Merge branches 'master', 'master', 'master', 'master', 'master', 'master', 'master', 'master', 'master', 'master' and 'master' of ssh://pkgs.fedoraproject.org/selinux-policy
This commit is contained in:
commit
b4f1891ade
1
.gitignore
vendored
1
.gitignore
vendored
@ -231,3 +231,4 @@ serefpolicy*
|
||||
/serefpolicy-3.9.8.tgz
|
||||
/serefpolicy-3.9.9.tgz
|
||||
/serefpolicy-3.9.10.tgz
|
||||
/serefpolicy-3.9.11.tgz
|
||||
|
230
policy-F15.patch
230
policy-F15.patch
@ -220,7 +220,7 @@ index 90d5203..1392679 100644
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
diff --git a/policy/modules/admin/alsa.te b/policy/modules/admin/alsa.te
|
||||
index 453834c..9d83d66 100644
|
||||
index a7c7971..d073f49 100644
|
||||
--- a/policy/modules/admin/alsa.te
|
||||
+++ b/policy/modules/admin/alsa.te
|
||||
@@ -11,7 +11,10 @@ init_system_domain(alsa_t, alsa_exec_t)
|
||||
@ -250,7 +250,7 @@ index 453834c..9d83d66 100644
|
||||
manage_files_pattern(alsa_t, alsa_var_lib_t, alsa_var_lib_t)
|
||||
files_search_var_lib(alsa_t)
|
||||
diff --git a/policy/modules/admin/anaconda.te b/policy/modules/admin/anaconda.te
|
||||
index f76ed8a..9a9526a 100644
|
||||
index e81bdbd..63ab279 100644
|
||||
--- a/policy/modules/admin/anaconda.te
|
||||
+++ b/policy/modules/admin/anaconda.te
|
||||
@@ -30,6 +30,7 @@ modutils_domtrans_insmod(anaconda_t)
|
||||
@ -300,7 +300,7 @@ index 63eb96b..17a9f6d 100644
|
||||
## <summary>
|
||||
## Execute bootloader interactively and do
|
||||
diff --git a/policy/modules/admin/bootloader.te b/policy/modules/admin/bootloader.te
|
||||
index 40c0192..1a0f72c 100644
|
||||
index d3da8f2..c171daf 100644
|
||||
--- a/policy/modules/admin/bootloader.te
|
||||
+++ b/policy/modules/admin/bootloader.te
|
||||
@@ -23,7 +23,7 @@ role system_r types bootloader_t;
|
||||
@ -346,7 +346,7 @@ index 2c2cdb6..73b3814 100644
|
||||
+ role $2 types brctl_t;
|
||||
+')
|
||||
diff --git a/policy/modules/admin/certwatch.te b/policy/modules/admin/certwatch.te
|
||||
index a2e9cb5..b2de42c 100644
|
||||
index 9de382b..682e78e 100644
|
||||
--- a/policy/modules/admin/certwatch.te
|
||||
+++ b/policy/modules/admin/certwatch.te
|
||||
@@ -31,11 +31,11 @@ auth_var_filetrans_cache(certwatch_t)
|
||||
@ -364,7 +364,7 @@ index a2e9cb5..b2de42c 100644
|
||||
optional_policy(`
|
||||
apache_exec_modules(certwatch_t)
|
||||
diff --git a/policy/modules/admin/consoletype.te b/policy/modules/admin/consoletype.te
|
||||
index 66fee7d..1d231b8 100644
|
||||
index cd5e005..7f3f992 100644
|
||||
--- a/policy/modules/admin/consoletype.te
|
||||
+++ b/policy/modules/admin/consoletype.te
|
||||
@@ -79,16 +79,18 @@ optional_policy(`
|
||||
@ -459,7 +459,7 @@ index 8fa451c..bc5bfc4 100644
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
diff --git a/policy/modules/admin/firstboot.te b/policy/modules/admin/firstboot.te
|
||||
index 66e486e..bfda8e9 100644
|
||||
index c4d8998..6f193f8 100644
|
||||
--- a/policy/modules/admin/firstboot.te
|
||||
+++ b/policy/modules/admin/firstboot.te
|
||||
@@ -103,6 +103,10 @@ optional_policy(`
|
||||
@ -511,7 +511,7 @@ index 4198ff5..df3f4d6 100644
|
||||
## <summary>
|
||||
## Manage kdump configuration file.
|
||||
diff --git a/policy/modules/admin/logrotate.te b/policy/modules/admin/logrotate.te
|
||||
index 7390b15..a46b249 100644
|
||||
index 7090dae..a874b65 100644
|
||||
--- a/policy/modules/admin/logrotate.te
|
||||
+++ b/policy/modules/admin/logrotate.te
|
||||
@@ -119,14 +119,20 @@ seutil_dontaudit_read_config(logrotate_t)
|
||||
@ -618,10 +618,10 @@ index 56c43c0..de535e4 100644
|
||||
+/var/run/mcelog-client -s gen_context(system_u:object_r:mcelog_var_run_t,s0)
|
||||
+
|
||||
diff --git a/policy/modules/admin/mcelog.te b/policy/modules/admin/mcelog.te
|
||||
index 5a9cebf..ef413f2 100644
|
||||
index 5671977..7b4728c 100644
|
||||
--- a/policy/modules/admin/mcelog.te
|
||||
+++ b/policy/modules/admin/mcelog.te
|
||||
@@ -7,9 +7,13 @@ policy_module(mcelog, 1.0.1)
|
||||
@@ -7,9 +7,13 @@ policy_module(mcelog, 1.1.0)
|
||||
|
||||
type mcelog_t;
|
||||
type mcelog_exec_t;
|
||||
@ -900,7 +900,7 @@ index c6ca761..46e0767 100644
|
||||
')
|
||||
|
||||
diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te
|
||||
index 6a53a18..1bc14ea 100644
|
||||
index e0791b9..c083ea8 100644
|
||||
--- a/policy/modules/admin/netutils.te
|
||||
+++ b/policy/modules/admin/netutils.te
|
||||
@@ -48,6 +48,8 @@ files_tmp_filetrans(netutils_t, netutils_tmp_t, { file dir })
|
||||
@ -1008,7 +1008,7 @@ index c633aea..b773bc3 100644
|
||||
type portage_cache_t;
|
||||
files_type(portage_cache_t)
|
||||
diff --git a/policy/modules/admin/prelink.te b/policy/modules/admin/prelink.te
|
||||
index aa0dcc6..0faba2a 100644
|
||||
index af55369..7d2fcff 100644
|
||||
--- a/policy/modules/admin/prelink.te
|
||||
+++ b/policy/modules/admin/prelink.te
|
||||
@@ -59,10 +59,11 @@ manage_dirs_pattern(prelink_t, prelink_var_lib_t, prelink_var_lib_t)
|
||||
@ -1129,7 +1129,7 @@ index 47c4723..4866a08 100644
|
||||
+ domtrans_pattern($1, readahead_exec_t, readahead_t)
|
||||
+')
|
||||
diff --git a/policy/modules/admin/readahead.te b/policy/modules/admin/readahead.te
|
||||
index 2df2f1d..c1aaa79 100644
|
||||
index b4ac57e..8fa8451 100644
|
||||
--- a/policy/modules/admin/readahead.te
|
||||
+++ b/policy/modules/admin/readahead.te
|
||||
@@ -53,6 +53,7 @@ domain_read_all_domains_state(readahead_t)
|
||||
@ -1347,11 +1347,11 @@ index d33daa8..e50a5ed 100644
|
||||
+ allow rpm_script_t $1:process sigchld;
|
||||
+')
|
||||
diff --git a/policy/modules/admin/rpm.te b/policy/modules/admin/rpm.te
|
||||
index 542b820..0b1760d 100644
|
||||
index 47a8f7d..31f474e 100644
|
||||
--- a/policy/modules/admin/rpm.te
|
||||
+++ b/policy/modules/admin/rpm.te
|
||||
@@ -1,10 +1,11 @@
|
||||
policy_module(rpm, 1.11.2)
|
||||
policy_module(rpm, 1.12.0)
|
||||
|
||||
+attribute rpm_transition_domain;
|
||||
+
|
||||
@ -1563,7 +1563,7 @@ index 0948921..f198119 100644
|
||||
admin_pattern($1, shorewall_tmp_t)
|
||||
')
|
||||
diff --git a/policy/modules/admin/shorewall.te b/policy/modules/admin/shorewall.te
|
||||
index a22e546..ffc0571 100644
|
||||
index c17b6a6..d412305 100644
|
||||
--- a/policy/modules/admin/shorewall.te
|
||||
+++ b/policy/modules/admin/shorewall.te
|
||||
@@ -58,6 +58,9 @@ exec_files_pattern(shorewall_t, shorewall_var_lib_t, shorewall_var_lib_t)
|
||||
@ -1684,10 +1684,10 @@ index d0604cf..679d61c 100644
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
diff --git a/policy/modules/admin/shutdown.te b/policy/modules/admin/shutdown.te
|
||||
index 3863241..344a158 100644
|
||||
index 8966ec9..80939b0 100644
|
||||
--- a/policy/modules/admin/shutdown.te
|
||||
+++ b/policy/modules/admin/shutdown.te
|
||||
@@ -7,6 +7,7 @@ policy_module(shutdown, 1.0.1)
|
||||
@@ -7,6 +7,7 @@ policy_module(shutdown, 1.1.0)
|
||||
|
||||
type shutdown_t;
|
||||
type shutdown_exec_t;
|
||||
@ -1724,7 +1724,7 @@ index 3863241..344a158 100644
|
||||
xserver_dontaudit_write_log(shutdown_t)
|
||||
')
|
||||
diff --git a/policy/modules/admin/smoltclient.te b/policy/modules/admin/smoltclient.te
|
||||
index f48e9dd..b72049a 100644
|
||||
index bc00875..3c1b37b 100644
|
||||
--- a/policy/modules/admin/smoltclient.te
|
||||
+++ b/policy/modules/admin/smoltclient.te
|
||||
@@ -46,6 +46,7 @@ fs_list_auto_mountpoints(smoltclient_t)
|
||||
@ -1833,7 +1833,7 @@ index 975af1a..30a7f38 100644
|
||||
fs_manage_nfs_files($1_sudo_t)
|
||||
')
|
||||
diff --git a/policy/modules/admin/sudo.te b/policy/modules/admin/sudo.te
|
||||
index 91944a8..d1c11b9 100644
|
||||
index 7aacfc2..9829fc3 100644
|
||||
--- a/policy/modules/admin/sudo.te
|
||||
+++ b/policy/modules/admin/sudo.te
|
||||
@@ -7,3 +7,7 @@ attribute sudodomain;
|
||||
@ -1894,7 +1894,7 @@ index 6a5004b..c59c3cd 100644
|
||||
')
|
||||
|
||||
diff --git a/policy/modules/admin/tzdata.te b/policy/modules/admin/tzdata.te
|
||||
index 332ba93..e6d3bd9 100644
|
||||
index d0f2a64..7df0825 100644
|
||||
--- a/policy/modules/admin/tzdata.te
|
||||
+++ b/policy/modules/admin/tzdata.te
|
||||
@@ -15,7 +15,7 @@ application_domain(tzdata_t, tzdata_exec_t)
|
||||
@ -1921,7 +1921,7 @@ index 81fb26f..cd18ca8 100644
|
||||
|
||||
optional_policy(`
|
||||
diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
|
||||
index 65f8143..16a8510 100644
|
||||
index 441cf22..e1b55f8 100644
|
||||
--- a/policy/modules/admin/usermanage.te
|
||||
+++ b/policy/modules/admin/usermanage.te
|
||||
@@ -88,9 +88,7 @@ fs_search_auto_mountpoints(chfn_t)
|
||||
@ -1990,7 +1990,7 @@ index 65f8143..16a8510 100644
|
||||
mta_manage_spool(useradd_t)
|
||||
|
||||
diff --git a/policy/modules/admin/vpn.te b/policy/modules/admin/vpn.te
|
||||
index a870982..6067b85 100644
|
||||
index ebf4b26..c7cb8c5 100644
|
||||
--- a/policy/modules/admin/vpn.te
|
||||
+++ b/policy/modules/admin/vpn.te
|
||||
@@ -106,7 +106,8 @@ sysnet_etc_filetrans_config(vpnc_t)
|
||||
@ -2235,7 +2235,7 @@ index 0000000..0852151
|
||||
+ fs_dontaudit_append_cifs_files(chrome_sandbox_t)
|
||||
+')
|
||||
diff --git a/policy/modules/apps/cpufreqselector.te b/policy/modules/apps/cpufreqselector.te
|
||||
index 7fd0900..899e234 100644
|
||||
index 0457de1..f702cfe 100644
|
||||
--- a/policy/modules/apps/cpufreqselector.te
|
||||
+++ b/policy/modules/apps/cpufreqselector.te
|
||||
@@ -27,7 +27,7 @@ dev_rw_sysfs(cpufreqselector_t)
|
||||
@ -3210,10 +3210,10 @@ index f5afe78..2c8f94a 100644
|
||||
+ allow gconfdefaultsm_t $1:dbus send_msg;
|
||||
+')
|
||||
diff --git a/policy/modules/apps/gnome.te b/policy/modules/apps/gnome.te
|
||||
index 35f7486..26852d2 100644
|
||||
index 2505654..c1f491f 100644
|
||||
--- a/policy/modules/apps/gnome.te
|
||||
+++ b/policy/modules/apps/gnome.te
|
||||
@@ -6,11 +6,24 @@ policy_module(gnome, 2.0.1)
|
||||
@@ -6,11 +6,24 @@ policy_module(gnome, 2.1.0)
|
||||
#
|
||||
|
||||
attribute gnomedomain;
|
||||
@ -3421,10 +3421,10 @@ index 40e0a2a..13d939a 100644
|
||||
## <summary>
|
||||
## Send generic signals to user gpg processes.
|
||||
diff --git a/policy/modules/apps/gpg.te b/policy/modules/apps/gpg.te
|
||||
index 4525c37..e9a7937 100644
|
||||
index 9050e8c..8af881a 100644
|
||||
--- a/policy/modules/apps/gpg.te
|
||||
+++ b/policy/modules/apps/gpg.te
|
||||
@@ -4,6 +4,7 @@ policy_module(gpg, 2.3.1)
|
||||
@@ -4,6 +4,7 @@ policy_module(gpg, 2.4.0)
|
||||
#
|
||||
# Declarations
|
||||
#
|
||||
@ -3432,7 +3432,7 @@ index 4525c37..e9a7937 100644
|
||||
|
||||
## <desc>
|
||||
## <p>
|
||||
@@ -13,7 +14,15 @@ policy_module(gpg, 2.3.1)
|
||||
@@ -13,7 +14,15 @@ policy_module(gpg, 2.4.0)
|
||||
## </desc>
|
||||
gen_tunable(gpg_agent_env_file, false)
|
||||
|
||||
@ -3808,7 +3808,7 @@ index e6d84e8..b027189 100644
|
||||
|
||||
########################################
|
||||
diff --git a/policy/modules/apps/java.te b/policy/modules/apps/java.te
|
||||
index 726e853..90ce46a 100644
|
||||
index 167950d..97853ff 100644
|
||||
--- a/policy/modules/apps/java.te
|
||||
+++ b/policy/modules/apps/java.te
|
||||
@@ -82,12 +82,12 @@ dev_read_urand(java_t)
|
||||
@ -4219,10 +4219,10 @@ index 9a6d67d..b0c1197 100644
|
||||
## mozilla over dbus.
|
||||
## </summary>
|
||||
diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
|
||||
index cbf4bec..e3517da 100644
|
||||
index 2a91fa8..451a1c0 100644
|
||||
--- a/policy/modules/apps/mozilla.te
|
||||
+++ b/policy/modules/apps/mozilla.te
|
||||
@@ -7,7 +7,7 @@ policy_module(mozilla, 2.2.2)
|
||||
@@ -7,7 +7,7 @@ policy_module(mozilla, 2.3.0)
|
||||
|
||||
## <desc>
|
||||
## <p>
|
||||
@ -4496,7 +4496,7 @@ index d8ea41d..8bdc526 100644
|
||||
+ domtrans_pattern($1, mplayer_exec_t, $2)
|
||||
+')
|
||||
diff --git a/policy/modules/apps/mplayer.te b/policy/modules/apps/mplayer.te
|
||||
index 815a467..192d54e 100644
|
||||
index 931304b..e8c6795 100644
|
||||
--- a/policy/modules/apps/mplayer.te
|
||||
+++ b/policy/modules/apps/mplayer.te
|
||||
@@ -32,6 +32,7 @@ files_config_file(mplayer_etc_t)
|
||||
@ -5524,7 +5524,7 @@ index 0000000..a842371
|
||||
+#
|
||||
+
|
||||
diff --git a/policy/modules/apps/podsleuth.te b/policy/modules/apps/podsleuth.te
|
||||
index 690589e..815d35d 100644
|
||||
index a2f6124..9d62060 100644
|
||||
--- a/policy/modules/apps/podsleuth.te
|
||||
+++ b/policy/modules/apps/podsleuth.te
|
||||
@@ -27,7 +27,7 @@ ubac_constrained(podsleuth_tmpfs_t)
|
||||
@ -5585,7 +5585,7 @@ index 2ba7787..9f12b51 100644
|
||||
')
|
||||
|
||||
diff --git a/policy/modules/apps/pulseaudio.te b/policy/modules/apps/pulseaudio.te
|
||||
index 5c2680c..db96581 100644
|
||||
index c2d20a2..1773e24 100644
|
||||
--- a/policy/modules/apps/pulseaudio.te
|
||||
+++ b/policy/modules/apps/pulseaudio.te
|
||||
@@ -44,6 +44,7 @@ allow pulseaudio_t self:netlink_kobject_uevent_socket create_socket_perms;
|
||||
@ -5780,7 +5780,7 @@ index c1d5f50..989f88c 100644
|
||||
+
|
||||
+
|
||||
diff --git a/policy/modules/apps/qemu.te b/policy/modules/apps/qemu.te
|
||||
index a3225d4..bc10481 100644
|
||||
index 5ef2f7d..5a13201 100644
|
||||
--- a/policy/modules/apps/qemu.te
|
||||
+++ b/policy/modules/apps/qemu.te
|
||||
@@ -21,7 +21,7 @@ gen_tunable(qemu_use_cifs, true)
|
||||
@ -6856,7 +6856,7 @@ index 7590165..e5ef7b3 100644
|
||||
')
|
||||
+
|
||||
diff --git a/policy/modules/apps/slocate.te b/policy/modules/apps/slocate.te
|
||||
index e9134f0..3d2ef30 100644
|
||||
index e43c380..410027f 100644
|
||||
--- a/policy/modules/apps/slocate.te
|
||||
+++ b/policy/modules/apps/slocate.te
|
||||
@@ -38,6 +38,7 @@ dev_getattr_all_blk_files(locate_t)
|
||||
@ -7484,10 +7484,10 @@ index ced285a..2e50976 100644
|
||||
+ ')
|
||||
+')
|
||||
diff --git a/policy/modules/apps/userhelper.te b/policy/modules/apps/userhelper.te
|
||||
index d584dff..b46a20e 100644
|
||||
index 13b2cea..45731eb 100644
|
||||
--- a/policy/modules/apps/userhelper.te
|
||||
+++ b/policy/modules/apps/userhelper.te
|
||||
@@ -6,9 +6,61 @@ policy_module(userhelper, 1.5.1)
|
||||
@@ -6,9 +6,61 @@ policy_module(userhelper, 1.6.0)
|
||||
#
|
||||
|
||||
attribute userhelper_type;
|
||||
@ -7561,7 +7561,7 @@ index 5872ea2..028c994 100644
|
||||
/var/run/vmnat.* -s gen_context(system_u:object_r:vmware_var_run_t,s0)
|
||||
/var/run/vmware.* gen_context(system_u:object_r:vmware_var_run_t,s0)
|
||||
diff --git a/policy/modules/apps/vmware.te b/policy/modules/apps/vmware.te
|
||||
index 1f803bb..4bdcbe3 100644
|
||||
index c76ceb2..d7df452 100644
|
||||
--- a/policy/modules/apps/vmware.te
|
||||
+++ b/policy/modules/apps/vmware.te
|
||||
@@ -126,6 +126,7 @@ dev_getattr_all_blk_files(vmware_host_t)
|
||||
@ -7708,7 +7708,7 @@ index 0440b4c..4b055c1 100644
|
||||
+ allow $1 wine_t:shm rw_shm_perms;
|
||||
+')
|
||||
diff --git a/policy/modules/apps/wine.te b/policy/modules/apps/wine.te
|
||||
index f9a123a..277543a 100644
|
||||
index 953cb28..646620a 100644
|
||||
--- a/policy/modules/apps/wine.te
|
||||
+++ b/policy/modules/apps/wine.te
|
||||
@@ -51,7 +51,11 @@ optional_policy(`
|
||||
@ -7725,7 +7725,7 @@ index f9a123a..277543a 100644
|
||||
|
||||
optional_policy(`
|
||||
diff --git a/policy/modules/apps/wireshark.te b/policy/modules/apps/wireshark.te
|
||||
index d4e9877..ebb6ca4 100644
|
||||
index 8bfe97d..6bba1a8 100644
|
||||
--- a/policy/modules/apps/wireshark.te
|
||||
+++ b/policy/modules/apps/wireshark.te
|
||||
@@ -15,6 +15,7 @@ ubac_constrained(wireshark_t)
|
||||
@ -7915,7 +7915,7 @@ index b06df19..c0763c2 100644
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
|
||||
index 36ba519..e2d8b49 100644
|
||||
index edefaf3..e00278f 100644
|
||||
--- a/policy/modules/kernel/corenetwork.te.in
|
||||
+++ b/policy/modules/kernel/corenetwork.te.in
|
||||
@@ -15,6 +15,7 @@ attribute rpc_port_type;
|
||||
@ -8501,7 +8501,7 @@ index 15a7bef..ee7727f 100644
|
||||
|
||||
########################################
|
||||
diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
|
||||
index ae138bb..95f6137 100644
|
||||
index 41f892f..cab1bfc 100644
|
||||
--- a/policy/modules/kernel/devices.te
|
||||
+++ b/policy/modules/kernel/devices.te
|
||||
@@ -102,6 +102,7 @@ dev_node(ksm_device_t)
|
||||
@ -8591,10 +8591,10 @@ index aad8c52..0d8458a 100644
|
||||
+ dontaudit $1 domain:socket_class_set { read write };
|
||||
+')
|
||||
diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te
|
||||
index 099f57f..5843cad 100644
|
||||
index bc534c1..778d512 100644
|
||||
--- a/policy/modules/kernel/domain.te
|
||||
+++ b/policy/modules/kernel/domain.te
|
||||
@@ -4,6 +4,21 @@ policy_module(domain, 1.8.1)
|
||||
@@ -4,6 +4,21 @@ policy_module(domain, 1.9.0)
|
||||
#
|
||||
# Declarations
|
||||
#
|
||||
@ -9892,7 +9892,7 @@ index ed203b2..bfb7926 100644
|
||||
+ allow $1 file_type:kernel_service create_files_as;
|
||||
+')
|
||||
diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te
|
||||
index ba9529a..cd45491 100644
|
||||
index e8a6b1d..fd53860 100644
|
||||
--- a/policy/modules/kernel/files.te
|
||||
+++ b/policy/modules/kernel/files.te
|
||||
@@ -11,6 +11,7 @@ attribute lockfile;
|
||||
@ -10468,7 +10468,7 @@ index dfe361a..496954e 100644
|
||||
+')
|
||||
+
|
||||
diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
|
||||
index 6d21b3d..255b47a 100644
|
||||
index e49c148..995fade 100644
|
||||
--- a/policy/modules/kernel/filesystem.te
|
||||
+++ b/policy/modules/kernel/filesystem.te
|
||||
@@ -52,6 +52,7 @@ type anon_inodefs_t;
|
||||
@ -10669,7 +10669,7 @@ index b4ad6d7..67e89f0 100644
|
||||
+')
|
||||
+
|
||||
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
|
||||
index 25a817f..7426f2a 100644
|
||||
index 9e2e6d7..08e82d9 100644
|
||||
--- a/policy/modules/kernel/kernel.te
|
||||
+++ b/policy/modules/kernel/kernel.te
|
||||
@@ -50,6 +50,8 @@ sid kernel gen_context(system_u:system_r:kernel_t,mls_systemhigh)
|
||||
@ -11048,7 +11048,7 @@ index 492bf76..525563a 100644
|
||||
+ allow $1 virtio_device_t:chr_file rw_chr_file_perms;
|
||||
+')
|
||||
diff --git a/policy/modules/kernel/terminal.te b/policy/modules/kernel/terminal.te
|
||||
index 646bbcf..49d77df 100644
|
||||
index e004757..b5be387 100644
|
||||
--- a/policy/modules/kernel/terminal.te
|
||||
+++ b/policy/modules/kernel/terminal.te
|
||||
@@ -29,6 +29,7 @@ files_mountpoint(devpts_t)
|
||||
@ -11093,7 +11093,7 @@ index 0000000..e1ebd1a
|
||||
+
|
||||
+corenet_enable_unlabeled_packets()
|
||||
diff --git a/policy/modules/roles/auditadm.te b/policy/modules/roles/auditadm.te
|
||||
index b0d5b27..a96f2e6 100644
|
||||
index 0faef68..46c58bd 100644
|
||||
--- a/policy/modules/roles/auditadm.te
|
||||
+++ b/policy/modules/roles/auditadm.te
|
||||
@@ -28,10 +28,13 @@ logging_manage_audit_log(auditadm_t)
|
||||
@ -11131,7 +11131,7 @@ index 1875064..e9c9277 100644
|
||||
+ sudo_role_template(dbadm, dbadm_r, dbadm_t)
|
||||
+')
|
||||
diff --git a/policy/modules/roles/guest.te b/policy/modules/roles/guest.te
|
||||
index 531c616..f332441 100644
|
||||
index 1cb7311..1de82b2 100644
|
||||
--- a/policy/modules/roles/guest.te
|
||||
+++ b/policy/modules/roles/guest.te
|
||||
@@ -9,9 +9,15 @@ role guest_r;
|
||||
@ -11152,7 +11152,7 @@ index 531c616..f332441 100644
|
||||
+
|
||||
+gen_user(guest_u, user, guest_r, s0, s0)
|
||||
diff --git a/policy/modules/roles/secadm.te b/policy/modules/roles/secadm.te
|
||||
index 5a3d720..924baee 100644
|
||||
index be4de58..cce681a 100644
|
||||
--- a/policy/modules/roles/secadm.te
|
||||
+++ b/policy/modules/roles/secadm.te
|
||||
@@ -9,6 +9,8 @@ role secadm_r;
|
||||
@ -11165,10 +11165,10 @@ index 5a3d720..924baee 100644
|
||||
########################################
|
||||
#
|
||||
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
|
||||
index d62886d..2e8ae26 100644
|
||||
index 2be17d2..96d3fbf 100644
|
||||
--- a/policy/modules/roles/staff.te
|
||||
+++ b/policy/modules/roles/staff.te
|
||||
@@ -8,12 +8,48 @@ policy_module(staff, 2.1.4)
|
||||
@@ -8,12 +8,48 @@ policy_module(staff, 2.2.0)
|
||||
role staff_r;
|
||||
|
||||
userdom_unpriv_user_template(staff)
|
||||
@ -11336,7 +11336,7 @@ index d62886d..2e8ae26 100644
|
||||
')
|
||||
|
||||
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
|
||||
index d5e88be..fd670dd 100644
|
||||
index 1ae9a94..27404e7 100644
|
||||
--- a/policy/modules/roles/sysadm.te
|
||||
+++ b/policy/modules/roles/sysadm.te
|
||||
@@ -24,20 +24,41 @@ ifndef(`enable_mls',`
|
||||
@ -12857,7 +12857,7 @@ index 0000000..7d5de28
|
||||
+
|
||||
+gen_user(unconfined_u, user, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
|
||||
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
|
||||
index 606a257..aa3da20 100644
|
||||
index 1e0753e..4ae4116 100644
|
||||
--- a/policy/modules/roles/unprivuser.te
|
||||
+++ b/policy/modules/roles/unprivuser.te
|
||||
@@ -12,15 +12,51 @@ role user_r;
|
||||
@ -13222,10 +13222,10 @@ index 0b827c5..8961dba 100644
|
||||
admin_pattern($1, abrt_tmp_t)
|
||||
')
|
||||
diff --git a/policy/modules/services/abrt.te b/policy/modules/services/abrt.te
|
||||
index 98646c4..5fdea83 100644
|
||||
index 30861ec..7065b02 100644
|
||||
--- a/policy/modules/services/abrt.te
|
||||
+++ b/policy/modules/services/abrt.te
|
||||
@@ -5,6 +5,14 @@ policy_module(abrt, 1.1.1)
|
||||
@@ -5,6 +5,14 @@ policy_module(abrt, 1.2.0)
|
||||
# Declarations
|
||||
#
|
||||
|
||||
@ -13459,7 +13459,7 @@ index 8559cdc..49c0cc8 100644
|
||||
# Allow afs_admin to restart the afs service
|
||||
afs_initrc_domtrans($1)
|
||||
diff --git a/policy/modules/services/afs.te b/policy/modules/services/afs.te
|
||||
index de8b791..7e2cdf2 100644
|
||||
index a496fde..847609a 100644
|
||||
--- a/policy/modules/services/afs.te
|
||||
+++ b/policy/modules/services/afs.te
|
||||
@@ -107,6 +107,10 @@ miscfiles_read_localization(afs_t)
|
||||
@ -15463,7 +15463,7 @@ index 08dfa0c..b02e348 100644
|
||||
+ userdom_read_user_home_content_files(httpd_user_script_t)
|
||||
')
|
||||
diff --git a/policy/modules/services/apcupsd.te b/policy/modules/services/apcupsd.te
|
||||
index 3b7d9eb..6a7073b 100644
|
||||
index d052bf0..8478eca 100644
|
||||
--- a/policy/modules/services/apcupsd.te
|
||||
+++ b/policy/modules/services/apcupsd.te
|
||||
@@ -94,6 +94,10 @@ optional_policy(`
|
||||
@ -15653,7 +15653,7 @@ index 61c74bc..c6b0498 100644
|
||||
allow avahi_t $1:dbus send_msg;
|
||||
')
|
||||
diff --git a/policy/modules/services/avahi.te b/policy/modules/services/avahi.te
|
||||
index fd64068..647fff8 100644
|
||||
index a7a0e71..15686e9 100644
|
||||
--- a/policy/modules/services/avahi.te
|
||||
+++ b/policy/modules/services/avahi.te
|
||||
@@ -46,6 +46,7 @@ files_pid_filetrans(avahi_t, avahi_var_run_t, { dir file })
|
||||
@ -15823,7 +15823,7 @@ index 4deca04..42aa033 100644
|
||||
|
||||
optional_policy(`
|
||||
diff --git a/policy/modules/services/bitlbee.te b/policy/modules/services/bitlbee.te
|
||||
index 5f239ca..29de096 100644
|
||||
index f4e7ad3..6591639 100644
|
||||
--- a/policy/modules/services/bitlbee.te
|
||||
+++ b/policy/modules/services/bitlbee.te
|
||||
@@ -28,7 +28,7 @@ files_type(bitlbee_var_t)
|
||||
@ -16704,7 +16704,7 @@ index 0000000..575c16e
|
||||
+
|
||||
+init_sigchld_script(cachefiles_kernel_t)
|
||||
diff --git a/policy/modules/services/canna.te b/policy/modules/services/canna.te
|
||||
index a0dfd2f..d60e2bf 100644
|
||||
index 1d25efe..1b16191 100644
|
||||
--- a/policy/modules/services/canna.te
|
||||
+++ b/policy/modules/services/canna.te
|
||||
@@ -34,7 +34,7 @@ allow canna_t self:unix_dgram_socket create_stream_socket_perms;
|
||||
@ -16821,7 +16821,7 @@ index fa62787..ffd0da5 100644
|
||||
admin_pattern($1, certmaster_etc_rw_t)
|
||||
|
||||
diff --git a/policy/modules/services/certmaster.te b/policy/modules/services/certmaster.te
|
||||
index 73f03ff..d5c4c94 100644
|
||||
index 3384132..daef4e1 100644
|
||||
--- a/policy/modules/services/certmaster.te
|
||||
+++ b/policy/modules/services/certmaster.te
|
||||
@@ -43,23 +43,23 @@ files_var_lib_filetrans(certmaster_t, certmaster_var_lib_t, { file dir })
|
||||
@ -16881,7 +16881,7 @@ index 7a6e5ba..d664be8 100644
|
||||
admin_pattern($1, certmonger_var_run_t)
|
||||
')
|
||||
diff --git a/policy/modules/services/certmonger.te b/policy/modules/services/certmonger.te
|
||||
index 1a65b5e..ec0594e 100644
|
||||
index c3e3f79..23c4087 100644
|
||||
--- a/policy/modules/services/certmonger.te
|
||||
+++ b/policy/modules/services/certmonger.te
|
||||
@@ -23,7 +23,8 @@ files_type(certmonger_var_lib_t)
|
||||
@ -17285,11 +17285,11 @@ index 1f11572..7f6a7ab 100644
|
||||
')
|
||||
|
||||
diff --git a/policy/modules/services/clamav.te b/policy/modules/services/clamav.te
|
||||
index 8c36027..28863a5 100644
|
||||
index f758323..f1571f1 100644
|
||||
--- a/policy/modules/services/clamav.te
|
||||
+++ b/policy/modules/services/clamav.te
|
||||
@@ -1,9 +1,9 @@
|
||||
policy_module(clamav, 1.8.1)
|
||||
policy_module(clamav, 1.9.0)
|
||||
|
||||
## <desc>
|
||||
-## <p>
|
||||
@ -18417,7 +18417,7 @@ index 9971337..f081899 100644
|
||||
')
|
||||
|
||||
diff --git a/policy/modules/services/courier.te b/policy/modules/services/courier.te
|
||||
index 37f4810..cc93958 100644
|
||||
index 2802dbb..5d323df 100644
|
||||
--- a/policy/modules/services/courier.te
|
||||
+++ b/policy/modules/services/courier.te
|
||||
@@ -93,7 +93,7 @@ allow courier_pop_t courier_authdaemon_t:process sigchld;
|
||||
@ -19650,7 +19650,7 @@ index 0d5711c..3874025 100644
|
||||
+ delete_files_pattern($1, system_dbusd_var_run_t, system_dbusd_var_run_t)
|
||||
+')
|
||||
diff --git a/policy/modules/services/dbus.te b/policy/modules/services/dbus.te
|
||||
index 9ce6713..ea78dc1 100644
|
||||
index 98e5af6..61bb74a 100644
|
||||
--- a/policy/modules/services/dbus.te
|
||||
+++ b/policy/modules/services/dbus.te
|
||||
@@ -74,9 +74,10 @@ files_tmp_filetrans(system_dbusd_t, system_dbusd_tmp_t, { file dir })
|
||||
@ -19717,7 +19717,7 @@ index 784753e..bf65e7d 100644
|
||||
stream_connect_pattern($1, dcc_var_t, dccifd_var_run_t, dccifd_t)
|
||||
')
|
||||
diff --git a/policy/modules/services/dcc.te b/policy/modules/services/dcc.te
|
||||
index 8bab059..284a888 100644
|
||||
index ec19ff4..d110456 100644
|
||||
--- a/policy/modules/services/dcc.te
|
||||
+++ b/policy/modules/services/dcc.te
|
||||
@@ -36,7 +36,7 @@ type dcc_var_t;
|
||||
@ -20919,7 +20919,7 @@ index 0000000..01c3755
|
||||
+ snmp_stream_connect(dirsrv_snmp_t)
|
||||
+')
|
||||
diff --git a/policy/modules/services/djbdns.te b/policy/modules/services/djbdns.te
|
||||
index 0c6a473..51e2ce8 100644
|
||||
index 03b5286..fcafa0b 100644
|
||||
--- a/policy/modules/services/djbdns.te
|
||||
+++ b/policy/modules/services/djbdns.te
|
||||
@@ -23,9 +23,6 @@ djbdns_daemontools_domain_template(tinydns)
|
||||
@ -23199,7 +23199,7 @@ index 87b4531..db2d189 100644
|
||||
+ files_list_etc($1)
|
||||
')
|
||||
diff --git a/policy/modules/services/hddtemp.te b/policy/modules/services/hddtemp.te
|
||||
index 267bb4c..1647fc4 100644
|
||||
index c234b32..a7b6bf7 100644
|
||||
--- a/policy/modules/services/hddtemp.te
|
||||
+++ b/policy/modules/services/hddtemp.te
|
||||
@@ -46,4 +46,3 @@ storage_raw_read_fixed_disk(hddtemp_t)
|
||||
@ -23252,10 +23252,10 @@ index ecab47a..40affd8 100644
|
||||
-
|
||||
')
|
||||
diff --git a/policy/modules/services/icecast.te b/policy/modules/services/icecast.te
|
||||
index f368bf3..d43b779 100644
|
||||
index fdb7e9a..1c02a45 100644
|
||||
--- a/policy/modules/services/icecast.te
|
||||
+++ b/policy/modules/services/icecast.te
|
||||
@@ -5,6 +5,14 @@ policy_module(icecast, 1.0.1)
|
||||
@@ -5,6 +5,14 @@ policy_module(icecast, 1.1.0)
|
||||
# Declarations
|
||||
#
|
||||
|
||||
@ -24275,7 +24275,7 @@ index 771e04b..81d98b3 100644
|
||||
manage_files_pattern($1_t, $1_var_run_t, $1_var_run_t)
|
||||
files_pid_filetrans($1_t, $1_var_run_t, file)
|
||||
diff --git a/policy/modules/services/likewise.te b/policy/modules/services/likewise.te
|
||||
index ae9d49f..931d2f5 100644
|
||||
index 3acbf1d..ef07a0e 100644
|
||||
--- a/policy/modules/services/likewise.te
|
||||
+++ b/policy/modules/services/likewise.te
|
||||
@@ -17,7 +17,7 @@ type likewise_var_lib_t;
|
||||
@ -24657,10 +24657,10 @@ index ed1af3c..40b5f0e 100644
|
||||
+ delete_files_pattern($1, dkim_milter_data_t, dkim_milter_data_t)
|
||||
+')
|
||||
diff --git a/policy/modules/services/milter.te b/policy/modules/services/milter.te
|
||||
index 1b6dea0..b90c727 100644
|
||||
index 47e3612..98801a7 100644
|
||||
--- a/policy/modules/services/milter.te
|
||||
+++ b/policy/modules/services/milter.te
|
||||
@@ -9,6 +9,13 @@ policy_module(milter, 1.2.1)
|
||||
@@ -9,6 +9,13 @@ policy_module(milter, 1.3.0)
|
||||
attribute milter_domains;
|
||||
attribute milter_data_type;
|
||||
|
||||
@ -26616,7 +26616,7 @@ index 8581040..cfcdf10 100644
|
||||
|
||||
allow $1 nagios_t:process { ptrace signal_perms };
|
||||
diff --git a/policy/modules/services/nagios.te b/policy/modules/services/nagios.te
|
||||
index da5b33d..8b56967 100644
|
||||
index bf64a4c..55b3ce7 100644
|
||||
--- a/policy/modules/services/nagios.te
|
||||
+++ b/policy/modules/services/nagios.te
|
||||
@@ -107,13 +107,11 @@ files_read_etc_files(nagios_t)
|
||||
@ -27309,7 +27309,7 @@ index 23c769c..be5a5b4 100644
|
||||
+ admin_pattern($1, nslcd_var_run_t, nslcd_var_run_t)
|
||||
')
|
||||
diff --git a/policy/modules/services/nslcd.te b/policy/modules/services/nslcd.te
|
||||
index 34eee5f..a9f19d8 100644
|
||||
index 4e28d58..01faaef 100644
|
||||
--- a/policy/modules/services/nslcd.te
|
||||
+++ b/policy/modules/services/nslcd.te
|
||||
@@ -16,7 +16,7 @@ type nslcd_var_run_t;
|
||||
@ -27633,7 +27633,7 @@ index bb4fae5..b1b5e51 100644
|
||||
+ admin_pattern($1, oidentd_config_t)
|
||||
+')
|
||||
diff --git a/policy/modules/services/oident.te b/policy/modules/services/oident.te
|
||||
index f0da874..18f8a8c 100644
|
||||
index 8845174..98f541f 100644
|
||||
--- a/policy/modules/services/oident.te
|
||||
+++ b/policy/modules/services/oident.te
|
||||
@@ -26,10 +26,10 @@ files_config_file(oidentd_config_t)
|
||||
@ -28022,10 +28022,10 @@ index 1c2a091..ea5ae69 100644
|
||||
#
|
||||
interface(`pcscd_domtrans',`
|
||||
diff --git a/policy/modules/services/pcscd.te b/policy/modules/services/pcscd.te
|
||||
index 3116191..df751a6 100644
|
||||
index ceafba6..eca6852 100644
|
||||
--- a/policy/modules/services/pcscd.te
|
||||
+++ b/policy/modules/services/pcscd.te
|
||||
@@ -7,7 +7,6 @@ policy_module(pcscd, 1.6.1)
|
||||
@@ -7,7 +7,6 @@ policy_module(pcscd, 1.7.0)
|
||||
|
||||
type pcscd_t;
|
||||
type pcscd_exec_t;
|
||||
@ -29228,7 +29228,7 @@ index 4313a6f..1d9fa76 100644
|
||||
/sbin/portreserve -- gen_context(system_u:object_r:portreserve_exec_t,s0)
|
||||
|
||||
diff --git a/policy/modules/services/portreserve.te b/policy/modules/services/portreserve.te
|
||||
index 0b1f471..075a550 100644
|
||||
index 152af92..1594066 100644
|
||||
--- a/policy/modules/services/portreserve.te
|
||||
+++ b/policy/modules/services/portreserve.te
|
||||
@@ -13,7 +13,7 @@ type portreserve_initrc_exec_t;
|
||||
@ -30011,7 +30011,7 @@ index 539a7c9..4782bdb 100644
|
||||
|
||||
postgresql_tcp_connect($1)
|
||||
diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te
|
||||
index 39abf57..b4101fa 100644
|
||||
index 4b18978..1ab2e1d 100644
|
||||
--- a/policy/modules/services/postgresql.te
|
||||
+++ b/policy/modules/services/postgresql.te
|
||||
@@ -15,16 +15,16 @@ gen_require(`
|
||||
@ -30354,7 +30354,7 @@ index 2316653..77ef768 100644
|
||||
+ admin_pattern($1, prelude_lml_tmp_t)
|
||||
')
|
||||
diff --git a/policy/modules/services/prelude.te b/policy/modules/services/prelude.te
|
||||
index 7e84587..febda2f 100644
|
||||
index b1bc02c..8f0b07e 100644
|
||||
--- a/policy/modules/services/prelude.te
|
||||
+++ b/policy/modules/services/prelude.te
|
||||
@@ -35,7 +35,6 @@ files_pid_file(prelude_audisp_var_run_t)
|
||||
@ -30391,10 +30391,10 @@ index 7e84587..febda2f 100644
|
||||
|
||||
dev_read_rand(prelude_lml_t)
|
||||
diff --git a/policy/modules/services/privoxy.te b/policy/modules/services/privoxy.te
|
||||
index 6f1b2c3..3f1a3fe 100644
|
||||
index 2dbf4d4..abb4475 100644
|
||||
--- a/policy/modules/services/privoxy.te
|
||||
+++ b/policy/modules/services/privoxy.te
|
||||
@@ -6,10 +6,10 @@ policy_module(privoxy, 1.10.1)
|
||||
@@ -6,10 +6,10 @@ policy_module(privoxy, 1.11.0)
|
||||
#
|
||||
|
||||
## <desc>
|
||||
@ -31556,10 +31556,10 @@ index f04a595..3203212 100644
|
||||
+ read_files_pattern($1, razor_var_lib_t, razor_var_lib_t)
|
||||
+')
|
||||
diff --git a/policy/modules/services/razor.te b/policy/modules/services/razor.te
|
||||
index 340a6c0..f24c52e 100644
|
||||
index 852840b..1244ab2 100644
|
||||
--- a/policy/modules/services/razor.te
|
||||
+++ b/policy/modules/services/razor.te
|
||||
@@ -5,118 +5,139 @@ policy_module(razor, 2.1.1)
|
||||
@@ -5,118 +5,139 @@ policy_module(razor, 2.2.0)
|
||||
# Declarations
|
||||
#
|
||||
|
||||
@ -34256,7 +34256,7 @@ index 4804f14..6f49778 100644
|
||||
term_dontaudit_search_ptys(fsdaemon_t)
|
||||
|
||||
diff --git a/policy/modules/services/smokeping.te b/policy/modules/services/smokeping.te
|
||||
index 688fbd0..5873bce 100644
|
||||
index 740994a..a92ba26 100644
|
||||
--- a/policy/modules/services/smokeping.te
|
||||
+++ b/policy/modules/services/smokeping.te
|
||||
@@ -23,7 +23,7 @@ files_type(smokeping_var_lib_t)
|
||||
@ -34452,7 +34452,7 @@ index c117e8b..88ebedb 100644
|
||||
+ files_list_pids($1)
|
||||
')
|
||||
diff --git a/policy/modules/services/snort.te b/policy/modules/services/snort.te
|
||||
index d7f4bd4..012723c 100644
|
||||
index 179bc1b..735c400 100644
|
||||
--- a/policy/modules/services/snort.te
|
||||
+++ b/policy/modules/services/snort.te
|
||||
@@ -32,17 +32,17 @@ files_pid_file(snort_var_run_t)
|
||||
@ -34699,10 +34699,10 @@ index c954f31..7f57f22 100644
|
||||
+ admin_pattern($1, spamd_var_run_t)
|
||||
')
|
||||
diff --git a/policy/modules/services/spamassassin.te b/policy/modules/services/spamassassin.te
|
||||
index 9d40380..56e4c2e 100644
|
||||
index ec1eb1e..9948efa 100644
|
||||
--- a/policy/modules/services/spamassassin.te
|
||||
+++ b/policy/modules/services/spamassassin.te
|
||||
@@ -6,54 +6,93 @@ policy_module(spamassassin, 2.3.1)
|
||||
@@ -6,54 +6,93 @@ policy_module(spamassassin, 2.4.0)
|
||||
#
|
||||
|
||||
## <desc>
|
||||
@ -35956,10 +35956,10 @@ index 6073656..eaf49b2 100644
|
||||
allow $1 stunnel_t:tcp_socket rw_socket_perms;
|
||||
')
|
||||
diff --git a/policy/modules/services/stunnel.te b/policy/modules/services/stunnel.te
|
||||
index 7ecb27b..296e5ba 100644
|
||||
index f646c66..b8eec46 100644
|
||||
--- a/policy/modules/services/stunnel.te
|
||||
+++ b/policy/modules/services/stunnel.te
|
||||
@@ -6,17 +6,7 @@ policy_module(stunnel, 1.9.1)
|
||||
@@ -6,17 +6,7 @@ policy_module(stunnel, 1.10.0)
|
||||
#
|
||||
|
||||
type stunnel_t;
|
||||
@ -36372,7 +36372,7 @@ index 904f13e..464347f 100644
|
||||
|
||||
init_labeled_script_domtrans($1, tor_initrc_exec_t)
|
||||
diff --git a/policy/modules/services/tor.te b/policy/modules/services/tor.te
|
||||
index f793912..8e58d40 100644
|
||||
index c842cad..fe5deee 100644
|
||||
--- a/policy/modules/services/tor.te
|
||||
+++ b/policy/modules/services/tor.te
|
||||
@@ -42,6 +42,7 @@ files_pid_file(tor_var_run_t)
|
||||
@ -36510,7 +36510,7 @@ index 831b4a3..a206464 100644
|
||||
|
||||
/var/log/ulogd(/.*)? gen_context(system_u:object_r:ulogd_var_log_t,s0)
|
||||
diff --git a/policy/modules/services/ulogd.te b/policy/modules/services/ulogd.te
|
||||
index 00aa99e..5f1ad7d 100644
|
||||
index 3b953f5..70f687a 100644
|
||||
--- a/policy/modules/services/ulogd.te
|
||||
+++ b/policy/modules/services/ulogd.te
|
||||
@@ -11,7 +11,7 @@ init_daemon_domain(ulogd_t, ulogd_exec_t)
|
||||
@ -36551,7 +36551,7 @@ index c2cf97e..037a1e8 100644
|
||||
allow uptimed_t uptimed_etc_t:file read_file_perms;
|
||||
files_search_etc(uptimed_t)
|
||||
diff --git a/policy/modules/services/uucp.te b/policy/modules/services/uucp.te
|
||||
index 9001230..7ff3ef8 100644
|
||||
index d4349e9..d9dbcc2 100644
|
||||
--- a/policy/modules/services/uucp.te
|
||||
+++ b/policy/modules/services/uucp.te
|
||||
@@ -125,6 +125,8 @@ optional_policy(`
|
||||
@ -36564,10 +36564,10 @@ index 9001230..7ff3ef8 100644
|
||||
uucp_manage_spool(uux_t)
|
||||
|
||||
diff --git a/policy/modules/services/varnishd.te b/policy/modules/services/varnishd.te
|
||||
index e385c83..10710fd 100644
|
||||
index f9310f3..064171e 100644
|
||||
--- a/policy/modules/services/varnishd.te
|
||||
+++ b/policy/modules/services/varnishd.te
|
||||
@@ -6,10 +6,10 @@ policy_module(varnishd, 1.1.1)
|
||||
@@ -6,10 +6,10 @@ policy_module(varnishd, 1.2.0)
|
||||
#
|
||||
|
||||
## <desc>
|
||||
@ -39108,7 +39108,7 @@ index da2601a..6b12229 100644
|
||||
+ manage_files_pattern($1, user_fonts_config_t, user_fonts_config_t)
|
||||
+')
|
||||
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
|
||||
index e226da4..1ada171 100644
|
||||
index 145fc4b..6b4d8c9 100644
|
||||
--- a/policy/modules/services/xserver.te
|
||||
+++ b/policy/modules/services/xserver.te
|
||||
@@ -26,27 +26,50 @@ gen_require(`
|
||||
@ -40220,7 +40220,7 @@ index d77e631..4776863 100644
|
||||
#
|
||||
interface(`zabbix_append_log',`
|
||||
diff --git a/policy/modules/services/zabbix.te b/policy/modules/services/zabbix.te
|
||||
index b8dd21a..20d7cde 100644
|
||||
index c26ecf5..b906c48 100644
|
||||
--- a/policy/modules/services/zabbix.te
|
||||
+++ b/policy/modules/services/zabbix.te
|
||||
@@ -26,11 +26,11 @@ files_pid_file(zabbix_var_run_t)
|
||||
@ -40561,10 +40561,10 @@ index 6b87605..347f754 100644
|
||||
|
||||
allow $1 zebra_t:process { ptrace signal_perms };
|
||||
diff --git a/policy/modules/services/zebra.te b/policy/modules/services/zebra.te
|
||||
index c349adc..a4855b1 100644
|
||||
index ade6c2c..2b78f0d 100644
|
||||
--- a/policy/modules/services/zebra.te
|
||||
+++ b/policy/modules/services/zebra.te
|
||||
@@ -6,11 +6,10 @@ policy_module(zebra, 1.11.1)
|
||||
@@ -6,11 +6,10 @@ policy_module(zebra, 1.12.0)
|
||||
#
|
||||
|
||||
## <desc>
|
||||
@ -41463,7 +41463,7 @@ index 408f4e6..55c2d03 100644
|
||||
auth_rw_login_records(getty_t)
|
||||
|
||||
diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te
|
||||
index 1fcd657..52063bc 100644
|
||||
index c310775..d5fc685 100644
|
||||
--- a/policy/modules/system/hostname.te
|
||||
+++ b/policy/modules/system/hostname.te
|
||||
@@ -28,15 +28,18 @@ dev_read_sysfs(hostname_t)
|
||||
@ -42005,7 +42005,7 @@ index df3fa64..473d2b4 100644
|
||||
+ allow $1 init_t:unix_dgram_socket sendto;
|
||||
+')
|
||||
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
|
||||
index 8a105fd..2be1d2a 100644
|
||||
index 2fbb25a..2cba7c4 100644
|
||||
--- a/policy/modules/system/init.te
|
||||
+++ b/policy/modules/system/init.te
|
||||
@@ -16,6 +16,27 @@ gen_require(`
|
||||
@ -43936,7 +43936,7 @@ index c7cfb62..620e0a4 100644
|
||||
init_labeled_script_domtrans($1, syslogd_initrc_exec_t)
|
||||
domain_system_change_exemption($1)
|
||||
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
|
||||
index aa2b0a6..304fbba 100644
|
||||
index 9b5a9ed..2b30dd6 100644
|
||||
--- a/policy/modules/system/logging.te
|
||||
+++ b/policy/modules/system/logging.te
|
||||
@@ -55,11 +55,12 @@ type klogd_var_run_t;
|
||||
@ -44296,10 +44296,10 @@ index 926ba65..1dfa62a 100644
|
||||
## transfer services.
|
||||
## </summary>
|
||||
diff --git a/policy/modules/system/miscfiles.te b/policy/modules/system/miscfiles.te
|
||||
index 2cb10d4..6c33b3b 100644
|
||||
index 703944c..1d3a6a9 100644
|
||||
--- a/policy/modules/system/miscfiles.te
|
||||
+++ b/policy/modules/system/miscfiles.te
|
||||
@@ -4,7 +4,6 @@ policy_module(miscfiles, 1.8.2)
|
||||
@@ -4,7 +4,6 @@ policy_module(miscfiles, 1.9.0)
|
||||
#
|
||||
# Declarations
|
||||
#
|
||||
@ -44710,7 +44710,7 @@ index 8b5c196..b195f9d 100644
|
||||
+ role $2 types showmount_t;
|
||||
')
|
||||
diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
|
||||
index 6fe8471..21de81b 100644
|
||||
index 1899313..c6b6821 100644
|
||||
--- a/policy/modules/system/mount.te
|
||||
+++ b/policy/modules/system/mount.te
|
||||
@@ -17,8 +17,15 @@ type mount_exec_t;
|
||||
@ -45945,7 +45945,7 @@ index ff5d72d..9cd171a 100644
|
||||
+ unconfined_domain(setfiles_mac_t)
|
||||
')
|
||||
diff --git a/policy/modules/system/setrans.te b/policy/modules/system/setrans.te
|
||||
index 0e48679..78b3429 100644
|
||||
index 1447687..cdc0223 100644
|
||||
--- a/policy/modules/system/setrans.te
|
||||
+++ b/policy/modules/system/setrans.te
|
||||
@@ -12,6 +12,7 @@ gen_require(`
|
||||
@ -47350,10 +47350,10 @@ index 416e668..20a28e7 100644
|
||||
- allow $1 unconfined_t:dbus acquire_svc;
|
||||
-')
|
||||
diff --git a/policy/modules/system/unconfined.te b/policy/modules/system/unconfined.te
|
||||
index 8a4ee77..f0dca4c 100644
|
||||
index eae5001..71e46b2 100644
|
||||
--- a/policy/modules/system/unconfined.te
|
||||
+++ b/policy/modules/system/unconfined.te
|
||||
@@ -4,231 +4,4 @@ policy_module(unconfined, 3.2.1)
|
||||
@@ -4,231 +4,4 @@ policy_module(unconfined, 3.3.0)
|
||||
#
|
||||
# Declarations
|
||||
#
|
||||
@ -50099,10 +50099,10 @@ index 35f1476..1571559 100644
|
||||
+ type_transition $1 user_tmp_t:process $2;
|
||||
+')
|
||||
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
|
||||
index a7088c6..2c840bc 100644
|
||||
index df29ca1..97b3c20 100644
|
||||
--- a/policy/modules/system/userdomain.te
|
||||
+++ b/policy/modules/system/userdomain.te
|
||||
@@ -7,7 +7,7 @@ policy_module(userdomain, 4.4.4)
|
||||
@@ -7,7 +7,7 @@ policy_module(userdomain, 4.5.0)
|
||||
|
||||
## <desc>
|
||||
## <p>
|
||||
|
@ -20,8 +20,8 @@
|
||||
%define CHECKPOLICYVER 2.0.21-1
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.9.10
|
||||
Release: 13%{?dist}
|
||||
Version: 3.9.11
|
||||
Release: 1%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
@ -471,17 +471,21 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Dec 14 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.9-13
|
||||
* Wed Dec 15 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.11-1
|
||||
- Update to upstream
|
||||
- Fix version of policy in spec file
|
||||
|
||||
* Tue Dec 14 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-13
|
||||
- Allow sandbox to run on nfs partitions, fixes for systemd_tmpfs
|
||||
- remove per sandbox domains devpts types
|
||||
- Allow dkim-milter sending signal to itself
|
||||
|
||||
* Mon Dec 13 2010 Dan Walsh <dwalsh@redhat.com> 3.9.9-12
|
||||
* Mon Dec 13 2010 Dan Walsh <dwalsh@redhat.com> 3.9.10-12
|
||||
- Allow domains that transition to ping or traceroute, kill them
|
||||
- Allow user_t to conditionally transition to ping_t and traceroute_t
|
||||
- Add fixes to systemd- tools, including new labeling for systemd-fsck, systemd-cryptsetup
|
||||
|
||||
* Mon Dec 13 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.9-11
|
||||
* Mon Dec 13 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-11
|
||||
- Turn on systemd policy
|
||||
- mozilla_plugin needs to read certs in the homedir.
|
||||
- Dontaudit leaked file descriptors from devicekit
|
||||
@ -494,19 +498,19 @@ exit 0
|
||||
- systemd is creating symlinks in /dev
|
||||
- Change label on /etc/httpd/alias to be all cert_t
|
||||
|
||||
* Fri Dec 10 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.9-10
|
||||
* Fri Dec 10 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-10
|
||||
- Fixes for clamscan and boinc policy
|
||||
- Add boinc_project_t setpgid
|
||||
- Allow alsa to create tmp files in /tmp
|
||||
|
||||
* Tue Dec 7 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.9-9
|
||||
* Tue Dec 7 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-9
|
||||
- Push fixes to allow disabling of unlabeled_t packet access
|
||||
- Enable unlabelednet policy
|
||||
|
||||
* Tue Dec 7 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.9-8
|
||||
* Tue Dec 7 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-8
|
||||
- Fixes for lvm to work with systemd
|
||||
|
||||
* Mon Dec 6 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.9-7
|
||||
* Mon Dec 6 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-7
|
||||
- Fix the label for wicd log
|
||||
- plymouthd creates force-display-on-active-vt file
|
||||
- Allow avahi to request the kernel to load a module
|
||||
@ -518,19 +522,19 @@ exit 0
|
||||
- Fix the label for wicd log
|
||||
- Add systemd policy
|
||||
|
||||
* Fri Dec 3 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.9-6
|
||||
* Fri Dec 3 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-6
|
||||
- Fix gnome_manage_data interface
|
||||
- Dontaudit sys_ptrace capability for iscsid
|
||||
- Fixes for nagios plugin policy
|
||||
|
||||
* Thu Dec 1 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.9-5
|
||||
* Thu Dec 1 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-5
|
||||
- Fix cron to run ranged when started by init
|
||||
- Fix devicekit to use log files
|
||||
- Dontaudit use of devicekit_var_run_t for fstools
|
||||
- Allow init to setattr on logfile directories
|
||||
- Allow hald to manage files in /var/run/pm-utils/ dir which is now labeled as devicekit_var_run_t
|
||||
|
||||
* Tue Nov 30 2010 Dan Walsh <dwalsh@redhat.com> 3.9.9-4
|
||||
* Tue Nov 30 2010 Dan Walsh <dwalsh@redhat.com> 3.9.10-4
|
||||
- Fix up handling of dnsmasq_t creating /var/run/libvirt/network
|
||||
- Turn on sshd_forward_ports boolean by default
|
||||
- Allow sysadmin to dbus chat with rpm
|
||||
|
Loading…
Reference in New Issue
Block a user