- Lots of fixes found in F12, fixes from Tom London
This commit is contained in:
parent
4478a9a993
commit
d1c6ab73f3
@ -20618,12 +20618,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
|
|||||||
|
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.7.5/policy/modules/services/prelude.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.7.5/policy/modules/services/prelude.te
|
||||||
--- nsaserefpolicy/policy/modules/services/prelude.te 2009-12-18 11:38:25.000000000 -0500
|
--- nsaserefpolicy/policy/modules/services/prelude.te 2009-12-18 11:38:25.000000000 -0500
|
||||||
+++ serefpolicy-3.7.5/policy/modules/services/prelude.te 2009-12-30 08:34:35.000000000 -0500
|
+++ serefpolicy-3.7.5/policy/modules/services/prelude.te 2009-12-31 08:17:44.000000000 -0500
|
||||||
@@ -90,6 +90,7 @@
|
@@ -90,6 +90,7 @@
|
||||||
corenet_tcp_bind_prelude_port(prelude_t)
|
corenet_tcp_bind_prelude_port(prelude_t)
|
||||||
corenet_tcp_connect_prelude_port(prelude_t)
|
corenet_tcp_connect_prelude_port(prelude_t)
|
||||||
corenet_tcp_connect_postgresql_port(prelude_t)
|
corenet_tcp_connect_postgresql_port(prelude_t)
|
||||||
+corenet_tcp_connect_mysql_port(prelude_t)
|
+corenet_tcp_connect_mysqld_port(prelude_t)
|
||||||
|
|
||||||
dev_read_rand(prelude_t)
|
dev_read_rand(prelude_t)
|
||||||
dev_read_urand(prelude_t)
|
dev_read_urand(prelude_t)
|
||||||
@ -29244,7 +29244,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/kdump.
|
|||||||
+permissive kdump_t;
|
+permissive kdump_t;
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.7.5/policy/modules/system/libraries.fc
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.7.5/policy/modules/system/libraries.fc
|
||||||
--- nsaserefpolicy/policy/modules/system/libraries.fc 2009-08-14 16:14:31.000000000 -0400
|
--- nsaserefpolicy/policy/modules/system/libraries.fc 2009-08-14 16:14:31.000000000 -0400
|
||||||
+++ serefpolicy-3.7.5/policy/modules/system/libraries.fc 2009-12-29 20:06:09.000000000 -0500
|
+++ serefpolicy-3.7.5/policy/modules/system/libraries.fc 2009-12-31 08:59:50.000000000 -0500
|
||||||
@@ -60,12 +60,15 @@
|
@@ -60,12 +60,15 @@
|
||||||
#
|
#
|
||||||
# /opt
|
# /opt
|
||||||
@ -29460,7 +29460,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
|
|||||||
') dnl end distro_redhat
|
') dnl end distro_redhat
|
||||||
|
|
||||||
#
|
#
|
||||||
@@ -307,10 +316,125 @@
|
@@ -307,10 +316,127 @@
|
||||||
|
|
||||||
/var/mailman/pythonlib(/.*)?/.+\.so(\..*)? -- gen_context(system_u:object_r:lib_t,s0)
|
/var/mailman/pythonlib(/.*)?/.+\.so(\..*)? -- gen_context(system_u:object_r:lib_t,s0)
|
||||||
|
|
||||||
@ -29586,6 +29586,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
|
|||||||
+/opt/AutoScan/usr/lib/libvte\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
+/opt/AutoScan/usr/lib/libvte\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
+
|
+
|
||||||
+/usr/bin/bsnes -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
+/usr/bin/bsnes -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
|
+
|
||||||
|
+/usr/lib/firefox/plugins/libractrl\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.if serefpolicy-3.7.5/policy/modules/system/libraries.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.if serefpolicy-3.7.5/policy/modules/system/libraries.if
|
||||||
--- nsaserefpolicy/policy/modules/system/libraries.if 2009-07-14 14:19:57.000000000 -0400
|
--- nsaserefpolicy/policy/modules/system/libraries.if 2009-07-14 14:19:57.000000000 -0400
|
||||||
+++ serefpolicy-3.7.5/policy/modules/system/libraries.if 2009-12-21 13:07:09.000000000 -0500
|
+++ serefpolicy-3.7.5/policy/modules/system/libraries.if 2009-12-21 13:07:09.000000000 -0500
|
||||||
@ -32559,7 +32561,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
+HOME_DIR/\.gvfs(/.*)? <<none>>
|
+HOME_DIR/\.gvfs(/.*)? <<none>>
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.7.5/policy/modules/system/userdomain.if
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.7.5/policy/modules/system/userdomain.if
|
||||||
--- nsaserefpolicy/policy/modules/system/userdomain.if 2009-08-31 13:30:04.000000000 -0400
|
--- nsaserefpolicy/policy/modules/system/userdomain.if 2009-08-31 13:30:04.000000000 -0400
|
||||||
+++ serefpolicy-3.7.5/policy/modules/system/userdomain.if 2009-12-21 13:07:09.000000000 -0500
|
+++ serefpolicy-3.7.5/policy/modules/system/userdomain.if 2009-12-31 08:43:59.000000000 -0500
|
||||||
@@ -30,8 +30,9 @@
|
@@ -30,8 +30,9 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -33916,7 +33918,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
read_files_pattern($1, { user_home_dir_t user_home_t }, user_home_t)
|
read_files_pattern($1, { user_home_dir_t user_home_t }, user_home_t)
|
||||||
files_search_home($1)
|
files_search_home($1)
|
||||||
')
|
')
|
||||||
@@ -1686,11 +1875,11 @@
|
@@ -1686,11 +1875,12 @@
|
||||||
#
|
#
|
||||||
interface(`userdom_dontaudit_read_user_home_content_files',`
|
interface(`userdom_dontaudit_read_user_home_content_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -33928,10 +33930,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
- dontaudit $1 user_home_t:file read_file_perms;
|
- dontaudit $1 user_home_t:file read_file_perms;
|
||||||
+ dontaudit $1 user_home_type:dir list_dir_perms;
|
+ dontaudit $1 user_home_type:dir list_dir_perms;
|
||||||
+ dontaudit $1 user_home_type:file read_file_perms;
|
+ dontaudit $1 user_home_type:file read_file_perms;
|
||||||
|
+ dontaudit $1 user_home_t:lnk_file read_lnk_file_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -1797,19 +1986,32 @@
|
@@ -1797,19 +1987,32 @@
|
||||||
#
|
#
|
||||||
interface(`userdom_exec_user_home_content_files',`
|
interface(`userdom_exec_user_home_content_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -33971,7 +33974,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -1844,6 +2046,7 @@
|
@@ -1844,6 +2047,7 @@
|
||||||
interface(`userdom_manage_user_home_content_files',`
|
interface(`userdom_manage_user_home_content_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type user_home_dir_t, user_home_t;
|
type user_home_dir_t, user_home_t;
|
||||||
@ -33979,7 +33982,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
manage_files_pattern($1, user_home_t, user_home_t)
|
manage_files_pattern($1, user_home_t, user_home_t)
|
||||||
@@ -2196,6 +2399,25 @@
|
@@ -2196,6 +2400,25 @@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -34005,7 +34008,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
## Do not audit attempts to manage users
|
## Do not audit attempts to manage users
|
||||||
## temporary files.
|
## temporary files.
|
||||||
## </summary>
|
## </summary>
|
||||||
@@ -2276,7 +2498,7 @@
|
@@ -2276,7 +2499,7 @@
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Create, read, write, and delete user
|
## Create, read, write, and delete user
|
||||||
@ -34014,7 +34017,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -2284,19 +2506,19 @@
|
@@ -2284,19 +2507,19 @@
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -34037,7 +34040,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -2304,19 +2526,19 @@
|
@@ -2304,19 +2527,19 @@
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -34060,7 +34063,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -2324,12 +2546,52 @@
|
@@ -2324,12 +2547,52 @@
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -34115,7 +34118,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
files_search_tmp($1)
|
files_search_tmp($1)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -2391,7 +2653,7 @@
|
@@ -2391,7 +2654,7 @@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
@ -34124,7 +34127,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -2399,19 +2661,21 @@
|
@@ -2399,19 +2662,21 @@
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -34150,7 +34153,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
@@ -2419,15 +2683,14 @@
|
@@ -2419,15 +2684,14 @@
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -34170,7 +34173,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2749,7 +3012,7 @@
|
@@ -2749,7 +3013,7 @@
|
||||||
|
|
||||||
domain_entry_file_spec_domtrans($1, unpriv_userdomain)
|
domain_entry_file_spec_domtrans($1, unpriv_userdomain)
|
||||||
allow unpriv_userdomain $1:fd use;
|
allow unpriv_userdomain $1:fd use;
|
||||||
@ -34179,7 +34182,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
allow unpriv_userdomain $1:process sigchld;
|
allow unpriv_userdomain $1:process sigchld;
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -2765,11 +3028,33 @@
|
@@ -2765,11 +3029,33 @@
|
||||||
#
|
#
|
||||||
interface(`userdom_search_user_home_content',`
|
interface(`userdom_search_user_home_content',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
@ -34215,7 +34218,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2897,7 +3182,43 @@
|
@@ -2897,7 +3183,43 @@
|
||||||
type user_tmp_t;
|
type user_tmp_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -34260,7 +34263,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2934,6 +3255,7 @@
|
@@ -2934,6 +3256,7 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
read_files_pattern($1, userdomain, userdomain)
|
read_files_pattern($1, userdomain, userdomain)
|
||||||
@ -34268,7 +34271,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
|
|||||||
kernel_search_proc($1)
|
kernel_search_proc($1)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -3064,3 +3386,656 @@
|
@@ -3064,3 +3387,656 @@
|
||||||
|
|
||||||
allow $1 userdomain:dbus send_msg;
|
allow $1 userdomain:dbus send_msg;
|
||||||
')
|
')
|
||||||
|
Loading…
Reference in New Issue
Block a user