- Allow login programs to set ioctl on /proc
This commit is contained in:
Daniel J Walsh
parent
ed4ac3da5c
commit
c0aebeb268
@ -6440,7 +6440,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
|
|||||||
+/var/tmp/host_0 -- gen_context(system_u:object_r:krb5_host_rcache_t,s0)
|
+/var/tmp/host_0 -- gen_context(system_u:object_r:krb5_host_rcache_t,s0)
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.0.8/policy/modules/services/kerberos.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.0.8/policy/modules/services/kerberos.if
|
||||||
--- nsaserefpolicy/policy/modules/services/kerberos.if 2007-07-03 07:06:27.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/kerberos.if 2007-07-03 07:06:27.000000000 -0400
|
||||||
+++ serefpolicy-3.0.8/policy/modules/services/kerberos.if 2007-09-22 07:42:39.000000000 -0400
|
+++ serefpolicy-3.0.8/policy/modules/services/kerberos.if 2007-09-25 10:30:36.000000000 -0400
|
||||||
@@ -42,6 +42,10 @@
|
@@ -42,6 +42,10 @@
|
||||||
dontaudit $1 krb5_conf_t:file write;
|
dontaudit $1 krb5_conf_t:file write;
|
||||||
dontaudit $1 krb5kdc_conf_t:dir list_dir_perms;
|
dontaudit $1 krb5kdc_conf_t:dir list_dir_perms;
|
||||||
@ -10456,7 +10456,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||||||
+/var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0)
|
+/var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0)
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.0.8/policy/modules/system/authlogin.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.0.8/policy/modules/system/authlogin.if
|
||||||
--- nsaserefpolicy/policy/modules/system/authlogin.if 2007-08-22 07:14:13.000000000 -0400
|
--- nsaserefpolicy/policy/modules/system/authlogin.if 2007-08-22 07:14:13.000000000 -0400
|
||||||
+++ serefpolicy-3.0.8/policy/modules/system/authlogin.if 2007-09-25 10:18:40.000000000 -0400
|
+++ serefpolicy-3.0.8/policy/modules/system/authlogin.if 2007-09-25 10:32:38.000000000 -0400
|
||||||
@@ -26,7 +26,8 @@
|
@@ -26,7 +26,8 @@
|
||||||
type $1_chkpwd_t, can_read_shadow_passwords;
|
type $1_chkpwd_t, can_read_shadow_passwords;
|
||||||
application_domain($1_chkpwd_t,chkpwd_exec_t)
|
application_domain($1_chkpwd_t,chkpwd_exec_t)
|
||||||
@ -10562,15 +10562,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||||||
corecmd_search_bin($1)
|
corecmd_search_bin($1)
|
||||||
domtrans_pattern($1,chkpwd_exec_t,system_chkpwd_t)
|
domtrans_pattern($1,chkpwd_exec_t,system_chkpwd_t)
|
||||||
|
|
||||||
@@ -329,6 +356,7 @@
|
@@ -329,6 +356,8 @@
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
kerberos_use($1)
|
kerberos_use($1)
|
||||||
+ kerberos_read_keytab($1)
|
+ kerberos_read_keytab($1)
|
||||||
|
+ kerberos_524_connect($1)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -347,6 +375,37 @@
|
@@ -347,6 +376,37 @@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -10608,7 +10609,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||||||
## Get the attributes of the shadow passwords file.
|
## Get the attributes of the shadow passwords file.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
@@ -695,6 +754,24 @@
|
@@ -695,6 +755,24 @@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -10633,7 +10634,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||||||
## Execute pam programs in the PAM domain.
|
## Execute pam programs in the PAM domain.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
@@ -1318,14 +1395,9 @@
|
@@ -1318,14 +1396,9 @@
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`auth_use_nsswitch',`
|
interface(`auth_use_nsswitch',`
|
||||||
@ -10648,7 +10649,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||||||
files_list_var_lib($1)
|
files_list_var_lib($1)
|
||||||
|
|
||||||
miscfiles_read_certs($1)
|
miscfiles_read_certs($1)
|
||||||
@@ -1347,6 +1419,8 @@
|
@@ -1347,6 +1420,8 @@
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
samba_stream_connect_winbind($1)
|
samba_stream_connect_winbind($1)
|
||||||
@ -10657,7 +10658,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
|||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -1381,3 +1455,163 @@
|
@@ -1381,3 +1456,163 @@
|
||||||
typeattribute $1 can_write_shadow_passwords;
|
typeattribute $1 can_write_shadow_passwords;
|
||||||
typeattribute $1 can_relabelto_shadow_passwords;
|
typeattribute $1 can_relabelto_shadow_passwords;
|
||||||
')
|
')
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user