- Allow login programs to talk dbus to oddjob
This commit is contained in:
parent
98f84cb0ed
commit
b3c8a04083
|
@ -1463,7 +1463,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if s
|
|||
#######################################
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.2.5/policy/modules/admin/tmpreaper.te
|
||||
--- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2007-10-02 09:54:52.000000000 -0400
|
||||
+++ serefpolicy-3.2.5/policy/modules/admin/tmpreaper.te 2008-01-18 12:40:46.000000000 -0500
|
||||
+++ serefpolicy-3.2.5/policy/modules/admin/tmpreaper.te 2008-01-21 13:29:12.000000000 -0500
|
||||
@@ -28,6 +28,7 @@
|
||||
files_purge_tmp(tmpreaper_t)
|
||||
# why does it need setattr?
|
||||
|
@ -1472,10 +1472,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreap
|
|||
|
||||
mls_file_read_all_levels(tmpreaper_t)
|
||||
mls_file_write_all_levels(tmpreaper_t)
|
||||
@@ -43,5 +44,10 @@
|
||||
@@ -43,5 +44,14 @@
|
||||
cron_system_entry(tmpreaper_t,tmpreaper_exec_t)
|
||||
|
||||
optional_policy(`
|
||||
+ amavis_manage_spool_files(tmpreaper_t)
|
||||
+')
|
||||
+
|
||||
+optional_policy(`
|
||||
+ kismet_manage_log(tmpreaper_t)
|
||||
+')
|
||||
+
|
||||
|
@ -3161,7 +3165,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
|
|||
# /bin
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.2.5/policy/modules/apps/mozilla.if
|
||||
--- nsaserefpolicy/policy/modules/apps/mozilla.if 2007-10-29 07:52:48.000000000 -0400
|
||||
+++ serefpolicy-3.2.5/policy/modules/apps/mozilla.if 2008-01-18 12:40:46.000000000 -0500
|
||||
+++ serefpolicy-3.2.5/policy/modules/apps/mozilla.if 2008-01-21 12:59:29.000000000 -0500
|
||||
@@ -35,7 +35,10 @@
|
||||
template(`mozilla_per_role_template',`
|
||||
gen_require(`
|
||||
|
@ -3275,9 +3279,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
|
|||
+ tunable_policy(`browser_write_$1_data',`
|
||||
+ userdom_manage_user_home_content_dirs($1,$1_mozilla_t)
|
||||
+ userdom_manage_user_home_content_files($1,$1_mozilla_t)
|
||||
+ userdom_read_user_home_content_symlinks($1,$1_mozilla_t)
|
||||
+ userdom_manage_user_home_content_symlinks($1,$1_mozilla_t)
|
||||
+ userdom_manage_user_home_content_pipes($1,$1_mozilla_t)
|
||||
+ userdom_user_home_dir_filetrans_user_home_content($1,$1_mozilla_t, { file dir })
|
||||
+ userdom_user_home_dir_filetrans_user_home_content($1,$1_mozilla_t, { file dir lnk_file })
|
||||
+ ', `
|
||||
+ # helper apps will try to create .files
|
||||
+ userdom_dontaudit_create_user_home_content_files($1,$1_mozilla_t)
|
||||
|
@ -3487,14 +3491,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
|
|||
- dbus_user_bus_client_template($1,$1_mozilla,$1_mozilla_t)
|
||||
+# dbus_user_bus_client_template($1,$1_mozilla,$1_mozilla_t)
|
||||
+# dbus_connectto_user_bus($1,$1_mozilla_t)
|
||||
+ ')
|
||||
+
|
||||
+ optional_policy(`
|
||||
+ gnome_exec_gconf($1_mozilla_t)
|
||||
+ gnome_manage_user_gnome_config($1,$1_mozilla_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
+ gnome_exec_gconf($1_mozilla_t)
|
||||
+ gnome_manage_user_gnome_config($1,$1_mozilla_t)
|
||||
+ ')
|
||||
+
|
||||
+ optional_policy(`
|
||||
+ gnome_domtrans_user_gconf($1,$1_mozilla_t)
|
||||
gnome_stream_connect_gconf_template($1,$1_mozilla_t)
|
||||
')
|
||||
|
@ -7559,7 +7563,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cann
|
|||
# Local policy
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.fc serefpolicy-3.2.5/policy/modules/services/clamav.fc
|
||||
--- nsaserefpolicy/policy/modules/services/clamav.fc 2007-09-05 15:24:44.000000000 -0400
|
||||
+++ serefpolicy-3.2.5/policy/modules/services/clamav.fc 2008-01-18 12:40:46.000000000 -0500
|
||||
+++ serefpolicy-3.2.5/policy/modules/services/clamav.fc 2008-01-21 14:43:52.000000000 -0500
|
||||
@@ -5,16 +5,20 @@
|
||||
/usr/bin/freshclam -- gen_context(system_u:object_r:freshclam_exec_t,s0)
|
||||
|
||||
|
@ -7582,7 +7586,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
|
|||
|
||||
/var/spool/amavisd/clamd\.sock -s gen_context(system_u:object_r:clamd_var_run_t,s0)
|
||||
+
|
||||
+/etc/rc.d/init.d/clamd-wrapper -- gen_context(system_u:object_r:clamav_script_exec_t,s0)
|
||||
+/etc/rc.d/init.d/clamd-wrapper -- gen_context(system_u:object_r:clamd_script_exec_t,s0)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.if serefpolicy-3.2.5/policy/modules/services/clamav.if
|
||||
--- nsaserefpolicy/policy/modules/services/clamav.if 2007-01-02 12:57:43.000000000 -0500
|
||||
+++ serefpolicy-3.2.5/policy/modules/services/clamav.if 2008-01-18 17:11:50.000000000 -0500
|
||||
|
@ -9072,7 +9076,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyru
|
|||
# Local policy
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.2.5/policy/modules/services/dbus.if
|
||||
--- nsaserefpolicy/policy/modules/services/dbus.if 2007-12-04 11:02:50.000000000 -0500
|
||||
+++ serefpolicy-3.2.5/policy/modules/services/dbus.if 2008-01-18 14:09:48.000000000 -0500
|
||||
+++ serefpolicy-3.2.5/policy/modules/services/dbus.if 2008-01-21 14:38:27.000000000 -0500
|
||||
@@ -53,6 +53,7 @@
|
||||
gen_require(`
|
||||
type system_dbusd_exec_t, system_dbusd_t, dbusd_etc_t;
|
||||
|
@ -10453,7 +10457,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
|
|||
+')
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-3.2.5/policy/modules/services/fail2ban.te
|
||||
--- nsaserefpolicy/policy/modules/services/fail2ban.te 2007-12-19 05:32:17.000000000 -0500
|
||||
+++ serefpolicy-3.2.5/policy/modules/services/fail2ban.te 2008-01-18 12:40:46.000000000 -0500
|
||||
+++ serefpolicy-3.2.5/policy/modules/services/fail2ban.te 2008-01-21 13:50:35.000000000 -0500
|
||||
@@ -18,6 +18,9 @@
|
||||
type fail2ban_var_run_t;
|
||||
files_pid_file(fail2ban_var_run_t)
|
||||
|
@ -10464,6 +10468,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
|
|||
########################################
|
||||
#
|
||||
# fail2ban local policy
|
||||
@@ -55,6 +58,8 @@
|
||||
|
||||
miscfiles_read_localization(fail2ban_t)
|
||||
|
||||
+mta_send_mail(fail2ban_t)
|
||||
+
|
||||
optional_policy(`
|
||||
apache_read_log(fail2ban_t)
|
||||
')
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.fc serefpolicy-3.2.5/policy/modules/services/fetchmail.fc
|
||||
--- nsaserefpolicy/policy/modules/services/fetchmail.fc 2006-11-16 17:15:21.000000000 -0500
|
||||
+++ serefpolicy-3.2.5/policy/modules/services/fetchmail.fc 2008-01-18 12:40:46.000000000 -0500
|
||||
|
@ -10788,7 +10801,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
|
|||
+')
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.2.5/policy/modules/services/hal.te
|
||||
--- nsaserefpolicy/policy/modules/services/hal.te 2007-12-19 05:32:17.000000000 -0500
|
||||
+++ serefpolicy-3.2.5/policy/modules/services/hal.te 2008-01-18 12:40:46.000000000 -0500
|
||||
+++ serefpolicy-3.2.5/policy/modules/services/hal.te 2008-01-21 13:37:54.000000000 -0500
|
||||
@@ -49,6 +49,9 @@
|
||||
type hald_var_lib_t;
|
||||
files_type(hald_var_lib_t)
|
||||
|
@ -10825,7 +10838,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
|
|||
storage_raw_read_removable_device(hald_t)
|
||||
storage_raw_write_removable_device(hald_t)
|
||||
storage_raw_read_fixed_disk(hald_t)
|
||||
@@ -265,6 +271,11 @@
|
||||
@@ -172,6 +178,8 @@
|
||||
init_rw_utmp(hald_t)
|
||||
init_telinit(hald_t)
|
||||
|
||||
+fstools_getattr_swap_files(hald_t)
|
||||
+
|
||||
libs_use_ld_so(hald_t)
|
||||
libs_use_shared_libs(hald_t)
|
||||
libs_exec_ld_so(hald_t)
|
||||
@@ -265,6 +273,11 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
@ -10837,7 +10859,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
|
|||
rpc_search_nfs_state_data(hald_t)
|
||||
')
|
||||
|
||||
@@ -291,7 +302,8 @@
|
||||
@@ -291,7 +304,8 @@
|
||||
#
|
||||
|
||||
allow hald_acl_t self:capability { dac_override fowner };
|
||||
|
@ -10847,7 +10869,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
|
|||
|
||||
domtrans_pattern(hald_t, hald_acl_exec_t, hald_acl_t)
|
||||
allow hald_t hald_acl_t:process signal;
|
||||
@@ -325,6 +337,11 @@
|
||||
@@ -325,6 +339,11 @@
|
||||
|
||||
miscfiles_read_localization(hald_acl_t)
|
||||
|
||||
|
@ -10859,7 +10881,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
|
|||
########################################
|
||||
#
|
||||
# Local hald mac policy
|
||||
@@ -338,10 +355,14 @@
|
||||
@@ -338,10 +357,14 @@
|
||||
manage_files_pattern(hald_mac_t,hald_var_lib_t,hald_var_lib_t)
|
||||
files_search_var_lib(hald_mac_t)
|
||||
|
||||
|
@ -10874,7 +10896,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
|
|||
libs_use_ld_so(hald_mac_t)
|
||||
libs_use_shared_libs(hald_mac_t)
|
||||
|
||||
@@ -391,3 +412,7 @@
|
||||
@@ -391,3 +414,7 @@
|
||||
libs_use_shared_libs(hald_keymap_t)
|
||||
|
||||
miscfiles_read_localization(hald_keymap_t)
|
||||
|
@ -20209,7 +20231,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||
+/var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.2.5/policy/modules/system/authlogin.if
|
||||
--- nsaserefpolicy/policy/modules/system/authlogin.if 2007-11-29 13:29:35.000000000 -0500
|
||||
+++ serefpolicy-3.2.5/policy/modules/system/authlogin.if 2008-01-18 12:40:46.000000000 -0500
|
||||
+++ serefpolicy-3.2.5/policy/modules/system/authlogin.if 2008-01-21 14:40:46.000000000 -0500
|
||||
@@ -99,7 +99,7 @@
|
||||
template(`authlogin_per_role_template',`
|
||||
|
||||
|
@ -20251,7 +20273,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||
# for SSP/ProPolice
|
||||
dev_read_urand($1)
|
||||
# for fingerprint readers
|
||||
@@ -221,11 +233,28 @@
|
||||
@@ -221,11 +233,35 @@
|
||||
|
||||
logging_send_audit_msgs($1)
|
||||
logging_send_syslog_msg($1)
|
||||
|
@ -20266,6 +20288,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||
+ userdom_unpriv_users_stream_connect($1)
|
||||
+
|
||||
+ optional_policy(`
|
||||
+ dbus_system_bus_client_template(notused, $1)
|
||||
+ optional_policy(`
|
||||
+ oddjob_dbus_chat($1)
|
||||
+ ')
|
||||
+ ')
|
||||
+
|
||||
+ optional_policy(`
|
||||
+ mount_domtrans($1)
|
||||
+ ')
|
||||
+
|
||||
|
@ -20281,7 +20310,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||
tunable_policy(`allow_polyinstantiation',`
|
||||
files_polyinstantiate_all($1)
|
||||
')
|
||||
@@ -342,6 +371,8 @@
|
||||
@@ -342,6 +378,8 @@
|
||||
|
||||
optional_policy(`
|
||||
kerberos_use($1)
|
||||
|
@ -20290,7 +20319,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -356,6 +387,7 @@
|
||||
@@ -356,6 +394,7 @@
|
||||
optional_policy(`
|
||||
samba_stream_connect_winbind($1)
|
||||
')
|
||||
|
@ -20298,7 +20327,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||
')
|
||||
|
||||
########################################
|
||||
@@ -369,12 +401,12 @@
|
||||
@@ -369,12 +408,12 @@
|
||||
## </param>
|
||||
## <param name="role">
|
||||
## <summary>
|
||||
|
@ -20313,7 +20342,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
@@ -386,6 +418,7 @@
|
||||
@@ -386,6 +425,7 @@
|
||||
auth_domtrans_chk_passwd($1)
|
||||
role $2 types system_chkpwd_t;
|
||||
allow system_chkpwd_t $3:chr_file rw_file_perms;
|
||||
|
@ -20321,7 +20350,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||
')
|
||||
|
||||
########################################
|
||||
@@ -1457,6 +1490,7 @@
|
||||
@@ -1457,6 +1497,7 @@
|
||||
optional_policy(`
|
||||
samba_stream_connect_winbind($1)
|
||||
samba_read_var_files($1)
|
||||
|
@ -20329,7 +20358,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||
')
|
||||
')
|
||||
|
||||
@@ -1491,3 +1525,23 @@
|
||||
@@ -1491,3 +1532,23 @@
|
||||
typeattribute $1 can_write_shadow_passwords;
|
||||
typeattribute $1 can_relabelto_shadow_passwords;
|
||||
')
|
||||
|
@ -22092,7 +22121,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
|
|||
+')
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.2.5/policy/modules/system/selinuxutil.te
|
||||
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2007-12-19 05:32:17.000000000 -0500
|
||||
+++ serefpolicy-3.2.5/policy/modules/system/selinuxutil.te 2008-01-18 12:40:46.000000000 -0500
|
||||
+++ serefpolicy-3.2.5/policy/modules/system/selinuxutil.te 2008-01-21 15:06:00.000000000 -0500
|
||||
@@ -75,7 +75,6 @@
|
||||
type restorecond_exec_t;
|
||||
init_daemon_domain(restorecond_t,restorecond_exec_t)
|
||||
|
@ -22336,7 +22365,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
|
|||
ifdef(`distro_redhat', `
|
||||
fs_rw_tmpfs_chr_files(setfiles_t)
|
||||
fs_rw_tmpfs_blk_files(setfiles_t)
|
||||
@@ -574,18 +550,6 @@
|
||||
@@ -574,16 +550,8 @@
|
||||
fs_relabel_tmpfs_chr_file(setfiles_t)
|
||||
')
|
||||
|
||||
|
@ -22350,11 +22379,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
|
|||
- unconfined_dontaudit_read_pipes(setfiles_t)
|
||||
- unconfined_dontaudit_rw_tcp_sockets(setfiles_t)
|
||||
- ')
|
||||
-')
|
||||
-
|
||||
optional_policy(`
|
||||
hotplug_use_fds(setfiles_t)
|
||||
+optional_policy(`
|
||||
+ cron_rw_pipes(setfiles_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.2.5/policy/modules/system/sysnetwork.if
|
||||
--- nsaserefpolicy/policy/modules/system/sysnetwork.if 2007-07-16 14:09:49.000000000 -0400
|
||||
+++ serefpolicy-3.2.5/policy/modules/system/sysnetwork.if 2008-01-18 12:40:46.000000000 -0500
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.2.5
|
||||
Release: 14%{?dist}
|
||||
Release: 15%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
|
@ -387,6 +387,9 @@ exit 0
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Jan 21 2008 Dan Walsh <dwalsh@redhat.com> 3.2.5-15
|
||||
- Allow login programs to talk dbus to oddjob
|
||||
|
||||
* Thu Jan 17 2008 Dan Walsh <dwalsh@redhat.com> 3.2.5-14
|
||||
- Add procmail_log support
|
||||
- Lots of fixes for munin
|
||||
|
|
Loading…
Reference in New Issue