- Allod hald_dccm_t to create sock_files in /tmp

This commit is contained in:
Daniel J Walsh 2009-07-31 11:02:24 +00:00
parent 43fb726b4b
commit af4fa8266c
2 changed files with 30 additions and 12 deletions

View File

@ -10579,7 +10579,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.26/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2009-07-28 13:28:33.000000000 -0400
+++ serefpolicy-3.6.26/policy/modules/services/hal.te 2009-07-30 17:31:42.000000000 -0400
+++ serefpolicy-3.6.26/policy/modules/services/hal.te 2009-07-31 06:43:31.000000000 -0400
@@ -55,6 +55,9 @@
type hald_var_lib_t;
files_type(hald_var_lib_t)
@ -10664,8 +10664,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow hald_dccm_t self:process getsched;
allow hald_dccm_t self:tcp_socket create_stream_socket_perms;
allow hald_dccm_t self:udp_socket create_socket_perms;
@@ -471,8 +491,12 @@
@@ -469,10 +489,17 @@
manage_files_pattern(hald_dccm_t, hald_var_lib_t, hald_var_lib_t)
files_search_var_lib(hald_dccm_t)
+manage_sock_files_pattern(hald_dccm_t, hald_tmp_t, hald_tmp_t)
+files_tmp_filetrans(hald_dccm_t, hald_tmp_t, sock_file)
+
write_files_pattern(hald_dccm_t, hald_log_t, hald_log_t)
+dev_read_urand(hald_dccm_t)
@ -10677,7 +10682,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_all_recvfrom_unlabeled(hald_dccm_t)
corenet_all_recvfrom_netlabel(hald_dccm_t)
corenet_tcp_sendrecv_generic_if(hald_dccm_t)
@@ -484,6 +508,7 @@
@@ -484,6 +511,7 @@
corenet_tcp_bind_generic_node(hald_dccm_t)
corenet_udp_bind_generic_node(hald_dccm_t)
corenet_udp_bind_dhcpc_port(hald_dccm_t)
@ -10685,7 +10690,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_tcp_bind_dccm_port(hald_dccm_t)
logging_send_syslog_msg(hald_dccm_t)
@@ -491,3 +516,9 @@
@@ -491,3 +519,9 @@
files_read_usr_files(hald_dccm_t)
miscfiles_read_localization(hald_dccm_t)
@ -11899,8 +11904,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## </summary>
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.6.26/policy/modules/services/nscd.te
--- nsaserefpolicy/policy/modules/services/nscd.te 2009-07-14 14:19:57.000000000 -0400
+++ serefpolicy-3.6.26/policy/modules/services/nscd.te 2009-07-30 15:33:09.000000000 -0400
@@ -90,6 +90,7 @@
+++ serefpolicy-3.6.26/policy/modules/services/nscd.te 2009-07-31 07:01:44.000000000 -0400
@@ -65,6 +65,7 @@
fs_getattr_all_fs(nscd_t)
fs_search_auto_mountpoints(nscd_t)
+fs_list_inotifyfs(nscd_t)
# for when /etc/passwd has just been updated and has the wrong type
auth_getattr_shadow(nscd_t)
@@ -90,6 +91,7 @@
selinux_compute_relabel_context(nscd_t)
selinux_compute_user_contexts(nscd_t)
domain_use_interactive_fds(nscd_t)
@ -11908,7 +11921,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
files_read_etc_files(nscd_t)
files_read_generic_tmp_symlinks(nscd_t)
@@ -127,3 +128,12 @@
@@ -127,3 +129,12 @@
xen_dontaudit_rw_unix_stream_sockets(nscd_t)
xen_append_log(nscd_t)
')
@ -12381,13 +12394,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.fc serefpolicy-3.6.26/policy/modules/services/policykit.fc
--- nsaserefpolicy/policy/modules/services/policykit.fc 2009-07-23 14:11:04.000000000 -0400
+++ serefpolicy-3.6.26/policy/modules/services/policykit.fc 2009-07-30 15:33:09.000000000 -0400
@@ -1,7 +1,7 @@
+++ serefpolicy-3.6.26/policy/modules/services/policykit.fc 2009-07-31 06:55:00.000000000 -0400
@@ -1,7 +1,9 @@
/usr/libexec/polkit-read-auth-helper -- gen_context(system_u:object_r:policykit_auth_exec_t,s0)
+/usr/libexec/polkit-gnome-authentication-agent-1 -- gen_context(system_u:object_r:policykit_auth_exec_t,s0)
/usr/libexec/polkit-grant-helper.* -- gen_context(system_u:object_r:policykit_grant_exec_t,s0)
/usr/libexec/polkit-resolve-exe-helper.* -- gen_context(system_u:object_r:policykit_resolve_exec_t,s0)
-/usr/libexec/polkitd -- gen_context(system_u:object_r:policykit_exec_t,s0)
+/usr/libexec/polkit.* gen_context(system_u:object_r:policykit_exec_t,s0)
+/usr/libexec/polkitd.* -- gen_context(system_u:object_r:policykit_exec_t,s0)
+/usr/libexec/polkit-1/polkitd.* -- gen_context(system_u:object_r:policykit_exec_t,s0)
/var/lib/misc/PolicyKit.reload gen_context(system_u:object_r:policykit_reload_t,s0)
/var/lib/PolicyKit(/.*)? gen_context(system_u:object_r:policykit_var_lib_t,s0)

View File

@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.6.26
Release: 1%{?dist}
Release: 2%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@ -475,7 +475,10 @@ exit 0
%endif
%changelog
* Thu Jul 28 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-1
* Fri Jul 31 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-2
- Allod hald_dccm_t to create sock_files in /tmp
* Thu Jul 30 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-1
- More fixes from upstream
* Tue Jul 28 2009 Dan Walsh <dwalsh@redhat.com> 3.6.25-1