rpms/selinux-policy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix syntax error after merge with upstream

Browse Source
This commit is contained in:
Lukas Vrabec 2017-08-10 13:05:38 +02:00
parent 9a31f2128c
commit ca40d14c20
2 changed files with 35 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
policy-rawhide-base.patch
View File

@ -39874,7 +39874,7 @@ index b50c5fe..9eacd9b 100644
+/var/webmin(/.*)? gen_context(system_u:object_r:var_log_t,s0) +/var/webmin(/.*)? gen_context(system_u:object_r:var_log_t,s0)
+ +
diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if
index 4e94884..e82be7a 100644 index 4e94884..7b39545 100644
--- a/policy/modules/system/logging.if --- a/policy/modules/system/logging.if
+++ b/policy/modules/system/logging.if +++ b/policy/modules/system/logging.if
@@ -233,7 +233,7 @@ interface(`logging_run_auditd',` @@ -233,7 +233,7 @@ interface(`logging_run_auditd',`
@ -39970,18 +39970,11 @@ index 4e94884..e82be7a 100644
gen_require(` gen_require(`
- type syslogd_t, devlog_t; - type syslogd_t, devlog_t;
+ attribute syslog_client_type; + attribute syslog_client_type;
') + ')
+
- allow $1 devlog_t:lnk_file read_lnk_file_perms;
- allow $1 devlog_t:sock_file write_sock_file_perms;
+ typeattribute $1 syslog_client_type; + typeattribute $1 syslog_client_type;
+') +')
+
- # the type of socket depends on the syslog daemon
- allow $1 syslogd_t:unix_dgram_socket sendto;
- allow $1 syslogd_t:unix_stream_socket connectto;
- allow $1 self:unix_dgram_socket create_socket_perms;
- allow $1 self:unix_stream_socket create_socket_perms;
+######################################## +########################################
+## <summary> +## <summary>
+## Connect to the syslog control unix stream socket. +## Connect to the syslog control unix stream socket.
@ -39996,11 +39989,7 @@ index 4e94884..e82be7a 100644
+ gen_require(` + gen_require(`
+ type devlog_t; + type devlog_t;
+ ') + ')
+
- # If syslog is down, the glibc syslog() function
- # will write to the console.
- term_write_console($1)
- term_dontaudit_read_console($1)
+ allow $1 devlog_t:lnk_file manage_lnk_file_perms; + allow $1 devlog_t:lnk_file manage_lnk_file_perms;
+ allow $1 devlog_t:sock_file manage_sock_file_perms; + allow $1 devlog_t:sock_file manage_sock_file_perms;
+ dev_filetrans($1, devlog_t, lnk_file, "log") + dev_filetrans($1, devlog_t, lnk_file, "log")
@ -40021,12 +40010,19 @@ index 4e94884..e82be7a 100644
+interface(`logging_relabel_devlog_dev',` +interface(`logging_relabel_devlog_dev',`
+ gen_require(` + gen_require(`
+ type devlog_t; + type devlog_t;
+ ') ')
+
- allow $1 devlog_t:lnk_file read_lnk_file_perms;
- allow $1 devlog_t:sock_file write_sock_file_perms;
+ allow $1 devlog_t:sock_file relabel_sock_file_perms; + allow $1 devlog_t:sock_file relabel_sock_file_perms;
+ allow $1 devlog_t:lnk_file relabelto_lnk_file_perms; + allow $1 devlog_t:lnk_file relabelto_lnk_file_perms;
+') +')
+
- # the type of socket depends on the syslog daemon
- allow $1 syslogd_t:unix_dgram_socket sendto;
- allow $1 syslogd_t:unix_stream_socket connectto;
- allow $1 self:unix_dgram_socket create_socket_perms;
- allow $1 self:unix_stream_socket create_socket_perms;
+######################################## +########################################
+## <summary> +## <summary>
+## Allow domain to read the syslog pid files. +## Allow domain to read the syslog pid files.
@ -40041,7 +40037,11 @@ index 4e94884..e82be7a 100644
+ gen_require(` + gen_require(`
+ type syslogd_var_run_t; + type syslogd_var_run_t;
+ ') + ')
+
- # If syslog is down, the glibc syslog() function
- # will write to the console.
- term_write_console($1)
- term_dontaudit_read_console($1)
+ read_files_pattern($1, syslogd_var_run_t, syslogd_var_run_t) + read_files_pattern($1, syslogd_var_run_t, syslogd_var_run_t)
+ list_dirs_pattern($1, syslogd_var_run_t, syslogd_var_run_t) + list_dirs_pattern($1, syslogd_var_run_t, syslogd_var_run_t)
+') +')
@ -40388,7 +40388,7 @@ index 4e94884..e82be7a 100644
init_labeled_script_domtrans($1, syslogd_initrc_exec_t) init_labeled_script_domtrans($1, syslogd_initrc_exec_t)
domain_system_change_exemption($1) domain_system_change_exemption($1)
@@ -1085,3 +1443,107 @@ interface(`logging_admin',` @@ -1085,3 +1443,110 @@ interface(`logging_admin',`
logging_admin_audit($1, $2) logging_admin_audit($1, $2)
logging_admin_syslog($1, $2) logging_admin_syslog($1, $2)
') ')
@ -40496,7 +40496,9 @@ index 4e94884..e82be7a 100644
+ ') + ')
+ +
+ allow $1 syslogd_var_run_t:file map; + allow $1 syslogd_var_run_t:file map;
\ No newline at end of file +
+')
+
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index 59b04c1..2ad89c5 100644 index 59b04c1..2ad89c5 100644
--- a/policy/modules/system/logging.te --- a/policy/modules/system/logging.te
@ -56368,10 +56370,10 @@ index f4ac38d..1589d60 100644
+ ssh_signal(confined_admindomain) + ssh_signal(confined_admindomain)
+') +')
diff --git a/policy/policy_capabilities b/policy/policy_capabilities diff --git a/policy/policy_capabilities b/policy/policy_capabilities
index db3cbca..e677b81 100644 index db3cbca..710bd7c 100644
--- a/policy/policy_capabilities --- a/policy/policy_capabilities
+++ b/policy/policy_capabilities +++ b/policy/policy_capabilities
@@ -31,3 +31,12 @@ policycap network_peer_controls; @@ -31,3 +31,14 @@ policycap network_peer_controls;
# blk_file: open # blk_file: open
# #
policycap open_perms; policycap open_perms;
@ -56384,7 +56386,8 @@ index db3cbca..e677b81 100644
+# process2: nnp_transition, nosuid_transition +# process2: nnp_transition, nosuid_transition
+# +#
+#policycap nnp_nosuid_transition; +#policycap nnp_nosuid_transition;
\ No newline at end of file +
+
diff --git a/policy/support/misc_patterns.spt b/policy/support/misc_patterns.spt diff --git a/policy/support/misc_patterns.spt b/policy/support/misc_patterns.spt
index e79d545..101086d 100644 index e79d545..101086d 100644
--- a/policy/support/misc_patterns.spt --- a/policy/support/misc_patterns.spt

13
policy-rawhide-contrib.patch
View File

@ -23432,7 +23432,7 @@ index 62d22cb..01f6380 100644
+ +
') ')
diff --git a/dbus.te b/dbus.te diff --git a/dbus.te b/dbus.te
index c9998c8..b3f7ab2 100644 index c9998c8..b697f66 100644
--- a/dbus.te --- a/dbus.te
+++ b/dbus.te +++ b/dbus.te
@@ -4,17 +4,15 @@ gen_require(` @@ -4,17 +4,15 @@ gen_require(`
@ -23559,7 +23559,7 @@ index c9998c8..b3f7ab2 100644
mls_fd_use_all_levels(system_dbusd_t) mls_fd_use_all_levels(system_dbusd_t)
mls_rangetrans_target(system_dbusd_t) mls_rangetrans_target(system_dbusd_t)
mls_file_read_all_levels(system_dbusd_t) mls_file_read_all_levels(system_dbusd_t)
@@ -123,66 +124,174 @@ term_dontaudit_use_console(system_dbusd_t) @@ -123,66 +124,175 @@ term_dontaudit_use_console(system_dbusd_t)
auth_use_nsswitch(system_dbusd_t) auth_use_nsswitch(system_dbusd_t)
auth_read_pam_console_data(system_dbusd_t) auth_read_pam_console_data(system_dbusd_t)
@ -23743,12 +23743,13 @@ index c9998c8..b3f7ab2 100644
manage_files_pattern(session_bus_type, session_dbusd_tmp_t, session_dbusd_tmp_t) manage_files_pattern(session_bus_type, session_dbusd_tmp_t, session_dbusd_tmp_t)
-files_tmp_filetrans(session_bus_type, session_dbusd_tmp_t, { dir file }) -files_tmp_filetrans(session_bus_type, session_dbusd_tmp_t, { dir file })
+files_tmp_filetrans(session_bus_type, session_dbusd_tmp_t, { file dir }) +files_tmp_filetrans(session_bus_type, session_dbusd_tmp_t, { file dir })
+userdom_user_tmp_filetrans(session_bus_type, sessions_dbusd_tmp_t, { file dir })
-kernel_read_system_state(session_bus_type) -kernel_read_system_state(session_bus_type)
kernel_read_kernel_sysctls(session_bus_type) kernel_read_kernel_sysctls(session_bus_type)
corecmd_list_bin(session_bus_type) corecmd_list_bin(session_bus_type)
@@ -191,23 +300,18 @@ corecmd_read_bin_files(session_bus_type) @@ -191,23 +301,18 @@ corecmd_read_bin_files(session_bus_type)
corecmd_read_bin_pipes(session_bus_type) corecmd_read_bin_pipes(session_bus_type)
corecmd_read_bin_sockets(session_bus_type) corecmd_read_bin_sockets(session_bus_type)
@ -23773,7 +23774,7 @@ index c9998c8..b3f7ab2 100644
files_dontaudit_search_var(session_bus_type) files_dontaudit_search_var(session_bus_type)
fs_getattr_romfs(session_bus_type) fs_getattr_romfs(session_bus_type)
@@ -215,7 +319,6 @@ fs_getattr_xattr_fs(session_bus_type) @@ -215,7 +320,6 @@ fs_getattr_xattr_fs(session_bus_type)
fs_list_inotifyfs(session_bus_type) fs_list_inotifyfs(session_bus_type)
fs_dontaudit_list_nfs(session_bus_type) fs_dontaudit_list_nfs(session_bus_type)
@ -23781,7 +23782,7 @@ index c9998c8..b3f7ab2 100644
selinux_validate_context(session_bus_type) selinux_validate_context(session_bus_type)
selinux_compute_access_vector(session_bus_type) selinux_compute_access_vector(session_bus_type)
selinux_compute_create_context(session_bus_type) selinux_compute_create_context(session_bus_type)
@@ -225,18 +328,36 @@ selinux_compute_user_contexts(session_bus_type) @@ -225,18 +329,36 @@ selinux_compute_user_contexts(session_bus_type)
auth_read_pam_console_data(session_bus_type) auth_read_pam_console_data(session_bus_type)
logging_send_audit_msgs(session_bus_type) logging_send_audit_msgs(session_bus_type)
@ -23823,7 +23824,7 @@ index c9998c8..b3f7ab2 100644
') ')
######################################## ########################################
@@ -244,5 +365,9 @@ optional_policy(` @@ -244,5 +366,9 @@ optional_policy(`
# Unconfined access to this module # Unconfined access to this module
# #