rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Update to upstream

Browse Source 
- Fix crontab use by unconfined user
This commit is contained in:
Daniel J Walsh 2008-08-29 19:29:23 +00:00
parent 2d17526681
commit cd8bee594b
3 changed files with 25 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules-targeted.conf
View File

@ -1681,4 +1681,4 @@ livecd = module
#
# Snort network intrusion detection system
#
snort = base
snort = module

30
policy-20080710.patch
View File

@ -358,18 +358,26 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
init_use_fds(consoletype_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-3.5.5/policy/modules/admin/firstboot.te
--- nsaserefpolicy/policy/modules/admin/firstboot.te 2008-08-25 09:12:31.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/admin/firstboot.te 2008-08-25 10:50:15.000000000 -0400
@@ -118,6 +118,10 @@
+++ serefpolicy-3.5.5/policy/modules/admin/firstboot.te 2008-08-29 15:12:36.000000000 -0400
@@ -118,15 +118,7 @@
usermanage_domtrans_admin_passwd(firstboot_t)
')
-ifdef(`TODO',`
-allow firstboot_t proc_t:file write;
-
-ifdef(`printconf.te', `
- can_exec(firstboot_t, printconf_t)
-')
-
-ifdef(`userhelper.te', `
- role system_r types sysadm_userhelper_t;
- domain_auto_trans(firstboot_t, userhelper_exec_t, sysadm_userhelper_t)
+optional_policy(`
+ xserver_xdm_rw_shm(firstboot_t)
+')
+
ifdef(`TODO',`
allow firstboot_t proc_t:file write;
+ xserver_unconfined(firstboot_t)
')
-') dnl end TODO
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-3.5.5/policy/modules/admin/kudzu.te
--- nsaserefpolicy/policy/modules/admin/kudzu.te 2008-08-14 13:08:27.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/admin/kudzu.te 2008-08-25 10:50:15.000000000 -0400
@ -13492,7 +13500,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.5.5/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/cups.te 2008-08-29 12:52:54.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/cups.te 2008-08-29 15:23:04.000000000 -0400
@@ -48,6 +48,9 @@
type hplip_t;
type hplip_exec_t;
@ -13705,7 +13713,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#
-allow cupsd_config_t self:capability { chown sys_tty_config };
+allow cupsd_config_t self:capability { chown dav_override sys_tty_config };
+allow cupsd_config_t self:capability { chown dac_override sys_tty_config };
dontaudit cupsd_config_t self:capability sys_tty_config;
allow cupsd_config_t self:process signal_perms;
allow cupsd_config_t self:fifo_file rw_fifo_file_perms;
@ -24745,7 +24753,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.5.5/policy/modules/services/snort.te
--- nsaserefpolicy/policy/modules/services/snort.te 2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/snort.te 2008-08-25 10:50:15.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/snort.te 2008-08-29 15:22:50.000000000 -0400
@@ -10,8 +10,11 @@
type snort_exec_t;
init_daemon_domain(snort_t, snort_exec_t)
@ -24784,7 +24792,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
sysadm_dontaudit_search_home_dirs(snort_t)
optional_policy(`
+ prelude_rw_spool(snort_t)
+ prelude_manage_spool(snort_t)
+')
+
+optional_policy(`

6
selinux-policy.spec
View File

@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.5.5
Release: 1%{?dist}
Release: 2%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@ -380,6 +380,10 @@ exit 0
%endif
%changelog
* Tue Aug 26 2008 Dan Walsh <dwalsh@redhat.com> 3.5.5-2
- Update to upstream
- Fix crontab use by unconfined user
* Tue Aug 12 2008 Dan Walsh <dwalsh@redhat.com> 3.5.4-2
- Allow ifconfig_t to read dhcpc_state_t