- Allow nsplugin to run acroread
This commit is contained in:
parent
ad50da8a27
commit
d593d26c1d
|
@ -5433,8 +5433,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
|
||||||
+')
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.3.1/policy/modules/apps/nsplugin.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.3.1/policy/modules/apps/nsplugin.te
|
||||||
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.te 2008-03-14 10:51:39.000000000 -0400
|
+++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.te 2008-03-14 11:50:19.000000000 -0400
|
||||||
@@ -0,0 +1,170 @@
|
@@ -0,0 +1,176 @@
|
||||||
+
|
+
|
||||||
+policy_module(nsplugin,1.0.0)
|
+policy_module(nsplugin,1.0.0)
|
||||||
+
|
+
|
||||||
|
@ -5475,10 +5475,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
|
||||||
+# nsplugin local policy
|
+# nsplugin local policy
|
||||||
+#
|
+#
|
||||||
+allow nsplugin_t self:fifo_file rw_file_perms;
|
+allow nsplugin_t self:fifo_file rw_file_perms;
|
||||||
+allow nsplugin_t self:process { ptrace getsched signal_perms };
|
+allow nsplugin_t self:process { ptrace getsched setsched signal_perms };
|
||||||
|
+
|
||||||
+allow nsplugin_t self:sem create_sem_perms;
|
+allow nsplugin_t self:sem create_sem_perms;
|
||||||
+allow nsplugin_t self:shm create_shm_perms;
|
+allow nsplugin_t self:shm create_shm_perms;
|
||||||
+allow nsplugin_t self:msgq create_msgq_perms;
|
+allow nsplugin_t self:msgq create_msgq_perms;
|
||||||
|
+allow nsplugin_t self:unix_stream_socket { connectto create_stream_socket_perms };
|
||||||
+
|
+
|
||||||
+tunable_policy(`allow_nsplugin_execmem',`
|
+tunable_policy(`allow_nsplugin_execmem',`
|
||||||
+ allow nsplugin_t self:process { execstack execmem };
|
+ allow nsplugin_t self:process { execstack execmem };
|
||||||
|
@ -5529,10 +5531,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
|
||||||
+miscfiles_read_fonts(nsplugin_t)
|
+miscfiles_read_fonts(nsplugin_t)
|
||||||
+miscfiles_manage_home_fonts(nsplugin_t)
|
+miscfiles_manage_home_fonts(nsplugin_t)
|
||||||
+
|
+
|
||||||
+manage_dirs_pattern(nsplugin_t, nsplugin_tmp_t, nsplugin_tmp_t)
|
+#manage_dirs_pattern(nsplugin_t, nsplugin_tmp_t, nsplugin_tmp_t)
|
||||||
+manage_files_pattern(nsplugin_t, nsplugin_tmp_t, nsplugin_tmp_t)
|
+#manage_files_pattern(nsplugin_t, nsplugin_tmp_t, nsplugin_tmp_t)
|
||||||
+manage_sock_files_pattern(nsplugin_t, nsplugin_tmp_t, nsplugin_tmp_t)
|
+#manage_sock_files_pattern(nsplugin_t, nsplugin_tmp_t, nsplugin_tmp_t)
|
||||||
+files_tmp_filetrans(nsplugin_t, nsplugin_tmp_t, { file dir sock_file })
|
+#files_tmp_filetrans(nsplugin_t, nsplugin_tmp_t, { file dir sock_file })
|
||||||
|
+#userdom_user_tmp_filetrans(user, nsplugin_t, nsplugin_tmp_t, { file dir sock_file })
|
||||||
|
+
|
||||||
|
+userdom_manage_user_tmp_dirs(user,nsplugin_t)
|
||||||
|
+userdom_manage_user_tmp_files(user,nsplugin_t)
|
||||||
|
+userdom_manage_user_tmp_sockets(user,nsplugin_t)
|
||||||
|
+userdom_tmp_filetrans_user_tmp(user,nsplugin_t, { file dir sock_file })
|
||||||
|
+userdom_read_user_tmpfs_files(user,nsplugin_t)
|
||||||
+
|
+
|
||||||
+userdom_read_user_home_content_files(user, nsplugin_t)
|
+userdom_read_user_home_content_files(user, nsplugin_t)
|
||||||
+userdom_read_user_tmp_files(user, nsplugin_t)
|
+userdom_read_user_tmp_files(user, nsplugin_t)
|
||||||
|
@ -5571,7 +5580,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
|
||||||
+allow nsplugin_config_t self:fifo_file rw_file_perms;
|
+allow nsplugin_config_t self:fifo_file rw_file_perms;
|
||||||
+allow nsplugin_config_t self:unix_stream_socket create_stream_socket_perms;
|
+allow nsplugin_config_t self:unix_stream_socket create_stream_socket_perms;
|
||||||
+
|
+
|
||||||
+fs_list_inotifyfs(nsplugin_t)
|
+fs_list_inotifyfs(nsplugin_config_t)
|
||||||
+
|
+
|
||||||
+can_exec(nsplugin_config_t, nsplugin_rw_t)
|
+can_exec(nsplugin_config_t, nsplugin_rw_t)
|
||||||
+manage_dirs_pattern(nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
|
+manage_dirs_pattern(nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
|
||||||
|
@ -5602,9 +5611,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
|
||||||
+userdom_search_all_users_home_content(nsplugin_config_t)
|
+userdom_search_all_users_home_content(nsplugin_config_t)
|
||||||
+
|
+
|
||||||
+nsplugin_domtrans(nsplugin_config_t)
|
+nsplugin_domtrans(nsplugin_config_t)
|
||||||
+
|
|
||||||
+allow nsplugin_t user_home_t:dir { write read };
|
|
||||||
+allow nsplugin_t user_home_t:file write;
|
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.fc serefpolicy-3.3.1/policy/modules/apps/openoffice.fc
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.fc serefpolicy-3.3.1/policy/modules/apps/openoffice.fc
|
||||||
--- nsaserefpolicy/policy/modules/apps/openoffice.fc 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/apps/openoffice.fc 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.3.1/policy/modules/apps/openoffice.fc 2008-03-13 18:18:07.000000000 -0400
|
+++ serefpolicy-3.3.1/policy/modules/apps/openoffice.fc 2008-03-13 18:18:07.000000000 -0400
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.3.1
|
Version: 3.3.1
|
||||||
Release: 18%{?dist}
|
Release: 19%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
|
@ -388,6 +388,9 @@ exit 0
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Mar 14 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-19
|
||||||
|
- Allow nsplugin to run acroread
|
||||||
|
|
||||||
* Thu Mar 13 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-18
|
* Thu Mar 13 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-18
|
||||||
- Add cups_pdf policy
|
- Add cups_pdf policy
|
||||||
- Add openoffice policy to run in xguest
|
- Add openoffice policy to run in xguest
|
||||||
|
|
Loading…
Reference in New Issue