- More alias for fastcgi
This commit is contained in:
parent
236d3cc19a
commit
ae68d97fe5
|
@ -2724,7 +2724,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
+')
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-3.5.13/policy/modules/apps/java.fc
|
||||
--- nsaserefpolicy/policy/modules/apps/java.fc 2008-08-07 11:15:03.000000000 -0400
|
||||
+++ serefpolicy-3.5.13/policy/modules/apps/java.fc 2008-10-17 10:31:26.000000000 -0400
|
||||
+++ serefpolicy-3.5.13/policy/modules/apps/java.fc 2008-10-21 22:22:37.000000000 -0400
|
||||
@@ -3,14 +3,15 @@
|
||||
#
|
||||
/opt/(.*/)?bin/java[^/]* -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||
|
@ -2743,7 +2743,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
/usr/bin/frysk -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||
/usr/bin/gappletviewer -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||
/usr/bin/gcj-dbtool -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||
@@ -20,5 +21,10 @@
|
||||
@@ -20,5 +21,11 @@
|
||||
/usr/bin/grmic -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||
/usr/bin/grmiregistry -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||
/usr/bin/jv-convert -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||
|
@ -2756,6 +2756,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
+/usr/lib64/jvm/java(.*/)bin(/.*)? -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||
+
|
||||
+/usr/bin/octave-[^/]* -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||
+/usr/lib/opera(/.*)?/opera -- gen_context(system_u:object_r:java_exec_t,s0)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.5.13/policy/modules/apps/java.if
|
||||
--- nsaserefpolicy/policy/modules/apps/java.if 2008-08-07 11:15:03.000000000 -0400
|
||||
+++ serefpolicy-3.5.13/policy/modules/apps/java.if 2008-10-17 10:31:26.000000000 -0400
|
||||
|
@ -10544,7 +10545,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
+')
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.5.13/policy/modules/services/apache.te
|
||||
--- nsaserefpolicy/policy/modules/services/apache.te 2008-10-16 17:21:16.000000000 -0400
|
||||
+++ serefpolicy-3.5.13/policy/modules/services/apache.te 2008-10-21 09:18:28.000000000 -0400
|
||||
+++ serefpolicy-3.5.13/policy/modules/services/apache.te 2008-10-22 09:08:19.000000000 -0400
|
||||
@@ -20,6 +20,8 @@
|
||||
# Declarations
|
||||
#
|
||||
|
@ -10638,13 +10639,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
type httpd_lock_t;
|
||||
files_lock_file(httpd_lock_t)
|
||||
|
||||
@@ -180,6 +220,13 @@
|
||||
@@ -180,6 +220,18 @@
|
||||
|
||||
# setup the system domain for system CGI scripts
|
||||
apache_content_template(sys)
|
||||
+typealias httpd_sys_script_exec_t alias httpd_fastcgi_script_exec_t;
|
||||
+typealias httpd_sys_content_t alias httpd_fastcgi_content_t;
|
||||
+typealias httpd_sys_content_rw_t alias httpd_fastcgi_content_rw_t;
|
||||
+typealias httpd_sys_script_ra_t alias httpd_fastcgi_script_ra_t;
|
||||
+typealias httpd_sys_script_ro_t alias httpd_fastcgi_script_ro_t;
|
||||
+typealias httpd_sys_script_rw_t alias httpd_fastcgi_script_rw_t;
|
||||
+typealias httpd_sys_script_t alias httpd_fastcgi_script_t;
|
||||
+typealias httpd_var_run_t alias httpd_fastcgi_var_run_t;
|
||||
+
|
||||
+typeattribute httpd_sys_content_t httpdcontent, httpd_ro_content; # customizable
|
||||
+typeattribute httpd_sys_content_rw_t httpdcontent, httpd_rw_content; # customizable
|
||||
|
@ -10652,7 +10658,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
type httpd_tmp_t;
|
||||
files_tmp_file(httpd_tmp_t)
|
||||
@@ -202,12 +249,16 @@
|
||||
@@ -202,12 +254,16 @@
|
||||
prelink_object_file(httpd_modules_t)
|
||||
')
|
||||
|
||||
|
@ -10670,7 +10676,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
dontaudit httpd_t self:capability { net_admin sys_tty_config };
|
||||
allow httpd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
|
||||
allow httpd_t self:fd use;
|
||||
@@ -249,6 +300,7 @@
|
||||
@@ -249,6 +305,7 @@
|
||||
allow httpd_t httpd_modules_t:dir list_dir_perms;
|
||||
mmap_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
|
||||
read_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
|
||||
|
@ -10678,7 +10684,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
apache_domtrans_rotatelogs(httpd_t)
|
||||
# Apache-httpd needs to be able to send signals to the log rotate procs.
|
||||
@@ -260,9 +312,9 @@
|
||||
@@ -260,9 +317,9 @@
|
||||
|
||||
allow httpd_t httpd_suexec_exec_t:file read_file_perms;
|
||||
|
||||
|
@ -10691,7 +10697,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
manage_dirs_pattern(httpd_t, httpd_tmp_t, httpd_tmp_t)
|
||||
manage_files_pattern(httpd_t, httpd_tmp_t, httpd_tmp_t)
|
||||
@@ -289,6 +341,7 @@
|
||||
@@ -289,6 +346,7 @@
|
||||
kernel_read_kernel_sysctls(httpd_t)
|
||||
# for modules that want to access /proc/meminfo
|
||||
kernel_read_system_state(httpd_t)
|
||||
|
@ -10699,7 +10705,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
corenet_all_recvfrom_unlabeled(httpd_t)
|
||||
corenet_all_recvfrom_netlabel(httpd_t)
|
||||
@@ -299,6 +352,7 @@
|
||||
@@ -299,6 +357,7 @@
|
||||
corenet_tcp_sendrecv_all_ports(httpd_t)
|
||||
corenet_udp_sendrecv_all_ports(httpd_t)
|
||||
corenet_tcp_bind_all_nodes(httpd_t)
|
||||
|
@ -10707,7 +10713,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
corenet_tcp_bind_http_port(httpd_t)
|
||||
corenet_tcp_bind_http_cache_port(httpd_t)
|
||||
corenet_sendrecv_http_server_packets(httpd_t)
|
||||
@@ -312,12 +366,11 @@
|
||||
@@ -312,12 +371,11 @@
|
||||
|
||||
fs_getattr_all_fs(httpd_t)
|
||||
fs_search_auto_mountpoints(httpd_t)
|
||||
|
@ -10722,7 +10728,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
domain_use_interactive_fds(httpd_t)
|
||||
|
||||
@@ -335,6 +388,10 @@
|
||||
@@ -335,6 +393,10 @@
|
||||
files_read_var_lib_symlinks(httpd_t)
|
||||
|
||||
fs_search_auto_mountpoints(httpd_sys_script_t)
|
||||
|
@ -10733,7 +10739,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
libs_use_ld_so(httpd_t)
|
||||
libs_use_shared_libs(httpd_t)
|
||||
@@ -351,18 +408,33 @@
|
||||
@@ -351,18 +413,33 @@
|
||||
|
||||
userdom_use_unpriv_users_fds(httpd_t)
|
||||
|
||||
|
@ -10771,7 +10777,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
')
|
||||
')
|
||||
|
||||
@@ -370,20 +442,45 @@
|
||||
@@ -370,20 +447,45 @@
|
||||
corenet_tcp_connect_all_ports(httpd_t)
|
||||
')
|
||||
|
||||
|
@ -10818,7 +10824,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
manage_dirs_pattern(httpd_t, httpdcontent, httpdcontent)
|
||||
manage_files_pattern(httpd_t, httpdcontent, httpdcontent)
|
||||
@@ -394,11 +491,12 @@
|
||||
@@ -394,11 +496,12 @@
|
||||
corenet_tcp_bind_ftp_port(httpd_t)
|
||||
')
|
||||
|
||||
|
@ -10834,7 +10840,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
fs_read_nfs_files(httpd_t)
|
||||
fs_read_nfs_symlinks(httpd_t)
|
||||
')
|
||||
@@ -408,6 +506,11 @@
|
||||
@@ -408,6 +511,11 @@
|
||||
fs_read_cifs_symlinks(httpd_t)
|
||||
')
|
||||
|
||||
|
@ -10846,7 +10852,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
tunable_policy(`httpd_ssi_exec',`
|
||||
corecmd_shell_domtrans(httpd_t,httpd_sys_script_t)
|
||||
allow httpd_sys_script_t httpd_t:fd use;
|
||||
@@ -441,8 +544,13 @@
|
||||
@@ -441,8 +549,13 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
@ -10862,7 +10868,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -454,18 +562,13 @@
|
||||
@@ -454,18 +567,13 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
@ -10882,7 +10888,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -475,6 +578,12 @@
|
||||
@@ -475,6 +583,12 @@
|
||||
openca_kill(httpd_t)
|
||||
')
|
||||
|
||||
|
@ -10895,7 +10901,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
optional_policy(`
|
||||
# Allow httpd to work with postgresql
|
||||
postgresql_stream_connect(httpd_t)
|
||||
@@ -482,6 +591,7 @@
|
||||
@@ -482,6 +596,7 @@
|
||||
|
||||
tunable_policy(`httpd_can_network_connect_db',`
|
||||
postgresql_tcp_connect(httpd_t)
|
||||
|
@ -10903,7 +10909,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
')
|
||||
')
|
||||
|
||||
@@ -490,6 +600,7 @@
|
||||
@@ -490,6 +605,7 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
@ -10911,7 +10917,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
snmp_dontaudit_read_snmp_var_lib_files(httpd_t)
|
||||
snmp_dontaudit_write_snmp_var_lib_files(httpd_t)
|
||||
')
|
||||
@@ -519,9 +630,28 @@
|
||||
@@ -519,9 +635,28 @@
|
||||
logging_send_syslog_msg(httpd_helper_t)
|
||||
|
||||
tunable_policy(`httpd_tty_comm',`
|
||||
|
@ -10940,7 +10946,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
########################################
|
||||
#
|
||||
# Apache PHP script local policy
|
||||
@@ -551,22 +681,27 @@
|
||||
@@ -551,22 +686,27 @@
|
||||
|
||||
fs_search_auto_mountpoints(httpd_php_t)
|
||||
|
||||
|
@ -10974,7 +10980,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
')
|
||||
|
||||
########################################
|
||||
@@ -584,12 +719,14 @@
|
||||
@@ -584,12 +724,14 @@
|
||||
append_files_pattern(httpd_suexec_t, httpd_log_t, httpd_log_t)
|
||||
read_files_pattern(httpd_suexec_t, httpd_log_t, httpd_log_t)
|
||||
|
||||
|
@ -10990,7 +10996,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
kernel_read_kernel_sysctls(httpd_suexec_t)
|
||||
kernel_list_proc(httpd_suexec_t)
|
||||
kernel_read_proc_symlinks(httpd_suexec_t)
|
||||
@@ -598,9 +735,7 @@
|
||||
@@ -598,9 +740,7 @@
|
||||
|
||||
fs_search_auto_mountpoints(httpd_suexec_t)
|
||||
|
||||
|
@ -11001,7 +11007,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
files_read_etc_files(httpd_suexec_t)
|
||||
files_read_usr_files(httpd_suexec_t)
|
||||
@@ -633,12 +768,25 @@
|
||||
@@ -633,12 +773,25 @@
|
||||
corenet_sendrecv_all_client_packets(httpd_suexec_t)
|
||||
')
|
||||
|
||||
|
@ -11030,7 +11036,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
')
|
||||
|
||||
tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
|
||||
@@ -647,6 +795,12 @@
|
||||
@@ -647,6 +800,12 @@
|
||||
fs_exec_nfs_files(httpd_suexec_t)
|
||||
')
|
||||
|
||||
|
@ -11043,7 +11049,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
|
||||
fs_read_cifs_files(httpd_suexec_t)
|
||||
fs_read_cifs_symlinks(httpd_suexec_t)
|
||||
@@ -664,10 +818,6 @@
|
||||
@@ -664,10 +823,6 @@
|
||||
dontaudit httpd_suexec_t httpd_t:unix_stream_socket { read write };
|
||||
')
|
||||
|
||||
|
@ -11054,7 +11060,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
########################################
|
||||
#
|
||||
# Apache system script local policy
|
||||
@@ -677,7 +827,8 @@
|
||||
@@ -677,7 +832,8 @@
|
||||
|
||||
dontaudit httpd_sys_script_t httpd_config_t:dir search;
|
||||
|
||||
|
@ -11064,7 +11070,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
allow httpd_sys_script_t squirrelmail_spool_t:dir list_dir_perms;
|
||||
read_files_pattern(httpd_sys_script_t, squirrelmail_spool_t, squirrelmail_spool_t)
|
||||
@@ -691,12 +842,15 @@
|
||||
@@ -691,12 +847,15 @@
|
||||
# Should we add a boolean?
|
||||
apache_domtrans_rotatelogs(httpd_sys_script_t)
|
||||
|
||||
|
@ -11082,7 +11088,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
')
|
||||
|
||||
tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
|
||||
@@ -704,6 +858,30 @@
|
||||
@@ -704,6 +863,30 @@
|
||||
fs_read_nfs_symlinks(httpd_sys_script_t)
|
||||
')
|
||||
|
||||
|
@ -11113,7 +11119,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
|
||||
fs_read_cifs_files(httpd_sys_script_t)
|
||||
fs_read_cifs_symlinks(httpd_sys_script_t)
|
||||
@@ -716,10 +894,10 @@
|
||||
@@ -716,10 +899,10 @@
|
||||
optional_policy(`
|
||||
mysql_stream_connect(httpd_sys_script_t)
|
||||
mysql_rw_db_sockets(httpd_sys_script_t)
|
||||
|
@ -11128,7 +11134,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
')
|
||||
|
||||
########################################
|
||||
@@ -727,6 +905,8 @@
|
||||
@@ -727,6 +910,8 @@
|
||||
# httpd_rotatelogs local policy
|
||||
#
|
||||
|
||||
|
@ -11137,7 +11143,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
manage_files_pattern(httpd_rotatelogs_t, httpd_log_t, httpd_log_t)
|
||||
|
||||
kernel_read_kernel_sysctls(httpd_rotatelogs_t)
|
||||
@@ -741,3 +921,56 @@
|
||||
@@ -741,3 +926,56 @@
|
||||
logging_search_logs(httpd_rotatelogs_t)
|
||||
|
||||
miscfiles_read_localization(httpd_rotatelogs_t)
|
||||
|
@ -21123,7 +21129,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
+
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.5.13/policy/modules/services/samba.te
|
||||
--- nsaserefpolicy/policy/modules/services/samba.te 2008-10-16 17:21:16.000000000 -0400
|
||||
+++ serefpolicy-3.5.13/policy/modules/services/samba.te 2008-10-17 10:31:27.000000000 -0400
|
||||
+++ serefpolicy-3.5.13/policy/modules/services/samba.te 2008-10-21 13:55:09.000000000 -0400
|
||||
@@ -66,6 +66,13 @@
|
||||
## </desc>
|
||||
gen_tunable(samba_share_nfs, false)
|
||||
|
@ -21252,7 +21258,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
kernel_getattr_core_if(smbd_t)
|
||||
kernel_getattr_message_if(smbd_t)
|
||||
@@ -314,20 +332,22 @@
|
||||
@@ -314,20 +332,24 @@
|
||||
|
||||
init_rw_utmp(smbd_t)
|
||||
|
||||
|
@ -21271,6 +21277,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
userdom_dontaudit_use_unpriv_user_fds(smbd_t)
|
||||
userdom_use_unpriv_users_fds(smbd_t)
|
||||
|
||||
+usermanage_read_crack_db(smbd_t)
|
||||
+
|
||||
sysadm_dontaudit_search_home_dirs(smbd_t)
|
||||
|
||||
+term_use_ptmx(smbd_t)
|
||||
|
@ -21278,7 +21286,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
ifdef(`hide_broken_symptoms', `
|
||||
files_dontaudit_getattr_default_dirs(smbd_t)
|
||||
files_dontaudit_getattr_boot_dirs(smbd_t)
|
||||
@@ -348,6 +368,25 @@
|
||||
@@ -348,6 +370,25 @@
|
||||
tunable_policy(`samba_share_nfs',`
|
||||
fs_manage_nfs_dirs(smbd_t)
|
||||
fs_manage_nfs_files(smbd_t)
|
||||
|
@ -21304,7 +21312,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -452,6 +491,7 @@
|
||||
@@ -452,6 +493,7 @@
|
||||
dev_getattr_mtrr_dev(nmbd_t)
|
||||
|
||||
fs_getattr_all_fs(nmbd_t)
|
||||
|
@ -21312,7 +21320,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
fs_search_auto_mountpoints(nmbd_t)
|
||||
|
||||
domain_use_interactive_fds(nmbd_t)
|
||||
@@ -536,6 +576,7 @@
|
||||
@@ -536,6 +578,7 @@
|
||||
storage_raw_write_fixed_disk(smbmount_t)
|
||||
|
||||
term_list_ptys(smbmount_t)
|
||||
|
@ -21320,7 +21328,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
corecmd_list_bin(smbmount_t)
|
||||
|
||||
@@ -547,32 +588,46 @@
|
||||
@@ -547,32 +590,46 @@
|
||||
|
||||
auth_use_nsswitch(smbmount_t)
|
||||
|
||||
|
@ -21373,7 +21381,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
rw_files_pattern(swat_t, samba_etc_t, samba_etc_t)
|
||||
|
||||
@@ -592,6 +647,9 @@
|
||||
@@ -592,6 +649,9 @@
|
||||
files_pid_filetrans(swat_t, swat_var_run_t, file)
|
||||
|
||||
allow swat_t winbind_exec_t:file mmap_file_perms;
|
||||
|
@ -21383,7 +21391,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
kernel_read_kernel_sysctls(swat_t)
|
||||
kernel_read_system_state(swat_t)
|
||||
@@ -616,10 +674,12 @@
|
||||
@@ -616,10 +676,12 @@
|
||||
|
||||
dev_read_urand(swat_t)
|
||||
|
||||
|
@ -21396,7 +21404,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
auth_domtrans_chk_passwd(swat_t)
|
||||
auth_use_nsswitch(swat_t)
|
||||
@@ -628,6 +688,7 @@
|
||||
@@ -628,6 +690,7 @@
|
||||
libs_use_shared_libs(swat_t)
|
||||
|
||||
logging_send_syslog_msg(swat_t)
|
||||
|
@ -21404,7 +21412,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
logging_search_logs(swat_t)
|
||||
|
||||
miscfiles_read_localization(swat_t)
|
||||
@@ -645,6 +706,17 @@
|
||||
@@ -645,6 +708,17 @@
|
||||
kerberos_use(swat_t)
|
||||
')
|
||||
|
||||
|
@ -21422,7 +21430,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
########################################
|
||||
#
|
||||
# Winbind local policy
|
||||
@@ -694,6 +766,8 @@
|
||||
@@ -694,6 +768,8 @@
|
||||
manage_sock_files_pattern(winbind_t, winbind_var_run_t, winbind_var_run_t)
|
||||
files_pid_filetrans(winbind_t, winbind_var_run_t, file)
|
||||
|
||||
|
@ -21431,7 +21439,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
kernel_read_kernel_sysctls(winbind_t)
|
||||
kernel_list_proc(winbind_t)
|
||||
kernel_read_proc_symlinks(winbind_t)
|
||||
@@ -780,8 +854,13 @@
|
||||
@@ -780,8 +856,13 @@
|
||||
miscfiles_read_localization(winbind_helper_t)
|
||||
|
||||
optional_policy(`
|
||||
|
@ -21445,7 +21453,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
')
|
||||
|
||||
########################################
|
||||
@@ -790,6 +869,16 @@
|
||||
@@ -790,6 +871,16 @@
|
||||
#
|
||||
|
||||
optional_policy(`
|
||||
|
@ -21462,7 +21470,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
type samba_unconfined_script_t;
|
||||
type samba_unconfined_script_exec_t;
|
||||
domain_type(samba_unconfined_script_t)
|
||||
@@ -800,9 +889,46 @@
|
||||
@@ -800,9 +891,46 @@
|
||||
allow smbd_t samba_unconfined_script_exec_t:dir search_dir_perms;
|
||||
allow smbd_t samba_unconfined_script_exec_t:file ioctl;
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.5.13
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
|
@ -462,6 +462,9 @@ exit 0
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Oct 22 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-4
|
||||
- More alias for fastcgi
|
||||
|
||||
* Tue Oct 21 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-3
|
||||
- Remove mod_fcgid-selinux package
|
||||
|
||||
|
|
Loading…
Reference in New Issue