rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Make nvidia* to be labeled correctly

Browse Source 
Fix abrt_manage_cache() interface
Make filetrans rules optional so base policy will build
Dontaudit chkpwd_t access to inherited TTYS
Make sure postfix content gets created with the correct label
Allow gnomeclock to read cgroup
Fixes for cloudform policy
This commit is contained in:
dwalsh 2011-11-02 16:23:55 -04:00
parent a7f0027cf7
commit d5bededc4d
3 changed files with 458 additions and 482 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
execmem.patch
View File

@ -1,7 +1,7 @@
diff -up serefpolicy-3.10.0/policy/modules/admin/rpm.te.execmem serefpolicy-3.10.0/policy/modules/admin/rpm.te diff -up serefpolicy-3.10.0/policy/modules/admin/rpm.te.execmem serefpolicy-3.10.0/policy/modules/admin/rpm.te
--- serefpolicy-3.10.0/policy/modules/admin/rpm.te.execmem 2011-10-20 11:53:35.312262063 -0400 --- serefpolicy-3.10.0/policy/modules/admin/rpm.te.execmem 2011-11-02 16:19:54.192885000 -0400
+++ serefpolicy-3.10.0/policy/modules/admin/rpm.te 2011-10-20 11:53:35.825261313 -0400 +++ serefpolicy-3.10.0/policy/modules/admin/rpm.te 2011-11-02 16:19:58.603545000 -0400
@@ -416,14 +416,6 @@ optional_policy(` @@ -419,14 +419,6 @@ optional_policy(`
unconfined_domain_noaudit(rpm_script_t) unconfined_domain_noaudit(rpm_script_t)
unconfined_domtrans(rpm_script_t) unconfined_domtrans(rpm_script_t)
unconfined_execmem_domtrans(rpm_script_t) unconfined_execmem_domtrans(rpm_script_t)
@ -17,8 +17,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/rpm.te.execmem serefpolicy-3.10
optional_policy(` optional_policy(`
diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.fc.execmem serefpolicy-3.10.0/policy/modules/apps/execmem.fc diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.fc.execmem serefpolicy-3.10.0/policy/modules/apps/execmem.fc
--- serefpolicy-3.10.0/policy/modules/apps/execmem.fc.execmem 2011-10-20 11:53:35.331262035 -0400 --- serefpolicy-3.10.0/policy/modules/apps/execmem.fc.execmem 2011-11-02 16:19:54.370885000 -0400
+++ serefpolicy-3.10.0/policy/modules/apps/execmem.fc 2011-10-20 11:53:54.447234072 -0400 +++ serefpolicy-3.10.0/policy/modules/apps/execmem.fc 2011-11-02 16:19:58.609541000 -0400
@@ -47,3 +47,56 @@ ifdef(`distro_gentoo',` @@ -47,3 +47,56 @@ ifdef(`distro_gentoo',`
/opt/Komodo-Edit-5/lib/mozilla/komodo-bin -- gen_context(system_u:object_r:execmem_exec_t,s0) /opt/Komodo-Edit-5/lib/mozilla/komodo-bin -- gen_context(system_u:object_r:execmem_exec_t,s0)
/opt/Adobe/Reader9/Reader/intellinux/bin/acroread -- gen_context(system_u:object_r:execmem_exec_t,s0) /opt/Adobe/Reader9/Reader/intellinux/bin/acroread -- gen_context(system_u:object_r:execmem_exec_t,s0)
@ -77,16 +77,16 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.fc.execmem serefpolicy-3
+/usr/bin/gnatmake -- gen_context(system_u:object_r:execmem_exec_t,s0) +/usr/bin/gnatmake -- gen_context(system_u:object_r:execmem_exec_t,s0)
+/usr/libexec/gcc(/.*)?/gnat1 -- gen_context(system_u:object_r:execmem_exec_t,s0) +/usr/libexec/gcc(/.*)?/gnat1 -- gen_context(system_u:object_r:execmem_exec_t,s0)
diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.if.execmem serefpolicy-3.10.0/policy/modules/apps/execmem.if diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.if.execmem serefpolicy-3.10.0/policy/modules/apps/execmem.if
--- serefpolicy-3.10.0/policy/modules/apps/execmem.if.execmem 2011-10-20 11:53:35.332262034 -0400 --- serefpolicy-3.10.0/policy/modules/apps/execmem.if.execmem 2011-11-02 16:19:54.372890000 -0400
+++ serefpolicy-3.10.0/policy/modules/apps/execmem.if 2011-10-20 11:53:35.826261312 -0400 +++ serefpolicy-3.10.0/policy/modules/apps/execmem.if 2011-11-02 16:19:58.615541000 -0400
@@ -129,4 +129,3 @@ interface(`execmem_execmod',` @@ -129,4 +129,3 @@ interface(`execmem_execmod',`
allow $1 execmem_exec_t:file execmod; allow $1 execmem_exec_t:file execmod;
') ')
- -
diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.te.execmem serefpolicy-3.10.0/policy/modules/apps/execmem.te diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.te.execmem serefpolicy-3.10.0/policy/modules/apps/execmem.te
--- serefpolicy-3.10.0/policy/modules/apps/execmem.te.execmem 2011-10-20 11:53:35.332262034 -0400 --- serefpolicy-3.10.0/policy/modules/apps/execmem.te.execmem 2011-11-02 16:19:54.374890000 -0400
+++ serefpolicy-3.10.0/policy/modules/apps/execmem.te 2011-10-20 11:53:35.827261310 -0400 +++ serefpolicy-3.10.0/policy/modules/apps/execmem.te 2011-11-02 16:19:58.620541000 -0400
@@ -4,7 +4,25 @@ policy_module(execmem, 1.0.0) @@ -4,7 +4,25 @@ policy_module(execmem, 1.0.0)
# #
# Declarations # Declarations
@ -115,8 +115,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.te.execmem serefpolicy-3
+ nsplugin_rw_semaphores(execmem_type) + nsplugin_rw_semaphores(execmem_type)
+') +')
diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.te.execmem serefpolicy-3.10.0/policy/modules/apps/mozilla.te diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.te.execmem serefpolicy-3.10.0/policy/modules/apps/mozilla.te
--- serefpolicy-3.10.0/policy/modules/apps/mozilla.te.execmem 2011-10-20 11:53:35.350262007 -0400 --- serefpolicy-3.10.0/policy/modules/apps/mozilla.te.execmem 2011-11-02 16:19:54.533885000 -0400
+++ serefpolicy-3.10.0/policy/modules/apps/mozilla.te 2011-10-20 11:53:35.827261310 -0400 +++ serefpolicy-3.10.0/policy/modules/apps/mozilla.te 2011-11-02 16:19:58.629541000 -0400
@@ -273,10 +273,6 @@ optional_policy(` @@ -273,10 +273,6 @@ optional_policy(`
') ')
@ -139,7 +139,7 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.te.execmem serefpolicy-3
optional_policy(` optional_policy(`
diff -up serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.execmem serefpolicy-3.10.0/policy/modules/apps/podsleuth.te diff -up serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.execmem serefpolicy-3.10.0/policy/modules/apps/podsleuth.te
--- serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.execmem 2011-06-27 14:18:04.000000000 -0400 --- serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.execmem 2011-06-27 14:18:04.000000000 -0400
+++ serefpolicy-3.10.0/policy/modules/apps/podsleuth.te 2011-10-20 11:53:35.828261308 -0400 +++ serefpolicy-3.10.0/policy/modules/apps/podsleuth.te 2011-11-02 16:19:58.635560000 -0400
@@ -85,5 +85,5 @@ optional_policy(` @@ -85,5 +85,5 @@ optional_policy(`
') ')
@ -148,9 +148,9 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.execmem serefpolicy
+ execmem_exec(podsleuth_t) + execmem_exec(podsleuth_t)
') ')
diff -up serefpolicy-3.10.0/policy/modules/roles/staff.te.execmem serefpolicy-3.10.0/policy/modules/roles/staff.te diff -up serefpolicy-3.10.0/policy/modules/roles/staff.te.execmem serefpolicy-3.10.0/policy/modules/roles/staff.te
--- serefpolicy-3.10.0/policy/modules/roles/staff.te.execmem 2011-10-20 11:53:35.411261918 -0400 --- serefpolicy-3.10.0/policy/modules/roles/staff.te.execmem 2011-11-02 16:19:55.151799000 -0400
+++ serefpolicy-3.10.0/policy/modules/roles/staff.te 2011-10-20 11:53:35.829261306 -0400 +++ serefpolicy-3.10.0/policy/modules/roles/staff.te 2011-11-02 16:19:58.642541000 -0400
@@ -268,10 +268,6 @@ ifndef(`distro_redhat',` @@ -262,10 +262,6 @@ ifndef(`distro_redhat',`
') ')
optional_policy(` optional_policy(`
@ -162,9 +162,9 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/staff.te.execmem serefpolicy-3.
') ')
diff -up serefpolicy-3.10.0/policy/modules/roles/sysadm.te.execmem serefpolicy-3.10.0/policy/modules/roles/sysadm.te diff -up serefpolicy-3.10.0/policy/modules/roles/sysadm.te.execmem serefpolicy-3.10.0/policy/modules/roles/sysadm.te
--- serefpolicy-3.10.0/policy/modules/roles/sysadm.te.execmem 2011-10-20 11:53:35.412261917 -0400 --- serefpolicy-3.10.0/policy/modules/roles/sysadm.te.execmem 2011-11-02 16:19:55.158799000 -0400
+++ serefpolicy-3.10.0/policy/modules/roles/sysadm.te 2011-10-20 11:53:35.829261306 -0400 +++ serefpolicy-3.10.0/policy/modules/roles/sysadm.te 2011-11-02 16:19:58.650541000 -0400
@@ -520,10 +520,6 @@ ifndef(`distro_redhat',` @@ -530,10 +530,6 @@ ifndef(`distro_redhat',`
') ')
optional_policy(` optional_policy(`
@ -176,9 +176,9 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/sysadm.te.execmem serefpolicy-3
') ')
diff -up serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.execmem serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te diff -up serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.execmem serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te
--- serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.execmem 2011-10-20 11:53:35.820261320 -0400 --- serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.execmem 2011-11-02 16:19:58.593541000 -0400
+++ serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te 2011-10-20 11:53:35.830261305 -0400 +++ serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te 2011-11-02 16:20:17.606179000 -0400
@@ -342,10 +342,6 @@ optional_policy(` @@ -302,10 +302,6 @@ optional_policy(`
') ')
optional_policy(` optional_policy(`
@ -186,10 +186,10 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.execmem seref
-') -')
- -
-optional_policy(` -optional_policy(`
kerberos_filetrans_named_content(unconfined_t) livecd_run(unconfined_t, unconfined_r)
') ')
@@ -366,13 +362,6 @@ optional_policy(` @@ -322,13 +318,6 @@ optional_policy(`
') ')
optional_policy(` optional_policy(`
@ -204,8 +204,8 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.execmem seref
tunable_policy(`unconfined_mozilla_plugin_transition', ` tunable_policy(`unconfined_mozilla_plugin_transition', `
diff -up serefpolicy-3.10.0/policy/modules/roles/unprivuser.te.execmem serefpolicy-3.10.0/policy/modules/roles/unprivuser.te diff -up serefpolicy-3.10.0/policy/modules/roles/unprivuser.te.execmem serefpolicy-3.10.0/policy/modules/roles/unprivuser.te
--- serefpolicy-3.10.0/policy/modules/roles/unprivuser.te.execmem 2011-10-20 11:53:35.414261914 -0400 --- serefpolicy-3.10.0/policy/modules/roles/unprivuser.te.execmem 2011-11-02 16:19:55.173799000 -0400
+++ serefpolicy-3.10.0/policy/modules/roles/unprivuser.te 2011-10-20 11:53:35.831261304 -0400 +++ serefpolicy-3.10.0/policy/modules/roles/unprivuser.te 2011-11-02 16:19:58.666544000 -0400
@@ -148,10 +148,6 @@ ifndef(`distro_redhat',` @@ -148,10 +148,6 @@ ifndef(`distro_redhat',`
') ')
@ -218,8 +218,8 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/unprivuser.te.execmem serefpoli
') ')
diff -up serefpolicy-3.10.0/policy/modules/roles/xguest.te.execmem serefpolicy-3.10.0/policy/modules/roles/xguest.te diff -up serefpolicy-3.10.0/policy/modules/roles/xguest.te.execmem serefpolicy-3.10.0/policy/modules/roles/xguest.te
--- serefpolicy-3.10.0/policy/modules/roles/xguest.te.execmem 2011-10-20 11:53:35.415261912 -0400 --- serefpolicy-3.10.0/policy/modules/roles/xguest.te.execmem 2011-11-02 16:19:55.184799000 -0400
+++ serefpolicy-3.10.0/policy/modules/roles/xguest.te 2011-10-20 11:53:35.831261304 -0400 +++ serefpolicy-3.10.0/policy/modules/roles/xguest.te 2011-11-02 16:19:58.674541000 -0400
@@ -107,14 +107,6 @@ optional_policy(` @@ -107,14 +107,6 @@ optional_policy(`
') ')
@ -236,8 +236,8 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/xguest.te.execmem serefpolicy-3
') ')
diff -up serefpolicy-3.10.0/policy/modules/services/boinc.te.execmem serefpolicy-3.10.0/policy/modules/services/boinc.te diff -up serefpolicy-3.10.0/policy/modules/services/boinc.te.execmem serefpolicy-3.10.0/policy/modules/services/boinc.te
--- serefpolicy-3.10.0/policy/modules/services/boinc.te.execmem 2011-10-20 11:53:35.445261869 -0400 --- serefpolicy-3.10.0/policy/modules/services/boinc.te.execmem 2011-11-02 16:19:55.443799000 -0400
+++ serefpolicy-3.10.0/policy/modules/services/boinc.te 2011-10-20 11:53:35.832261303 -0400 +++ serefpolicy-3.10.0/policy/modules/services/boinc.te 2011-11-02 16:19:58.679549000 -0400
@@ -170,5 +170,5 @@ miscfiles_read_fonts(boinc_project_t) @@ -170,5 +170,5 @@ miscfiles_read_fonts(boinc_project_t)
miscfiles_read_localization(boinc_project_t) miscfiles_read_localization(boinc_project_t)
@ -246,8 +246,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/boinc.te.execmem serefpolicy
+ execmem_exec(boinc_project_t) + execmem_exec(boinc_project_t)
') ')
diff -up serefpolicy-3.10.0/policy/modules/services/cron.te.execmem serefpolicy-3.10.0/policy/modules/services/cron.te diff -up serefpolicy-3.10.0/policy/modules/services/cron.te.execmem serefpolicy-3.10.0/policy/modules/services/cron.te
--- serefpolicy-3.10.0/policy/modules/services/cron.te.execmem 2011-10-20 11:53:35.479261819 -0400 --- serefpolicy-3.10.0/policy/modules/services/cron.te.execmem 2011-11-02 16:19:55.743799000 -0400
+++ serefpolicy-3.10.0/policy/modules/services/cron.te 2011-10-20 11:53:35.833261301 -0400 +++ serefpolicy-3.10.0/policy/modules/services/cron.te 2011-11-02 16:19:58.690541000 -0400
@@ -299,10 +299,6 @@ optional_policy(` @@ -299,10 +299,6 @@ optional_policy(`
') ')
@ -283,8 +283,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cron.te.execmem serefpolicy-
nis_use_ypbind(cronjob_t) nis_use_ypbind(cronjob_t)
') ')
diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.if.execmem serefpolicy-3.10.0/policy/modules/services/hadoop.if diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.if.execmem serefpolicy-3.10.0/policy/modules/services/hadoop.if
--- serefpolicy-3.10.0/policy/modules/services/hadoop.if.execmem 2011-10-20 11:53:35.529261745 -0400 --- serefpolicy-3.10.0/policy/modules/services/hadoop.if.execmem 2011-11-02 16:19:56.185713000 -0400
+++ serefpolicy-3.10.0/policy/modules/services/hadoop.if 2011-10-20 11:53:35.834261299 -0400 +++ serefpolicy-3.10.0/policy/modules/services/hadoop.if 2011-11-02 16:19:58.698541000 -0400
@@ -127,7 +127,7 @@ template(`hadoop_domain_template',` @@ -127,7 +127,7 @@ template(`hadoop_domain_template',`
hadoop_exec_config(hadoop_$1_t) hadoop_exec_config(hadoop_$1_t)
@ -295,8 +295,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.if.execmem serefpolic
kerberos_use(hadoop_$1_t) kerberos_use(hadoop_$1_t)
diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.te.execmem serefpolicy-3.10.0/policy/modules/services/hadoop.te diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.te.execmem serefpolicy-3.10.0/policy/modules/services/hadoop.te
--- serefpolicy-3.10.0/policy/modules/services/hadoop.te.execmem 2011-10-20 11:53:35.530261744 -0400 --- serefpolicy-3.10.0/policy/modules/services/hadoop.te.execmem 2011-11-02 16:19:56.193713000 -0400
+++ serefpolicy-3.10.0/policy/modules/services/hadoop.te 2011-10-20 11:53:35.835261297 -0400 +++ serefpolicy-3.10.0/policy/modules/services/hadoop.te 2011-11-02 16:19:58.707541000 -0400
@@ -167,7 +167,7 @@ miscfiles_read_localization(hadoop_t) @@ -167,7 +167,7 @@ miscfiles_read_localization(hadoop_t)
userdom_use_inherited_user_terminals(hadoop_t) userdom_use_inherited_user_terminals(hadoop_t)
@ -322,9 +322,9 @@ diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.te.execmem serefpolic
-java_exec(zookeeper_server_t) -java_exec(zookeeper_server_t)
+execmem_exec(zookeeper_server_t) +execmem_exec(zookeeper_server_t)
diff -up serefpolicy-3.10.0/policy/modules/services/xserver.te.execmem serefpolicy-3.10.0/policy/modules/services/xserver.te diff -up serefpolicy-3.10.0/policy/modules/services/xserver.te.execmem serefpolicy-3.10.0/policy/modules/services/xserver.te
--- serefpolicy-3.10.0/policy/modules/services/xserver.te.execmem 2011-10-20 11:53:35.719261468 -0400 --- serefpolicy-3.10.0/policy/modules/services/xserver.te.execmem 2011-11-02 16:19:57.848627000 -0400
+++ serefpolicy-3.10.0/policy/modules/services/xserver.te 2011-10-20 11:53:35.837261295 -0400 +++ serefpolicy-3.10.0/policy/modules/services/xserver.te 2011-11-02 16:19:58.744541000 -0400
@@ -1247,10 +1247,6 @@ optional_policy(` @@ -1250,10 +1250,6 @@ optional_policy(`
') ')
optional_policy(` optional_policy(`
@ -336,9 +336,9 @@ diff -up serefpolicy-3.10.0/policy/modules/services/xserver.te.execmem serefpoli
rhgb_rw_tmpfs_files(xserver_t) rhgb_rw_tmpfs_files(xserver_t)
') ')
diff -up serefpolicy-3.10.0/policy/modules/system/init.te.execmem serefpolicy-3.10.0/policy/modules/system/init.te diff -up serefpolicy-3.10.0/policy/modules/system/init.te.execmem serefpolicy-3.10.0/policy/modules/system/init.te
--- serefpolicy-3.10.0/policy/modules/system/init.te.execmem 2011-10-20 11:53:35.738261440 -0400 --- serefpolicy-3.10.0/policy/modules/system/init.te.execmem 2011-11-02 16:19:58.044541000 -0400
+++ serefpolicy-3.10.0/policy/modules/system/init.te 2011-10-20 11:53:35.838261294 -0400 +++ serefpolicy-3.10.0/policy/modules/system/init.te 2011-11-02 16:19:58.757543000 -0400
@@ -1192,10 +1192,6 @@ optional_policy(` @@ -1191,10 +1191,6 @@ optional_policy(`
unconfined_dontaudit_rw_pipes(daemon) unconfined_dontaudit_rw_pipes(daemon)
') ')
@ -350,8 +350,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/init.te.execmem serefpolicy-3.
rpm_transition_script(initrc_t) rpm_transition_script(initrc_t)
diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.execmem serefpolicy-3.10.0/policy/modules/system/userdomain.if diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.execmem serefpolicy-3.10.0/policy/modules/system/userdomain.if
--- serefpolicy-3.10.0/policy/modules/system/userdomain.if.execmem 2011-10-20 11:53:35.775261386 -0400 --- serefpolicy-3.10.0/policy/modules/system/userdomain.if.execmem 2011-11-02 16:19:58.435541000 -0400
+++ serefpolicy-3.10.0/policy/modules/system/userdomain.if 2011-10-20 11:53:35.840261291 -0400 +++ serefpolicy-3.10.0/policy/modules/system/userdomain.if 2011-11-02 16:19:58.796541000 -0400
@@ -1281,14 +1281,6 @@ template(`userdom_unpriv_user_template', @@ -1281,14 +1281,6 @@ template(`userdom_unpriv_user_template',
') ')

852
ptrace.patch
View File

File diff suppressed because it is too large Load Diff

2
selinux-policy.spec
View File

@ -244,7 +244,7 @@ Based off of reference policy: Checked out revision 2.20091117
%prep %prep
%setup -n serefpolicy-%{version} -q %setup -n serefpolicy-%{version} -q
%patch -p1 %patch -p1
%patch1 -p1 %patch1 -p1 -b .unconfined
%patch2 -p1 -b .passwd %patch2 -p1 -b .passwd
%patch3 -p1 %patch3 -p1
%patch4 -p1 -b .execmem %patch4 -p1 -b .execmem