- Fix rpm_dontaudit_leaks
This commit is contained in:
Daniel J Walsh
parent
ef4ca2d5e7
commit
b2f6b0698f
@ -19260,7 +19260,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
|
|||||||
########################################
|
########################################
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.7.8/policy/modules/services/nis.fc
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.7.8/policy/modules/services/nis.fc
|
||||||
--- nsaserefpolicy/policy/modules/services/nis.fc 2009-07-14 14:19:57.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/nis.fc 2009-07-14 14:19:57.000000000 -0400
|
||||||
+++ serefpolicy-3.7.8/policy/modules/services/nis.fc 2010-01-18 15:18:03.000000000 -0500
|
+++ serefpolicy-3.7.8/policy/modules/services/nis.fc 2010-01-28 10:40:55.000000000 -0500
|
||||||
@@ -1,4 +1,7 @@
|
@@ -1,4 +1,7 @@
|
||||||
-
|
-
|
||||||
+/etc/rc\.d/init\.d/ypbind -- gen_context(system_u:object_r:ypbind_initrc_exec_t,s0)
|
+/etc/rc\.d/init\.d/ypbind -- gen_context(system_u:object_r:ypbind_initrc_exec_t,s0)
|
||||||
@ -19270,6 +19270,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
|
|||||||
/etc/ypserv\.conf -- gen_context(system_u:object_r:ypserv_conf_t,s0)
|
/etc/ypserv\.conf -- gen_context(system_u:object_r:ypserv_conf_t,s0)
|
||||||
|
|
||||||
/sbin/ypbind -- gen_context(system_u:object_r:ypbind_exec_t,s0)
|
/sbin/ypbind -- gen_context(system_u:object_r:ypbind_exec_t,s0)
|
||||||
|
@@ -11,3 +14,8 @@
|
||||||
|
/usr/sbin/ypserv -- gen_context(system_u:object_r:ypserv_exec_t,s0)
|
||||||
|
|
||||||
|
/var/yp(/.*)? gen_context(system_u:object_r:var_yp_t,s0)
|
||||||
|
+
|
||||||
|
+/var/run/ypxfrd.* -- gen_context(system_u:object_r:ypxfr_var_run_t,s0)
|
||||||
|
+/var/run/ypbind.* -- gen_context(system_u:object_r:ypbind_var_run_t,s0)
|
||||||
|
+/var/run/ypserv.* -- gen_context(system_u:object_r:ypserv_var_run_t,s0)
|
||||||
|
+/var/run/yppass.* -- gen_context(system_u:object_r:yppasswdd_var_run_t,s0)
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.7.8/policy/modules/services/nis.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.7.8/policy/modules/services/nis.if
|
||||||
--- nsaserefpolicy/policy/modules/services/nis.if 2009-07-14 14:19:57.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/nis.if 2009-07-14 14:19:57.000000000 -0400
|
||||||
+++ serefpolicy-3.7.8/policy/modules/services/nis.if 2010-01-18 15:18:03.000000000 -0500
|
+++ serefpolicy-3.7.8/policy/modules/services/nis.if 2010-01-18 15:18:03.000000000 -0500
|
||||||
@ -19416,7 +19425,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
|
|||||||
+
|
+
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.7.8/policy/modules/services/nis.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.7.8/policy/modules/services/nis.te
|
||||||
--- nsaserefpolicy/policy/modules/services/nis.te 2009-08-14 16:14:31.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/nis.te 2009-08-14 16:14:31.000000000 -0400
|
||||||
+++ serefpolicy-3.7.8/policy/modules/services/nis.te 2010-01-18 15:18:03.000000000 -0500
|
+++ serefpolicy-3.7.8/policy/modules/services/nis.te 2010-01-28 10:38:39.000000000 -0500
|
||||||
@@ -13,6 +13,9 @@
|
@@ -13,6 +13,9 @@
|
||||||
type ypbind_exec_t;
|
type ypbind_exec_t;
|
||||||
init_daemon_domain(ypbind_t, ypbind_exec_t)
|
init_daemon_domain(ypbind_t, ypbind_exec_t)
|
||||||
@ -19427,17 +19436,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
|
|||||||
type ypbind_tmp_t;
|
type ypbind_tmp_t;
|
||||||
files_tmp_file(ypbind_tmp_t)
|
files_tmp_file(ypbind_tmp_t)
|
||||||
|
|
||||||
@@ -44,6 +47,9 @@
|
@@ -44,6 +47,12 @@
|
||||||
type ypxfr_exec_t;
|
type ypxfr_exec_t;
|
||||||
init_daemon_domain(ypxfr_t, ypxfr_exec_t)
|
init_daemon_domain(ypxfr_t, ypxfr_exec_t)
|
||||||
|
|
||||||
|
+type ypxfr_var_run_t;
|
||||||
|
+files_pid_file(ypxfr_var_run_t)
|
||||||
|
+
|
||||||
+type nis_initrc_exec_t;
|
+type nis_initrc_exec_t;
|
||||||
+init_script_file(nis_initrc_exec_t)
|
+init_script_file(nis_initrc_exec_t)
|
||||||
+
|
+
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# ypbind local policy
|
# ypbind local policy
|
||||||
@@ -65,9 +71,8 @@
|
@@ -65,9 +74,8 @@
|
||||||
|
|
||||||
manage_files_pattern(ypbind_t, var_yp_t, var_yp_t)
|
manage_files_pattern(ypbind_t, var_yp_t, var_yp_t)
|
||||||
|
|
||||||
@ -19448,7 +19460,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
|
|||||||
|
|
||||||
corenet_all_recvfrom_unlabeled(ypbind_t)
|
corenet_all_recvfrom_unlabeled(ypbind_t)
|
||||||
corenet_all_recvfrom_netlabel(ypbind_t)
|
corenet_all_recvfrom_netlabel(ypbind_t)
|
||||||
@@ -250,6 +255,8 @@
|
@@ -250,6 +258,8 @@
|
||||||
corenet_udp_sendrecv_all_ports(ypserv_t)
|
corenet_udp_sendrecv_all_ports(ypserv_t)
|
||||||
corenet_tcp_bind_generic_node(ypserv_t)
|
corenet_tcp_bind_generic_node(ypserv_t)
|
||||||
corenet_udp_bind_generic_node(ypserv_t)
|
corenet_udp_bind_generic_node(ypserv_t)
|
||||||
@ -19457,7 +19469,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
|
|||||||
corenet_tcp_bind_all_rpc_ports(ypserv_t)
|
corenet_tcp_bind_all_rpc_ports(ypserv_t)
|
||||||
corenet_udp_bind_all_rpc_ports(ypserv_t)
|
corenet_udp_bind_all_rpc_ports(ypserv_t)
|
||||||
corenet_dontaudit_tcp_bind_all_reserved_ports(ypserv_t)
|
corenet_dontaudit_tcp_bind_all_reserved_ports(ypserv_t)
|
||||||
@@ -315,6 +322,8 @@
|
@@ -305,6 +315,9 @@
|
||||||
|
|
||||||
|
allow ypxfr_t ypserv_conf_t:file read_file_perms;
|
||||||
|
|
||||||
|
+manage_files_pattern(ypxfr_t, ypxfr_var_run_t, ypxfr_var_run_t)
|
||||||
|
+files_pid_filetrans(ypxfr_t, ypxfr_var_run_t, file)
|
||||||
|
+
|
||||||
|
corenet_all_recvfrom_unlabeled(ypxfr_t)
|
||||||
|
corenet_all_recvfrom_netlabel(ypxfr_t)
|
||||||
|
corenet_tcp_sendrecv_generic_if(ypxfr_t)
|
||||||
|
@@ -315,6 +328,8 @@
|
||||||
corenet_udp_sendrecv_all_ports(ypxfr_t)
|
corenet_udp_sendrecv_all_ports(ypxfr_t)
|
||||||
corenet_tcp_bind_generic_node(ypxfr_t)
|
corenet_tcp_bind_generic_node(ypxfr_t)
|
||||||
corenet_udp_bind_generic_node(ypxfr_t)
|
corenet_udp_bind_generic_node(ypxfr_t)
|
||||||
|
|||||||
@ -20,7 +20,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.7.8
|
Version: 3.7.8
|
||||||
Release: 4%{?dist}
|
Release: 5%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -459,6 +459,9 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jan 27 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-5
|
||||||
|
- Fix rpm_dontaudit_leaks
|
||||||
|
|
||||||
* Wed Jan 27 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-4
|
* Wed Jan 27 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-4
|
||||||
- Add getsched to hald_t
|
- Add getsched to hald_t
|
||||||
- Add file context for Fedora/Redhat Directory Server
|
- Add file context for Fedora/Redhat Directory Server
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user