rpms/selinux-policy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

- Fix initrc_context generation for MLS

Browse Source
This commit is contained in:
Daniel J Walsh 2008-03-06 21:55:29 +00:00
parent 33b0aacf82
commit cab5dce18d
1 changed files with 23 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
policy-20071130.patch
View File

@ -7424,8 +7424,25 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
######################################## ########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.3.1/policy/modules/kernel/kernel.te diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.3.1/policy/modules/kernel/kernel.te
--- nsaserefpolicy/policy/modules/kernel/kernel.te 2007-12-19 05:32:07.000000000 -0500 --- nsaserefpolicy/policy/modules/kernel/kernel.te 2007-12-19 05:32:07.000000000 -0500
+++ serefpolicy-3.3.1/policy/modules/kernel/kernel.te 2008-02-26 08:29:22.000000000 -0500 +++ serefpolicy-3.3.1/policy/modules/kernel/kernel.te 2008-03-06 15:50:41.000000000 -0500
@@ -259,6 +259,8 @@ @@ -231,6 +231,8 @@
# Mount root file system. Used when loading a policy
# from initrd, then mounting the root filesystem
fs_mount_all_fs(kernel_t)
+fs_unmount_all_fs(kernel_t)
+
selinux_load_policy(kernel_t)
@@ -253,12 +255,16 @@
mls_process_read_up(kernel_t)
mls_process_write_down(kernel_t)
+mls_file_write_all_levels(kernel_t)
+mls_file_read_all_levels(kernel_t)
ifdef(`distro_redhat',`
# Bugzilla 222337
fs_rw_tmpfs_chr_files(kernel_t) fs_rw_tmpfs_chr_files(kernel_t)
') ')
@ -7434,7 +7451,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
tunable_policy(`read_default_t',` tunable_policy(`read_default_t',`
files_list_default(kernel_t) files_list_default(kernel_t)
files_read_default_files(kernel_t) files_read_default_files(kernel_t)
@@ -363,7 +365,7 @@ @@ -363,7 +369,7 @@
allow kern_unconfined proc_type:{ dir file lnk_file } *; allow kern_unconfined proc_type:{ dir file lnk_file } *;
@ -7443,7 +7460,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
allow kern_unconfined kernel_t:system *; allow kern_unconfined kernel_t:system *;
@@ -374,3 +376,4 @@ @@ -374,3 +380,4 @@
allow kern_unconfined unlabeled_t:process ~{ transition dyntransition execmem execstack execheap }; allow kern_unconfined unlabeled_t:process ~{ transition dyntransition execmem execstack execheap };
kernel_rw_all_sysctls(kern_unconfined) kernel_rw_all_sysctls(kern_unconfined)
@ -13651,7 +13668,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
+') +')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-3.3.1/policy/modules/services/fail2ban.te diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-3.3.1/policy/modules/services/fail2ban.te
--- nsaserefpolicy/policy/modules/services/fail2ban.te 2007-12-19 05:32:17.000000000 -0500 --- nsaserefpolicy/policy/modules/services/fail2ban.te 2007-12-19 05:32:17.000000000 -0500
+++ serefpolicy-3.3.1/policy/modules/services/fail2ban.te 2008-03-06 13:11:59.000000000 -0500 +++ serefpolicy-3.3.1/policy/modules/services/fail2ban.te 2008-03-06 16:54:16.000000000 -0500
@@ -18,6 +18,9 @@ @@ -18,6 +18,9 @@
type fail2ban_var_run_t; type fail2ban_var_run_t;
files_pid_file(fail2ban_var_run_t) files_pid_file(fail2ban_var_run_t)
@ -13683,7 +13700,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
+fs_list_inotifyfs(fail2ban_t) +fs_list_inotifyfs(fail2ban_t)
+ +
+auth_use_nsswitch(fail2ban_t) +auth_use_nsswitch(fail2ban_t)
+corenet_tcp_connect_dns_port(fail2ban_t) +corenet_tcp_connect_whois_port(fail2ban_t)
libs_use_ld_so(fail2ban_t) libs_use_ld_so(fail2ban_t)
libs_use_shared_libs(fail2ban_t) libs_use_shared_libs(fail2ban_t)