- Fix rpm_dontaudit_leaks
This commit is contained in:
Daniel J Walsh
parent
ef4ca2d5e7
commit
b2f6b0698f
@ -19260,7 +19260,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
|
||||
########################################
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.7.8/policy/modules/services/nis.fc
|
||||
--- nsaserefpolicy/policy/modules/services/nis.fc 2009-07-14 14:19:57.000000000 -0400
|
||||
+++ serefpolicy-3.7.8/policy/modules/services/nis.fc 2010-01-18 15:18:03.000000000 -0500
|
||||
+++ serefpolicy-3.7.8/policy/modules/services/nis.fc 2010-01-28 10:40:55.000000000 -0500
|
||||
@@ -1,4 +1,7 @@
|
||||
-
|
||||
+/etc/rc\.d/init\.d/ypbind -- gen_context(system_u:object_r:ypbind_initrc_exec_t,s0)
|
||||
@ -19270,6 +19270,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
|
||||
/etc/ypserv\.conf -- gen_context(system_u:object_r:ypserv_conf_t,s0)
|
||||
|
||||
/sbin/ypbind -- gen_context(system_u:object_r:ypbind_exec_t,s0)
|
||||
@@ -11,3 +14,8 @@
|
||||
/usr/sbin/ypserv -- gen_context(system_u:object_r:ypserv_exec_t,s0)
|
||||
|
||||
/var/yp(/.*)? gen_context(system_u:object_r:var_yp_t,s0)
|
||||
+
|
||||
+/var/run/ypxfrd.* -- gen_context(system_u:object_r:ypxfr_var_run_t,s0)
|
||||
+/var/run/ypbind.* -- gen_context(system_u:object_r:ypbind_var_run_t,s0)
|
||||
+/var/run/ypserv.* -- gen_context(system_u:object_r:ypserv_var_run_t,s0)
|
||||
+/var/run/yppass.* -- gen_context(system_u:object_r:yppasswdd_var_run_t,s0)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.7.8/policy/modules/services/nis.if
|
||||
--- nsaserefpolicy/policy/modules/services/nis.if 2009-07-14 14:19:57.000000000 -0400
|
||||
+++ serefpolicy-3.7.8/policy/modules/services/nis.if 2010-01-18 15:18:03.000000000 -0500
|
||||
@ -19416,7 +19425,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
|
||||
+
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.7.8/policy/modules/services/nis.te
|
||||
--- nsaserefpolicy/policy/modules/services/nis.te 2009-08-14 16:14:31.000000000 -0400
|
||||
+++ serefpolicy-3.7.8/policy/modules/services/nis.te 2010-01-18 15:18:03.000000000 -0500
|
||||
+++ serefpolicy-3.7.8/policy/modules/services/nis.te 2010-01-28 10:38:39.000000000 -0500
|
||||
@@ -13,6 +13,9 @@
|
||||
type ypbind_exec_t;
|
||||
init_daemon_domain(ypbind_t, ypbind_exec_t)
|
||||
@ -19427,17 +19436,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
|
||||
type ypbind_tmp_t;
|
||||
files_tmp_file(ypbind_tmp_t)
|
||||
|
||||
@@ -44,6 +47,9 @@
|
||||
@@ -44,6 +47,12 @@
|
||||
type ypxfr_exec_t;
|
||||
init_daemon_domain(ypxfr_t, ypxfr_exec_t)
|
||||
|
||||
+type ypxfr_var_run_t;
|
||||
+files_pid_file(ypxfr_var_run_t)
|
||||
+
|
||||
+type nis_initrc_exec_t;
|
||||
+init_script_file(nis_initrc_exec_t)
|
||||
+
|
||||
########################################
|
||||
#
|
||||
# ypbind local policy
|
||||
@@ -65,9 +71,8 @@
|
||||
@@ -65,9 +74,8 @@
|
||||
|
||||
manage_files_pattern(ypbind_t, var_yp_t, var_yp_t)
|
||||
|
||||
@ -19448,7 +19460,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
|
||||
|
||||
corenet_all_recvfrom_unlabeled(ypbind_t)
|
||||
corenet_all_recvfrom_netlabel(ypbind_t)
|
||||
@@ -250,6 +255,8 @@
|
||||
@@ -250,6 +258,8 @@
|
||||
corenet_udp_sendrecv_all_ports(ypserv_t)
|
||||
corenet_tcp_bind_generic_node(ypserv_t)
|
||||
corenet_udp_bind_generic_node(ypserv_t)
|
||||
@ -19457,7 +19469,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
|
||||
corenet_tcp_bind_all_rpc_ports(ypserv_t)
|
||||
corenet_udp_bind_all_rpc_ports(ypserv_t)
|
||||
corenet_dontaudit_tcp_bind_all_reserved_ports(ypserv_t)
|
||||
@@ -315,6 +322,8 @@
|
||||
@@ -305,6 +315,9 @@
|
||||
|
||||
allow ypxfr_t ypserv_conf_t:file read_file_perms;
|
||||
|
||||
+manage_files_pattern(ypxfr_t, ypxfr_var_run_t, ypxfr_var_run_t)
|
||||
+files_pid_filetrans(ypxfr_t, ypxfr_var_run_t, file)
|
||||
+
|
||||
corenet_all_recvfrom_unlabeled(ypxfr_t)
|
||||
corenet_all_recvfrom_netlabel(ypxfr_t)
|
||||
corenet_tcp_sendrecv_generic_if(ypxfr_t)
|
||||
@@ -315,6 +328,8 @@
|
||||
corenet_udp_sendrecv_all_ports(ypxfr_t)
|
||||
corenet_tcp_bind_generic_node(ypxfr_t)
|
||||
corenet_udp_bind_generic_node(ypxfr_t)
|
||||
|
||||
@ -20,7 +20,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.7.8
|
||||
Release: 4%{?dist}
|
||||
Release: 5%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
@ -459,6 +459,9 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Jan 27 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-5
|
||||
- Fix rpm_dontaudit_leaks
|
||||
|
||||
* Wed Jan 27 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-4
|
||||
- Add getsched to hald_t
|
||||
- Add file context for Fedora/Redhat Directory Server
|
||||
|
||||
Loading…
Reference in New Issue
Block a user