Fixes to make rawhide boot in enforcing mode with latest systemd changes
This commit is contained in:
parent
ba7c7aec15
commit
cd25a7a613
@ -1,6 +1,7 @@
|
|||||||
diff -up serefpolicy-3.10.0/policy/modules/kernel/devices.if.systemd serefpolicy-3.10.0/policy/modules/kernel/devices.if
|
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
|
||||||
--- serefpolicy-3.10.0/policy/modules/kernel/devices.if.systemd 2012-01-13 11:49:49.140435334 -0500
|
index d5892cc..7dfd413 100644
|
||||||
+++ serefpolicy-3.10.0/policy/modules/kernel/devices.if 2012-01-13 11:49:49.236428320 -0500
|
--- a/policy/modules/kernel/devices.if
|
||||||
|
+++ b/policy/modules/kernel/devices.if
|
||||||
@@ -143,13 +143,13 @@ interface(`dev_relabel_all_dev_nodes',`
|
@@ -143,13 +143,13 @@ interface(`dev_relabel_all_dev_nodes',`
|
||||||
type device_t;
|
type device_t;
|
||||||
')
|
')
|
||||||
@ -50,11 +51,10 @@ diff -up serefpolicy-3.10.0/policy/modules/kernel/devices.if.systemd serefpolicy
|
|||||||
## Read hardware state information.
|
## Read hardware state information.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <desc>
|
## <desc>
|
||||||
@@ -4269,6 +4290,26 @@ interface(`dev_relabel_sysfs_dirs',`
|
@@ -4270,6 +4291,26 @@ interface(`dev_relabel_sysfs_dirs',`
|
||||||
')
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
+## <summary>
|
## <summary>
|
||||||
+## Relabel hardware state files
|
+## Relabel hardware state files
|
||||||
+## </summary>
|
+## </summary>
|
||||||
+## <param name="domain">
|
+## <param name="domain">
|
||||||
@ -74,12 +74,14 @@ diff -up serefpolicy-3.10.0/policy/modules/kernel/devices.if.systemd serefpolicy
|
|||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
+########################################
|
+########################################
|
||||||
## <summary>
|
+## <summary>
|
||||||
## Allow caller to modify hardware state information.
|
## Allow caller to modify hardware state information.
|
||||||
## </summary>
|
## </summary>
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/roles/staff.te.systemd serefpolicy-3.10.0/policy/modules/roles/staff.te
|
## <param name="domain">
|
||||||
--- serefpolicy-3.10.0/policy/modules/roles/staff.te.systemd 2012-01-13 11:49:49.147434822 -0500
|
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
|
||||||
+++ serefpolicy-3.10.0/policy/modules/roles/staff.te 2012-01-13 11:49:49.236428320 -0500
|
index 8ea3385..cdcc621 100644
|
||||||
|
--- a/policy/modules/roles/staff.te
|
||||||
|
+++ b/policy/modules/roles/staff.te
|
||||||
@@ -70,6 +70,10 @@ optional_policy(`
|
@@ -70,6 +70,10 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -102,9 +104,10 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/staff.te.systemd serefpolicy-3.
|
|||||||
cdrecord_role(staff_r, staff_t)
|
cdrecord_role(staff_r, staff_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/roles/unprivuser.te.systemd serefpolicy-3.10.0/policy/modules/roles/unprivuser.te
|
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
|
||||||
--- serefpolicy-3.10.0/policy/modules/roles/unprivuser.te.systemd 2012-01-13 11:49:49.148434749 -0500
|
index 77967bd..7e0ea58 100644
|
||||||
+++ serefpolicy-3.10.0/policy/modules/roles/unprivuser.te 2012-01-13 11:49:49.236428320 -0500
|
--- a/policy/modules/roles/unprivuser.te
|
||||||
|
+++ b/policy/modules/roles/unprivuser.te
|
||||||
@@ -35,6 +35,10 @@ optional_policy(`
|
@@ -35,6 +35,10 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -116,9 +119,23 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/unprivuser.te.systemd serefpoli
|
|||||||
colord_dbus_chat(user_t)
|
colord_dbus_chat(user_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/services/blueman.te.systemd serefpolicy-3.10.0/policy/modules/services/blueman.te
|
diff --git a/policy/modules/services/apache.fc b/policy/modules/services/apache.fc
|
||||||
--- serefpolicy-3.10.0/policy/modules/services/blueman.te.systemd 2012-01-13 11:49:49.155434238 -0500
|
index 90a9e33..13de2fb 100644
|
||||||
+++ serefpolicy-3.10.0/policy/modules/services/blueman.te 2012-01-13 11:49:49.236428320 -0500
|
--- a/policy/modules/services/apache.fc
|
||||||
|
+++ b/policy/modules/services/apache.fc
|
||||||
|
@@ -140,6 +140,8 @@ ifdef(`distro_debian', `
|
||||||
|
|
||||||
|
/var/www/gallery/albums(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
|
||||||
|
|
||||||
|
+/var/www/moodledata(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
|
||||||
|
+
|
||||||
|
/var/www/svn(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
|
||||||
|
/var/www/svn/hooks(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
|
||||||
|
/var/www/svn/conf(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
|
||||||
|
diff --git a/policy/modules/services/blueman.te b/policy/modules/services/blueman.te
|
||||||
|
index 12ef44c..bccefc9 100644
|
||||||
|
--- a/policy/modules/services/blueman.te
|
||||||
|
+++ b/policy/modules/services/blueman.te
|
||||||
@@ -36,3 +36,7 @@ miscfiles_read_localization(blueman_t)
|
@@ -36,3 +36,7 @@ miscfiles_read_localization(blueman_t)
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
avahi_domtrans(blueman_t)
|
avahi_domtrans(blueman_t)
|
||||||
@ -127,9 +144,10 @@ diff -up serefpolicy-3.10.0/policy/modules/services/blueman.te.systemd serefpoli
|
|||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
+ gnome_search_gconf(blueman_t)
|
+ gnome_search_gconf(blueman_t)
|
||||||
+')
|
+')
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/services/entropyd.te.systemd serefpolicy-3.10.0/policy/modules/services/entropyd.te
|
diff --git a/policy/modules/services/entropyd.te b/policy/modules/services/entropyd.te
|
||||||
--- serefpolicy-3.10.0/policy/modules/services/entropyd.te.systemd 2012-01-13 11:49:49.169433214 -0500
|
index b6ac808..053caed 100644
|
||||||
+++ serefpolicy-3.10.0/policy/modules/services/entropyd.te 2012-01-13 11:49:49.237428247 -0500
|
--- a/policy/modules/services/entropyd.te
|
||||||
|
+++ b/policy/modules/services/entropyd.te
|
||||||
@@ -52,6 +52,8 @@ domain_use_interactive_fds(entropyd_t)
|
@@ -52,6 +52,8 @@ domain_use_interactive_fds(entropyd_t)
|
||||||
|
|
||||||
logging_send_syslog_msg(entropyd_t)
|
logging_send_syslog_msg(entropyd_t)
|
||||||
@ -139,10 +157,11 @@ diff -up serefpolicy-3.10.0/policy/modules/services/entropyd.te.systemd serefpol
|
|||||||
miscfiles_read_localization(entropyd_t)
|
miscfiles_read_localization(entropyd_t)
|
||||||
|
|
||||||
userdom_dontaudit_use_unpriv_user_fds(entropyd_t)
|
userdom_dontaudit_use_unpriv_user_fds(entropyd_t)
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/services/virt.fc.systemd serefpolicy-3.10.0/policy/modules/services/virt.fc
|
diff --git a/policy/modules/services/virt.fc b/policy/modules/services/virt.fc
|
||||||
--- serefpolicy-3.10.0/policy/modules/services/virt.fc.systemd 2012-01-13 11:49:49.212430073 -0500
|
index 49c15d1..246df1a 100644
|
||||||
+++ serefpolicy-3.10.0/policy/modules/services/virt.fc 2012-01-13 11:49:49.237428247 -0500
|
--- a/policy/modules/services/virt.fc
|
||||||
@@ -49,3 +49,7 @@ HOME_DIR/VirtualMachines/isos(/.*)? gen_
|
+++ b/policy/modules/services/virt.fc
|
||||||
|
@@ -49,3 +49,7 @@ HOME_DIR/VirtualMachines/isos(/.*)? gen_context(system_u:object_r:virt_content_t
|
||||||
|
|
||||||
# support for nova-stack
|
# support for nova-stack
|
||||||
/usr/bin/nova-compute -- gen_context(system_u:object_r:virtd_exec_t,s0)
|
/usr/bin/nova-compute -- gen_context(system_u:object_r:virtd_exec_t,s0)
|
||||||
@ -150,10 +169,32 @@ diff -up serefpolicy-3.10.0/policy/modules/services/virt.fc.systemd serefpolicy-
|
|||||||
+/usr/bin/qemu-system-.* -- gen_context(system_u:object_r:qemu_exec_t,s0)
|
+/usr/bin/qemu-system-.* -- gen_context(system_u:object_r:qemu_exec_t,s0)
|
||||||
+/usr/bin/qemu-kvm -- gen_context(system_u:object_r:qemu_exec_t,s0)
|
+/usr/bin/qemu-kvm -- gen_context(system_u:object_r:qemu_exec_t,s0)
|
||||||
+/usr/libexec/qemu.* -- gen_context(system_u:object_r:qemu_exec_t,s0)
|
+/usr/libexec/qemu.* -- gen_context(system_u:object_r:qemu_exec_t,s0)
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/system/init.te.systemd serefpolicy-3.10.0/policy/modules/system/init.te
|
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/system/logging.fc.systemd serefpolicy-3.10.0/policy/modules/system/logging.fc
|
index 92781d7..6251491 100644
|
||||||
--- serefpolicy-3.10.0/policy/modules/system/logging.fc.systemd 2012-01-13 11:49:49.222429343 -0500
|
--- a/policy/modules/system/init.te
|
||||||
+++ serefpolicy-3.10.0/policy/modules/system/logging.fc 2012-01-13 11:49:53.281133673 -0500
|
+++ b/policy/modules/system/init.te
|
||||||
|
@@ -220,6 +220,7 @@ init_domtrans_script(init_t)
|
||||||
|
|
||||||
|
libs_rw_ld_so_cache(init_t)
|
||||||
|
|
||||||
|
+logging_create_devlog_dev(init_t)
|
||||||
|
logging_send_syslog_msg(init_t)
|
||||||
|
logging_send_audit_msgs(init_t)
|
||||||
|
logging_rw_generic_logs(init_t)
|
||||||
|
@@ -354,9 +355,6 @@ tunable_policy(`init_systemd',`
|
||||||
|
systemd_manage_all_unit_files(init_t)
|
||||||
|
systemd_logger_stream_connect(init_t)
|
||||||
|
|
||||||
|
- # needs to remain
|
||||||
|
- logging_create_devlog_dev(init_t)
|
||||||
|
-
|
||||||
|
create_sock_files_pattern(init_t, init_sock_file_type, init_sock_file_type)
|
||||||
|
|
||||||
|
')
|
||||||
|
diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc
|
||||||
|
index 170e2e0..3bdf89f 100644
|
||||||
|
--- a/policy/modules/system/logging.fc
|
||||||
|
+++ b/policy/modules/system/logging.fc
|
||||||
@@ -61,6 +61,7 @@ ifdef(`distro_suse', `
|
@@ -61,6 +61,7 @@ ifdef(`distro_suse', `
|
||||||
/var/log/spooler[^/]* gen_context(system_u:object_r:var_log_t,mls_systemhigh)
|
/var/log/spooler[^/]* gen_context(system_u:object_r:var_log_t,mls_systemhigh)
|
||||||
/var/log/audit(/.*)? gen_context(system_u:object_r:auditd_log_t,mls_systemhigh)
|
/var/log/audit(/.*)? gen_context(system_u:object_r:auditd_log_t,mls_systemhigh)
|
||||||
@ -162,9 +203,10 @@ diff -up serefpolicy-3.10.0/policy/modules/system/logging.fc.systemd serefpolicy
|
|||||||
|
|
||||||
ifndef(`distro_gentoo',`
|
ifndef(`distro_gentoo',`
|
||||||
/var/log/audit\.log -- gen_context(system_u:object_r:auditd_log_t,mls_systemhigh)
|
/var/log/audit\.log -- gen_context(system_u:object_r:auditd_log_t,mls_systemhigh)
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/system/logging.te.systemd serefpolicy-3.10.0/policy/modules/system/logging.te
|
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
|
||||||
--- serefpolicy-3.10.0/policy/modules/system/logging.te.systemd 2012-01-13 11:49:49.223429270 -0500
|
index 5684c8a..688f59a 100644
|
||||||
+++ serefpolicy-3.10.0/policy/modules/system/logging.te 2012-01-13 11:49:53.281133673 -0500
|
--- a/policy/modules/system/logging.te
|
||||||
|
+++ b/policy/modules/system/logging.te
|
||||||
@@ -386,7 +386,7 @@ optional_policy(`
|
@@ -386,7 +386,7 @@ optional_policy(`
|
||||||
# chown fsetid for syslog-ng
|
# chown fsetid for syslog-ng
|
||||||
# sys_admin for the integrated klog of syslog-ng and metalog
|
# sys_admin for the integrated klog of syslog-ng and metalog
|
||||||
@ -174,7 +216,7 @@ diff -up serefpolicy-3.10.0/policy/modules/system/logging.te.systemd serefpolicy
|
|||||||
dontaudit syslogd_t self:capability sys_tty_config;
|
dontaudit syslogd_t self:capability sys_tty_config;
|
||||||
allow syslogd_t self:capability2 syslog;
|
allow syslogd_t self:capability2 syslog;
|
||||||
# setpgid for metalog
|
# setpgid for metalog
|
||||||
@@ -474,6 +474,7 @@ tunable_policy(`logging_syslogd_can_send
|
@@ -474,6 +474,7 @@ tunable_policy(`logging_syslogd_can_sendmail',`
|
||||||
dev_filetrans(syslogd_t, devlog_t, sock_file)
|
dev_filetrans(syslogd_t, devlog_t, sock_file)
|
||||||
dev_read_sysfs(syslogd_t)
|
dev_read_sysfs(syslogd_t)
|
||||||
dev_read_rand(syslogd_t)
|
dev_read_rand(syslogd_t)
|
||||||
@ -182,7 +224,7 @@ diff -up serefpolicy-3.10.0/policy/modules/system/logging.te.systemd serefpolicy
|
|||||||
# relating to systemd-kmsg-syslogd
|
# relating to systemd-kmsg-syslogd
|
||||||
dev_write_kmsg(syslogd_t)
|
dev_write_kmsg(syslogd_t)
|
||||||
|
|
||||||
@@ -497,6 +498,7 @@ mls_file_write_all_levels(syslogd_t) # N
|
@@ -497,6 +498,7 @@ mls_file_write_all_levels(syslogd_t) # Need to be able to write to /var/run/ and
|
||||||
term_write_console(syslogd_t)
|
term_write_console(syslogd_t)
|
||||||
# Allow syslog to a terminal
|
# Allow syslog to a terminal
|
||||||
term_write_unallocated_ttys(syslogd_t)
|
term_write_unallocated_ttys(syslogd_t)
|
||||||
@ -190,9 +232,73 @@ diff -up serefpolicy-3.10.0/policy/modules/system/logging.te.systemd serefpolicy
|
|||||||
|
|
||||||
init_stream_connect(syslogd_t)
|
init_stream_connect(syslogd_t)
|
||||||
# for sending messages to logged in users
|
# for sending messages to logged in users
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/system/systemd.te.systemd serefpolicy-3.10.0/policy/modules/system/systemd.te
|
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
|
||||||
--- serefpolicy-3.10.0/policy/modules/system/systemd.te.systemd 2012-01-13 11:49:49.228428904 -0500
|
index 8aa3908..58f8e6e 100644
|
||||||
+++ serefpolicy-3.10.0/policy/modules/system/systemd.te 2012-01-13 11:49:53.282133606 -0500
|
--- a/policy/modules/system/sysnetwork.te
|
||||||
|
+++ b/policy/modules/system/sysnetwork.te
|
||||||
|
@@ -150,6 +150,8 @@ term_dontaudit_use_all_ptys(dhcpc_t)
|
||||||
|
term_dontaudit_use_unallocated_ttys(dhcpc_t)
|
||||||
|
term_dontaudit_use_generic_ptys(dhcpc_t)
|
||||||
|
|
||||||
|
+auth_use_nsswitch(dhcpc_t)
|
||||||
|
+
|
||||||
|
init_rw_utmp(dhcpc_t)
|
||||||
|
init_stream_connect(dhcpc_t)
|
||||||
|
init_stream_send(dhcpc_t)
|
||||||
|
@@ -333,6 +335,7 @@ domain_use_interactive_fds(ifconfig_t)
|
||||||
|
|
||||||
|
read_files_pattern(ifconfig_t, dhcpc_state_t, dhcpc_state_t)
|
||||||
|
|
||||||
|
+files_dontaudit_read_root_files(ifconfig_t)
|
||||||
|
files_read_etc_files(ifconfig_t)
|
||||||
|
files_read_etc_runtime_files(ifconfig_t)
|
||||||
|
files_read_usr_files(ifconfig_t)
|
||||||
|
@@ -348,7 +351,7 @@ term_dontaudit_use_all_ptys(ifconfig_t)
|
||||||
|
term_dontaudit_use_ptmx(ifconfig_t)
|
||||||
|
term_dontaudit_use_generic_ptys(ifconfig_t)
|
||||||
|
|
||||||
|
-files_dontaudit_read_root_files(ifconfig_t)
|
||||||
|
+auth_use_nsswitch(ifconfig_t)
|
||||||
|
|
||||||
|
init_use_fds(ifconfig_t)
|
||||||
|
init_use_script_ptys(ifconfig_t)
|
||||||
|
@@ -359,7 +362,6 @@ logging_send_syslog_msg(ifconfig_t)
|
||||||
|
|
||||||
|
miscfiles_read_localization(ifconfig_t)
|
||||||
|
|
||||||
|
-
|
||||||
|
seutil_use_runinit_fds(ifconfig_t)
|
||||||
|
|
||||||
|
sysnet_dns_name_resolve(ifconfig_t)
|
||||||
|
@@ -423,10 +425,6 @@ optional_policy(`
|
||||||
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
- nis_use_ypbind(ifconfig_t)
|
||||||
|
-')
|
||||||
|
-
|
||||||
|
-optional_policy(`
|
||||||
|
ppp_use_fds(ifconfig_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if
|
||||||
|
index 7581e7d..19ba4e1 100644
|
||||||
|
--- a/policy/modules/system/systemd.if
|
||||||
|
+++ b/policy/modules/system/systemd.if
|
||||||
|
@@ -51,6 +51,9 @@ interface(`systemd_exec_systemctl',`
|
||||||
|
init_list_pid_dirs($1)
|
||||||
|
init_read_state($1)
|
||||||
|
init_stream_send($1)
|
||||||
|
+
|
||||||
|
+ systemd_login_list_pid_dirs($1)
|
||||||
|
+ systemd_login_read_pid_files($1)
|
||||||
|
')
|
||||||
|
|
||||||
|
#######################################
|
||||||
|
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
|
||||||
|
index 9e08125..903d3d8 100644
|
||||||
|
--- a/policy/modules/system/systemd.te
|
||||||
|
+++ b/policy/modules/system/systemd.te
|
||||||
@@ -111,6 +111,7 @@ init_dbus_chat(systemd_logind_t)
|
@@ -111,6 +111,7 @@ init_dbus_chat(systemd_logind_t)
|
||||||
init_dbus_chat_script(systemd_logind_t)
|
init_dbus_chat_script(systemd_logind_t)
|
||||||
init_read_script_state(systemd_logind_t)
|
init_read_script_state(systemd_logind_t)
|
||||||
@ -201,7 +307,7 @@ diff -up serefpolicy-3.10.0/policy/modules/system/systemd.te.systemd serefpolicy
|
|||||||
|
|
||||||
logging_send_syslog_msg(systemd_logind_t)
|
logging_send_syslog_msg(systemd_logind_t)
|
||||||
|
|
||||||
@@ -198,6 +199,8 @@ kernel_read_network_state(systemd_tmpfil
|
@@ -198,6 +199,8 @@ kernel_read_network_state(systemd_tmpfiles_t)
|
||||||
files_delete_kernel_modules(systemd_tmpfiles_t)
|
files_delete_kernel_modules(systemd_tmpfiles_t)
|
||||||
|
|
||||||
dev_write_kmsg(systemd_tmpfiles_t)
|
dev_write_kmsg(systemd_tmpfiles_t)
|
||||||
@ -210,7 +316,7 @@ diff -up serefpolicy-3.10.0/policy/modules/system/systemd.te.systemd serefpolicy
|
|||||||
|
|
||||||
domain_obj_id_change_exemption(systemd_tmpfiles_t)
|
domain_obj_id_change_exemption(systemd_tmpfiles_t)
|
||||||
|
|
||||||
@@ -322,6 +325,8 @@ fs_getattr_cgroup_files(systemd_notify_t
|
@@ -322,6 +325,8 @@ fs_getattr_cgroup_files(systemd_notify_t)
|
||||||
|
|
||||||
auth_use_nsswitch(systemd_notify_t)
|
auth_use_nsswitch(systemd_notify_t)
|
||||||
|
|
||||||
@ -219,9 +325,10 @@ diff -up serefpolicy-3.10.0/policy/modules/system/systemd.te.systemd serefpolicy
|
|||||||
miscfiles_read_localization(systemd_notify_t)
|
miscfiles_read_localization(systemd_notify_t)
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/system/udev.te.systemd serefpolicy-3.10.0/policy/modules/system/udev.te
|
diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
|
||||||
--- serefpolicy-3.10.0/policy/modules/system/udev.te.systemd 2012-01-13 11:49:49.228428904 -0500
|
index 6a93c64..5ff6beb 100644
|
||||||
+++ serefpolicy-3.10.0/policy/modules/system/udev.te 2012-01-13 11:49:53.282133606 -0500
|
--- a/policy/modules/system/udev.te
|
||||||
|
+++ b/policy/modules/system/udev.te
|
||||||
@@ -333,6 +333,7 @@ optional_policy(`
|
@@ -333,6 +333,7 @@ optional_policy(`
|
||||||
kernel_read_xen_state(udev_t)
|
kernel_read_xen_state(udev_t)
|
||||||
xen_manage_log(udev_t)
|
xen_manage_log(udev_t)
|
||||||
@ -230,9 +337,10 @@ diff -up serefpolicy-3.10.0/policy/modules/system/udev.te.systemd serefpolicy-3.
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/system/xen.fc.systemd serefpolicy-3.10.0/policy/modules/system/xen.fc
|
diff --git a/policy/modules/system/xen.fc b/policy/modules/system/xen.fc
|
||||||
--- serefpolicy-3.10.0/policy/modules/system/xen.fc.systemd 2012-01-13 11:49:49.231428683 -0500
|
index a5ed06e..f22f770 100644
|
||||||
+++ serefpolicy-3.10.0/policy/modules/system/xen.fc 2012-01-13 11:49:53.282133606 -0500
|
--- a/policy/modules/system/xen.fc
|
||||||
|
+++ b/policy/modules/system/xen.fc
|
||||||
@@ -4,7 +4,7 @@
|
@@ -4,7 +4,7 @@
|
||||||
/usr/sbin/evtchnd -- gen_context(system_u:object_r:evtchnd_exec_t,s0)
|
/usr/sbin/evtchnd -- gen_context(system_u:object_r:evtchnd_exec_t,s0)
|
||||||
/usr/sbin/tapdisk -- gen_context(system_u:object_r:blktap_exec_t,s0)
|
/usr/sbin/tapdisk -- gen_context(system_u:object_r:blktap_exec_t,s0)
|
||||||
@ -242,10 +350,11 @@ diff -up serefpolicy-3.10.0/policy/modules/system/xen.fc.systemd serefpolicy-3.1
|
|||||||
|
|
||||||
ifdef(`distro_debian',`
|
ifdef(`distro_debian',`
|
||||||
/usr/lib/xen-[^/]*/bin/xenconsoled -- gen_context(system_u:object_r:xenconsoled_exec_t,s0)
|
/usr/lib/xen-[^/]*/bin/xenconsoled -- gen_context(system_u:object_r:xenconsoled_exec_t,s0)
|
||||||
diff -up serefpolicy-3.10.0/policy/modules/system/xen.te.systemd serefpolicy-3.10.0/policy/modules/system/xen.te
|
diff --git a/policy/modules/system/xen.te b/policy/modules/system/xen.te
|
||||||
--- serefpolicy-3.10.0/policy/modules/system/xen.te.systemd 2012-01-13 11:49:49.231428683 -0500
|
index 5d6dbad..9ab107b 100644
|
||||||
+++ serefpolicy-3.10.0/policy/modules/system/xen.te 2012-01-13 11:49:53.282133606 -0500
|
--- a/policy/modules/system/xen.te
|
||||||
@@ -167,6 +167,10 @@ files_pid_filetrans(evtchnd_t, evtchnd_v
|
+++ b/policy/modules/system/xen.te
|
||||||
|
@@ -167,6 +167,10 @@ files_pid_filetrans(evtchnd_t, evtchnd_var_run_t, { file sock_file dir })
|
||||||
#
|
#
|
||||||
# qemu-dm local policy
|
# qemu-dm local policy
|
||||||
#
|
#
|
||||||
|
@ -16,7 +16,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.10.0
|
Version: 3.10.0
|
||||||
Release: 74.1%{?dist}
|
Release: 74.2%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -473,6 +473,9 @@ SELinux Reference policy mls base module.
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jan 13 2012 Dan Walsh <dwalsh@redhat.com> 3.10.0-74.2
|
||||||
|
- Fixes to make rawhide boot in enforcing mode with latest systemd changes
|
||||||
|
|
||||||
* Wed Jan 11 2012 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-74
|
* Wed Jan 11 2012 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-74
|
||||||
- Add labeling for /var/run/systemd/journal/syslog
|
- Add labeling for /var/run/systemd/journal/syslog
|
||||||
- libvirt sends signals to ifconfig
|
- libvirt sends signals to ifconfig
|
||||||
|
Loading…
Reference in New Issue
Block a user