- Update to upstream
- Fix crontab use by unconfined user
This commit is contained in:
parent
2d17526681
commit
cd8bee594b
@ -1681,4 +1681,4 @@ livecd = module
|
|||||||
#
|
#
|
||||||
# Snort network intrusion detection system
|
# Snort network intrusion detection system
|
||||||
#
|
#
|
||||||
snort = base
|
snort = module
|
||||||
|
@ -358,18 +358,26 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
init_use_fds(consoletype_t)
|
init_use_fds(consoletype_t)
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-3.5.5/policy/modules/admin/firstboot.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-3.5.5/policy/modules/admin/firstboot.te
|
||||||
--- nsaserefpolicy/policy/modules/admin/firstboot.te 2008-08-25 09:12:31.000000000 -0400
|
--- nsaserefpolicy/policy/modules/admin/firstboot.te 2008-08-25 09:12:31.000000000 -0400
|
||||||
+++ serefpolicy-3.5.5/policy/modules/admin/firstboot.te 2008-08-25 10:50:15.000000000 -0400
|
+++ serefpolicy-3.5.5/policy/modules/admin/firstboot.te 2008-08-29 15:12:36.000000000 -0400
|
||||||
@@ -118,6 +118,10 @@
|
@@ -118,15 +118,7 @@
|
||||||
usermanage_domtrans_admin_passwd(firstboot_t)
|
usermanage_domtrans_admin_passwd(firstboot_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
-ifdef(`TODO',`
|
||||||
|
-allow firstboot_t proc_t:file write;
|
||||||
|
-
|
||||||
|
-ifdef(`printconf.te', `
|
||||||
|
- can_exec(firstboot_t, printconf_t)
|
||||||
|
-')
|
||||||
|
-
|
||||||
|
-ifdef(`userhelper.te', `
|
||||||
|
- role system_r types sysadm_userhelper_t;
|
||||||
|
- domain_auto_trans(firstboot_t, userhelper_exec_t, sysadm_userhelper_t)
|
||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
+ xserver_xdm_rw_shm(firstboot_t)
|
+ xserver_xdm_rw_shm(firstboot_t)
|
||||||
+')
|
+ xserver_unconfined(firstboot_t)
|
||||||
+
|
')
|
||||||
ifdef(`TODO',`
|
-') dnl end TODO
|
||||||
allow firstboot_t proc_t:file write;
|
|
||||||
|
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-3.5.5/policy/modules/admin/kudzu.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-3.5.5/policy/modules/admin/kudzu.te
|
||||||
--- nsaserefpolicy/policy/modules/admin/kudzu.te 2008-08-14 13:08:27.000000000 -0400
|
--- nsaserefpolicy/policy/modules/admin/kudzu.te 2008-08-14 13:08:27.000000000 -0400
|
||||||
+++ serefpolicy-3.5.5/policy/modules/admin/kudzu.te 2008-08-25 10:50:15.000000000 -0400
|
+++ serefpolicy-3.5.5/policy/modules/admin/kudzu.te 2008-08-25 10:50:15.000000000 -0400
|
||||||
@ -13492,7 +13500,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+
|
+
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.5.5/policy/modules/services/cups.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.5.5/policy/modules/services/cups.te
|
||||||
--- nsaserefpolicy/policy/modules/services/cups.te 2008-08-07 11:15:11.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/cups.te 2008-08-07 11:15:11.000000000 -0400
|
||||||
+++ serefpolicy-3.5.5/policy/modules/services/cups.te 2008-08-29 12:52:54.000000000 -0400
|
+++ serefpolicy-3.5.5/policy/modules/services/cups.te 2008-08-29 15:23:04.000000000 -0400
|
||||||
@@ -48,6 +48,9 @@
|
@@ -48,6 +48,9 @@
|
||||||
type hplip_t;
|
type hplip_t;
|
||||||
type hplip_exec_t;
|
type hplip_exec_t;
|
||||||
@ -13705,7 +13713,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
#
|
#
|
||||||
|
|
||||||
-allow cupsd_config_t self:capability { chown sys_tty_config };
|
-allow cupsd_config_t self:capability { chown sys_tty_config };
|
||||||
+allow cupsd_config_t self:capability { chown dav_override sys_tty_config };
|
+allow cupsd_config_t self:capability { chown dac_override sys_tty_config };
|
||||||
dontaudit cupsd_config_t self:capability sys_tty_config;
|
dontaudit cupsd_config_t self:capability sys_tty_config;
|
||||||
allow cupsd_config_t self:process signal_perms;
|
allow cupsd_config_t self:process signal_perms;
|
||||||
allow cupsd_config_t self:fifo_file rw_fifo_file_perms;
|
allow cupsd_config_t self:fifo_file rw_fifo_file_perms;
|
||||||
@ -24745,7 +24753,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+')
|
+')
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.5.5/policy/modules/services/snort.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.5.5/policy/modules/services/snort.te
|
||||||
--- nsaserefpolicy/policy/modules/services/snort.te 2008-08-07 11:15:11.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/snort.te 2008-08-07 11:15:11.000000000 -0400
|
||||||
+++ serefpolicy-3.5.5/policy/modules/services/snort.te 2008-08-25 10:50:15.000000000 -0400
|
+++ serefpolicy-3.5.5/policy/modules/services/snort.te 2008-08-29 15:22:50.000000000 -0400
|
||||||
@@ -10,8 +10,11 @@
|
@@ -10,8 +10,11 @@
|
||||||
type snort_exec_t;
|
type snort_exec_t;
|
||||||
init_daemon_domain(snort_t, snort_exec_t)
|
init_daemon_domain(snort_t, snort_exec_t)
|
||||||
@ -24784,7 +24792,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
sysadm_dontaudit_search_home_dirs(snort_t)
|
sysadm_dontaudit_search_home_dirs(snort_t)
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
+ prelude_rw_spool(snort_t)
|
+ prelude_manage_spool(snort_t)
|
||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
|
@ -17,7 +17,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.5.5
|
Version: 3.5.5
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -380,6 +380,10 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Aug 26 2008 Dan Walsh <dwalsh@redhat.com> 3.5.5-2
|
||||||
|
- Update to upstream
|
||||||
|
- Fix crontab use by unconfined user
|
||||||
|
|
||||||
* Tue Aug 12 2008 Dan Walsh <dwalsh@redhat.com> 3.5.4-2
|
* Tue Aug 12 2008 Dan Walsh <dwalsh@redhat.com> 3.5.4-2
|
||||||
- Allow ifconfig_t to read dhcpc_state_t
|
- Allow ifconfig_t to read dhcpc_state_t
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user