* Thu Feb 05 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-110
- Allow cockpit_session_t to create tmp files - apmd needs sys_resource when shutting down the machine - Fix path label to resolv.conf under NetworkManager
This commit is contained in:
parent
1fd39e9da1
commit
ae5733a49e
@ -7799,10 +7799,10 @@ index 1a7a97e..2c7252a 100644
|
||||
domain_system_change_exemption($1)
|
||||
role_transition $2 apmd_initrc_exec_t system_r;
|
||||
diff --git a/apm.te b/apm.te
|
||||
index 7fd431b..e05b2d4 100644
|
||||
index 7fd431b..5ce1846 100644
|
||||
--- a/apm.te
|
||||
+++ b/apm.te
|
||||
@@ -35,6 +35,9 @@ files_type(apmd_var_lib_t)
|
||||
@@ -35,12 +35,15 @@ files_type(apmd_var_lib_t)
|
||||
type apmd_var_run_t;
|
||||
files_pid_file(apmd_var_run_t)
|
||||
|
||||
@ -7812,6 +7812,13 @@ index 7fd431b..e05b2d4 100644
|
||||
########################################
|
||||
#
|
||||
# Client local policy
|
||||
#
|
||||
|
||||
-allow apm_t self:capability { dac_override sys_admin };
|
||||
+allow apm_t self:capability { dac_override sys_admin sys_resource };
|
||||
|
||||
kernel_read_system_state(apm_t)
|
||||
|
||||
@@ -48,7 +51,7 @@ dev_rw_apm_bios(apm_t)
|
||||
|
||||
fs_getattr_xattr_fs(apm_t)
|
||||
@ -14201,10 +14208,10 @@ index 0000000..a8a678a
|
||||
+')
|
||||
diff --git a/cockpit.te b/cockpit.te
|
||||
new file mode 100644
|
||||
index 0000000..4d89495
|
||||
index 0000000..4ae76c5
|
||||
--- /dev/null
|
||||
+++ b/cockpit.te
|
||||
@@ -0,0 +1,98 @@
|
||||
@@ -0,0 +1,102 @@
|
||||
+policy_module(cockpit, 1.0.0)
|
||||
+
|
||||
+########################################
|
||||
@ -14289,6 +14296,10 @@ index 0000000..4d89495
|
||||
+allow cockpit_session_t self:capability { sys_admin dac_override setuid setgid };
|
||||
+allow cockpit_session_t self:process { setexec setsched signal_perms };
|
||||
+
|
||||
+manage_dirs_pattern(cockpit_session_t, cockpit_tmp_t, cockpit_tmp_t)
|
||||
+manage_files_pattern(cockpit_session_t, cockpit_tmp_t, cockpit_tmp_t)
|
||||
+files_tmp_filetrans(cockpit_session_t, cockpit_tmp_t, { dir file })
|
||||
+
|
||||
+# cockpit-session runs a full pam stack, including pam_selinux.so
|
||||
+auth_login_pgm_domain(cockpit_session_t)
|
||||
+auth_write_login_records(cockpit_session_t)
|
||||
|
@ -19,7 +19,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.13.1
|
||||
Release: 109%{?dist}
|
||||
Release: 110%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
@ -605,6 +605,11 @@ SELinux Reference policy mls base module.
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Feb 05 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-110
|
||||
- Allow cockpit_session_t to create tmp files
|
||||
- apmd needs sys_resource when shutting down the machine
|
||||
- Fix path label to resolv.conf under NetworkManager
|
||||
|
||||
* Wed Feb 04 2015 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-109
|
||||
- Allow search all pid dirs when managing net_conf_t files.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user