- Allow login programs to set ioctl on /proc

This commit is contained in:
Daniel J Walsh 2007-09-25 14:47:50 +00:00
parent ed4ac3da5c
commit c0aebeb268

View File

@ -6440,7 +6440,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
+/var/tmp/host_0 -- gen_context(system_u:object_r:krb5_host_rcache_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.0.8/policy/modules/services/kerberos.if
--- nsaserefpolicy/policy/modules/services/kerberos.if 2007-07-03 07:06:27.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/services/kerberos.if 2007-09-22 07:42:39.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/services/kerberos.if 2007-09-25 10:30:36.000000000 -0400
@@ -42,6 +42,10 @@
dontaudit $1 krb5_conf_t:file write;
dontaudit $1 krb5kdc_conf_t:dir list_dir_perms;
@ -10456,7 +10456,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
+/var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.0.8/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2007-08-22 07:14:13.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/system/authlogin.if 2007-09-25 10:18:40.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/system/authlogin.if 2007-09-25 10:32:38.000000000 -0400
@@ -26,7 +26,8 @@
type $1_chkpwd_t, can_read_shadow_passwords;
application_domain($1_chkpwd_t,chkpwd_exec_t)
@ -10562,15 +10562,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
corecmd_search_bin($1)
domtrans_pattern($1,chkpwd_exec_t,system_chkpwd_t)
@@ -329,6 +356,7 @@
@@ -329,6 +356,8 @@
optional_policy(`
kerberos_use($1)
+ kerberos_read_keytab($1)
+ kerberos_524_connect($1)
')
optional_policy(`
@@ -347,6 +375,37 @@
@@ -347,6 +376,37 @@
########################################
## <summary>
@ -10608,7 +10609,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
## Get the attributes of the shadow passwords file.
## </summary>
## <param name="domain">
@@ -695,6 +754,24 @@
@@ -695,6 +755,24 @@
########################################
## <summary>
@ -10633,7 +10634,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
## Execute pam programs in the PAM domain.
## </summary>
## <param name="domain">
@@ -1318,14 +1395,9 @@
@@ -1318,14 +1396,9 @@
## </param>
#
interface(`auth_use_nsswitch',`
@ -10648,7 +10649,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
files_list_var_lib($1)
miscfiles_read_certs($1)
@@ -1347,6 +1419,8 @@
@@ -1347,6 +1420,8 @@
optional_policy(`
samba_stream_connect_winbind($1)
@ -10657,7 +10658,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
')
')
@@ -1381,3 +1455,163 @@
@@ -1381,3 +1456,163 @@
typeattribute $1 can_write_shadow_passwords;
typeattribute $1 can_relabelto_shadow_passwords;
')