From c8bf6aa4604c704fce7e1df0501da622a473a2a6 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Thu, 2 Sep 2010 16:08:19 -0400 Subject: [PATCH] - Merge upstream fix of mmap_zero - Allow mount to write files in debugfs_t - Allow corosync to communicate with clvmd via tmpfs - Allow certmaster to read usr_t files - Allow dbus system services to search cgroup_t - Define rlogind_t as a login pgm --- policy-F14.patch | 28 ++-------------------------- 1 file changed, 2 insertions(+), 26 deletions(-) diff --git a/policy-F14.patch b/policy-F14.patch index c5cf0dc8..d7221576 100644 --- a/policy-F14.patch +++ b/policy-F14.patch @@ -6767,34 +6767,10 @@ index 0440b4c..e10101a 100644 + allow $1 wine_t:shm rw_shm_perms; +') diff --git a/policy/modules/apps/wine.te b/policy/modules/apps/wine.te -index f9a123a..40cbebb 100644 +index f9a123a..277543a 100644 --- a/policy/modules/apps/wine.te +++ b/policy/modules/apps/wine.te -@@ -1,5 +1,13 @@ - policy_module(wine, 1.7.2) - -+## -+##

-+## Ignore wine mmap_zero errors -+##

-+##
-+# -+gen_tunable(wine_mmap_zero_ignore, false) -+ - ######################################## - # - # Declarations -@@ -37,6 +45,9 @@ manage_files_pattern(wine_t, wine_tmp_t, wine_tmp_t) - files_tmp_filetrans(wine_t, wine_tmp_t, { file dir }) - - domain_mmap_low(wine_t) -+tunable_policy(`wine_mmap_zero_ignore',` -+ dontaudit wine_t self:memprotect mmap_zero; -+') - - files_execmod_all_files(wine_t) - -@@ -51,7 +62,11 @@ optional_policy(` +@@ -51,7 +51,11 @@ optional_policy(` ') optional_policy(`