rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Add cron_role back to user domains

Browse Source
This commit is contained in:
Daniel J Walsh 2008-12-10 14:48:31 +00:00
parent fd2b62ea68
commit b88015a75b
1 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
policy-20081111.patch
View File

@ -2962,7 +2962,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ +
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.6.1/policy/modules/apps/podsleuth.te diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.6.1/policy/modules/apps/podsleuth.te
--- nsaserefpolicy/policy/modules/apps/podsleuth.te 2008-11-11 16:13:42.000000000 -0500 --- nsaserefpolicy/policy/modules/apps/podsleuth.te 2008-11-11 16:13:42.000000000 -0500
+++ serefpolicy-3.6.1/policy/modules/apps/podsleuth.te 2008-12-09 14:43:32.000000000 -0500 +++ serefpolicy-3.6.1/policy/modules/apps/podsleuth.te 2008-12-10 08:55:47.000000000 -0500
@@ -11,21 +11,58 @@ @@ -11,21 +11,58 @@
application_domain(podsleuth_t, podsleuth_exec_t) application_domain(podsleuth_t, podsleuth_exec_t)
role system_r types podsleuth_t; role system_r types podsleuth_t;
@ -3002,9 +3002,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+fs_read_dos_files(podsleuth_t) +fs_read_dos_files(podsleuth_t)
+fs_search_dos(podsleuth_t) +fs_search_dos(podsleuth_t)
+ +
+fs_mount_nfs_fs(podsleuth_t) +fs_mount_nfs(podsleuth_t)
+fs_unmount_nfs_fs(podsleuth_t) +fs_unmount_nfs(podsleuth_t)
+fs_getattr_nfs_fs(podsleuth_t) +fs_getattr_nfs(podsleuth_t)
+fs_read_nfs_files(podsleuth_t) +fs_read_nfs_files(podsleuth_t)
+fs_search_nfs(podsleuth_t) +fs_search_nfs(podsleuth_t)
+ +
@ -11931,7 +11931,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
######################################## ########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.1/policy/modules/services/hal.te diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.1/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2008-11-19 11:51:44.000000000 -0500 --- nsaserefpolicy/policy/modules/services/hal.te 2008-11-19 11:51:44.000000000 -0500
+++ serefpolicy-3.6.1/policy/modules/services/hal.te 2008-11-25 09:45:43.000000000 -0500 +++ serefpolicy-3.6.1/policy/modules/services/hal.te 2008-12-10 09:03:53.000000000 -0500
@@ -49,6 +49,9 @@ @@ -49,6 +49,9 @@
type hald_var_lib_t; type hald_var_lib_t;
files_type(hald_var_lib_t) files_type(hald_var_lib_t)
@ -11981,7 +11981,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow hald_acl_t self:process { getattr signal }; allow hald_acl_t self:process { getattr signal };
allow hald_acl_t self:fifo_file rw_fifo_file_perms; allow hald_acl_t self:fifo_file rw_fifo_file_perms;
@@ -346,6 +360,11 @@ @@ -346,12 +360,17 @@
miscfiles_read_localization(hald_acl_t) miscfiles_read_localization(hald_acl_t)
@ -11993,6 +11993,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
######################################## ########################################
# #
# Local hald mac policy # Local hald mac policy
#
-allow hald_mac_t self:capability { setgid setuid };
+allow hald_mac_t self:capability { setgid setuid sys_admin };
domtrans_pattern(hald_t, hald_mac_exec_t, hald_mac_t)
allow hald_t hald_mac_t:process signal;
@@ -418,3 +437,7 @@ @@ -418,3 +437,7 @@
files_read_usr_files(hald_keymap_t) files_read_usr_files(hald_keymap_t)