- Fix to add xguest account when inititial install
This commit is contained in:
Daniel J Walsh
parent
d90a3db27d
commit
c67a1217e2
|
|
@ -1239,7 +1239,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc
|
|||
/usr/libexec/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.0.8/policy/modules/apps/gnome.if
|
||||
--- nsaserefpolicy/policy/modules/apps/gnome.if 2007-07-25 10:37:37.000000000 -0400
|
||||
+++ serefpolicy-3.0.8/policy/modules/apps/gnome.if 2007-09-17 16:20:18.000000000 -0400
|
||||
+++ serefpolicy-3.0.8/policy/modules/apps/gnome.if 2007-09-20 10:51:59.000000000 -0400
|
||||
@@ -33,6 +33,51 @@
|
||||
## </param>
|
||||
#
|
||||
|
|
@ -7945,7 +7945,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcb
|
|||
manage_files_pattern(rpcbind_t,rpcbind_var_run_t,rpcbind_var_run_t)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.0.8/policy/modules/services/rpc.if
|
||||
--- nsaserefpolicy/policy/modules/services/rpc.if 2007-07-03 07:06:27.000000000 -0400
|
||||
+++ serefpolicy-3.0.8/policy/modules/services/rpc.if 2007-09-17 16:20:18.000000000 -0400
|
||||
+++ serefpolicy-3.0.8/policy/modules/services/rpc.if 2007-09-20 10:47:23.000000000 -0400
|
||||
@@ -89,8 +89,11 @@
|
||||
# bind to arbitary unused ports
|
||||
corenet_tcp_bind_generic_port($1_t)
|
||||
|
|
@ -7959,6 +7959,31 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
|
|||
|
||||
fs_rw_rpc_named_pipes($1_t)
|
||||
fs_search_auto_mountpoints($1_t)
|
||||
@@ -214,6 +217,24 @@
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
+## Execute domain in nfsd domain.
|
||||
+## </summary>
|
||||
+## <param name="domain">
|
||||
+## <summary>
|
||||
+## The type of the process performing this action.
|
||||
+## </summary>
|
||||
+## </param>
|
||||
+#
|
||||
+interface(`rpc_domtrans_rpcd',`
|
||||
+ gen_require(`
|
||||
+ type rpcd_t, rpcd_exec_t;
|
||||
+ ')
|
||||
+
|
||||
+ domtrans_pattern($1,rpcd_exec_t,rpcd_t)
|
||||
+')
|
||||
+
|
||||
+########################################
|
||||
+## <summary>
|
||||
## Read NFS exported content.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.0.8/policy/modules/services/rpc.te
|
||||
--- nsaserefpolicy/policy/modules/services/rpc.te 2007-07-25 10:37:42.000000000 -0400
|
||||
+++ serefpolicy-3.0.8/policy/modules/services/rpc.te 2007-09-17 16:20:18.000000000 -0400
|
||||
|
|
@ -9464,7 +9489,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
/var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.0.8/policy/modules/services/xserver.if
|
||||
--- nsaserefpolicy/policy/modules/services/xserver.if 2007-07-03 07:06:27.000000000 -0400
|
||||
+++ serefpolicy-3.0.8/policy/modules/services/xserver.if 2007-09-20 09:43:06.000000000 -0400
|
||||
+++ serefpolicy-3.0.8/policy/modules/services/xserver.if 2007-09-20 10:52:36.000000000 -0400
|
||||
@@ -126,6 +126,8 @@
|
||||
# read events - the synaptics touchpad driver reads raw events
|
||||
dev_rw_input_dev($1_xserver_t)
|
||||
|
|
@ -9534,7 +9559,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
|
||||
# for when /tmp/.X11-unix is created by the system
|
||||
allow $2 xdm_t:fd use;
|
||||
@@ -555,25 +558,49 @@
|
||||
@@ -555,25 +558,52 @@
|
||||
allow $2 xdm_tmp_t:sock_file { read write };
|
||||
dontaudit $2 xdm_t:tcp_socket { read write };
|
||||
|
||||
|
|
@ -9553,6 +9578,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
+ userdom_user_home_dir_filetrans_user_home_content($1, xdm_t, { dir file })
|
||||
+ userdom_manage_user_tmp_dirs($1, xdm_t)
|
||||
+ userdom_manage_user_tmp_files($1, xdm_t)
|
||||
+
|
||||
+ # Handling of pam_keyring
|
||||
+ gnome_manage_user_gnome_config($1, xdm_t)
|
||||
|
||||
xserver_ro_session_template(xdm,$2,$3)
|
||||
- xserver_rw_session_template($1,$2,$3)
|
||||
|
|
@ -9592,7 +9620,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
')
|
||||
')
|
||||
|
||||
@@ -626,6 +653,24 @@
|
||||
@@ -626,6 +656,24 @@
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
|
|
@ -9617,7 +9645,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
## Transition to a user Xauthority domain.
|
||||
## </summary>
|
||||
## <desc>
|
||||
@@ -659,6 +704,73 @@
|
||||
@@ -659,6 +707,73 @@
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
|
|
@ -9691,7 +9719,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
## Transition to a user Xauthority domain.
|
||||
## </summary>
|
||||
## <desc>
|
||||
@@ -927,6 +1039,7 @@
|
||||
@@ -927,6 +1042,7 @@
|
||||
files_search_tmp($1)
|
||||
allow $1 xdm_tmp_t:dir list_dir_perms;
|
||||
create_sock_files_pattern($1,xdm_tmp_t,xdm_tmp_t)
|
||||
|
|
@ -9699,7 +9727,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
')
|
||||
|
||||
########################################
|
||||
@@ -987,6 +1100,37 @@
|
||||
@@ -987,6 +1103,37 @@
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
|
|
@ -9737,7 +9765,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
## Make an X session script an entrypoint for the specified domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
@@ -1136,7 +1280,7 @@
|
||||
@@ -1136,7 +1283,7 @@
|
||||
type xdm_xserver_tmp_t;
|
||||
')
|
||||
|
||||
|
|
@ -9746,7 +9774,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
')
|
||||
|
||||
########################################
|
||||
@@ -1325,3 +1469,62 @@
|
||||
@@ -1325,3 +1472,62 @@
|
||||
files_search_tmp($1)
|
||||
stream_connect_pattern($1,xdm_xserver_tmp_t,xdm_xserver_tmp_t,xdm_xserver_t)
|
||||
')
|
||||
|
|
@ -9811,7 +9839,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
+
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.0.8/policy/modules/services/xserver.te
|
||||
--- nsaserefpolicy/policy/modules/services/xserver.te 2007-08-22 07:14:07.000000000 -0400
|
||||
+++ serefpolicy-3.0.8/policy/modules/services/xserver.te 2007-09-19 11:59:42.000000000 -0400
|
||||
+++ serefpolicy-3.0.8/policy/modules/services/xserver.te 2007-09-20 10:44:00.000000000 -0400
|
||||
@@ -16,6 +16,13 @@
|
||||
|
||||
## <desc>
|
||||
|
|
@ -9882,16 +9910,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
|
||||
xserver_rw_session_template(xdm,xdm_t,xdm_tmpfs_t)
|
||||
|
||||
@@ -306,6 +324,8 @@
|
||||
@@ -306,6 +324,11 @@
|
||||
|
||||
optional_policy(`
|
||||
consolekit_dbus_chat(xdm_t)
|
||||
+ dbus_system_bus_client_template(xdm, xdm_t)
|
||||
+ dbus_send_system_bus(xdm_t)
|
||||
+ optional_policy(`
|
||||
+ hal_dbus_chat(xdm_t)
|
||||
+ ')
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -348,12 +368,8 @@
|
||||
@@ -348,12 +371,8 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -9905,7 +9936,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
|
||||
ifdef(`distro_rhel4',`
|
||||
allow xdm_t self:process { execheap execmem };
|
||||
@@ -385,7 +401,7 @@
|
||||
@@ -385,7 +404,7 @@
|
||||
allow xdm_xserver_t xdm_var_lib_t:file { getattr read };
|
||||
dontaudit xdm_xserver_t xdm_var_lib_t:dir search;
|
||||
|
||||
|
|
@ -9914,7 +9945,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
|
||||
# Label pid and temporary files with derived types.
|
||||
manage_files_pattern(xdm_xserver_t,xdm_tmp_t,xdm_tmp_t)
|
||||
@@ -425,6 +441,10 @@
|
||||
@@ -425,6 +444,10 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -9925,7 +9956,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||
resmgr_stream_connect(xdm_t)
|
||||
')
|
||||
|
||||
@@ -434,47 +454,19 @@
|
||||
@@ -434,47 +457,19 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -11922,7 +11953,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
|
|||
-/usr/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.0.8/policy/modules/system/mount.te
|
||||
--- nsaserefpolicy/policy/modules/system/mount.te 2007-08-22 07:14:13.000000000 -0400
|
||||
+++ serefpolicy-3.0.8/policy/modules/system/mount.te 2007-09-17 16:20:18.000000000 -0400
|
||||
+++ serefpolicy-3.0.8/policy/modules/system/mount.te 2007-09-20 10:47:39.000000000 -0400
|
||||
@@ -8,6 +8,13 @@
|
||||
|
||||
## <desc>
|
||||
|
|
@ -12020,7 +12051,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
|
|||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -159,13 +176,8 @@
|
||||
@@ -159,13 +176,9 @@
|
||||
|
||||
fs_search_rpc(mount_t)
|
||||
|
||||
|
|
@ -12031,10 +12062,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
|
|||
- optional_policy(`
|
||||
- nis_use_ypbind(mount_t)
|
||||
- ')
|
||||
+ rpc_domtrans_rpcd(mount_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -189,10 +201,6 @@
|
||||
@@ -189,10 +202,6 @@
|
||||
samba_domtrans_smbmount(mount_t)
|
||||
')
|
||||
|
||||
|
|
@ -12045,7 +12077,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
|
|||
########################################
|
||||
#
|
||||
# Unconfined mount local policy
|
||||
@@ -201,4 +209,29 @@
|
||||
@@ -201,4 +210,29 @@
|
||||
optional_policy(`
|
||||
files_etc_filetrans_etc_runtime(unconfined_mount_t,file)
|
||||
unconfined_domain(unconfined_mount_t)
|
||||
|
|
@ -13131,7 +13163,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||
/tmp/gconfd-USER -d gen_context(system_u:object_r:ROLE_tmp_t,s0)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.0.8/policy/modules/system/userdomain.if
|
||||
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-08-27 09:18:17.000000000 -0400
|
||||
+++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2007-09-20 09:09:10.000000000 -0400
|
||||
+++ serefpolicy-3.0.8/policy/modules/system/userdomain.if 2007-09-20 10:55:37.000000000 -0400
|
||||
@@ -29,8 +29,9 @@
|
||||
')
|
||||
|
||||
|
|
@ -14124,7 +14156,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||
')
|
||||
|
||||
########################################
|
||||
@@ -5559,3 +5705,372 @@
|
||||
@@ -5559,3 +5705,375 @@
|
||||
interface(`userdom_unconfined',`
|
||||
refpolicywarn(`$0($*) has been deprecated.')
|
||||
')
|
||||
|
|
@ -14493,8 +14525,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||
+template(`userdom_unpriv_usertype',`
|
||||
+ gen_require(`
|
||||
+ attribute unpriv_userdomain, userdomain;
|
||||
+ attribute $1_usertype;
|
||||
+ ')
|
||||
+ typeattribute $2 $1_usertype, unpriv_userdomain, userdomain;
|
||||
+ typeattribute $2 $1_usertype;
|
||||
+ typeattribute $2 unpriv_userdomain;
|
||||
+ typeattribute $2 userdomain;
|
||||
+')
|
||||
+
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.0.8/policy/modules/system/userdomain.te
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@
|
|||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.0.8
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
|
|
@ -362,6 +362,9 @@ exit 0
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Sep 19 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-4
|
||||
- Fix to add xguest account when inititial install
|
||||
|
||||
* Wed Sep 19 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-3
|
||||
- Allow xserver to search devpts_t
|
||||
- Dontaudit ldconfig output to homedir
|
||||
|
|
|
|||
Loading…
Reference in New Issue