- Update to upstream

- Fix crontab use by unconfined user
This commit is contained in:
Daniel J Walsh 2008-08-29 19:29:23 +00:00
parent 2d17526681
commit cd8bee594b
3 changed files with 25 additions and 13 deletions

View File

@ -1681,4 +1681,4 @@ livecd = module
# #
# Snort network intrusion detection system # Snort network intrusion detection system
# #
snort = base snort = module

View File

@ -358,18 +358,26 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
init_use_fds(consoletype_t) init_use_fds(consoletype_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-3.5.5/policy/modules/admin/firstboot.te diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-3.5.5/policy/modules/admin/firstboot.te
--- nsaserefpolicy/policy/modules/admin/firstboot.te 2008-08-25 09:12:31.000000000 -0400 --- nsaserefpolicy/policy/modules/admin/firstboot.te 2008-08-25 09:12:31.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/admin/firstboot.te 2008-08-25 10:50:15.000000000 -0400 +++ serefpolicy-3.5.5/policy/modules/admin/firstboot.te 2008-08-29 15:12:36.000000000 -0400
@@ -118,6 +118,10 @@ @@ -118,15 +118,7 @@
usermanage_domtrans_admin_passwd(firstboot_t) usermanage_domtrans_admin_passwd(firstboot_t)
') ')
-ifdef(`TODO',`
-allow firstboot_t proc_t:file write;
-
-ifdef(`printconf.te', `
- can_exec(firstboot_t, printconf_t)
-')
-
-ifdef(`userhelper.te', `
- role system_r types sysadm_userhelper_t;
- domain_auto_trans(firstboot_t, userhelper_exec_t, sysadm_userhelper_t)
+optional_policy(` +optional_policy(`
+ xserver_xdm_rw_shm(firstboot_t) + xserver_xdm_rw_shm(firstboot_t)
+') + xserver_unconfined(firstboot_t)
+ ')
ifdef(`TODO',` -') dnl end TODO
allow firstboot_t proc_t:file write;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-3.5.5/policy/modules/admin/kudzu.te diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-3.5.5/policy/modules/admin/kudzu.te
--- nsaserefpolicy/policy/modules/admin/kudzu.te 2008-08-14 13:08:27.000000000 -0400 --- nsaserefpolicy/policy/modules/admin/kudzu.te 2008-08-14 13:08:27.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/admin/kudzu.te 2008-08-25 10:50:15.000000000 -0400 +++ serefpolicy-3.5.5/policy/modules/admin/kudzu.te 2008-08-25 10:50:15.000000000 -0400
@ -13492,7 +13500,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ +
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.5.5/policy/modules/services/cups.te diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.5.5/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2008-08-07 11:15:11.000000000 -0400 --- nsaserefpolicy/policy/modules/services/cups.te 2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/cups.te 2008-08-29 12:52:54.000000000 -0400 +++ serefpolicy-3.5.5/policy/modules/services/cups.te 2008-08-29 15:23:04.000000000 -0400
@@ -48,6 +48,9 @@ @@ -48,6 +48,9 @@
type hplip_t; type hplip_t;
type hplip_exec_t; type hplip_exec_t;
@ -13705,7 +13713,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# #
-allow cupsd_config_t self:capability { chown sys_tty_config }; -allow cupsd_config_t self:capability { chown sys_tty_config };
+allow cupsd_config_t self:capability { chown dav_override sys_tty_config }; +allow cupsd_config_t self:capability { chown dac_override sys_tty_config };
dontaudit cupsd_config_t self:capability sys_tty_config; dontaudit cupsd_config_t self:capability sys_tty_config;
allow cupsd_config_t self:process signal_perms; allow cupsd_config_t self:process signal_perms;
allow cupsd_config_t self:fifo_file rw_fifo_file_perms; allow cupsd_config_t self:fifo_file rw_fifo_file_perms;
@ -24745,7 +24753,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+') +')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.5.5/policy/modules/services/snort.te diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.5.5/policy/modules/services/snort.te
--- nsaserefpolicy/policy/modules/services/snort.te 2008-08-07 11:15:11.000000000 -0400 --- nsaserefpolicy/policy/modules/services/snort.te 2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.5/policy/modules/services/snort.te 2008-08-25 10:50:15.000000000 -0400 +++ serefpolicy-3.5.5/policy/modules/services/snort.te 2008-08-29 15:22:50.000000000 -0400
@@ -10,8 +10,11 @@ @@ -10,8 +10,11 @@
type snort_exec_t; type snort_exec_t;
init_daemon_domain(snort_t, snort_exec_t) init_daemon_domain(snort_t, snort_exec_t)
@ -24784,7 +24792,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
sysadm_dontaudit_search_home_dirs(snort_t) sysadm_dontaudit_search_home_dirs(snort_t)
optional_policy(` optional_policy(`
+ prelude_rw_spool(snort_t) + prelude_manage_spool(snort_t)
+') +')
+ +
+optional_policy(` +optional_policy(`

View File

@ -17,7 +17,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.5.5 Version: 3.5.5
Release: 1%{?dist} Release: 2%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Source: serefpolicy-%{version}.tgz Source: serefpolicy-%{version}.tgz
@ -380,6 +380,10 @@ exit 0
%endif %endif
%changelog %changelog
* Tue Aug 26 2008 Dan Walsh <dwalsh@redhat.com> 3.5.5-2
- Update to upstream
- Fix crontab use by unconfined user
* Tue Aug 12 2008 Dan Walsh <dwalsh@redhat.com> 3.5.4-2 * Tue Aug 12 2008 Dan Walsh <dwalsh@redhat.com> 3.5.4-2
- Allow ifconfig_t to read dhcpc_state_t - Allow ifconfig_t to read dhcpc_state_t