rpms/selinux-policy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

- Fix syslog declaration

Browse Source
This commit is contained in:
Daniel J Walsh 2007-06-27 19:48:33 +00:00
parent 7f44213c00
commit b786a2b04a
2 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
policy-20070525.patch
View File

@ -6602,7 +6602,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
+ +
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.0.1/policy/modules/services/samba.te diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.0.1/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2007-06-19 16:23:35.000000000 -0400 --- nsaserefpolicy/policy/modules/services/samba.te 2007-06-19 16:23:35.000000000 -0400
+++ serefpolicy-3.0.1/policy/modules/services/samba.te 2007-06-27 11:39:37.000000000 -0400 +++ serefpolicy-3.0.1/policy/modules/services/samba.te 2007-06-27 14:15:13.000000000 -0400
@@ -189,6 +189,8 @@ @@ -189,6 +189,8 @@
miscfiles_read_localization(samba_net_t) miscfiles_read_localization(samba_net_t)
@ -6670,7 +6670,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
libs_use_ld_so(swat_t) libs_use_ld_so(swat_t)
libs_use_shared_libs(swat_t) libs_use_shared_libs(swat_t)
@@ -728,6 +742,7 @@ @@ -704,6 +718,8 @@
manage_sock_files_pattern(winbind_t,winbind_var_run_t,winbind_var_run_t)
files_pid_filetrans(winbind_t,winbind_var_run_t,file)
+corecmd_exec_bin(winbind_t)
+
kernel_read_kernel_sysctls(winbind_t)
kernel_list_proc(winbind_t)
kernel_read_proc_symlinks(winbind_t)
@@ -728,6 +744,7 @@
fs_search_auto_mountpoints(winbind_t) fs_search_auto_mountpoints(winbind_t)
auth_domtrans_chk_passwd(winbind_t) auth_domtrans_chk_passwd(winbind_t)
@ -6678,14 +6687,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
domain_use_interactive_fds(winbind_t) domain_use_interactive_fds(winbind_t)
@@ -767,6 +782,7 @@
#
# Winbind helper local policy
#
+corecmd_exec_bin(winbind_t)
allow winbind_helper_t self:unix_dgram_socket create_socket_perms;
allow winbind_helper_t self:unix_stream_socket create_stream_socket_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.0.1/policy/modules/services/sasl.te diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.0.1/policy/modules/services/sasl.te
--- nsaserefpolicy/policy/modules/services/sasl.te 2007-05-29 14:10:57.000000000 -0400 --- nsaserefpolicy/policy/modules/services/sasl.te 2007-05-29 14:10:57.000000000 -0400
+++ serefpolicy-3.0.1/policy/modules/services/sasl.te 2007-06-19 17:06:27.000000000 -0400 +++ serefpolicy-3.0.1/policy/modules/services/sasl.te 2007-06-19 17:06:27.000000000 -0400
@ -8343,7 +8344,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
+/var/log/syslog-ng(/.*)? -- gen_context(system_u:object_r:syslogd_var_run_t,s0) +/var/log/syslog-ng(/.*)? -- gen_context(system_u:object_r:syslogd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.0.1/policy/modules/system/logging.if diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.0.1/policy/modules/system/logging.if
--- nsaserefpolicy/policy/modules/system/logging.if 2007-06-15 14:54:34.000000000 -0400 --- nsaserefpolicy/policy/modules/system/logging.if 2007-06-15 14:54:34.000000000 -0400
+++ serefpolicy-3.0.1/policy/modules/system/logging.if 2007-06-27 10:20:58.000000000 -0400 +++ serefpolicy-3.0.1/policy/modules/system/logging.if 2007-06-27 15:41:00.000000000 -0400
@@ -33,8 +33,13 @@ @@ -33,8 +33,13 @@
## </param> ## </param>
# #
@ -8374,7 +8375,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
+# +#
+interface(`logging_manage_syslog_config',` +interface(`logging_manage_syslog_config',`
+ gen_require(` + gen_require(`
+ type syslogd_etc_t; + type syslog_conf_t;
+ ') + ')
+ +
+ files_search_etc($1) + files_search_etc($1)
@ -10980,18 +10981,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.
+## <summary>Policy for logadm user</summary> +## <summary>Policy for logadm user</summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.te serefpolicy-3.0.1/policy/modules/users/logadm.te diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.te serefpolicy-3.0.1/policy/modules/users/logadm.te
--- nsaserefpolicy/policy/modules/users/logadm.te 1969-12-31 19:00:00.000000000 -0500 --- nsaserefpolicy/policy/modules/users/logadm.te 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-3.0.1/policy/modules/users/logadm.te 2007-06-27 10:21:24.000000000 -0400 +++ serefpolicy-3.0.1/policy/modules/users/logadm.te 2007-06-27 15:31:15.000000000 -0400
@@ -0,0 +1,37 @@ @@ -0,0 +1,33 @@
+policy_module(logadm,1.0.0) +policy_module(logadm,1.0.0)
+ +
+######################################## +########################################
+# +#
+# logadmin local policy +# logadmin local policy
+# +#
+
+type syslog_conf_t;
+files_type(syslog_conf_t)
+
+userdom_base_user_template(logadm) +userdom_base_user_template(logadm)
+ +
+allow logadm_t self:capability { dac_override dac_read_search kill sys_ptrace sys_nice }; +allow logadm_t self:capability { dac_override dac_read_search kill sys_ptrace sys_nice };

5
selinux-policy.spec
View File

@ -17,7 +17,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.0.1 Version: 3.0.1
Release: 2%{?dist} Release: 3%{?dist}
License: GPL License: GPL
Group: System Environment/Base Group: System Environment/Base
Source: serefpolicy-%{version}.tgz Source: serefpolicy-%{version}.tgz
@ -355,6 +355,9 @@ exit 0
%endif %endif
%changelog %changelog
* Wed Jun 26 2007 Dan Walsh <dwalsh@redhat.com> 3.0.1-3
- Fix syslog declaration
* Wed Jun 26 2007 Dan Walsh <dwalsh@redhat.com> 3.0.1-2 * Wed Jun 26 2007 Dan Walsh <dwalsh@redhat.com> 3.0.1-2
- Allow avahi to access inotify - Allow avahi to access inotify
- Remove a lot of bogus security_t:filesystem avcs - Remove a lot of bogus security_t:filesystem avcs