- Fix label for /usr/share/munin/plugins/munin_* plugins
- Add support for zarafa-indexer - Fix boolean description - Allow colord to getattr on /proc/scsi/scsi - Add label for /lib/upstart/init - Colord needs to list /mnt
This commit is contained in:
Miroslav Grepl
parent
cead053ef4
commit
cfc00b53cb
118
policy-F16.patch
118
policy-F16.patch
|
|
@ -3875,7 +3875,7 @@ index 00a19e3..55075f9 100644
|
|||
+/usr/libexec/gnome-system-monitor-mechanism -- gen_context(system_u:object_r:gnomesystemmm_exec_t,s0)
|
||||
+/usr/libexec/kde(3|4)/ksysguardprocesslist_helper -- gen_context(system_u:object_r:gnomesystemmm_exec_t,s0)
|
||||
diff --git a/policy/modules/apps/gnome.if b/policy/modules/apps/gnome.if
|
||||
index f5afe78..3ca01ec 100644
|
||||
index f5afe78..c9f63b0 100644
|
||||
--- a/policy/modules/apps/gnome.if
|
||||
+++ b/policy/modules/apps/gnome.if
|
||||
@@ -1,44 +1,623 @@
|
||||
|
|
@ -3981,7 +3981,7 @@ index f5afe78..3ca01ec 100644
|
|||
+ allow $1_gkeyringd_t $3:dbus send_msg;
|
||||
+ allow $3 $1_gkeyringd_t:dbus send_msg;
|
||||
+ optional_policy(`
|
||||
+ dbus_session_domain($1_gkeyringd_t, gkeyringd_exec_t)
|
||||
+ dbus_session_domain($1, gkeyringd_exec_t, $1_gkeyringd_t)
|
||||
+ dbus_session_bus_client($1_gkeyringd_t)
|
||||
+ gnome_home_dir_filetrans($1_gkeyringd_t)
|
||||
+ gnome_manage_generic_home_dirs($1_gkeyringd_t)
|
||||
|
|
@ -9466,10 +9466,10 @@ index 0000000..8a7ed4f
|
|||
+/usr/libexec/telepathy-sunshine -- gen_context(system_u:object_r:telepathy_sunshine_exec_t, s0)
|
||||
diff --git a/policy/modules/apps/telepathy.if b/policy/modules/apps/telepathy.if
|
||||
new file mode 100644
|
||||
index 0000000..6878d68
|
||||
index 0000000..f6acf24
|
||||
--- /dev/null
|
||||
+++ b/policy/modules/apps/telepathy.if
|
||||
@@ -0,0 +1,193 @@
|
||||
@@ -0,0 +1,191 @@
|
||||
+
|
||||
+## <summary>Telepathy framework.</summary>
|
||||
+
|
||||
|
|
@ -9500,8 +9500,6 @@ index 0000000..6878d68
|
|||
+ type telepathy_$1_tmp_t;
|
||||
+ files_tmp_file(telepathy_$1_tmp_t)
|
||||
+ ubac_constrained(telepathy_$1_tmp_t)
|
||||
+
|
||||
+ dbus_session_domain(telepathy_$1_t, telepathy_$1_exec_t)
|
||||
+')
|
||||
+
|
||||
+#######################################
|
||||
|
|
@ -15378,7 +15376,7 @@ index 069d36c..8cbeefb 100644
|
|||
+')
|
||||
+
|
||||
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
|
||||
index 5001b89..e1fe78d 100644
|
||||
index 5001b89..c90e93e 100644
|
||||
--- a/policy/modules/kernel/kernel.te
|
||||
+++ b/policy/modules/kernel/kernel.te
|
||||
@@ -50,6 +50,8 @@ sid kernel gen_context(system_u:system_r:kernel_t,mls_systemhigh)
|
||||
|
|
@ -15403,7 +15401,7 @@ index 5001b89..e1fe78d 100644
|
|||
dev_delete_generic_chr_files(kernel_t)
|
||||
dev_mounton(kernel_t)
|
||||
+dev_filetrans_all_named_dev(kernel_t)
|
||||
+storage_filetrans_all_named_dev(kernel_t)
|
||||
+#storage_filetrans_all_named_dev(kernel_t)
|
||||
+term_filetrans_all_named_dev(kernel_t)
|
||||
|
||||
# Mount root file system. Used when loading a policy
|
||||
|
|
@ -16818,7 +16816,7 @@ index be4de58..cce681a 100644
|
|||
########################################
|
||||
#
|
||||
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
|
||||
index 2be17d2..ddb6f0a 100644
|
||||
index 2be17d2..1663532 100644
|
||||
--- a/policy/modules/roles/staff.te
|
||||
+++ b/policy/modules/roles/staff.te
|
||||
@@ -8,12 +8,51 @@ policy_module(staff, 2.2.0)
|
||||
|
|
@ -16873,7 +16871,7 @@ index 2be17d2..ddb6f0a 100644
|
|||
optional_policy(`
|
||||
apache_role(staff_r, staff_t)
|
||||
')
|
||||
@@ -27,25 +66,139 @@ optional_policy(`
|
||||
@@ -27,25 +66,138 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -16895,7 +16893,6 @@ index 2be17d2..ddb6f0a 100644
|
|||
+
|
||||
+optional_policy(`
|
||||
+ gnome_role(staff_r, staff_t)
|
||||
+ gnome_role_gkeyringd(staff, staff_r, staff_t)
|
||||
+')
|
||||
+
|
||||
+optional_policy(`
|
||||
|
|
@ -17015,7 +17012,7 @@ index 2be17d2..ddb6f0a 100644
|
|||
|
||||
optional_policy(`
|
||||
vlock_run(staff_t, staff_r)
|
||||
@@ -89,10 +242,6 @@ ifndef(`distro_redhat',`
|
||||
@@ -89,10 +241,6 @@ ifndef(`distro_redhat',`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -17026,7 +17023,7 @@ index 2be17d2..ddb6f0a 100644
|
|||
gpg_role(staff_r, staff_t)
|
||||
')
|
||||
|
||||
@@ -137,10 +286,6 @@ ifndef(`distro_redhat',`
|
||||
@@ -137,10 +285,6 @@ ifndef(`distro_redhat',`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -17037,7 +17034,7 @@ index 2be17d2..ddb6f0a 100644
|
|||
spamassassin_role(staff_r, staff_t)
|
||||
')
|
||||
|
||||
@@ -172,3 +317,7 @@ ifndef(`distro_redhat',`
|
||||
@@ -172,3 +316,7 @@ ifndef(`distro_redhat',`
|
||||
wireshark_role(staff_r, staff_t)
|
||||
')
|
||||
')
|
||||
|
|
@ -18656,10 +18653,10 @@ index 0000000..4cf791b
|
|||
+gen_user(unconfined_u, user, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
|
||||
+
|
||||
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
|
||||
index e5bfdd4..dc6b88f 100644
|
||||
index e5bfdd4..425ea6f 100644
|
||||
--- a/policy/modules/roles/unprivuser.te
|
||||
+++ b/policy/modules/roles/unprivuser.te
|
||||
@@ -12,15 +12,75 @@ role user_r;
|
||||
@@ -12,15 +12,74 @@ role user_r;
|
||||
|
||||
userdom_unpriv_user_template(user)
|
||||
|
||||
|
|
@ -18686,7 +18683,6 @@ index e5bfdd4..dc6b88f 100644
|
|||
+
|
||||
+optional_policy(`
|
||||
+ gnome_role(user_r, user_t)
|
||||
+
|
||||
+')
|
||||
+
|
||||
+optional_policy(`
|
||||
|
|
@ -18727,15 +18723,15 @@ index e5bfdd4..dc6b88f 100644
|
|||
+ setroubleshoot_dontaudit_stream_connect(user_t)
|
||||
+')
|
||||
+
|
||||
+optional_policy(`
|
||||
+ telepathy_dbus_session_role(user_r, user_t)
|
||||
+')
|
||||
+#optional_policy(`
|
||||
+# telepathy_dbus_session_role(user_r, user_t)
|
||||
+#')
|
||||
+
|
||||
+optional_policy(`
|
||||
vlock_run(user_t, user_r)
|
||||
')
|
||||
|
||||
@@ -62,10 +122,6 @@ ifndef(`distro_redhat',`
|
||||
@@ -62,10 +121,6 @@ ifndef(`distro_redhat',`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -18746,7 +18742,7 @@ index e5bfdd4..dc6b88f 100644
|
|||
gpg_role(user_r, user_t)
|
||||
')
|
||||
|
||||
@@ -118,11 +174,7 @@ ifndef(`distro_redhat',`
|
||||
@@ -118,11 +173,7 @@ ifndef(`distro_redhat',`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -18759,7 +18755,7 @@ index e5bfdd4..dc6b88f 100644
|
|||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -157,3 +209,4 @@ ifndef(`distro_redhat',`
|
||||
@@ -157,3 +208,4 @@ ifndef(`distro_redhat',`
|
||||
wireshark_role(user_r, user_t)
|
||||
')
|
||||
')
|
||||
|
|
@ -24810,7 +24806,7 @@ index 0000000..939d76e
|
|||
+')
|
||||
diff --git a/policy/modules/services/colord.te b/policy/modules/services/colord.te
|
||||
new file mode 100644
|
||||
index 0000000..13278c0
|
||||
index 0000000..d8c9b6e
|
||||
--- /dev/null
|
||||
+++ b/policy/modules/services/colord.te
|
||||
@@ -0,0 +1,106 @@
|
||||
|
|
@ -24838,9 +24834,7 @@ index 0000000..13278c0
|
|||
+#
|
||||
+# colord local policy
|
||||
+#
|
||||
+
|
||||
+allow colord_t self:process signal;
|
||||
+
|
||||
+allow colord_t self:fifo_file rw_fifo_file_perms;
|
||||
+allow colord_t self:netlink_kobject_uevent_socket create_socket_perms;
|
||||
+allow colord_t self:udp_socket create_socket_perms;
|
||||
|
|
@ -24858,6 +24852,7 @@ index 0000000..13278c0
|
|||
+manage_files_pattern(colord_t, colord_var_lib_t, colord_var_lib_t)
|
||||
+files_var_lib_filetrans(colord_t, colord_var_lib_t, { file dir })
|
||||
+
|
||||
+kernel_getattr_proc_files(colord_t)
|
||||
+kernel_read_device_sysctls(colord_t)
|
||||
+
|
||||
+corenet_udp_bind_generic_node(colord_t)
|
||||
|
|
@ -24879,6 +24874,7 @@ index 0000000..13278c0
|
|||
+
|
||||
+domain_use_interactive_fds(colord_t)
|
||||
+
|
||||
+files_list_mnt(colord_t)
|
||||
+files_read_etc_files(colord_t)
|
||||
+files_read_usr_files(colord_t)
|
||||
+
|
||||
|
|
@ -26521,7 +26517,7 @@ index 81eba14..d0ab56c 100644
|
|||
/usr/bin/dbus-daemon(-1)? -- gen_context(system_u:object_r:dbusd_exec_t,s0)
|
||||
/usr/libexec/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
|
||||
diff --git a/policy/modules/services/dbus.if b/policy/modules/services/dbus.if
|
||||
index 0d5711c..85a1dc0 100644
|
||||
index 0d5711c..a0c951e 100644
|
||||
--- a/policy/modules/services/dbus.if
|
||||
+++ b/policy/modules/services/dbus.if
|
||||
@@ -41,9 +41,9 @@ interface(`dbus_stub',`
|
||||
|
|
@ -26682,6 +26678,24 @@ index 0d5711c..85a1dc0 100644
|
|||
+ allow session_bus_type $1:process sigkill;
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -335,13 +377,13 @@ interface(`dbus_connect_session_bus',`
|
||||
#
|
||||
interface(`dbus_session_domain',`
|
||||
gen_require(`
|
||||
- attribute session_bus_type;
|
||||
+ type $1_dbusd_t;
|
||||
')
|
||||
|
||||
- domtrans_pattern(session_bus_type, $2, $1)
|
||||
+ domtrans_pattern($1_dbusd_t, $2, $3)
|
||||
|
||||
- dbus_session_bus_client($1)
|
||||
- dbus_connect_session_bus($1)
|
||||
+ dbus_session_bus_client($3)
|
||||
+ dbus_connect_session_bus($3)
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -431,14 +473,28 @@ interface(`dbus_system_domain',`
|
||||
|
||||
|
|
@ -28914,7 +28928,7 @@ index 6bef7f8..464669c 100644
|
|||
+ admin_pattern($1, exim_var_run_t)
|
||||
+')
|
||||
diff --git a/policy/modules/services/exim.te b/policy/modules/services/exim.te
|
||||
index f28f64b..18c3c33 100644
|
||||
index f28f64b..0b19f11 100644
|
||||
--- a/policy/modules/services/exim.te
|
||||
+++ b/policy/modules/services/exim.te
|
||||
@@ -6,24 +6,24 @@ policy_module(exim, 1.5.0)
|
||||
|
|
@ -28925,7 +28939,7 @@ index f28f64b..18c3c33 100644
|
|||
-## Allow exim to connect to databases (postgres, mysql)
|
||||
-## </p>
|
||||
+## <p>
|
||||
+## Allow exim to connect to databases (postgres, mysql)
|
||||
+## Allow exim to connect to databases (PostgreSQL, MySQL)
|
||||
+## </p>
|
||||
## </desc>
|
||||
gen_tunable(exim_can_connect_db, false)
|
||||
|
|
@ -29196,7 +29210,7 @@ index 0000000..84d1768
|
|||
+')
|
||||
diff --git a/policy/modules/services/firewalld.te b/policy/modules/services/firewalld.te
|
||||
new file mode 100644
|
||||
index 0000000..a63cabe
|
||||
index 0000000..8dcd6e4
|
||||
--- /dev/null
|
||||
+++ b/policy/modules/services/firewalld.te
|
||||
@@ -0,0 +1,68 @@
|
||||
|
|
@ -29225,7 +29239,7 @@ index 0000000..a63cabe
|
|||
+#
|
||||
+# firewalld local policy
|
||||
+#
|
||||
+
|
||||
+dontaudit firewalld_t self:capability sys_tty_config;
|
||||
+allow firewalld_t self:fifo_file rw_fifo_file_perms;
|
||||
+allow firewalld_t self:unix_stream_socket create_stream_socket_perms;
|
||||
+
|
||||
|
|
@ -34861,14 +34875,14 @@ index 64268e4..9ddac52 100644
|
|||
+ exim_manage_log(user_mail_domain)
|
||||
+')
|
||||
diff --git a/policy/modules/services/munin.fc b/policy/modules/services/munin.fc
|
||||
index fd71d69..2e9f2a3 100644
|
||||
index fd71d69..bf90863 100644
|
||||
--- a/policy/modules/services/munin.fc
|
||||
+++ b/policy/modules/services/munin.fc
|
||||
@@ -51,6 +51,7 @@
|
||||
/usr/share/munin/plugins/irqstats -- gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
|
||||
/usr/share/munin/plugins/load -- gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
|
||||
/usr/share/munin/plugins/memory -- gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
|
||||
+/usr/share/munin/plugins/munin_* -- gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
|
||||
+/usr/share/munin/plugins/munin_.* -- gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
|
||||
/usr/share/munin/plugins/netstat -- gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
|
||||
/usr/share/munin/plugins/nfs.* -- gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
|
||||
/usr/share/munin/plugins/open_files -- gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
|
||||
|
|
@ -39522,7 +39536,7 @@ index 09aeffa..dd70b14 100644
|
|||
|
||||
postgresql_tcp_connect($1)
|
||||
diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te
|
||||
index 8ed5067..f31634f 100644
|
||||
index 8ed5067..a5603cd 100644
|
||||
--- a/policy/modules/services/postgresql.te
|
||||
+++ b/policy/modules/services/postgresql.te
|
||||
@@ -19,16 +19,16 @@ gen_require(`
|
||||
|
|
@ -39533,7 +39547,7 @@ index 8ed5067..f31634f 100644
|
|||
-## Allow unprived users to execute DDL statement
|
||||
-## </p>
|
||||
+## <p>
|
||||
+## Allow unprived users to execute DDL statement
|
||||
+## Allow unprivileged users to execute DDL statement
|
||||
+## </p>
|
||||
## </desc>
|
||||
gen_tunable(sepgsql_enable_users_ddl, true)
|
||||
|
|
@ -40250,7 +40264,7 @@ index 2855a44..0456b11 100644
|
|||
type puppet_tmp_t;
|
||||
')
|
||||
diff --git a/policy/modules/services/puppet.te b/policy/modules/services/puppet.te
|
||||
index 64c5f95..69fa687 100644
|
||||
index 64c5f95..ebb9b4d 100644
|
||||
--- a/policy/modules/services/puppet.te
|
||||
+++ b/policy/modules/services/puppet.te
|
||||
@@ -6,12 +6,19 @@ policy_module(puppet, 1.0.0)
|
||||
|
|
@ -40268,7 +40282,7 @@ index 64c5f95..69fa687 100644
|
|||
## <p>
|
||||
-## Allow Puppet client to manage all file
|
||||
-## types.
|
||||
+## Allow Puppet master to use connect to mysql and postgresql database
|
||||
+## Allow Puppet master to use connect to MySQL and PostgreSQL database
|
||||
## </p>
|
||||
## </desc>
|
||||
-gen_tunable(puppet_manage_all_files, false)
|
||||
|
|
@ -50995,10 +51009,10 @@ index c26ecf5..b906c48 100644
|
|||
|
||||
diff --git a/policy/modules/services/zarafa.fc b/policy/modules/services/zarafa.fc
|
||||
new file mode 100644
|
||||
index 0000000..72059b2
|
||||
index 0000000..28cd477
|
||||
--- /dev/null
|
||||
+++ b/policy/modules/services/zarafa.fc
|
||||
@@ -0,0 +1,29 @@
|
||||
@@ -0,0 +1,33 @@
|
||||
+
|
||||
+/etc/zarafa(/.*)? gen_context(system_u:object_r:zarafa_etc_t,s0)
|
||||
+
|
||||
|
|
@ -51012,6 +51026,8 @@ index 0000000..72059b2
|
|||
+
|
||||
+/usr/bin/zarafa-ical -- gen_context(system_u:object_r:zarafa_ical_exec_t,s0)
|
||||
+
|
||||
+/usr/bin/zarafa-indexer -- gen_context(system_u:object_r:zarafa_indexer_exec_t,s0)
|
||||
+
|
||||
+/usr/bin/zarafa-monitor -- gen_context(system_u:object_r:zarafa_monitor_exec_t,s0)
|
||||
+
|
||||
+/var/lib/zarafa-.* gen_context(system_u:object_r:zarafa_var_lib_t,s0)
|
||||
|
|
@ -51020,6 +51036,7 @@ index 0000000..72059b2
|
|||
+/var/log/zarafa/spooler\.log -- gen_context(system_u:object_r:zarafa_spooler_log_t,s0)
|
||||
+/var/log/zarafa/gateway\.log -- gen_context(system_u:object_r:zarafa_gateway_log_t,s0)
|
||||
+/var/log/zarafa/ical\.log -- gen_context(system_u:object_r:zarafa_ical_log_t,s0)
|
||||
+/var/log/zarafa/indexer\.log -- gen_context(system_u:object_r:zarafa_indexer_log_t,s0)
|
||||
+/var/log/zarafa/monitor\.log -- gen_context(system_u:object_r:zarafa_monitor_log_t,s0)
|
||||
+
|
||||
+/var/run/zarafa -s gen_context(system_u:object_r:zarafa_server_var_run_t,s0)
|
||||
|
|
@ -51027,6 +51044,7 @@ index 0000000..72059b2
|
|||
+/var/run/zarafa-server\.pid -- gen_context(system_u:object_r:zarafa_server_var_run_t,s0)
|
||||
+/var/run/zarafa-spooler\.pid -- gen_context(system_u:object_r:zarafa_spooler_var_run_t,s0)
|
||||
+/var/run/zarafa-ical\.pid -- gen_context(system_u:object_r:zarafa_ical_var_run_t,s0)
|
||||
+/var/run/zarafa-indexer -- gen_context(system_u:object_r:zarafa_indexer_var_run_t,s0)
|
||||
+/var/run/zarafa-monitor\.pid -- gen_context(system_u:object_r:zarafa_monitor_var_run_t,s0)
|
||||
diff --git a/policy/modules/services/zarafa.if b/policy/modules/services/zarafa.if
|
||||
new file mode 100644
|
||||
|
|
@ -51158,10 +51176,10 @@ index 0000000..8a909f5
|
|||
+')
|
||||
diff --git a/policy/modules/services/zarafa.te b/policy/modules/services/zarafa.te
|
||||
new file mode 100644
|
||||
index 0000000..fec9997
|
||||
index 0000000..850b8b5
|
||||
--- /dev/null
|
||||
+++ b/policy/modules/services/zarafa.te
|
||||
@@ -0,0 +1,141 @@
|
||||
@@ -0,0 +1,146 @@
|
||||
+policy_module(zarafa, 1.0.0)
|
||||
+
|
||||
+########################################
|
||||
|
|
@ -51172,6 +51190,7 @@ index 0000000..fec9997
|
|||
+attribute zarafa_domain;
|
||||
+
|
||||
+zarafa_domain_template(monitor)
|
||||
+zarafa_domain_template(indexer)
|
||||
+zarafa_domain_template(ical)
|
||||
+zarafa_domain_template(server)
|
||||
+zarafa_domain_template(spooler)
|
||||
|
|
@ -51193,6 +51212,8 @@ index 0000000..fec9997
|
|||
+type zarafa_share_t;
|
||||
+files_type(zarafa_share_t)
|
||||
+
|
||||
+permissive zarafa_indexer_t;
|
||||
+
|
||||
+########################################
|
||||
+#
|
||||
+# zarafa-deliver local policy
|
||||
|
|
@ -51221,6 +51242,8 @@ index 0000000..fec9997
|
|||
+manage_files_pattern(zarafa_server_t, zarafa_var_lib_t, zarafa_var_lib_t)
|
||||
+files_var_lib_filetrans(zarafa_server_t, zarafa_var_lib_t, { file dir })
|
||||
+
|
||||
+stream_connect_pattern(zarafa_server_t, zarafa_indexer_var_run_t, zarafa_indexer_var_run_t, zarafa_indexer_t)
|
||||
+
|
||||
+corenet_tcp_bind_zarafa_port(zarafa_server_t)
|
||||
+
|
||||
+files_read_usr_files(zarafa_server_t)
|
||||
|
|
@ -52473,10 +52496,10 @@ index 882c6a2..d0ff4ec 100644
|
|||
')
|
||||
|
||||
diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
|
||||
index 354ce93..f97fbb7 100644
|
||||
index 354ce93..b8b14b9 100644
|
||||
--- a/policy/modules/system/init.fc
|
||||
+++ b/policy/modules/system/init.fc
|
||||
@@ -33,6 +33,19 @@ ifdef(`distro_gentoo', `
|
||||
@@ -33,9 +33,24 @@ ifdef(`distro_gentoo', `
|
||||
#
|
||||
# /sbin
|
||||
#
|
||||
|
|
@ -52496,7 +52519,12 @@ index 354ce93..f97fbb7 100644
|
|||
/sbin/init(ng)? -- gen_context(system_u:object_r:init_exec_t,s0)
|
||||
# because nowadays, /sbin/init is often a symlink to /sbin/upstart
|
||||
/sbin/upstart -- gen_context(system_u:object_r:init_exec_t,s0)
|
||||
@@ -55,6 +68,9 @@ ifdef(`distro_gentoo', `
|
||||
+# for Fedora
|
||||
+/lib/upstart/init -- gen_context(system_u:object_r:init_exec_t,s0)
|
||||
|
||||
ifdef(`distro_gentoo', `
|
||||
/sbin/rc -- gen_context(system_u:object_r:initrc_exec_t,s0)
|
||||
@@ -55,6 +70,9 @@ ifdef(`distro_gentoo', `
|
||||
|
||||
/usr/sbin/apachectl -- gen_context(system_u:object_r:initrc_exec_t,s0)
|
||||
/usr/sbin/open_init_pty -- gen_context(system_u:object_r:initrc_exec_t,s0)
|
||||
|
|
@ -52506,7 +52534,7 @@ index 354ce93..f97fbb7 100644
|
|||
|
||||
#
|
||||
# /var
|
||||
@@ -76,3 +92,4 @@ ifdef(`distro_suse', `
|
||||
@@ -76,3 +94,4 @@ ifdef(`distro_suse', `
|
||||
/var/run/setleds-on -- gen_context(system_u:object_r:initrc_var_run_t,s0)
|
||||
/var/run/sysconfig(/.*)? gen_context(system_u:object_r:initrc_var_run_t,s0)
|
||||
')
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@
|
|||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.9.16
|
||||
Release: 19%{?dist}
|
||||
Release: 20%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
|
|
@ -472,6 +472,14 @@ exit 0
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu May 5 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-20
|
||||
- Fix label for /usr/share/munin/plugins/munin_* plugins
|
||||
- Add support for zarafa-indexer
|
||||
- Fix boolean description
|
||||
- Allow colord to getattr on /proc/scsi/scsi
|
||||
- Add label for /lib/upstart/init
|
||||
- Colord needs to list /mnt
|
||||
|
||||
* Tue May 3 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-19
|
||||
- Forard port changes from F15 for telepathy
|
||||
- NetworkManager should be allowed to use /dev/rfkill
|
||||
|
|
|
|||
Loading…
Reference in New Issue