- Allow mdadm to read/write mls override
This commit is contained in:
Daniel J Walsh
parent
095146a89d
commit
bfc78b6af9
@ -9869,7 +9869,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.6.9/policy/modules/services/cups.fc
|
||||
--- nsaserefpolicy/policy/modules/services/cups.fc 2008-08-07 11:15:11.000000000 -0400
|
||||
+++ serefpolicy-3.6.9/policy/modules/services/cups.fc 2009-03-12 13:35:00.000000000 -0400
|
||||
+++ serefpolicy-3.6.9/policy/modules/services/cups.fc 2009-03-18 09:22:37.000000000 -0400
|
||||
@@ -5,27 +5,38 @@
|
||||
/etc/cups/classes\.conf.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
|
||||
/etc/cups/cupsd\.conf.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
|
||||
@ -11036,8 +11036,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.te serefpolicy-3.6.9/policy/modules/services/devicekit.te
|
||||
--- nsaserefpolicy/policy/modules/services/devicekit.te 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ serefpolicy-3.6.9/policy/modules/services/devicekit.te 2009-03-17 15:39:17.000000000 -0400
|
||||
@@ -0,0 +1,209 @@
|
||||
+++ serefpolicy-3.6.9/policy/modules/services/devicekit.te 2009-03-18 09:06:43.000000000 -0400
|
||||
@@ -0,0 +1,210 @@
|
||||
+policy_module(devicekit,1.0.0)
|
||||
+
|
||||
+########################################
|
||||
@ -11204,6 +11204,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+
|
||||
+files_manage_mnt_dirs(devicekit_disk_t)
|
||||
+files_read_etc_files(devicekit_disk_t)
|
||||
+files_read_etc_runtime_files(devicekit_disk_t)
|
||||
+files_read_usr_files(devicekit_disk_t)
|
||||
+
|
||||
+fs_list_inotifyfs(devicekit_disk_t)
|
||||
@ -12219,6 +12220,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+ polkit_read_reload(gnomeclock_t)
|
||||
+')
|
||||
+
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.te serefpolicy-3.6.9/policy/modules/services/gpm.te
|
||||
--- nsaserefpolicy/policy/modules/services/gpm.te 2009-01-05 15:39:43.000000000 -0500
|
||||
+++ serefpolicy-3.6.9/policy/modules/services/gpm.te 2009-03-18 08:58:52.000000000 -0400
|
||||
@@ -54,6 +54,8 @@
|
||||
dev_rw_input_dev(gpm_t)
|
||||
dev_rw_mouse(gpm_t)
|
||||
|
||||
+files_read_etc_files(gpm_t)
|
||||
+
|
||||
fs_getattr_all_fs(gpm_t)
|
||||
fs_search_auto_mountpoints(gpm_t)
|
||||
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.fc serefpolicy-3.6.9/policy/modules/services/gpsd.fc
|
||||
--- nsaserefpolicy/policy/modules/services/gpsd.fc 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ serefpolicy-3.6.9/policy/modules/services/gpsd.fc 2009-03-12 13:35:00.000000000 -0400
|
||||
@ -24851,7 +24864,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+miscfiles_read_localization(iscsid_t)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.9/policy/modules/system/libraries.fc
|
||||
--- nsaserefpolicy/policy/modules/system/libraries.fc 2009-01-05 15:39:43.000000000 -0500
|
||||
+++ serefpolicy-3.6.9/policy/modules/system/libraries.fc 2009-03-12 13:35:00.000000000 -0400
|
||||
+++ serefpolicy-3.6.9/policy/modules/system/libraries.fc 2009-03-18 09:23:12.000000000 -0400
|
||||
@@ -60,12 +60,15 @@
|
||||
#
|
||||
# /opt
|
||||
@ -25000,7 +25013,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
ifdef(`distro_suse',`
|
||||
/var/lib/samba/bin/.+\.so(\.[^/]*)* -l gen_context(system_u:object_r:lib_t,s0)
|
||||
')
|
||||
@@ -310,3 +336,30 @@
|
||||
@@ -310,3 +336,32 @@
|
||||
/var/spool/postfix/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
|
||||
/var/spool/postfix/usr(/.*)? gen_context(system_u:object_r:lib_t,s0)
|
||||
/var/spool/postfix/lib(64)?/ld.*\.so.* -- gen_context(system_u:object_r:ld_so_t,s0)
|
||||
@ -25031,6 +25044,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+/usr/matlab.*\.so(\.[^/]*)* gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
+/opt/local/matlab.*\.so(\.[^/]*)* gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
+/usr/local/matlab.*\.so(\.[^/]*)* gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
+
|
||||
+/usr/lib/libcncpmslld328\.so(\.[^/]*)* gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.6.9/policy/modules/system/libraries.te
|
||||
--- nsaserefpolicy/policy/modules/system/libraries.te 2009-01-05 15:39:43.000000000 -0500
|
||||
+++ serefpolicy-3.6.9/policy/modules/system/libraries.te 2009-03-12 13:35:00.000000000 -0400
|
||||
@ -25991,7 +26006,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.6.9/policy/modules/system/raid.te
|
||||
--- nsaserefpolicy/policy/modules/system/raid.te 2009-01-05 15:39:43.000000000 -0500
|
||||
+++ serefpolicy-3.6.9/policy/modules/system/raid.te 2009-03-12 13:35:00.000000000 -0400
|
||||
+++ serefpolicy-3.6.9/policy/modules/system/raid.te 2009-03-18 14:48:18.000000000 -0400
|
||||
@@ -39,6 +39,7 @@
|
||||
dev_dontaudit_getattr_generic_files(mdadm_t)
|
||||
dev_dontaudit_getattr_generic_chr_files(mdadm_t)
|
||||
@ -26000,6 +26015,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
fs_search_auto_mountpoints(mdadm_t)
|
||||
fs_dontaudit_list_tmpfs(mdadm_t)
|
||||
@@ -48,6 +49,9 @@
|
||||
storage_dev_filetrans_fixed_disk(mdadm_t)
|
||||
storage_read_scsi_generic(mdadm_t)
|
||||
|
||||
+mls_file_read_all_levels(mdadm_t)
|
||||
+mls_file_write_all_levels(mdadm_t)
|
||||
+
|
||||
term_dontaudit_list_ptys(mdadm_t)
|
||||
|
||||
# Helper program access
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.6.9/policy/modules/system/selinuxutil.fc
|
||||
--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2008-08-07 11:15:12.000000000 -0400
|
||||
+++ serefpolicy-3.6.9/policy/modules/system/selinuxutil.fc 2009-03-12 13:35:00.000000000 -0400
|
||||
|
||||
@ -20,7 +20,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.6.9
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
@ -444,6 +444,9 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Mar 18 2009 Dan Walsh <dwalsh@redhat.com> 3.6.9-4
|
||||
- Allow mdadm to read/write mls override
|
||||
|
||||
* Tue Mar 17 2009 Dan Walsh <dwalsh@redhat.com> 3.6.9-3
|
||||
- Change to svirt to only access svirt_image_t
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user