- Fix dbus reading /proc information

2008-12-22 22:51:28 +00:00 · 2008-12-22 22:51:28 +00:00 · cf8fd9f0cc
parent bae2e9888e
commit cf8fd9f0cc
2 changed files with 41 additions and 13 deletions
--- a/policy-20081111.patch
+++ b/policy-20081111.patch
@ -1289,9 +1289,20 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
 +	unconfined_domain(tmpreaper_t)
 +')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.if serefpolicy-3.6.1/policy/modules/admin/usermanage.if
+--- nsaserefpolicy/policy/modules/admin/usermanage.if	2008-11-11 16:13:49.000000000 -0500
+++ serefpolicy-3.6.1/policy/modules/admin/usermanage.if	2008-12-22 17:46:46.000000000 -0500
+@@ -138,6 +138,7 @@
+ 
+ 	usermanage_domtrans_passwd($1)
+ 	role $2 types passwd_t;
+	auth_run_chk_passwd(passwd_t, $2)
+ ')
+ 
+ ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.6.1/policy/modules/admin/usermanage.te
 --- nsaserefpolicy/policy/modules/admin/usermanage.te	2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.1/policy/modules/admin/usermanage.te	2008-11-25 09:45:43.000000000 -0500
+++ serefpolicy-3.6.1/policy/modules/admin/usermanage.te	2008-12-22 17:45:59.000000000 -0500
@@ -288,6 +288,7 @@
 term_use_all_user_ttys(passwd_t)
 term_use_all_user_ptys(passwd_t)
@ -11101,7 +11112,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 /var/run/dbus(/.*)?		gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.6.1/policy/modules/services/dbus.if
 --- nsaserefpolicy/policy/modules/services/dbus.if	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.1/policy/modules/services/dbus.if	2008-12-05 14:40:52.000000000 -0500
+++ serefpolicy-3.6.1/policy/modules/services/dbus.if	2008-12-22 17:29:41.000000000 -0500
@@ -44,6 +44,7 @@
 
 		attribute session_bus_type;
@ -11119,7 +11130,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 	allow $1_dbusd_t $3:process sigkill;
 	allow $3 $1_dbusd_t:fd use;
 	allow $3 $1_dbusd_t:fifo_file rw_fifo_file_perms;
-@@ -160,6 +161,10 @@
+@@ -117,6 +118,7 @@
+ 	dev_read_urand($1_dbusd_t)
+ 
+  	domain_use_interactive_fds($1_dbusd_t)
+	domain_read_all_domains_state($1_dbusd_t)
+ 
+ 	files_read_etc_files($1_dbusd_t)
+ 	files_list_home($1_dbusd_t)
+@@ -160,6 +162,10 @@
 	')
 
 	optional_policy(`
@ -11130,7 +11149,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 		hal_dbus_chat($1_dbusd_t)
 	')
 
-@@ -185,10 +190,12 @@
+@@ -185,10 +191,12 @@
 		type system_dbusd_t, system_dbusd_t;
 		type system_dbusd_var_run_t, system_dbusd_var_lib_t;
 		class dbus send_msg;
@ -11144,7 +11163,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 
 	read_files_pattern($1, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
 	files_search_var_lib($1)
-@@ -197,6 +204,10 @@
+@@ -197,6 +205,10 @@
 	files_search_pids($1)
 	stream_connect_pattern($1, system_dbusd_var_run_t, system_dbusd_var_run_t, system_dbusd_t)
 	dbus_read_config($1)
@ -11155,7 +11174,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 
 #######################################
-@@ -244,6 +255,35 @@
+@@ -244,6 +256,35 @@
 
 ########################################
 ## <summary>
@ -11191,7 +11210,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ##	Read dbus configuration.
 ## </summary>
 ## <param name="domain">
-@@ -318,3 +358,77 @@
+@@ -318,3 +359,77 @@
 
 	allow $1 system_dbusd_t:dbus *;
 ')
@ -11271,7 +11290,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.6.1/policy/modules/services/dbus.te
 --- nsaserefpolicy/policy/modules/services/dbus.te	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.1/policy/modules/services/dbus.te	2008-12-17 16:46:31.000000000 -0500
+++ serefpolicy-3.6.1/policy/modules/services/dbus.te	2008-12-22 17:29:13.000000000 -0500
@@ -9,14 +9,15 @@
 #
 # Delcarations
@ -16254,8 +16273,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.te serefpolicy-3.6.1/policy/modules/services/polkit.te
 --- nsaserefpolicy/policy/modules/services/polkit.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.1/policy/modules/services/polkit.te	2008-12-08 10:25:12.000000000 -0500
-@@ -0,0 +1,224 @@
+++ serefpolicy-3.6.1/policy/modules/services/polkit.te	2008-12-22 17:31:32.000000000 -0500
+@@ -0,0 +1,229 @@
 +policy_module(polkit_auth, 1.0.0)
 +
 +########################################
@ -16389,6 +16408,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	hal_read_state(polkit_auth_t)
 +')
 +
+optional_policy(`
+	xserver_dontaudit_write_log(polkit_auth_t)
+')
+
 +########################################
 +#
 +# polkit_grant local policy
@ -16480,6 +16503,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
 +	unconfined_ptrace(polkit_resolve_t)
 +')
+
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.fc serefpolicy-3.6.1/policy/modules/services/portreserve.fc
 --- nsaserefpolicy/policy/modules/services/portreserve.fc	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-3.6.1/policy/modules/services/portreserve.fc	2008-11-25 09:45:43.000000000 -0500
@ -21354,7 +21378,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 /var/lib/pam_devperm/:0	--	gen_context(system_u:object_r:xdm_var_lib_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.6.1/policy/modules/services/xserver.if
 --- nsaserefpolicy/policy/modules/services/xserver.if	2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.1/policy/modules/services/xserver.if	2008-12-11 14:52:07.000000000 -0500
+++ serefpolicy-3.6.1/policy/modules/services/xserver.if	2008-12-22 17:33:28.000000000 -0500
@@ -397,11 +397,12 @@
 	gen_require(`
 		type xdm_t, xdm_tmp_t;
@ -21472,7 +21496,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 	domtrans_pattern($1, xserver_exec_t, xserver_t)
 ')
 
-@@ -1159,6 +1210,252 @@
+@@ -1159,6 +1210,253 @@
 
 ########################################
 ## <summary>
@ -21640,6 +21664,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	xserver_stream_connect_xdm($1)
 +	xserver_read_xdm_tmp_files($1)
 +	xserver_xdm_stream_connect($1)
+	xserver_setattr_xdm_tmp_dirs($1)
 +
 +	allow $1 xdm_t:x_client { getattr destroy };
 +	allow $1 xdm_t:x_drawable { read receive get_property getattr send list_child add_child };
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.1
-Release: 12%{?dist}
+Release: 13%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@ -446,6 +446,9 @@ exit 0
 %endif

 %changelog
+* Mon Dec 22 2008 Dan Walsh <dwalsh@redhat.com> 3.6.1-13
+- Fix dbus reading /proc information
+
 * Thu Dec 18 2008 Dan Walsh <dwalsh@redhat.com> 3.6.1-12
 - Add missing alias for home directory content