Fixed mistakes in build.
This commit is contained in:
Lukas Vrabec
parent
a38ffbf425
commit
ba65f59092
@ -20732,7 +20732,7 @@ index dda905b..ccd0ba9 100644
|
|||||||
/var/named/chroot/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
|
/var/named/chroot/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
|
||||||
+')
|
+')
|
||||||
diff --git a/dbus.if b/dbus.if
|
diff --git a/dbus.if b/dbus.if
|
||||||
index 62d22cb..5f27946 100644
|
index 62d22cb..e1b35aa 100644
|
||||||
--- a/dbus.if
|
--- a/dbus.if
|
||||||
+++ b/dbus.if
|
+++ b/dbus.if
|
||||||
@@ -1,4 +1,4 @@
|
@@ -1,4 +1,4 @@
|
||||||
@ -20858,7 +20858,7 @@ index 62d22cb..5f27946 100644
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -103,91 +129,86 @@ template(`dbus_role_template',`
|
@@ -103,91 +129,84 @@ template(`dbus_role_template',`
|
||||||
#
|
#
|
||||||
interface(`dbus_system_bus_client',`
|
interface(`dbus_system_bus_client',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -20868,13 +20868,11 @@ index 62d22cb..5f27946 100644
|
|||||||
+ type system_dbusd_var_run_t, system_dbusd_var_lib_t;
|
+ type system_dbusd_var_run_t, system_dbusd_var_lib_t;
|
||||||
class dbus send_msg;
|
class dbus send_msg;
|
||||||
+ attribute dbusd_unconfined;
|
+ attribute dbusd_unconfined;
|
||||||
+ attribute system_bus_client;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
- typeattribute $1 dbusd_system_bus_client;
|
- typeattribute $1 dbusd_system_bus_client;
|
||||||
-
|
-
|
||||||
+ # SE-DBus specific permissions
|
+ # SE-DBus specific permissions
|
||||||
+ typeattribute $1 system_bus_client;
|
|
||||||
allow $1 { system_dbusd_t self }:dbus send_msg;
|
allow $1 { system_dbusd_t self }:dbus send_msg;
|
||||||
- allow system_dbusd_t $1:dbus send_msg;
|
- allow system_dbusd_t $1:dbus send_msg;
|
||||||
+ allow { system_dbusd_t dbusd_unconfined } $1:dbus send_msg;
|
+ allow { system_dbusd_t dbusd_unconfined } $1:dbus send_msg;
|
||||||
@ -20986,7 +20984,7 @@ index 62d22cb..5f27946 100644
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -195,15 +216,18 @@ interface(`dbus_connect_spec_session_bus',`
|
@@ -195,15 +214,18 @@ interface(`dbus_connect_spec_session_bus',`
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -21011,7 +21009,7 @@ index 62d22cb..5f27946 100644
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -211,57 +235,39 @@ interface(`dbus_session_bus_client',`
|
@@ -211,57 +233,39 @@ interface(`dbus_session_bus_client',`
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -21083,7 +21081,7 @@ index 62d22cb..5f27946 100644
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -269,15 +275,19 @@ interface(`dbus_spec_session_bus_client',`
|
@@ -269,15 +273,19 @@ interface(`dbus_spec_session_bus_client',`
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -21109,7 +21107,7 @@ index 62d22cb..5f27946 100644
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -285,44 +295,52 @@ interface(`dbus_send_session_bus',`
|
@@ -285,44 +293,52 @@ interface(`dbus_send_session_bus',`
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -21176,7 +21174,7 @@ index 62d22cb..5f27946 100644
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -330,18 +348,18 @@ interface(`dbus_send_spec_session_bus',`
|
@@ -330,18 +346,18 @@ interface(`dbus_send_spec_session_bus',`
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -21200,7 +21198,7 @@ index 62d22cb..5f27946 100644
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -349,20 +367,18 @@ interface(`dbus_read_config',`
|
@@ -349,20 +365,18 @@ interface(`dbus_read_config',`
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -21226,7 +21224,7 @@ index 62d22cb..5f27946 100644
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -370,26 +386,20 @@ interface(`dbus_read_lib_files',`
|
@@ -370,26 +384,20 @@ interface(`dbus_read_lib_files',`
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -21259,7 +21257,7 @@ index 62d22cb..5f27946 100644
|
|||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## Type to be used as a domain.
|
## Type to be used as a domain.
|
||||||
@@ -397,81 +407,67 @@ interface(`dbus_manage_lib_files',`
|
@@ -397,81 +405,67 @@ interface(`dbus_manage_lib_files',`
|
||||||
## </param>
|
## </param>
|
||||||
## <param name="entry_point">
|
## <param name="entry_point">
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -21369,7 +21367,7 @@ index 62d22cb..5f27946 100644
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -479,18 +475,18 @@ interface(`dbus_spec_session_domain',`
|
@@ -479,18 +473,18 @@ interface(`dbus_spec_session_domain',`
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -21393,7 +21391,7 @@ index 62d22cb..5f27946 100644
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -498,98 +494,100 @@ interface(`dbus_connect_system_bus',`
|
@@ -498,98 +492,100 @@ interface(`dbus_connect_system_bus',`
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -21537,7 +21535,7 @@ index 62d22cb..5f27946 100644
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -597,28 +595,51 @@ interface(`dbus_use_system_bus_fds',`
|
@@ -597,28 +593,50 @@ interface(`dbus_use_system_bus_fds',`
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -21572,13 +21570,12 @@ index 62d22cb..5f27946 100644
|
|||||||
gen_require(`
|
gen_require(`
|
||||||
- attribute dbusd_unconfined;
|
- attribute dbusd_unconfined;
|
||||||
+ attribute system_bus_type;
|
+ attribute system_bus_type;
|
||||||
+ attribute system_bus_client;
|
|
||||||
+ class dbus send_msg;
|
+ class dbus send_msg;
|
||||||
')
|
')
|
||||||
|
|
||||||
- typeattribute $1 dbusd_unconfined;
|
- typeattribute $1 dbusd_unconfined;
|
||||||
+ allow $1 { system_bus_type system_bus_client }:dbus send_msg;
|
+ allow $1 system_bus_type:dbus send_msg;
|
||||||
+ allow { system_bus_type system_bus_client } $1:dbus send_msg;
|
+ allow system_bus_type $1:dbus send_msg;
|
||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
+#######################################
|
+#######################################
|
||||||
@ -21598,10 +21595,10 @@ index 62d22cb..5f27946 100644
|
|||||||
+ files_var_filetrans($1, system_dbusd_var_lib_t, dir, "ibus")
|
+ files_var_filetrans($1, system_dbusd_var_lib_t, dir, "ibus")
|
||||||
')
|
')
|
||||||
diff --git a/dbus.te b/dbus.te
|
diff --git a/dbus.te b/dbus.te
|
||||||
index c9998c8..4e0254d 100644
|
index c9998c8..94ff984 100644
|
||||||
--- a/dbus.te
|
--- a/dbus.te
|
||||||
+++ b/dbus.te
|
+++ b/dbus.te
|
||||||
@@ -4,17 +4,16 @@ gen_require(`
|
@@ -4,17 +4,15 @@ gen_require(`
|
||||||
class dbus all_dbus_perms;
|
class dbus all_dbus_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -21614,7 +21611,6 @@ index c9998c8..4e0254d 100644
|
|||||||
|
|
||||||
attribute dbusd_unconfined;
|
attribute dbusd_unconfined;
|
||||||
+attribute system_bus_type;
|
+attribute system_bus_type;
|
||||||
+attribute system_bus_client;
|
|
||||||
attribute session_bus_type;
|
attribute session_bus_type;
|
||||||
|
|
||||||
-attribute dbusd_system_bus_client;
|
-attribute dbusd_system_bus_client;
|
||||||
@ -21623,7 +21619,7 @@ index c9998c8..4e0254d 100644
|
|||||||
type dbusd_etc_t;
|
type dbusd_etc_t;
|
||||||
files_config_file(dbusd_etc_t)
|
files_config_file(dbusd_etc_t)
|
||||||
|
|
||||||
@@ -22,9 +21,6 @@ type dbusd_exec_t;
|
@@ -22,9 +20,6 @@ type dbusd_exec_t;
|
||||||
corecmd_executable_file(dbusd_exec_t)
|
corecmd_executable_file(dbusd_exec_t)
|
||||||
typealias dbusd_exec_t alias system_dbusd_exec_t;
|
typealias dbusd_exec_t alias system_dbusd_exec_t;
|
||||||
|
|
||||||
@ -21633,7 +21629,7 @@ index c9998c8..4e0254d 100644
|
|||||||
type session_dbusd_tmp_t;
|
type session_dbusd_tmp_t;
|
||||||
typealias session_dbusd_tmp_t alias { user_dbusd_tmp_t staff_dbusd_tmp_t sysadm_dbusd_tmp_t };
|
typealias session_dbusd_tmp_t alias { user_dbusd_tmp_t staff_dbusd_tmp_t sysadm_dbusd_tmp_t };
|
||||||
typealias session_dbusd_tmp_t alias { auditadm_dbusd_tmp_t secadm_dbusd_tmp_t };
|
typealias session_dbusd_tmp_t alias { auditadm_dbusd_tmp_t secadm_dbusd_tmp_t };
|
||||||
@@ -41,7 +37,8 @@ files_type(system_dbusd_var_lib_t)
|
@@ -41,7 +36,8 @@ files_type(system_dbusd_var_lib_t)
|
||||||
|
|
||||||
type system_dbusd_var_run_t;
|
type system_dbusd_var_run_t;
|
||||||
files_pid_file(system_dbusd_var_run_t)
|
files_pid_file(system_dbusd_var_run_t)
|
||||||
@ -21643,7 +21639,7 @@ index c9998c8..4e0254d 100644
|
|||||||
|
|
||||||
ifdef(`enable_mcs',`
|
ifdef(`enable_mcs',`
|
||||||
init_ranged_system_domain(system_dbusd_t, dbusd_exec_t, s0 - mcs_systemhigh)
|
init_ranged_system_domain(system_dbusd_t, dbusd_exec_t, s0 - mcs_systemhigh)
|
||||||
@@ -51,59 +48,62 @@ ifdef(`enable_mls',`
|
@@ -51,59 +47,62 @@ ifdef(`enable_mls',`
|
||||||
init_ranged_system_domain(system_dbusd_t, dbusd_exec_t, s0 - mls_systemhigh)
|
init_ranged_system_domain(system_dbusd_t, dbusd_exec_t, s0 - mls_systemhigh)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -21723,7 +21719,7 @@ index c9998c8..4e0254d 100644
|
|||||||
mls_fd_use_all_levels(system_dbusd_t)
|
mls_fd_use_all_levels(system_dbusd_t)
|
||||||
mls_rangetrans_target(system_dbusd_t)
|
mls_rangetrans_target(system_dbusd_t)
|
||||||
mls_file_read_all_levels(system_dbusd_t)
|
mls_file_read_all_levels(system_dbusd_t)
|
||||||
@@ -123,66 +123,165 @@ term_dontaudit_use_console(system_dbusd_t)
|
@@ -123,66 +122,165 @@ term_dontaudit_use_console(system_dbusd_t)
|
||||||
auth_use_nsswitch(system_dbusd_t)
|
auth_use_nsswitch(system_dbusd_t)
|
||||||
auth_read_pam_console_data(system_dbusd_t)
|
auth_read_pam_console_data(system_dbusd_t)
|
||||||
|
|
||||||
@ -21903,7 +21899,7 @@ index c9998c8..4e0254d 100644
|
|||||||
kernel_read_kernel_sysctls(session_bus_type)
|
kernel_read_kernel_sysctls(session_bus_type)
|
||||||
|
|
||||||
corecmd_list_bin(session_bus_type)
|
corecmd_list_bin(session_bus_type)
|
||||||
@@ -191,23 +290,18 @@ corecmd_read_bin_files(session_bus_type)
|
@@ -191,23 +289,18 @@ corecmd_read_bin_files(session_bus_type)
|
||||||
corecmd_read_bin_pipes(session_bus_type)
|
corecmd_read_bin_pipes(session_bus_type)
|
||||||
corecmd_read_bin_sockets(session_bus_type)
|
corecmd_read_bin_sockets(session_bus_type)
|
||||||
|
|
||||||
@ -21928,7 +21924,7 @@ index c9998c8..4e0254d 100644
|
|||||||
files_dontaudit_search_var(session_bus_type)
|
files_dontaudit_search_var(session_bus_type)
|
||||||
|
|
||||||
fs_getattr_romfs(session_bus_type)
|
fs_getattr_romfs(session_bus_type)
|
||||||
@@ -215,7 +309,6 @@ fs_getattr_xattr_fs(session_bus_type)
|
@@ -215,7 +308,6 @@ fs_getattr_xattr_fs(session_bus_type)
|
||||||
fs_list_inotifyfs(session_bus_type)
|
fs_list_inotifyfs(session_bus_type)
|
||||||
fs_dontaudit_list_nfs(session_bus_type)
|
fs_dontaudit_list_nfs(session_bus_type)
|
||||||
|
|
||||||
@ -21936,7 +21932,7 @@ index c9998c8..4e0254d 100644
|
|||||||
selinux_validate_context(session_bus_type)
|
selinux_validate_context(session_bus_type)
|
||||||
selinux_compute_access_vector(session_bus_type)
|
selinux_compute_access_vector(session_bus_type)
|
||||||
selinux_compute_create_context(session_bus_type)
|
selinux_compute_create_context(session_bus_type)
|
||||||
@@ -225,18 +318,36 @@ selinux_compute_user_contexts(session_bus_type)
|
@@ -225,18 +317,36 @@ selinux_compute_user_contexts(session_bus_type)
|
||||||
auth_read_pam_console_data(session_bus_type)
|
auth_read_pam_console_data(session_bus_type)
|
||||||
|
|
||||||
logging_send_audit_msgs(session_bus_type)
|
logging_send_audit_msgs(session_bus_type)
|
||||||
@ -21978,7 +21974,7 @@ index c9998c8..4e0254d 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -244,5 +355,9 @@ optional_policy(`
|
@@ -244,5 +354,9 @@ optional_policy(`
|
||||||
# Unconfined access to this module
|
# Unconfined access to this module
|
||||||
#
|
#
|
||||||
|
|
||||||
@ -108556,7 +108552,7 @@ index ae919b9..32cbf8c 100644
|
|||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
diff --git a/wine.if b/wine.if
|
diff --git a/wine.if b/wine.if
|
||||||
index fd2b6cc..111b5b7 100644
|
index fd2b6cc..c5ea35d 100644
|
||||||
--- a/wine.if
|
--- a/wine.if
|
||||||
+++ b/wine.if
|
+++ b/wine.if
|
||||||
@@ -1,46 +1,58 @@
|
@@ -1,46 +1,58 @@
|
||||||
@ -108670,7 +108666,7 @@ index fd2b6cc..111b5b7 100644
|
|||||||
userdom_unpriv_usertype($1, $1_wine_t)
|
userdom_unpriv_usertype($1, $1_wine_t)
|
||||||
- userdom_manage_user_tmpfs_files($1_wine_t)
|
- userdom_manage_user_tmpfs_files($1_wine_t)
|
||||||
+ userdom_manage_tmpfs_role($2, $1_wine_t)
|
+ userdom_manage_tmpfs_role($2, $1_wine_t)
|
||||||
+ userdom_manage_home_role($1_wine_t, $2)
|
+ userdom_manage_home_role($2 ,$1_wine_t)
|
||||||
|
|
||||||
domain_mmap_low($1_wine_t)
|
domain_mmap_low($1_wine_t)
|
||||||
|
|
||||||
|
|||||||
@ -619,6 +619,8 @@ SELinux Reference policy mls base module.
|
|||||||
- Allow nslcd to read /dev/urandom.
|
- Allow nslcd to read /dev/urandom.
|
||||||
- Allow dovecot to create user's home directory when they log into IMAP.
|
- Allow dovecot to create user's home directory when they log into IMAP.
|
||||||
- Label also logrotate.status.tmp as logrotate_var_lib_t. BZ(1158835)
|
- Label also logrotate.status.tmp as logrotate_var_lib_t. BZ(1158835)
|
||||||
|
- Allow wine domains to read user homedir content
|
||||||
|
- Add fixes to allow docker to create more content in tmpfs ,and donaudit reading /proc
|
||||||
|
|
||||||
* Wed Oct 29 2014 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-89
|
* Wed Oct 29 2014 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-89
|
||||||
- Allow keystone_cgi_script_t to bind on commplex_main_port. BZ (#1138424)
|
- Allow keystone_cgi_script_t to bind on commplex_main_port. BZ (#1138424)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user