- Allod hald_dccm_t to create sock_files in /tmp
This commit is contained in:
parent
43fb726b4b
commit
af4fa8266c
@ -10579,7 +10579,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+')
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.26/policy/modules/services/hal.te
|
||||
--- nsaserefpolicy/policy/modules/services/hal.te 2009-07-28 13:28:33.000000000 -0400
|
||||
+++ serefpolicy-3.6.26/policy/modules/services/hal.te 2009-07-30 17:31:42.000000000 -0400
|
||||
+++ serefpolicy-3.6.26/policy/modules/services/hal.te 2009-07-31 06:43:31.000000000 -0400
|
||||
@@ -55,6 +55,9 @@
|
||||
type hald_var_lib_t;
|
||||
files_type(hald_var_lib_t)
|
||||
@ -10664,8 +10664,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
allow hald_dccm_t self:process getsched;
|
||||
allow hald_dccm_t self:tcp_socket create_stream_socket_perms;
|
||||
allow hald_dccm_t self:udp_socket create_socket_perms;
|
||||
@@ -471,8 +491,12 @@
|
||||
@@ -469,10 +489,17 @@
|
||||
manage_files_pattern(hald_dccm_t, hald_var_lib_t, hald_var_lib_t)
|
||||
files_search_var_lib(hald_dccm_t)
|
||||
|
||||
+manage_sock_files_pattern(hald_dccm_t, hald_tmp_t, hald_tmp_t)
|
||||
+files_tmp_filetrans(hald_dccm_t, hald_tmp_t, sock_file)
|
||||
+
|
||||
write_files_pattern(hald_dccm_t, hald_log_t, hald_log_t)
|
||||
|
||||
+dev_read_urand(hald_dccm_t)
|
||||
@ -10677,7 +10682,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
corenet_all_recvfrom_unlabeled(hald_dccm_t)
|
||||
corenet_all_recvfrom_netlabel(hald_dccm_t)
|
||||
corenet_tcp_sendrecv_generic_if(hald_dccm_t)
|
||||
@@ -484,6 +508,7 @@
|
||||
@@ -484,6 +511,7 @@
|
||||
corenet_tcp_bind_generic_node(hald_dccm_t)
|
||||
corenet_udp_bind_generic_node(hald_dccm_t)
|
||||
corenet_udp_bind_dhcpc_port(hald_dccm_t)
|
||||
@ -10685,7 +10690,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
corenet_tcp_bind_dccm_port(hald_dccm_t)
|
||||
|
||||
logging_send_syslog_msg(hald_dccm_t)
|
||||
@@ -491,3 +516,9 @@
|
||||
@@ -491,3 +519,9 @@
|
||||
files_read_usr_files(hald_dccm_t)
|
||||
|
||||
miscfiles_read_localization(hald_dccm_t)
|
||||
@ -11899,8 +11904,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
## </summary>
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.6.26/policy/modules/services/nscd.te
|
||||
--- nsaserefpolicy/policy/modules/services/nscd.te 2009-07-14 14:19:57.000000000 -0400
|
||||
+++ serefpolicy-3.6.26/policy/modules/services/nscd.te 2009-07-30 15:33:09.000000000 -0400
|
||||
@@ -90,6 +90,7 @@
|
||||
+++ serefpolicy-3.6.26/policy/modules/services/nscd.te 2009-07-31 07:01:44.000000000 -0400
|
||||
@@ -65,6 +65,7 @@
|
||||
|
||||
fs_getattr_all_fs(nscd_t)
|
||||
fs_search_auto_mountpoints(nscd_t)
|
||||
+fs_list_inotifyfs(nscd_t)
|
||||
|
||||
# for when /etc/passwd has just been updated and has the wrong type
|
||||
auth_getattr_shadow(nscd_t)
|
||||
@@ -90,6 +91,7 @@
|
||||
selinux_compute_relabel_context(nscd_t)
|
||||
selinux_compute_user_contexts(nscd_t)
|
||||
domain_use_interactive_fds(nscd_t)
|
||||
@ -11908,7 +11921,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
files_read_etc_files(nscd_t)
|
||||
files_read_generic_tmp_symlinks(nscd_t)
|
||||
@@ -127,3 +128,12 @@
|
||||
@@ -127,3 +129,12 @@
|
||||
xen_dontaudit_rw_unix_stream_sockets(nscd_t)
|
||||
xen_append_log(nscd_t)
|
||||
')
|
||||
@ -12381,13 +12394,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+')
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.fc serefpolicy-3.6.26/policy/modules/services/policykit.fc
|
||||
--- nsaserefpolicy/policy/modules/services/policykit.fc 2009-07-23 14:11:04.000000000 -0400
|
||||
+++ serefpolicy-3.6.26/policy/modules/services/policykit.fc 2009-07-30 15:33:09.000000000 -0400
|
||||
@@ -1,7 +1,7 @@
|
||||
+++ serefpolicy-3.6.26/policy/modules/services/policykit.fc 2009-07-31 06:55:00.000000000 -0400
|
||||
@@ -1,7 +1,9 @@
|
||||
/usr/libexec/polkit-read-auth-helper -- gen_context(system_u:object_r:policykit_auth_exec_t,s0)
|
||||
+/usr/libexec/polkit-gnome-authentication-agent-1 -- gen_context(system_u:object_r:policykit_auth_exec_t,s0)
|
||||
/usr/libexec/polkit-grant-helper.* -- gen_context(system_u:object_r:policykit_grant_exec_t,s0)
|
||||
/usr/libexec/polkit-resolve-exe-helper.* -- gen_context(system_u:object_r:policykit_resolve_exec_t,s0)
|
||||
-/usr/libexec/polkitd -- gen_context(system_u:object_r:policykit_exec_t,s0)
|
||||
+/usr/libexec/polkit.* gen_context(system_u:object_r:policykit_exec_t,s0)
|
||||
+/usr/libexec/polkitd.* -- gen_context(system_u:object_r:policykit_exec_t,s0)
|
||||
+/usr/libexec/polkit-1/polkitd.* -- gen_context(system_u:object_r:policykit_exec_t,s0)
|
||||
|
||||
/var/lib/misc/PolicyKit.reload gen_context(system_u:object_r:policykit_reload_t,s0)
|
||||
/var/lib/PolicyKit(/.*)? gen_context(system_u:object_r:policykit_var_lib_t,s0)
|
||||
|
@ -20,7 +20,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.6.26
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
@ -475,7 +475,10 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Jul 28 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-1
|
||||
* Fri Jul 31 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-2
|
||||
- Allod hald_dccm_t to create sock_files in /tmp
|
||||
|
||||
* Thu Jul 30 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-1
|
||||
- More fixes from upstream
|
||||
|
||||
* Tue Jul 28 2009 Dan Walsh <dwalsh@redhat.com> 3.6.25-1
|
||||
|
Loading…
Reference in New Issue
Block a user