- Add rules for rtkit-daemon
This commit is contained in:
parent
7b16d569d8
commit
bcc53daced
@ -1701,8 +1701,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+/var/lib/gitosis(/.*)? gen_context(system_u:object_r:gitosis_var_lib_t,s0)
|
+/var/lib/gitosis(/.*)? gen_context(system_u:object_r:gitosis_var_lib_t,s0)
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.if serefpolicy-3.6.20/policy/modules/apps/gitosis.if
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.if serefpolicy-3.6.20/policy/modules/apps/gitosis.if
|
||||||
--- nsaserefpolicy/policy/modules/apps/gitosis.if 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/apps/gitosis.if 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.6.20/policy/modules/apps/gitosis.if 2009-06-26 14:09:22.000000000 -0400
|
+++ serefpolicy-3.6.20/policy/modules/apps/gitosis.if 2009-06-29 12:24:01.000000000 -0400
|
||||||
@@ -0,0 +1,94 @@
|
@@ -0,0 +1,96 @@
|
||||||
+## <summary>gitosis interface</summary>
|
+## <summary>gitosis interface</summary>
|
||||||
+
|
+
|
||||||
+#######################################
|
+#######################################
|
||||||
@ -1771,6 +1771,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+
|
+
|
||||||
+ ')
|
+ ')
|
||||||
+
|
+
|
||||||
|
+ files_search_var_lib($1)
|
||||||
+ read_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
|
+ read_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
|
||||||
+ read_lnk_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
|
+ read_lnk_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
|
||||||
+ list_dirs_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
|
+ list_dirs_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
|
||||||
@ -1793,6 +1794,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+
|
+
|
||||||
+ ')
|
+ ')
|
||||||
+
|
+
|
||||||
|
+ files_search_var_lib($1)
|
||||||
+ manage_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
|
+ manage_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
|
||||||
+ manage_lnk_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
|
+ manage_lnk_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
|
||||||
+ manage_dirs_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
|
+ manage_dirs_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
|
||||||
@ -5444,7 +5446,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+/usr/lib(64)?/gimp/.*/plug-ins(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
+/usr/lib(64)?/gimp/.*/plug-ins(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.6.20/policy/modules/kernel/corecommands.if
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.6.20/policy/modules/kernel/corecommands.if
|
||||||
--- nsaserefpolicy/policy/modules/kernel/corecommands.if 2009-06-26 13:59:17.000000000 -0400
|
--- nsaserefpolicy/policy/modules/kernel/corecommands.if 2009-06-26 13:59:17.000000000 -0400
|
||||||
+++ serefpolicy-3.6.20/policy/modules/kernel/corecommands.if 2009-06-26 14:09:22.000000000 -0400
|
+++ serefpolicy-3.6.20/policy/modules/kernel/corecommands.if 2009-06-29 08:33:09.000000000 -0400
|
||||||
@@ -893,6 +893,7 @@
|
@@ -893,6 +893,7 @@
|
||||||
|
|
||||||
read_lnk_files_pattern($1, bin_t, bin_t)
|
read_lnk_files_pattern($1, bin_t, bin_t)
|
||||||
@ -5791,7 +5793,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
type lvm_control_t;
|
type lvm_control_t;
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.6.20/policy/modules/kernel/domain.if
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.6.20/policy/modules/kernel/domain.if
|
||||||
--- nsaserefpolicy/policy/modules/kernel/domain.if 2009-06-12 09:08:48.000000000 -0400
|
--- nsaserefpolicy/policy/modules/kernel/domain.if 2009-06-12 09:08:48.000000000 -0400
|
||||||
+++ serefpolicy-3.6.20/policy/modules/kernel/domain.if 2009-06-26 14:09:22.000000000 -0400
|
+++ serefpolicy-3.6.20/policy/modules/kernel/domain.if 2009-06-29 08:19:04.000000000 -0400
|
||||||
@@ -44,34 +44,6 @@
|
@@ -44,34 +44,6 @@
|
||||||
interface(`domain_type',`
|
interface(`domain_type',`
|
||||||
# start with basic domain
|
# start with basic domain
|
||||||
@ -5827,7 +5829,32 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -1248,18 +1220,34 @@
|
@@ -791,6 +763,24 @@
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
+## Get the scheduler information of all domains.
|
||||||
|
+## </summary>
|
||||||
|
+## <param name="domain">
|
||||||
|
+## <summary>
|
||||||
|
+## Domain allowed access.
|
||||||
|
+## </summary>
|
||||||
|
+## </param>
|
||||||
|
+#
|
||||||
|
+interface(`domain_getsched_all_domains',`
|
||||||
|
+ gen_require(`
|
||||||
|
+ attribute domain;
|
||||||
|
+ ')
|
||||||
|
+
|
||||||
|
+ allow $1 domain:process getsched;
|
||||||
|
+')
|
||||||
|
+
|
||||||
|
+########################################
|
||||||
|
+## <summary>
|
||||||
|
## Do not audit attempts to get the
|
||||||
|
## session ID of all domains.
|
||||||
|
## </summary>
|
||||||
|
@@ -1248,18 +1238,34 @@
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -5865,7 +5892,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
## Allow specified type to receive labeled
|
## Allow specified type to receive labeled
|
||||||
## networking packets from all domains, over
|
## networking packets from all domains, over
|
||||||
## all protocols (TCP, UDP, etc)
|
## all protocols (TCP, UDP, etc)
|
||||||
@@ -1280,6 +1268,24 @@
|
@@ -1280,6 +1286,24 @@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -13480,6 +13507,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+ mta_manage_spool(dovecot_deliver_t)
|
+ mta_manage_spool(dovecot_deliver_t)
|
||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.te serefpolicy-3.6.20/policy/modules/services/fetchmail.te
|
||||||
|
--- nsaserefpolicy/policy/modules/services/fetchmail.te 2009-06-12 15:45:03.000000000 -0400
|
||||||
|
+++ serefpolicy-3.6.20/policy/modules/services/fetchmail.te 2009-06-29 08:33:22.000000000 -0400
|
||||||
|
@@ -47,6 +47,8 @@
|
||||||
|
kernel_read_proc_symlinks(fetchmail_t)
|
||||||
|
kernel_dontaudit_read_system_state(fetchmail_t)
|
||||||
|
|
||||||
|
+corecmd_exec_shell(fetchmail_t)
|
||||||
|
+
|
||||||
|
corenet_all_recvfrom_unlabeled(fetchmail_t)
|
||||||
|
corenet_all_recvfrom_netlabel(fetchmail_t)
|
||||||
|
corenet_tcp_sendrecv_generic_if(fetchmail_t)
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fprintd.fc serefpolicy-3.6.20/policy/modules/services/fprintd.fc
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fprintd.fc serefpolicy-3.6.20/policy/modules/services/fprintd.fc
|
||||||
--- nsaserefpolicy/policy/modules/services/fprintd.fc 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/services/fprintd.fc 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.6.20/policy/modules/services/fprintd.fc 2009-06-26 14:09:22.000000000 -0400
|
+++ serefpolicy-3.6.20/policy/modules/services/fprintd.fc 2009-06-26 14:09:22.000000000 -0400
|
||||||
@ -19453,8 +19492,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+')
|
+')
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtkit_daemon.te serefpolicy-3.6.20/policy/modules/services/rtkit_daemon.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtkit_daemon.te serefpolicy-3.6.20/policy/modules/services/rtkit_daemon.te
|
||||||
--- nsaserefpolicy/policy/modules/services/rtkit_daemon.te 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/services/rtkit_daemon.te 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.6.20/policy/modules/services/rtkit_daemon.te 2009-06-26 14:09:22.000000000 -0400
|
+++ serefpolicy-3.6.20/policy/modules/services/rtkit_daemon.te 2009-06-29 08:19:15.000000000 -0400
|
||||||
@@ -0,0 +1,33 @@
|
@@ -0,0 +1,36 @@
|
||||||
+policy_module(rtkit_daemon,1.0.0)
|
+policy_module(rtkit_daemon,1.0.0)
|
||||||
+
|
+
|
||||||
+########################################
|
+########################################
|
||||||
@ -19477,6 +19516,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+allow rtkit_daemon_t self:process { setsched getcap setcap setrlimit };
|
+allow rtkit_daemon_t self:process { setsched getcap setcap setrlimit };
|
||||||
+allow rtkit_daemon_t self:capability sys_nice;
|
+allow rtkit_daemon_t self:capability sys_nice;
|
||||||
+
|
+
|
||||||
|
+domain_getsched_all_domains(rtkit_daemon_t)
|
||||||
|
+domain_read_all_domains_state(rtkit_daemon_t)
|
||||||
|
+
|
||||||
+fs_rw_anon_inodefs_files(rtkit_daemon_t)
|
+fs_rw_anon_inodefs_files(rtkit_daemon_t)
|
||||||
+
|
+
|
||||||
+auth_use_nsswitch(rtkit_daemon_t)
|
+auth_use_nsswitch(rtkit_daemon_t)
|
||||||
@ -22020,7 +22062,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+
|
+
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.6.20/policy/modules/services/ssh.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.6.20/policy/modules/services/ssh.te
|
||||||
--- nsaserefpolicy/policy/modules/services/ssh.te 2009-06-26 13:59:19.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/ssh.te 2009-06-26 13:59:19.000000000 -0400
|
||||||
+++ serefpolicy-3.6.20/policy/modules/services/ssh.te 2009-06-26 14:09:22.000000000 -0400
|
+++ serefpolicy-3.6.20/policy/modules/services/ssh.te 2009-06-29 12:21:20.000000000 -0400
|
||||||
@@ -41,6 +41,9 @@
|
@@ -41,6 +41,9 @@
|
||||||
files_tmp_file(sshd_tmp_t)
|
files_tmp_file(sshd_tmp_t)
|
||||||
files_poly_parent(sshd_tmp_t)
|
files_poly_parent(sshd_tmp_t)
|
||||||
@ -22124,7 +22166,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -318,16 +314,30 @@
|
@@ -318,16 +314,34 @@
|
||||||
corenet_tcp_bind_xserver_port(sshd_t)
|
corenet_tcp_bind_xserver_port(sshd_t)
|
||||||
corenet_sendrecv_xserver_server_packets(sshd_t)
|
corenet_sendrecv_xserver_server_packets(sshd_t)
|
||||||
|
|
||||||
@ -22153,11 +22195,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
|
+ gitosis_manage_var_lib(sshd_t)
|
||||||
|
+')
|
||||||
|
+
|
||||||
|
+optional_policy(`
|
||||||
+ xserver_getattr_xauth(sshd_t)
|
+ xserver_getattr_xauth(sshd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -349,7 +359,11 @@
|
@@ -349,7 +363,11 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -22170,7 +22216,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
unconfined_shell_domtrans(sshd_t)
|
unconfined_shell_domtrans(sshd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -408,15 +422,13 @@
|
@@ -408,15 +426,13 @@
|
||||||
init_use_fds(ssh_keygen_t)
|
init_use_fds(ssh_keygen_t)
|
||||||
init_use_script_ptys(ssh_keygen_t)
|
init_use_script_ptys(ssh_keygen_t)
|
||||||
|
|
||||||
|
@ -20,7 +20,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.6.20
|
Version: 3.6.20
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -473,6 +473,9 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jun 30 2009 Dan Walsh <dwalsh@redhat.com> 3.6.20-2
|
||||||
|
- Add rules for rtkit-daemon
|
||||||
|
|
||||||
* Thu Jun 25 2009 Dan Walsh <dwalsh@redhat.com> 3.6.20-1
|
* Thu Jun 25 2009 Dan Walsh <dwalsh@redhat.com> 3.6.20-1
|
||||||
- Update to upstream
|
- Update to upstream
|
||||||
- Fix nlscd_stream_connect
|
- Fix nlscd_stream_connect
|
||||||
|
Loading…
Reference in New Issue
Block a user