Dan Walsh
parent
55e8d8e7cf
commit
c30a9b8718
135
execmem.patch
135
execmem.patch
|
|
@ -1,6 +1,6 @@
|
|||
diff -up serefpolicy-3.10.0/policy/modules/admin/rpm.te.execmem serefpolicy-3.10.0/policy/modules/admin/rpm.te
|
||||
--- serefpolicy-3.10.0/policy/modules/admin/rpm.te.execmem 2011-11-02 16:19:54.192885000 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/admin/rpm.te 2011-11-02 16:19:58.603545000 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/admin/rpm.te.execmem 2011-11-04 16:05:06.562601281 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/admin/rpm.te 2011-11-04 16:05:07.166602835 -0400
|
||||
@@ -419,14 +419,6 @@ optional_policy(`
|
||||
unconfined_domain_noaudit(rpm_script_t)
|
||||
unconfined_domtrans(rpm_script_t)
|
||||
|
|
@ -17,8 +17,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/rpm.te.execmem serefpolicy-3.10
|
|||
|
||||
optional_policy(`
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.fc.execmem serefpolicy-3.10.0/policy/modules/apps/execmem.fc
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/execmem.fc.execmem 2011-11-02 16:19:54.370885000 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/execmem.fc 2011-11-02 16:19:58.609541000 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/execmem.fc.execmem 2011-11-04 16:05:06.586601343 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/execmem.fc 2011-11-04 16:05:07.167602836 -0400
|
||||
@@ -47,3 +47,56 @@ ifdef(`distro_gentoo',`
|
||||
/opt/Komodo-Edit-5/lib/mozilla/komodo-bin -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
||||
/opt/Adobe/Reader9/Reader/intellinux/bin/acroread -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
||||
|
|
@ -77,16 +77,24 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.fc.execmem serefpolicy-3
|
|||
+/usr/bin/gnatmake -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
||||
+/usr/libexec/gcc(/.*)?/gnat1 -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.if.execmem serefpolicy-3.10.0/policy/modules/apps/execmem.if
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/execmem.if.execmem 2011-11-02 16:19:54.372890000 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/execmem.if 2011-11-02 16:19:58.615541000 -0400
|
||||
@@ -129,4 +129,3 @@ interface(`execmem_execmod',`
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/execmem.if.execmem 2011-11-04 16:05:06.587601346 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/execmem.if 2011-11-04 16:05:24.164646504 -0400
|
||||
@@ -57,6 +57,7 @@ template(`execmem_role_template',`
|
||||
role $2 types $1_execmem_t;
|
||||
|
||||
userdom_unpriv_usertype($1, $1_execmem_t)
|
||||
+ userdom_common_user($1_execmem_t)
|
||||
userdom_manage_tmp_role($2, $1_execmem_t)
|
||||
userdom_manage_tmpfs_role($2, $1_execmem_t)
|
||||
|
||||
@@ -129,4 +130,3 @@ interface(`execmem_execmod',`
|
||||
|
||||
allow $1 execmem_exec_t:file execmod;
|
||||
')
|
||||
-
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.te.execmem serefpolicy-3.10.0/policy/modules/apps/execmem.te
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/execmem.te.execmem 2011-11-02 16:19:54.374890000 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/execmem.te 2011-11-02 16:19:58.620541000 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/execmem.te.execmem 2011-11-04 16:05:06.587601346 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/execmem.te 2011-11-04 16:05:07.169602840 -0400
|
||||
@@ -4,7 +4,25 @@ policy_module(execmem, 1.0.0)
|
||||
#
|
||||
# Declarations
|
||||
|
|
@ -115,8 +123,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.te.execmem serefpolicy-3
|
|||
+ nsplugin_rw_semaphores(execmem_type)
|
||||
+')
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.te.execmem serefpolicy-3.10.0/policy/modules/apps/mozilla.te
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/mozilla.te.execmem 2011-11-02 16:19:54.533885000 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/mozilla.te 2011-11-02 16:19:58.629541000 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/mozilla.te.execmem 2011-11-04 16:05:06.609601400 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/mozilla.te 2011-11-04 16:05:07.170602843 -0400
|
||||
@@ -273,10 +273,6 @@ optional_policy(`
|
||||
')
|
||||
|
||||
|
|
@ -139,7 +147,7 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.te.execmem serefpolicy-3
|
|||
optional_policy(`
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.execmem serefpolicy-3.10.0/policy/modules/apps/podsleuth.te
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.execmem 2011-06-27 14:18:04.000000000 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/podsleuth.te 2011-11-02 16:19:58.635560000 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/podsleuth.te 2011-11-04 16:05:07.171602846 -0400
|
||||
@@ -85,5 +85,5 @@ optional_policy(`
|
||||
')
|
||||
|
||||
|
|
@ -148,9 +156,9 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.execmem serefpolicy
|
|||
+ execmem_exec(podsleuth_t)
|
||||
')
|
||||
diff -up serefpolicy-3.10.0/policy/modules/roles/staff.te.execmem serefpolicy-3.10.0/policy/modules/roles/staff.te
|
||||
--- serefpolicy-3.10.0/policy/modules/roles/staff.te.execmem 2011-11-02 16:19:55.151799000 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/roles/staff.te 2011-11-02 16:19:58.642541000 -0400
|
||||
@@ -262,10 +262,6 @@ ifndef(`distro_redhat',`
|
||||
--- serefpolicy-3.10.0/policy/modules/roles/staff.te.execmem 2011-11-04 16:05:06.684601595 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/roles/staff.te 2011-11-04 16:05:07.172602849 -0400
|
||||
@@ -266,10 +266,6 @@ ifndef(`distro_redhat',`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -162,8 +170,8 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/staff.te.execmem serefpolicy-3.
|
|||
')
|
||||
|
||||
diff -up serefpolicy-3.10.0/policy/modules/roles/sysadm.te.execmem serefpolicy-3.10.0/policy/modules/roles/sysadm.te
|
||||
--- serefpolicy-3.10.0/policy/modules/roles/sysadm.te.execmem 2011-11-02 16:19:55.158799000 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/roles/sysadm.te 2011-11-02 16:19:58.650541000 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/roles/sysadm.te.execmem 2011-11-04 16:05:06.685601597 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/roles/sysadm.te 2011-11-04 16:05:07.173602852 -0400
|
||||
@@ -530,10 +530,6 @@ ifndef(`distro_redhat',`
|
||||
')
|
||||
|
||||
|
|
@ -176,8 +184,8 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/sysadm.te.execmem serefpolicy-3
|
|||
')
|
||||
|
||||
diff -up serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.execmem serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te
|
||||
--- serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.execmem 2011-11-02 16:19:58.593541000 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te 2011-11-02 16:20:17.606179000 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.execmem 2011-11-04 16:05:07.157602811 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te 2011-11-04 16:05:07.173602852 -0400
|
||||
@@ -302,10 +302,6 @@ optional_policy(`
|
||||
')
|
||||
|
||||
|
|
@ -204,9 +212,9 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.execmem seref
|
|||
|
||||
tunable_policy(`unconfined_mozilla_plugin_transition', `
|
||||
diff -up serefpolicy-3.10.0/policy/modules/roles/unprivuser.te.execmem serefpolicy-3.10.0/policy/modules/roles/unprivuser.te
|
||||
--- serefpolicy-3.10.0/policy/modules/roles/unprivuser.te.execmem 2011-11-02 16:19:55.173799000 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/roles/unprivuser.te 2011-11-02 16:19:58.666544000 -0400
|
||||
@@ -148,10 +148,6 @@ ifndef(`distro_redhat',`
|
||||
--- serefpolicy-3.10.0/policy/modules/roles/unprivuser.te.execmem 2011-11-04 16:05:06.688601603 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/roles/unprivuser.te 2011-11-04 16:05:07.174602855 -0400
|
||||
@@ -152,10 +152,6 @@ ifndef(`distro_redhat',`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -218,8 +226,8 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/unprivuser.te.execmem serefpoli
|
|||
')
|
||||
|
||||
diff -up serefpolicy-3.10.0/policy/modules/roles/xguest.te.execmem serefpolicy-3.10.0/policy/modules/roles/xguest.te
|
||||
--- serefpolicy-3.10.0/policy/modules/roles/xguest.te.execmem 2011-11-02 16:19:55.184799000 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/roles/xguest.te 2011-11-02 16:19:58.674541000 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/roles/xguest.te.execmem 2011-11-04 16:05:06.690601610 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/roles/xguest.te 2011-11-04 16:05:07.175602857 -0400
|
||||
@@ -107,14 +107,6 @@ optional_policy(`
|
||||
')
|
||||
|
||||
|
|
@ -236,8 +244,8 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/xguest.te.execmem serefpolicy-3
|
|||
')
|
||||
|
||||
diff -up serefpolicy-3.10.0/policy/modules/services/boinc.te.execmem serefpolicy-3.10.0/policy/modules/services/boinc.te
|
||||
--- serefpolicy-3.10.0/policy/modules/services/boinc.te.execmem 2011-11-02 16:19:55.443799000 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/boinc.te 2011-11-02 16:19:58.679549000 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/services/boinc.te.execmem 2011-11-04 16:05:06.724601698 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/boinc.te 2011-11-04 16:05:07.176602859 -0400
|
||||
@@ -170,5 +170,5 @@ miscfiles_read_fonts(boinc_project_t)
|
||||
miscfiles_read_localization(boinc_project_t)
|
||||
|
||||
|
|
@ -246,8 +254,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/boinc.te.execmem serefpolicy
|
|||
+ execmem_exec(boinc_project_t)
|
||||
')
|
||||
diff -up serefpolicy-3.10.0/policy/modules/services/cron.te.execmem serefpolicy-3.10.0/policy/modules/services/cron.te
|
||||
--- serefpolicy-3.10.0/policy/modules/services/cron.te.execmem 2011-11-02 16:19:55.743799000 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/cron.te 2011-11-02 16:19:58.690541000 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/services/cron.te.execmem 2011-11-04 16:05:06.764601800 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/cron.te 2011-11-04 16:05:07.177602861 -0400
|
||||
@@ -299,10 +299,6 @@ optional_policy(`
|
||||
')
|
||||
|
||||
|
|
@ -283,8 +291,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cron.te.execmem serefpolicy-
|
|||
nis_use_ypbind(cronjob_t)
|
||||
')
|
||||
diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.if.execmem serefpolicy-3.10.0/policy/modules/services/hadoop.if
|
||||
--- serefpolicy-3.10.0/policy/modules/services/hadoop.if.execmem 2011-11-02 16:19:56.185713000 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/hadoop.if 2011-11-02 16:19:58.698541000 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/services/hadoop.if.execmem 2011-11-04 16:05:06.825601957 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/hadoop.if 2011-11-04 16:05:07.178602863 -0400
|
||||
@@ -127,7 +127,7 @@ template(`hadoop_domain_template',`
|
||||
|
||||
hadoop_exec_config(hadoop_$1_t)
|
||||
|
|
@ -295,8 +303,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.if.execmem serefpolic
|
|||
kerberos_use(hadoop_$1_t)
|
||||
|
||||
diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.te.execmem serefpolicy-3.10.0/policy/modules/services/hadoop.te
|
||||
--- serefpolicy-3.10.0/policy/modules/services/hadoop.te.execmem 2011-11-02 16:19:56.193713000 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/hadoop.te 2011-11-02 16:19:58.707541000 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/services/hadoop.te.execmem 2011-11-04 16:05:06.826601961 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/hadoop.te 2011-11-04 16:05:07.179602865 -0400
|
||||
@@ -167,7 +167,7 @@ miscfiles_read_localization(hadoop_t)
|
||||
|
||||
userdom_use_inherited_user_terminals(hadoop_t)
|
||||
|
|
@ -322,8 +330,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.te.execmem serefpolic
|
|||
-java_exec(zookeeper_server_t)
|
||||
+execmem_exec(zookeeper_server_t)
|
||||
diff -up serefpolicy-3.10.0/policy/modules/services/xserver.te.execmem serefpolicy-3.10.0/policy/modules/services/xserver.te
|
||||
--- serefpolicy-3.10.0/policy/modules/services/xserver.te.execmem 2011-11-02 16:19:57.848627000 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/xserver.te 2011-11-02 16:19:58.744541000 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/services/xserver.te.execmem 2011-11-04 16:05:07.050602537 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/xserver.te 2011-11-04 16:05:07.181602872 -0400
|
||||
@@ -1250,10 +1250,6 @@ optional_policy(`
|
||||
')
|
||||
|
||||
|
|
@ -336,9 +344,9 @@ diff -up serefpolicy-3.10.0/policy/modules/services/xserver.te.execmem serefpoli
|
|||
rhgb_rw_tmpfs_files(xserver_t)
|
||||
')
|
||||
diff -up serefpolicy-3.10.0/policy/modules/system/init.te.execmem serefpolicy-3.10.0/policy/modules/system/init.te
|
||||
--- serefpolicy-3.10.0/policy/modules/system/init.te.execmem 2011-11-02 16:19:58.044541000 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/system/init.te 2011-11-02 16:19:58.757543000 -0400
|
||||
@@ -1191,10 +1191,6 @@ optional_policy(`
|
||||
--- serefpolicy-3.10.0/policy/modules/system/init.te.execmem 2011-11-04 16:05:07.073602594 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/system/init.te 2011-11-04 16:05:07.182602876 -0400
|
||||
@@ -1196,10 +1196,6 @@ optional_policy(`
|
||||
unconfined_dontaudit_rw_pipes(daemon)
|
||||
')
|
||||
|
||||
|
|
@ -350,8 +358,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/init.te.execmem serefpolicy-3.
|
|||
rpm_transition_script(initrc_t)
|
||||
|
||||
diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.execmem serefpolicy-3.10.0/policy/modules/system/userdomain.if
|
||||
--- serefpolicy-3.10.0/policy/modules/system/userdomain.if.execmem 2011-11-02 16:19:58.435541000 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/system/userdomain.if 2011-11-02 16:19:58.796541000 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/system/userdomain.if.execmem 2011-11-04 16:05:07.118602710 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/system/userdomain.if 2011-11-04 16:05:07.187602887 -0400
|
||||
@@ -1281,14 +1281,6 @@ template(`userdom_unpriv_user_template',
|
||||
')
|
||||
|
||||
|
|
@ -367,19 +375,7 @@ diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.execmem serefpol
|
|||
mount_run_fusermount($1_t, $1_r)
|
||||
mount_read_pid_files($1_t)
|
||||
')
|
||||
diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if~ serefpolicy-3.10.0/policy/modules/system/userdomain.if
|
||||
--- serefpolicy-3.10.0/policy/modules/system/userdomain.if~ 2011-11-04 13:31:34.537348883 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/system/userdomain.if 2011-11-04 15:02:50.404128186 -0400
|
||||
@@ -84,7 +84,7 @@ template(`userdom_base_user_template',`
|
||||
## The user domain
|
||||
## </summary>
|
||||
## </param>
|
||||
-## <rolebase/>
|
||||
+>## <rolebase/>
|
||||
#
|
||||
interface(`userdom_ro_home_role',`
|
||||
gen_require(`
|
||||
@@ -4705,3 +4705,39 @@ interface(`userdom_rw_unpriv_user_semaph
|
||||
@@ -5013,3 +5005,39 @@ interface(`userdom_rw_unpriv_user_semaph
|
||||
|
||||
allow $1 unpriv_userdomain:sem rw_sem_perms;
|
||||
')
|
||||
|
|
@ -419,38 +415,3 @@ diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if~ serefpolicy-3.1
|
|||
+
|
||||
+ typeattribute $1 common_userdomain;
|
||||
+')
|
||||
diff -up serefpolicy-3.10.0/policy/modules/roles/staff.te~ serefpolicy-3.10.0/policy/modules/roles/staff.te
|
||||
--- serefpolicy-3.10.0/policy/modules/roles/staff.te~ 2011-11-04 15:03:32.518287238 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/roles/staff.te 2011-11-04 15:34:10.747481773 -0400
|
||||
@@ -329,3 +329,5 @@ ifndef(`distro_redhat',`
|
||||
tunable_policy(`allow_execmod',`
|
||||
userdom_execmod_user_home_files(staff_usertype)
|
||||
')
|
||||
+
|
||||
+userdom_common_user(staff_execmem_t)
|
||||
diff -up serefpolicy-3.10.0/policy/modules/roles/sysadm.te~ serefpolicy-3.10.0/policy/modules/roles/sysadm.te
|
||||
--- serefpolicy-3.10.0/policy/modules/roles/sysadm.te~ 2011-11-04 15:03:32.812288344 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/roles/sysadm.te 2011-11-04 15:35:11.552671224 -0400
|
||||
@@ -583,3 +583,5 @@ ifndef(`distro_redhat',`
|
||||
xserver_role(sysadm_r, sysadm_t)
|
||||
')
|
||||
')
|
||||
+
|
||||
+userdom_common_user(sysadm_execmem_t)
|
||||
diff -up serefpolicy-3.10.0/policy/modules/roles/unprivuser.te~ serefpolicy-3.10.0/policy/modules/roles/unprivuser.te
|
||||
--- serefpolicy-3.10.0/policy/modules/roles/unprivuser.te~ 2011-11-04 15:03:32.521287248 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/roles/unprivuser.te 2011-11-04 15:34:20.887513436 -0400
|
||||
@@ -220,3 +220,4 @@ ifndef(`distro_redhat',`
|
||||
')
|
||||
')
|
||||
|
||||
+userdom_common_user(user_execmem_t)
|
||||
diff -up serefpolicy-3.10.0/policy/modules/roles/xguest.te~ serefpolicy-3.10.0/policy/modules/roles/xguest.te
|
||||
--- serefpolicy-3.10.0/policy/modules/roles/xguest.te~ 2011-11-04 15:03:32.522287252 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/roles/xguest.te 2011-11-04 15:34:52.250611193 -0400
|
||||
@@ -178,3 +178,5 @@ optional_policy(`
|
||||
')
|
||||
|
||||
gen_user(xguest_u, user, xguest_r, s0, s0)
|
||||
+
|
||||
+userdom_common_user(xguest_execmem_t)
|
||||
|
|
|
|||
831
ptrace.patch
831
ptrace.patch
File diff suppressed because it is too large
Load Diff
104
userdomain.patch
104
userdomain.patch
|
|
@ -1,6 +1,6 @@
|
|||
diff -up serefpolicy-3.10.0/policy/modules/admin/usermanage.if.userdomain serefpolicy-3.10.0/policy/modules/admin/usermanage.if
|
||||
--- serefpolicy-3.10.0/policy/modules/admin/usermanage.if.userdomain 2011-10-24 13:26:35.236337023 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/admin/usermanage.if 2011-10-24 13:26:35.756337065 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/admin/usermanage.if.userdomain 2011-11-04 16:05:53.310721291 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/admin/usermanage.if 2011-11-04 16:05:53.930722881 -0400
|
||||
@@ -308,7 +308,7 @@ interface(`usermanage_run_useradd',`
|
||||
role $2 types useradd_t;
|
||||
|
||||
|
|
@ -11,8 +11,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/usermanage.if.userdomain serefp
|
|||
seutil_run_semanage(useradd_t, $2)
|
||||
|
||||
diff -up serefpolicy-3.10.0/policy/modules/admin/usermanage.te.userdomain serefpolicy-3.10.0/policy/modules/admin/usermanage.te
|
||||
--- serefpolicy-3.10.0/policy/modules/admin/usermanage.te.userdomain 2011-10-24 13:26:35.711337061 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/admin/usermanage.te 2011-10-24 13:26:35.757337065 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/admin/usermanage.te.userdomain 2011-11-04 16:05:53.876722742 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/admin/usermanage.te 2011-11-04 16:05:53.931722884 -0400
|
||||
@@ -517,7 +517,7 @@ seutil_domtrans_setfiles(useradd_t)
|
||||
userdom_use_unpriv_users_fds(useradd_t)
|
||||
# Add/remove user home directories
|
||||
|
|
@ -23,20 +23,20 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/usermanage.te.userdomain serefp
|
|||
mta_manage_spool(useradd_t)
|
||||
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.if.userdomain serefpolicy-3.10.0/policy/modules/apps/execmem.if
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/execmem.if.userdomain 2011-10-24 13:26:35.736337064 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/execmem.if 2011-10-24 13:26:35.757337065 -0400
|
||||
@@ -57,8 +57,6 @@ template(`execmem_role_template',`
|
||||
role $2 types $1_execmem_t;
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/execmem.if.userdomain 2011-11-04 16:05:53.000000000 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/execmem.if 2011-11-04 16:06:10.897766368 -0400
|
||||
@@ -58,8 +58,6 @@ template(`execmem_role_template',`
|
||||
|
||||
userdom_unpriv_usertype($1, $1_execmem_t)
|
||||
userdom_common_user($1_execmem_t)
|
||||
- userdom_manage_tmp_role($2, $1_execmem_t)
|
||||
- userdom_manage_tmpfs_role($2, $1_execmem_t)
|
||||
|
||||
allow $1_execmem_t self:process { execmem execstack };
|
||||
allow $3 $1_execmem_t:process { getattr ptrace noatsecure signal_perms };
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/java.if.userdomain serefpolicy-3.10.0/policy/modules/apps/java.if
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/java.if.userdomain 2011-10-24 13:26:35.255337024 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/java.if 2011-10-24 13:26:35.758337065 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/java.if.userdomain 2011-11-04 16:05:53.331721346 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/java.if 2011-11-04 16:05:53.933722889 -0400
|
||||
@@ -73,7 +73,8 @@ template(`java_role_template',`
|
||||
domain_interactive_fd($1_java_t)
|
||||
|
||||
|
|
@ -48,8 +48,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/java.if.userdomain serefpolicy-3
|
|||
allow $1_java_t self:process { ptrace signal getsched execmem execstack };
|
||||
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/mono.if.userdomain serefpolicy-3.10.0/policy/modules/apps/mono.if
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/mono.if.userdomain 2011-10-24 13:26:35.261337025 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/mono.if 2011-10-24 13:26:35.759337065 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/mono.if.userdomain 2011-11-04 16:05:53.338721365 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/mono.if 2011-11-04 16:05:53.934722892 -0400
|
||||
@@ -49,7 +49,8 @@ template(`mono_role_template',`
|
||||
corecmd_bin_domtrans($1_mono_t, $1_t)
|
||||
|
||||
|
|
@ -61,8 +61,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/mono.if.userdomain serefpolicy-3
|
|||
optional_policy(`
|
||||
xserver_role($1_r, $1_mono_t)
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.if.userdomain serefpolicy-3.10.0/policy/modules/apps/mozilla.if
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/mozilla.if.userdomain 2011-10-24 13:26:35.262337026 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/mozilla.if 2011-10-24 13:26:35.760337065 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/mozilla.if.userdomain 2011-11-04 16:05:53.340721370 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/mozilla.if 2011-11-04 16:05:53.935722894 -0400
|
||||
@@ -51,7 +51,7 @@ interface(`mozilla_role',`
|
||||
mozilla_run_plugin(mozilla_t, $1)
|
||||
mozilla_dbus_chat($2)
|
||||
|
|
@ -73,8 +73,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.if.userdomain serefpolic
|
|||
optional_policy(`
|
||||
nsplugin_role($1, mozilla_t)
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.if.userdomain serefpolicy-3.10.0/policy/modules/apps/nsplugin.if
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/nsplugin.if.userdomain 2011-10-24 13:26:35.267337026 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/nsplugin.if 2011-10-24 13:26:35.762337066 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/nsplugin.if.userdomain 2011-11-04 16:05:53.345721381 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/nsplugin.if 2011-11-04 16:05:53.936722896 -0400
|
||||
@@ -103,7 +103,7 @@ ifdef(`hide_broken_symptoms', `
|
||||
userdom_use_inherited_user_terminals(nsplugin_t)
|
||||
userdom_use_inherited_user_terminals(nsplugin_config_t)
|
||||
|
|
@ -85,8 +85,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.if.userdomain serefpoli
|
|||
optional_policy(`
|
||||
pulseaudio_role($1, nsplugin_t)
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.te.userdomain serefpolicy-3.10.0/policy/modules/apps/nsplugin.te
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/nsplugin.te.userdomain 2011-10-24 13:26:35.267337026 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/nsplugin.te 2011-10-24 13:26:35.763337066 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/nsplugin.te.userdomain 2011-11-04 16:05:53.346721384 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/nsplugin.te 2011-11-04 16:05:53.937722899 -0400
|
||||
@@ -281,6 +281,7 @@ userdom_search_user_home_content(nsplugi
|
||||
userdom_read_user_home_content_symlinks(nsplugin_config_t)
|
||||
userdom_read_user_home_content_files(nsplugin_config_t)
|
||||
|
|
@ -96,8 +96,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.te.userdomain serefpoli
|
|||
tunable_policy(`use_nfs_home_dirs',`
|
||||
fs_getattr_nfs(nsplugin_t)
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/pulseaudio.if.userdomain serefpolicy-3.10.0/policy/modules/apps/pulseaudio.if
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/pulseaudio.if.userdomain 2011-10-24 13:26:35.270337026 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/pulseaudio.if 2011-10-24 13:26:35.763337066 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/pulseaudio.if.userdomain 2011-11-04 16:05:53.350721394 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/pulseaudio.if 2011-11-04 16:05:53.937722899 -0400
|
||||
@@ -35,9 +35,9 @@ interface(`pulseaudio_role',`
|
||||
allow pulseaudio_t $2:unix_stream_socket connectto;
|
||||
allow $2 pulseaudio_t:unix_stream_socket connectto;
|
||||
|
|
@ -112,8 +112,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/pulseaudio.if.userdomain serefpo
|
|||
allow $2 pulseaudio_t:dbus send_msg;
|
||||
allow pulseaudio_t $2:dbus { acquire_svc send_msg };
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/pulseaudio.te.userdomain serefpolicy-3.10.0/policy/modules/apps/pulseaudio.te
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/pulseaudio.te.userdomain 2011-10-24 13:26:35.271337026 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/pulseaudio.te 2011-10-24 13:26:35.764337066 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/pulseaudio.te.userdomain 2011-11-04 16:05:53.350721394 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/pulseaudio.te 2011-11-04 16:05:53.938722902 -0400
|
||||
@@ -95,6 +95,10 @@ logging_send_syslog_msg(pulseaudio_t)
|
||||
|
||||
miscfiles_read_localization(pulseaudio_t)
|
||||
|
|
@ -126,8 +126,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/pulseaudio.te.userdomain serefpo
|
|||
alsa_read_rw_config(pulseaudio_t)
|
||||
')
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/userhelper.if.userdomain serefpolicy-3.10.0/policy/modules/apps/userhelper.if
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/userhelper.if.userdomain 2011-10-24 13:26:35.285337027 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/userhelper.if 2011-10-24 13:26:35.765337066 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/userhelper.if.userdomain 2011-11-04 16:05:53.368721439 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/userhelper.if 2011-11-04 16:05:53.939722905 -0400
|
||||
@@ -294,7 +294,7 @@ template(`userhelper_console_role_templa
|
||||
|
||||
auth_use_pam($1_consolehelper_t)
|
||||
|
|
@ -138,8 +138,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/userhelper.if.userdomain serefpo
|
|||
optional_policy(`
|
||||
dbus_connect_session_bus($1_consolehelper_t)
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/userhelper.te.userdomain serefpolicy-3.10.0/policy/modules/apps/userhelper.te
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/userhelper.te.userdomain 2011-10-24 13:26:35.285337027 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/userhelper.te 2011-10-24 13:26:35.766337066 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/userhelper.te.userdomain 2011-11-04 16:05:53.369721443 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/userhelper.te 2011-11-04 16:05:53.940722908 -0400
|
||||
@@ -65,6 +65,7 @@ userhelper_exec(consolehelper_domain)
|
||||
userdom_use_user_ptys(consolehelper_domain)
|
||||
userdom_use_user_ttys(consolehelper_domain)
|
||||
|
|
@ -149,8 +149,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/userhelper.te.userdomain serefpo
|
|||
optional_policy(`
|
||||
gnome_read_gconf_home_files(consolehelper_domain)
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/wine.if.userdomain serefpolicy-3.10.0/policy/modules/apps/wine.if
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/wine.if.userdomain 2011-10-24 13:26:35.289337027 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/wine.if 2011-10-24 13:26:35.766337066 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/wine.if.userdomain 2011-11-04 16:05:53.374721456 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/wine.if 2011-11-04 16:05:53.940722908 -0400
|
||||
@@ -105,7 +105,8 @@ template(`wine_role_template',`
|
||||
corecmd_bin_domtrans($1_wine_t, $1_t)
|
||||
|
||||
|
|
@ -162,8 +162,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/wine.if.userdomain serefpolicy-3
|
|||
domain_mmap_low($1_wine_t)
|
||||
|
||||
diff -up serefpolicy-3.10.0/policy/modules/apps/wm.if.userdomain serefpolicy-3.10.0/policy/modules/apps/wm.if
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/wm.if.userdomain 2011-10-24 13:26:35.291337027 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/wm.if 2011-10-24 13:26:35.767337066 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/apps/wm.if.userdomain 2011-11-04 16:05:53.376721460 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/apps/wm.if 2011-11-04 16:05:53.941722910 -0400
|
||||
@@ -77,9 +77,13 @@ template(`wm_role_template',`
|
||||
miscfiles_read_fonts($1_wm_t)
|
||||
miscfiles_read_localization($1_wm_t)
|
||||
|
|
@ -182,8 +182,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/wm.if.userdomain serefpolicy-3.1
|
|||
|
||||
optional_policy(`
|
||||
diff -up serefpolicy-3.10.0/policy/modules/roles/sysadm.te.userdomain serefpolicy-3.10.0/policy/modules/roles/sysadm.te
|
||||
--- serefpolicy-3.10.0/policy/modules/roles/sysadm.te.userdomain 2011-10-24 13:26:35.739337064 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/roles/sysadm.te 2011-10-24 13:26:35.768337066 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/roles/sysadm.te.userdomain 2011-11-04 16:05:53.907722823 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/roles/sysadm.te 2011-11-04 16:05:53.942722912 -0400
|
||||
@@ -61,7 +61,8 @@ sysnet_filetrans_named_content(sysadm_t)
|
||||
# Add/remove user home directories
|
||||
userdom_manage_user_home_dirs(sysadm_t)
|
||||
|
|
@ -195,8 +195,8 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/sysadm.te.userdomain serefpolic
|
|||
optional_policy(`
|
||||
alsa_filetrans_named_content(sysadm_t)
|
||||
diff -up serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.userdomain serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te
|
||||
--- serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.userdomain 2011-10-24 13:26:35.740337064 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te 2011-10-24 13:26:35.777337067 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.userdomain 2011-11-04 16:05:53.908722825 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te 2011-11-04 16:05:53.943722914 -0400
|
||||
@@ -45,9 +45,12 @@ gen_tunable(unconfined_login, true)
|
||||
# calls is not correct, however we dont currently
|
||||
# have another method to add access to these types
|
||||
|
|
@ -213,7 +213,7 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.userdomain se
|
|||
userdom_unpriv_usertype(unconfined, unconfined_t)
|
||||
|
||||
type unconfined_exec_t;
|
||||
@@ -347,9 +350,13 @@ optional_policy(`
|
||||
@@ -309,9 +312,13 @@ optional_policy(`
|
||||
lpd_run_checkpc(unconfined_t, unconfined_r)
|
||||
')
|
||||
|
||||
|
|
@ -231,8 +231,8 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.userdomain se
|
|||
optional_policy(`
|
||||
modutils_run_update_mods(unconfined_t, unconfined_r)
|
||||
diff -up serefpolicy-3.10.0/policy/modules/services/rshd.te.userdomain serefpolicy-3.10.0/policy/modules/services/rshd.te
|
||||
--- serefpolicy-3.10.0/policy/modules/services/rshd.te.userdomain 2011-10-24 13:26:35.572337050 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/rshd.te 2011-10-24 13:26:35.769337066 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/services/rshd.te.userdomain 2011-11-04 16:05:53.712722323 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/rshd.te 2011-11-04 16:05:53.944722916 -0400
|
||||
@@ -66,7 +66,7 @@ seutil_read_config(rshd_t)
|
||||
seutil_read_default_contexts(rshd_t)
|
||||
|
||||
|
|
@ -243,8 +243,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/rshd.te.userdomain serefpoli
|
|||
tunable_policy(`use_nfs_home_dirs',`
|
||||
fs_read_nfs_files(rshd_t)
|
||||
diff -up serefpolicy-3.10.0/policy/modules/services/ssh.if.userdomain serefpolicy-3.10.0/policy/modules/services/ssh.if
|
||||
--- serefpolicy-3.10.0/policy/modules/services/ssh.if.userdomain 2011-10-24 13:26:35.601337052 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/ssh.if 2011-10-24 13:26:35.770337066 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/services/ssh.if.userdomain 2011-11-04 16:05:53.743722402 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/ssh.if 2011-11-04 16:05:53.945722918 -0400
|
||||
@@ -380,7 +380,7 @@ template(`ssh_role_template',`
|
||||
manage_lnk_files_pattern($3, ssh_home_t, ssh_home_t)
|
||||
manage_sock_files_pattern($3, ssh_home_t, ssh_home_t)
|
||||
|
|
@ -255,8 +255,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ssh.if.userdomain serefpolic
|
|||
##############################
|
||||
#
|
||||
diff -up serefpolicy-3.10.0/policy/modules/services/ssh.te.userdomain serefpolicy-3.10.0/policy/modules/services/ssh.te
|
||||
--- serefpolicy-3.10.0/policy/modules/services/ssh.te.userdomain 2011-10-24 13:26:35.602337053 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/ssh.te 2011-10-24 13:26:35.771337066 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/services/ssh.te.userdomain 2011-11-04 16:05:53.744722405 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/ssh.te 2011-11-04 16:05:53.946722921 -0400
|
||||
@@ -200,6 +200,7 @@ userdom_read_user_tmp_files(ssh_t)
|
||||
userdom_write_user_tmp_files(ssh_t)
|
||||
userdom_read_user_home_content_symlinks(ssh_t)
|
||||
|
|
@ -275,9 +275,9 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ssh.te.userdomain serefpolic
|
|||
userdom_signal_unpriv_users(sshd_t)
|
||||
userdom_dyntransition_unpriv_users(sshd_t)
|
||||
diff -up serefpolicy-3.10.0/policy/modules/services/sssd.te.userdomain serefpolicy-3.10.0/policy/modules/services/sssd.te
|
||||
--- serefpolicy-3.10.0/policy/modules/services/sssd.te.userdomain 2011-10-24 13:26:35.603337053 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/sssd.te 2011-10-24 13:26:35.772337066 -0400
|
||||
@@ -93,7 +93,7 @@ miscfiles_read_generic_certs(sssd_t)
|
||||
--- serefpolicy-3.10.0/policy/modules/services/sssd.te.userdomain 2011-11-04 16:05:53.746722410 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/sssd.te 2011-11-04 16:05:53.947722925 -0400
|
||||
@@ -97,7 +97,7 @@ miscfiles_read_generic_certs(sssd_t)
|
||||
sysnet_dns_name_resolve(sssd_t)
|
||||
sysnet_use_ldap(sssd_t)
|
||||
|
||||
|
|
@ -287,9 +287,9 @@ diff -up serefpolicy-3.10.0/policy/modules/services/sssd.te.userdomain serefpoli
|
|||
optional_policy(`
|
||||
dbus_system_bus_client(sssd_t)
|
||||
diff -up serefpolicy-3.10.0/policy/modules/services/xserver.te.userdomain serefpolicy-3.10.0/policy/modules/services/xserver.te
|
||||
--- serefpolicy-3.10.0/policy/modules/services/xserver.te.userdomain 2011-10-24 13:26:35.746337064 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/xserver.te 2011-10-24 13:26:35.773337067 -0400
|
||||
@@ -671,7 +671,7 @@ userdom_stream_connect(xdm_t)
|
||||
--- serefpolicy-3.10.0/policy/modules/services/xserver.te.userdomain 2011-11-04 16:05:53.915722843 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/services/xserver.te 2011-11-04 16:05:53.948722929 -0400
|
||||
@@ -672,7 +672,7 @@ userdom_stream_connect(xdm_t)
|
||||
userdom_manage_user_tmp_dirs(xdm_t)
|
||||
userdom_manage_user_tmp_files(xdm_t)
|
||||
userdom_manage_user_tmp_sockets(xdm_t)
|
||||
|
|
@ -299,8 +299,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/xserver.te.userdomain serefp
|
|||
application_signal(xdm_t)
|
||||
|
||||
diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.userdomain serefpolicy-3.10.0/policy/modules/system/userdomain.if
|
||||
--- serefpolicy-3.10.0/policy/modules/system/userdomain.if.userdomain 2011-10-24 13:26:35.749337065 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/system/userdomain.if 2011-10-24 13:27:29.940341512 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/system/userdomain.if.userdomain 2011-11-04 16:05:53.920722856 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/system/userdomain.if 2011-11-04 16:05:53.951722936 -0400
|
||||
@@ -35,21 +35,14 @@ template(`userdom_base_user_template',`
|
||||
type $1_t, userdomain, $1_usertype;
|
||||
domain_type($1_t)
|
||||
|
|
@ -988,7 +988,7 @@ diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.userdomain seref
|
|||
##############################
|
||||
#
|
||||
# Local policy
|
||||
@@ -3929,6 +3617,10 @@ template(`userdom_unpriv_usertype',`
|
||||
@@ -3965,6 +3653,10 @@ template(`userdom_unpriv_usertype',`
|
||||
|
||||
auth_use_nsswitch($2)
|
||||
ubac_constrained($2)
|
||||
|
|
@ -1000,8 +1000,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.userdomain seref
|
|||
|
||||
########################################
|
||||
diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.te.userdomain serefpolicy-3.10.0/policy/modules/system/userdomain.te
|
||||
--- serefpolicy-3.10.0/policy/modules/system/userdomain.te.userdomain 2011-10-24 13:26:35.691337060 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/system/userdomain.te 2011-10-24 13:26:35.776337067 -0400
|
||||
--- serefpolicy-3.10.0/policy/modules/system/userdomain.te.userdomain 2011-11-04 16:05:53.852722681 -0400
|
||||
+++ serefpolicy-3.10.0/policy/modules/system/userdomain.te 2011-11-04 16:05:53.953722940 -0400
|
||||
@@ -69,6 +69,8 @@ attribute userdomain;
|
||||
|
||||
# unprivileged user domains
|
||||
|
|
|
|||
Loading…
Reference in New Issue