- Change init_t to an unconfined_domain
This commit is contained in:
Daniel J Walsh
parent
41617c099b
commit
ceda8feb68
@ -26326,7 +26326,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
|
|||||||
+
|
+
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.3.1/policy/modules/system/init.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.3.1/policy/modules/system/init.te
|
||||||
--- nsaserefpolicy/policy/modules/system/init.te 2008-02-26 08:17:43.000000000 -0500
|
--- nsaserefpolicy/policy/modules/system/init.te 2008-02-26 08:17:43.000000000 -0500
|
||||||
+++ serefpolicy-3.3.1/policy/modules/system/init.te 2008-03-12 08:33:31.000000000 -0400
|
+++ serefpolicy-3.3.1/policy/modules/system/init.te 2008-03-12 08:37:59.000000000 -0400
|
||||||
@@ -10,6 +10,20 @@
|
@@ -10,6 +10,20 @@
|
||||||
# Declarations
|
# Declarations
|
||||||
#
|
#
|
||||||
@ -26461,20 +26461,26 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
|
|||||||
dontaudit initrc_t self:capability sys_module; # sysctl is triggering this
|
dontaudit initrc_t self:capability sys_module; # sysctl is triggering this
|
||||||
allow initrc_t self:passwd rootok;
|
allow initrc_t self:passwd rootok;
|
||||||
|
|
||||||
@@ -201,10 +239,9 @@
|
@@ -198,13 +236,14 @@
|
||||||
allow initrc_t initrc_devpts_t:chr_file rw_term_perms;
|
allow initrc_t self:udp_socket create_socket_perms;
|
||||||
|
allow initrc_t self:fifo_file rw_file_perms;
|
||||||
|
|
||||||
|
-allow initrc_t initrc_devpts_t:chr_file rw_term_perms;
|
||||||
|
+allow init_t initrc_t:unix_dgram_socket sendto;
|
||||||
|
+
|
||||||
term_create_pty(initrc_t,initrc_devpts_t)
|
term_create_pty(initrc_t,initrc_devpts_t)
|
||||||
|
|
||||||
-# Going to single user mode
|
-# Going to single user mode
|
||||||
-init_exec(initrc_t)
|
-init_exec(initrc_t)
|
||||||
+init_telinit(initrc_t)
|
+init_telinit(initrc_t)
|
||||||
|
+init_chat(initrc_t)
|
||||||
|
|
||||||
-can_exec(initrc_t,initrc_exec_t)
|
-can_exec(initrc_t,initrc_exec_t)
|
||||||
+can_exec(initrc_t,initscript)
|
+can_exec(initrc_t,initscript)
|
||||||
|
|
||||||
manage_dirs_pattern(initrc_t,initrc_state_t,initrc_state_t)
|
manage_dirs_pattern(initrc_t,initrc_state_t,initrc_state_t)
|
||||||
manage_files_pattern(initrc_t,initrc_state_t,initrc_state_t)
|
manage_files_pattern(initrc_t,initrc_state_t,initrc_state_t)
|
||||||
@@ -257,7 +294,7 @@
|
@@ -257,7 +296,7 @@
|
||||||
dev_read_sound_mixer(initrc_t)
|
dev_read_sound_mixer(initrc_t)
|
||||||
dev_write_sound_mixer(initrc_t)
|
dev_write_sound_mixer(initrc_t)
|
||||||
dev_setattr_all_chr_files(initrc_t)
|
dev_setattr_all_chr_files(initrc_t)
|
||||||
@ -26483,7 +26489,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
|
|||||||
dev_delete_lvm_control_dev(initrc_t)
|
dev_delete_lvm_control_dev(initrc_t)
|
||||||
dev_manage_generic_symlinks(initrc_t)
|
dev_manage_generic_symlinks(initrc_t)
|
||||||
dev_manage_generic_files(initrc_t)
|
dev_manage_generic_files(initrc_t)
|
||||||
@@ -283,7 +320,6 @@
|
@@ -283,7 +322,6 @@
|
||||||
mls_process_read_up(initrc_t)
|
mls_process_read_up(initrc_t)
|
||||||
mls_process_write_down(initrc_t)
|
mls_process_write_down(initrc_t)
|
||||||
mls_rangetrans_source(initrc_t)
|
mls_rangetrans_source(initrc_t)
|
||||||
@ -26491,7 +26497,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
|
|||||||
|
|
||||||
selinux_get_enforce_mode(initrc_t)
|
selinux_get_enforce_mode(initrc_t)
|
||||||
|
|
||||||
@@ -496,6 +532,31 @@
|
@@ -496,6 +534,31 @@
|
||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -26523,7 +26529,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
amavis_search_lib(initrc_t)
|
amavis_search_lib(initrc_t)
|
||||||
amavis_setattr_pid_files(initrc_t)
|
amavis_setattr_pid_files(initrc_t)
|
||||||
@@ -559,14 +620,6 @@
|
@@ -559,14 +622,6 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -26538,7 +26544,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
|
|||||||
ftp_read_config(initrc_t)
|
ftp_read_config(initrc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -639,12 +692,6 @@
|
@@ -639,12 +694,6 @@
|
||||||
mta_read_config(initrc_t)
|
mta_read_config(initrc_t)
|
||||||
mta_dontaudit_read_spool_symlinks(initrc_t)
|
mta_dontaudit_read_spool_symlinks(initrc_t)
|
||||||
')
|
')
|
||||||
@ -26551,7 +26557,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
|
|||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
ifdef(`distro_redhat',`
|
ifdef(`distro_redhat',`
|
||||||
@@ -705,6 +752,9 @@
|
@@ -705,6 +754,9 @@
|
||||||
|
|
||||||
# why is this needed:
|
# why is this needed:
|
||||||
rpm_manage_db(initrc_t)
|
rpm_manage_db(initrc_t)
|
||||||
@ -26561,7 +26567,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -717,9 +767,11 @@
|
@@ -717,9 +769,11 @@
|
||||||
squid_manage_logs(initrc_t)
|
squid_manage_logs(initrc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -26576,7 +26582,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -738,6 +790,11 @@
|
@@ -738,6 +792,11 @@
|
||||||
uml_setattr_util_sockets(initrc_t)
|
uml_setattr_util_sockets(initrc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -26588,7 +26594,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
unconfined_domain(initrc_t)
|
unconfined_domain(initrc_t)
|
||||||
|
|
||||||
@@ -752,6 +809,10 @@
|
@@ -752,6 +811,10 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -26599,7 +26605,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
|
|||||||
vmware_read_system_config(initrc_t)
|
vmware_read_system_config(initrc_t)
|
||||||
vmware_append_system_config(initrc_t)
|
vmware_append_system_config(initrc_t)
|
||||||
')
|
')
|
||||||
@@ -774,3 +835,4 @@
|
@@ -774,3 +837,4 @@
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
zebra_read_config(initrc_t)
|
zebra_read_config(initrc_t)
|
||||||
')
|
')
|
||||||
|
|||||||
@ -17,7 +17,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.3.1
|
Version: 3.3.1
|
||||||
Release: 15%{?dist}
|
Release: 16%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -388,6 +388,9 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Mar 12 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-16
|
||||||
|
- Change init_t to an unconfined_domain
|
||||||
|
|
||||||
* Tue Mar 11 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-15
|
* Tue Mar 11 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-15
|
||||||
- Allow init to transition to initrc_t on shell exec.
|
- Allow init to transition to initrc_t on shell exec.
|
||||||
- Fix init to be able to sendto init_t.
|
- Fix init to be able to sendto init_t.
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user