Make nvidia* to be labeled correctly

Fix abrt_manage_cache() interface Make filetrans rules optional so base policy will build Dontaudit chkpwd_t access to inherited TTYS Make sure postfix content gets created with the correct label Allow gnomeclock to read cgroup Fixes for cloudform policy
2011-11-02 16:23:55 -04:00 · 2011-11-02 16:23:55 -04:00 · d5bededc4d
commit d5bededc4d
parent a7f0027cf7
3 changed files with 458 additions and 482 deletions
--- a/execmem.patch
+++ b/execmem.patch
@ -1,7 +1,7 @@
 diff -up serefpolicy-3.10.0/policy/modules/admin/rpm.te.execmem serefpolicy-3.10.0/policy/modules/admin/rpm.te
--- serefpolicy-3.10.0/policy/modules/admin/rpm.te.execmem	2011-10-20 11:53:35.312262063 -0400
-+++ serefpolicy-3.10.0/policy/modules/admin/rpm.te	2011-10-20 11:53:35.825261313 -0400
-@@ -416,14 +416,6 @@ optional_policy(`
+--- serefpolicy-3.10.0/policy/modules/admin/rpm.te.execmem	2011-11-02 16:19:54.192885000 -0400
+++ serefpolicy-3.10.0/policy/modules/admin/rpm.te	2011-11-02 16:19:58.603545000 -0400
+@@ -419,14 +419,6 @@ optional_policy(`
 	unconfined_domain_noaudit(rpm_script_t)
 	unconfined_domtrans(rpm_script_t)
 	unconfined_execmem_domtrans(rpm_script_t)
@ -17,8 +17,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/rpm.te.execmem serefpolicy-3.10
 
 optional_policy(`
 diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.fc.execmem serefpolicy-3.10.0/policy/modules/apps/execmem.fc
--- serefpolicy-3.10.0/policy/modules/apps/execmem.fc.execmem	2011-10-20 11:53:35.331262035 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/execmem.fc	2011-10-20 11:53:54.447234072 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/execmem.fc.execmem	2011-11-02 16:19:54.370885000 -0400
+++ serefpolicy-3.10.0/policy/modules/apps/execmem.fc	2011-11-02 16:19:58.609541000 -0400
@@ -47,3 +47,56 @@ ifdef(`distro_gentoo',`
 /opt/Komodo-Edit-5/lib/mozilla/komodo-bin -- gen_context(system_u:object_r:execmem_exec_t,s0)
 /opt/Adobe/Reader9/Reader/intellinux/bin/acroread -- gen_context(system_u:object_r:execmem_exec_t,s0)
@ -77,16 +77,16 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.fc.execmem serefpolicy-3
 +/usr/bin/gnatmake	--	gen_context(system_u:object_r:execmem_exec_t,s0)
 +/usr/libexec/gcc(/.*)?/gnat1 -- gen_context(system_u:object_r:execmem_exec_t,s0)
 diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.if.execmem serefpolicy-3.10.0/policy/modules/apps/execmem.if
--- serefpolicy-3.10.0/policy/modules/apps/execmem.if.execmem	2011-10-20 11:53:35.332262034 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/execmem.if	2011-10-20 11:53:35.826261312 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/execmem.if.execmem	2011-11-02 16:19:54.372890000 -0400
+++ serefpolicy-3.10.0/policy/modules/apps/execmem.if	2011-11-02 16:19:58.615541000 -0400
@@ -129,4 +129,3 @@ interface(`execmem_execmod',`
 
 	allow $1 execmem_exec_t:file execmod;
 ')
 -
 diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.te.execmem serefpolicy-3.10.0/policy/modules/apps/execmem.te
--- serefpolicy-3.10.0/policy/modules/apps/execmem.te.execmem	2011-10-20 11:53:35.332262034 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/execmem.te	2011-10-20 11:53:35.827261310 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/execmem.te.execmem	2011-11-02 16:19:54.374890000 -0400
+++ serefpolicy-3.10.0/policy/modules/apps/execmem.te	2011-11-02 16:19:58.620541000 -0400
@@ -4,7 +4,25 @@ policy_module(execmem, 1.0.0)
 #
 # Declarations
@ -115,8 +115,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.te.execmem serefpolicy-3
 +	nsplugin_rw_semaphores(execmem_type)
 +')
 diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.te.execmem serefpolicy-3.10.0/policy/modules/apps/mozilla.te
--- serefpolicy-3.10.0/policy/modules/apps/mozilla.te.execmem	2011-10-20 11:53:35.350262007 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/mozilla.te	2011-10-20 11:53:35.827261310 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/mozilla.te.execmem	2011-11-02 16:19:54.533885000 -0400
+++ serefpolicy-3.10.0/policy/modules/apps/mozilla.te	2011-11-02 16:19:58.629541000 -0400
@@ -273,10 +273,6 @@ optional_policy(`
 ')
 
@ -139,7 +139,7 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.te.execmem serefpolicy-3
 optional_policy(`
 diff -up serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.execmem serefpolicy-3.10.0/policy/modules/apps/podsleuth.te
 --- serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.execmem	2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/podsleuth.te	2011-10-20 11:53:35.828261308 -0400
+++ serefpolicy-3.10.0/policy/modules/apps/podsleuth.te	2011-11-02 16:19:58.635560000 -0400
@@ -85,5 +85,5 @@ optional_policy(`
 ')
 
@ -148,9 +148,9 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.execmem serefpolicy
 +	execmem_exec(podsleuth_t)
 ')
 diff -up serefpolicy-3.10.0/policy/modules/roles/staff.te.execmem serefpolicy-3.10.0/policy/modules/roles/staff.te
--- serefpolicy-3.10.0/policy/modules/roles/staff.te.execmem	2011-10-20 11:53:35.411261918 -0400
-+++ serefpolicy-3.10.0/policy/modules/roles/staff.te	2011-10-20 11:53:35.829261306 -0400
-@@ -268,10 +268,6 @@ ifndef(`distro_redhat',`
+--- serefpolicy-3.10.0/policy/modules/roles/staff.te.execmem	2011-11-02 16:19:55.151799000 -0400
+++ serefpolicy-3.10.0/policy/modules/roles/staff.te	2011-11-02 16:19:58.642541000 -0400
+@@ -262,10 +262,6 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
@ -162,9 +162,9 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/staff.te.execmem serefpolicy-3.
 	')
 
 diff -up serefpolicy-3.10.0/policy/modules/roles/sysadm.te.execmem serefpolicy-3.10.0/policy/modules/roles/sysadm.te
--- serefpolicy-3.10.0/policy/modules/roles/sysadm.te.execmem	2011-10-20 11:53:35.412261917 -0400
-+++ serefpolicy-3.10.0/policy/modules/roles/sysadm.te	2011-10-20 11:53:35.829261306 -0400
-@@ -520,10 +520,6 @@ ifndef(`distro_redhat',`
+--- serefpolicy-3.10.0/policy/modules/roles/sysadm.te.execmem	2011-11-02 16:19:55.158799000 -0400
+++ serefpolicy-3.10.0/policy/modules/roles/sysadm.te	2011-11-02 16:19:58.650541000 -0400
+@@ -530,10 +530,6 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
@ -176,9 +176,9 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/sysadm.te.execmem serefpolicy-3
 	')
 
 diff -up serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.execmem serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te
--- serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.execmem	2011-10-20 11:53:35.820261320 -0400
-+++ serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te	2011-10-20 11:53:35.830261305 -0400
-@@ -342,10 +342,6 @@ optional_policy(`
+--- serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.execmem	2011-11-02 16:19:58.593541000 -0400
+++ serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te	2011-11-02 16:20:17.606179000 -0400
+@@ -302,10 +302,6 @@ optional_policy(`
 ')
 
 optional_policy(`
@ -186,10 +186,10 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.execmem seref
 -')
 -
 -optional_policy(`
- 	kerberos_filetrans_named_content(unconfined_t)
+ 	livecd_run(unconfined_t, unconfined_r)
 ')
 
-@@ -366,13 +362,6 @@ optional_policy(`
+@@ -322,13 +318,6 @@ optional_policy(`
 ')
 
 optional_policy(`
@ -204,8 +204,8 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.execmem seref
 
 	tunable_policy(`unconfined_mozilla_plugin_transition', `
 diff -up serefpolicy-3.10.0/policy/modules/roles/unprivuser.te.execmem serefpolicy-3.10.0/policy/modules/roles/unprivuser.te
--- serefpolicy-3.10.0/policy/modules/roles/unprivuser.te.execmem	2011-10-20 11:53:35.414261914 -0400
-+++ serefpolicy-3.10.0/policy/modules/roles/unprivuser.te	2011-10-20 11:53:35.831261304 -0400
+--- serefpolicy-3.10.0/policy/modules/roles/unprivuser.te.execmem	2011-11-02 16:19:55.173799000 -0400
+++ serefpolicy-3.10.0/policy/modules/roles/unprivuser.te	2011-11-02 16:19:58.666544000 -0400
@@ -148,10 +148,6 @@ ifndef(`distro_redhat',`
 	')
 
@ -218,8 +218,8 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/unprivuser.te.execmem serefpoli
 	')
 
 diff -up serefpolicy-3.10.0/policy/modules/roles/xguest.te.execmem serefpolicy-3.10.0/policy/modules/roles/xguest.te
--- serefpolicy-3.10.0/policy/modules/roles/xguest.te.execmem	2011-10-20 11:53:35.415261912 -0400
-+++ serefpolicy-3.10.0/policy/modules/roles/xguest.te	2011-10-20 11:53:35.831261304 -0400
+--- serefpolicy-3.10.0/policy/modules/roles/xguest.te.execmem	2011-11-02 16:19:55.184799000 -0400
+++ serefpolicy-3.10.0/policy/modules/roles/xguest.te	2011-11-02 16:19:58.674541000 -0400
@@ -107,14 +107,6 @@ optional_policy(`
 ')
 
@ -236,8 +236,8 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/xguest.te.execmem serefpolicy-3
 ')
 
 diff -up serefpolicy-3.10.0/policy/modules/services/boinc.te.execmem serefpolicy-3.10.0/policy/modules/services/boinc.te
--- serefpolicy-3.10.0/policy/modules/services/boinc.te.execmem	2011-10-20 11:53:35.445261869 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/boinc.te	2011-10-20 11:53:35.832261303 -0400
+--- serefpolicy-3.10.0/policy/modules/services/boinc.te.execmem	2011-11-02 16:19:55.443799000 -0400
+++ serefpolicy-3.10.0/policy/modules/services/boinc.te	2011-11-02 16:19:58.679549000 -0400
@@ -170,5 +170,5 @@ miscfiles_read_fonts(boinc_project_t)
 miscfiles_read_localization(boinc_project_t)
 
@ -246,8 +246,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/boinc.te.execmem serefpolicy
 +	execmem_exec(boinc_project_t)
 ')
 diff -up serefpolicy-3.10.0/policy/modules/services/cron.te.execmem serefpolicy-3.10.0/policy/modules/services/cron.te
--- serefpolicy-3.10.0/policy/modules/services/cron.te.execmem	2011-10-20 11:53:35.479261819 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/cron.te	2011-10-20 11:53:35.833261301 -0400
+--- serefpolicy-3.10.0/policy/modules/services/cron.te.execmem	2011-11-02 16:19:55.743799000 -0400
+++ serefpolicy-3.10.0/policy/modules/services/cron.te	2011-11-02 16:19:58.690541000 -0400
@@ -299,10 +299,6 @@ optional_policy(`
 ')
 
@ -283,8 +283,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cron.te.execmem serefpolicy-
 	nis_use_ypbind(cronjob_t)
 ')
 diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.if.execmem serefpolicy-3.10.0/policy/modules/services/hadoop.if
--- serefpolicy-3.10.0/policy/modules/services/hadoop.if.execmem	2011-10-20 11:53:35.529261745 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/hadoop.if	2011-10-20 11:53:35.834261299 -0400
+--- serefpolicy-3.10.0/policy/modules/services/hadoop.if.execmem	2011-11-02 16:19:56.185713000 -0400
+++ serefpolicy-3.10.0/policy/modules/services/hadoop.if	2011-11-02 16:19:58.698541000 -0400
@@ -127,7 +127,7 @@ template(`hadoop_domain_template',`
 
 	hadoop_exec_config(hadoop_$1_t)
@ -295,8 +295,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.if.execmem serefpolic
 	kerberos_use(hadoop_$1_t)
 
 diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.te.execmem serefpolicy-3.10.0/policy/modules/services/hadoop.te
--- serefpolicy-3.10.0/policy/modules/services/hadoop.te.execmem	2011-10-20 11:53:35.530261744 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/hadoop.te	2011-10-20 11:53:35.835261297 -0400
+--- serefpolicy-3.10.0/policy/modules/services/hadoop.te.execmem	2011-11-02 16:19:56.193713000 -0400
+++ serefpolicy-3.10.0/policy/modules/services/hadoop.te	2011-11-02 16:19:58.707541000 -0400
@@ -167,7 +167,7 @@ miscfiles_read_localization(hadoop_t)
 
 userdom_use_inherited_user_terminals(hadoop_t)
@ -322,9 +322,9 @@ diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.te.execmem serefpolic
 -java_exec(zookeeper_server_t)
 +execmem_exec(zookeeper_server_t)
 diff -up serefpolicy-3.10.0/policy/modules/services/xserver.te.execmem serefpolicy-3.10.0/policy/modules/services/xserver.te
--- serefpolicy-3.10.0/policy/modules/services/xserver.te.execmem	2011-10-20 11:53:35.719261468 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/xserver.te	2011-10-20 11:53:35.837261295 -0400
-@@ -1247,10 +1247,6 @@ optional_policy(`
+--- serefpolicy-3.10.0/policy/modules/services/xserver.te.execmem	2011-11-02 16:19:57.848627000 -0400
+++ serefpolicy-3.10.0/policy/modules/services/xserver.te	2011-11-02 16:19:58.744541000 -0400
+@@ -1250,10 +1250,6 @@ optional_policy(`
 ')
 
 optional_policy(`
@ -336,9 +336,9 @@ diff -up serefpolicy-3.10.0/policy/modules/services/xserver.te.execmem serefpoli
 	rhgb_rw_tmpfs_files(xserver_t)
 ')
 diff -up serefpolicy-3.10.0/policy/modules/system/init.te.execmem serefpolicy-3.10.0/policy/modules/system/init.te
--- serefpolicy-3.10.0/policy/modules/system/init.te.execmem	2011-10-20 11:53:35.738261440 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/init.te	2011-10-20 11:53:35.838261294 -0400
-@@ -1192,10 +1192,6 @@ optional_policy(`
+--- serefpolicy-3.10.0/policy/modules/system/init.te.execmem	2011-11-02 16:19:58.044541000 -0400
+++ serefpolicy-3.10.0/policy/modules/system/init.te	2011-11-02 16:19:58.757543000 -0400
+@@ -1191,10 +1191,6 @@ optional_policy(`
 		unconfined_dontaudit_rw_pipes(daemon)
 	')
 
@ -350,8 +350,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/init.te.execmem serefpolicy-3.
 	rpm_transition_script(initrc_t)
 	
 diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.execmem serefpolicy-3.10.0/policy/modules/system/userdomain.if
--- serefpolicy-3.10.0/policy/modules/system/userdomain.if.execmem	2011-10-20 11:53:35.775261386 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/userdomain.if	2011-10-20 11:53:35.840261291 -0400
+--- serefpolicy-3.10.0/policy/modules/system/userdomain.if.execmem	2011-11-02 16:19:58.435541000 -0400
+++ serefpolicy-3.10.0/policy/modules/system/userdomain.if	2011-11-02 16:19:58.796541000 -0400
@@ -1281,14 +1281,6 @@ template(`userdom_unpriv_user_template',
 	')
 
--- a/ptrace.patch
+++ b/ptrace.patch
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -244,7 +244,7 @@ Based off of reference policy: Checked out revision  2.20091117
 %prep 
 %setup -n serefpolicy-%{version} -q
 %patch -p1
-%patch1 -p1
+%patch1 -p1 -b .unconfined
 %patch2 -p1 -b .passwd
 %patch3 -p1
 %patch4 -p1 -b .execmem