||||
seutil_read_default_contexts(udev_t)
|
seutil_read_default_contexts(udev_t)
|
||||||
@@ -170,6 +187,8 @@ sysnet_signal_dhcpc(udev_t)
|
@@ -170,6 +188,8 @@ sysnet_signal_dhcpc(udev_t)
|
||||||
sysnet_manage_config(udev_t)
|
sysnet_manage_config(udev_t)
|
||||||
sysnet_etc_filetrans_config(udev_t)
|
sysnet_etc_filetrans_config(udev_t)
|
||||||
|
|
||||||
@ -143072,7 +143077,7 @@ index a5ec88b..6e4726f 100644
|
|||||||
userdom_dontaudit_search_user_home_content(udev_t)
|
userdom_dontaudit_search_user_home_content(udev_t)
|
||||||
|
|
||||||
ifdef(`distro_gentoo',`
|
ifdef(`distro_gentoo',`
|
||||||
@@ -179,16 +198,9 @@ ifdef(`distro_gentoo',`
|
@@ -179,16 +199,9 @@ ifdef(`distro_gentoo',`
|
||||||
')
|
')
|
||||||
|
|
||||||
ifdef(`distro_redhat',`
|
ifdef(`distro_redhat',`
|
||||||
@ -143091,7 +143096,7 @@ index a5ec88b..6e4726f 100644
|
|||||||
|
|
||||||
# for arping used for static IP addresses on PCMCIA ethernet
|
# for arping used for static IP addresses on PCMCIA ethernet
|
||||||
netutils_domtrans(udev_t)
|
netutils_domtrans(udev_t)
|
||||||
@@ -217,6 +229,10 @@ optional_policy(`
|
@@ -217,6 +230,10 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -143102,7 +143107,7 @@ index a5ec88b..6e4726f 100644
|
|||||||
consoletype_exec(udev_t)
|
consoletype_exec(udev_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -226,6 +242,7 @@ optional_policy(`
|
@@ -226,6 +243,7 @@ optional_policy(`
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
cups_domtrans_config(udev_t)
|
cups_domtrans_config(udev_t)
|
||||||
@ -143110,7 +143115,7 @@ index a5ec88b..6e4726f 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -235,10 +252,20 @@ optional_policy(`
|
@@ -235,10 +253,20 @@ optional_policy(`
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
devicekit_read_pid_files(udev_t)
|
devicekit_read_pid_files(udev_t)
|
||||||
devicekit_dgram_send(udev_t)
|
devicekit_dgram_send(udev_t)
|
||||||
@ -143131,7 +143136,7 @@ index a5ec88b..6e4726f 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -264,6 +291,10 @@ optional_policy(`
|
@@ -264,6 +292,10 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -143142,7 +143147,7 @@ index a5ec88b..6e4726f 100644
|
|||||||
openct_read_pid_files(udev_t)
|
openct_read_pid_files(udev_t)
|
||||||
openct_domtrans(udev_t)
|
openct_domtrans(udev_t)
|
||||||
')
|
')
|
||||||
@@ -278,6 +309,15 @@ optional_policy(`
|
@@ -278,6 +310,15 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -143158,7 +143163,7 @@ index a5ec88b..6e4726f 100644
|
|||||||
unconfined_signal(udev_t)
|
unconfined_signal(udev_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -290,6 +330,7 @@ optional_policy(`
|
@@ -290,6 +331,7 @@ optional_policy(`
|
||||||
kernel_read_xen_state(udev_t)
|
kernel_read_xen_state(udev_t)
|
||||||
xen_manage_log(udev_t)
|
xen_manage_log(udev_t)
|
||||||
xen_read_image_files(udev_t)
|
xen_read_image_files(udev_t)
|
||||||
|
File diff suppressed because it is too large
Load Diff
@ -19,7 +19,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.12.1
|
Version: 3.12.1
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -524,6 +524,14 @@ SELinux Reference policy mls base module.
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jan 11 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-3
|
||||||
|
- Allow gnomeclock to talk to puppet over dbus
|
||||||
|
- Allow numad access discovered by Dominic
|
||||||
|
- Add support for HOME_DIR/.maildir
|
||||||
|
- Fix attribute_role for mozilla_plugin_t domain to allow staff_r to access this domain
|
||||||
|
- Allow udev to relabel udev_var_run_t lnk_files
|
||||||
|
- New bin_t file in mcelog
|
||||||
|
|
||||||
* Thu Jan 10 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-2
|
* Thu Jan 10 2013 Miroslav Grepl <mgrepl@redhat.com> 3.12.1-2
|
||||||
- Remove all mcs overrides and replace with t1 != mcs_constrained_types
|
- Remove all mcs overrides and replace with t1 != mcs_constrained_types
|
||||||
- Add attribute_role for iptables
|
- Add attribute_role for iptables
|
||||||
|
Loading…
Reference in New Issue
Block a user