- Upgrade to upstream
This commit is contained in:
Daniel J Walsh
parent
b709ffd738
commit
d611f1191a
|
|
@ -150,3 +150,4 @@ serefpolicy-3.5.5.tgz
|
|||
serefpolicy-3.5.6.tgz
|
||||
serefpolicy-3.5.7.tgz
|
||||
serefpolicy-3.5.8.tgz
|
||||
serefpolicy-3.5.9.tgz
|
||||
|
|
|
|||
|
|
@ -431,7 +431,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-3.5.9/policy/modules/admin/amanda.te
|
||||
--- nsaserefpolicy/policy/modules/admin/amanda.te 2008-08-14 10:07:05.000000000 -0400
|
||||
+++ serefpolicy-3.5.9/policy/modules/admin/amanda.te 2008-09-25 08:33:18.000000000 -0400
|
||||
+++ serefpolicy-3.5.9/policy/modules/admin/amanda.te 2008-09-25 15:03:17.000000000 -0400
|
||||
@@ -129,6 +129,8 @@
|
||||
corenet_tcp_bind_all_nodes(amanda_t)
|
||||
corenet_udp_bind_all_nodes(amanda_t)
|
||||
|
|
@ -541,22 +541,31 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
-') dnl end TODO
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.5.9/policy/modules/admin/kismet.te
|
||||
--- nsaserefpolicy/policy/modules/admin/kismet.te 2008-08-07 11:15:13.000000000 -0400
|
||||
+++ serefpolicy-3.5.9/policy/modules/admin/kismet.te 2008-09-25 08:33:18.000000000 -0400
|
||||
@@ -26,7 +26,10 @@
|
||||
+++ serefpolicy-3.5.9/policy/modules/admin/kismet.te 2008-09-25 15:06:28.000000000 -0400
|
||||
@@ -26,7 +26,11 @@
|
||||
#
|
||||
|
||||
allow kismet_t self:capability { net_admin net_raw setuid setgid };
|
||||
+allow kismet_t self:fifo_file rw_file_perms;
|
||||
allow kismet_t self:packet_socket create_socket_perms;
|
||||
+allow kismet_t self:unix_dgram_socket create_socket_perms;
|
||||
+allow kismet_t self:unix_dgram_socket { create_socket_perms sendto };
|
||||
+allow kismet_t self:unix_stream_socket create_stream_socket_perms;
|
||||
+allow kismet_t self:tcp_socket create_stream_socket_perms;
|
||||
|
||||
manage_files_pattern(kismet_t, kismet_log_t, kismet_log_t)
|
||||
allow kismet_t kismet_log_t:dir setattr;
|
||||
@@ -42,6 +45,8 @@
|
||||
@@ -42,6 +46,16 @@
|
||||
|
||||
corecmd_exec_bin(kismet_t)
|
||||
|
||||
+corenet_all_recvfrom_unlabeled(kismet_t)
|
||||
+corenet_all_recvfrom_netlabel(kismet_t)
|
||||
+corenet_tcp_sendrecv_all_if(kismet_t)
|
||||
+corenet_tcp_sendrecv_all_nodes(kismet_t)
|
||||
+corenet_tcp_sendrecv_all_ports(kismet_t)
|
||||
+corenet_tcp_bind_all_nodes(kismet_t)
|
||||
+corenet_tcp_bind_all_kismet_port(kismet_t)
|
||||
+
|
||||
+kernel_search_debugfs(kismet_t)
|
||||
+
|
||||
auth_use_nsswitch(kismet_t)
|
||||
|
|
@ -6482,7 +6491,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
########################################
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.5.9/policy/modules/kernel/corenetwork.te.in
|
||||
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2008-09-24 09:07:27.000000000 -0400
|
||||
+++ serefpolicy-3.5.9/policy/modules/kernel/corenetwork.te.in 2008-09-25 08:33:18.000000000 -0400
|
||||
+++ serefpolicy-3.5.9/policy/modules/kernel/corenetwork.te.in 2008-09-25 15:05:47.000000000 -0400
|
||||
@@ -75,6 +75,7 @@
|
||||
network_port(aol, udp,5190,s0, tcp,5190,s0, udp,5191,s0, tcp,5191,s0, udp,5192,s0, tcp,5192,s0, udp,5193,s0, tcp,5193,s0)
|
||||
network_port(apcupsd, tcp,3551,s0, udp,3551,s0)
|
||||
|
|
@ -6499,10 +6508,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
network_port(ftp_data, tcp,20,s0)
|
||||
network_port(ftp, tcp,21,s0)
|
||||
network_port(gatekeeper, udp,1718,s0, udp,1719,s0, tcp,1721,s0, tcp,7000,s0)
|
||||
@@ -116,14 +118,17 @@
|
||||
@@ -116,14 +118,18 @@
|
||||
network_port(kerberos_admin, tcp,464,s0, udp,464,s0, tcp,749,s0)
|
||||
network_port(kerberos_master, tcp,4444,s0, udp,4444,s0)
|
||||
network_port(kerberos, tcp,88,s0, udp,88,s0, tcp,750,s0, udp,750,s0)
|
||||
+network_port(kismet, tcp,2501,s0)
|
||||
+network_port(kprop, tcp,754,s0)
|
||||
network_port(ktalkd, udp,517,s0, udp,518,s0)
|
||||
network_port(ldap, tcp,389,s0, udp,389,s0, tcp,636,s0, udp,636,s0, tcp,3268,s0)
|
||||
|
|
@ -6517,7 +6527,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
network_port(mysqld, tcp,1186,s0, tcp,3306,s0)
|
||||
portcon tcp 63132-63163 gen_context(system_u:object_r:mysqld_port_t, s0)
|
||||
network_port(nessus, tcp,1241,s0)
|
||||
@@ -135,11 +140,13 @@
|
||||
@@ -135,11 +141,13 @@
|
||||
network_port(pegasus_http, tcp,5988,s0)
|
||||
network_port(pegasus_https, tcp,5989,s0)
|
||||
network_port(postfix_policyd, tcp,10031,s0)
|
||||
|
|
@ -6531,7 +6541,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
network_port(printer, tcp,515,s0)
|
||||
network_port(ptal, tcp,5703,s0)
|
||||
network_port(pxe, udp,4011,s0)
|
||||
@@ -157,7 +164,7 @@
|
||||
@@ -157,7 +165,7 @@
|
||||
network_port(rwho, udp,513,s0)
|
||||
network_port(smbd, tcp,137-139,s0, tcp,445,s0)
|
||||
network_port(smtp, tcp,25,s0, tcp,465,s0, tcp,587,s0)
|
||||
|
|
@ -6540,7 +6550,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
network_port(spamd, tcp,783,s0)
|
||||
network_port(ssh, tcp,22,s0)
|
||||
network_port(soundd, tcp,8000,s0, tcp,9433,s0, tcp, 16001, s0)
|
||||
@@ -168,13 +175,16 @@
|
||||
@@ -168,13 +176,16 @@
|
||||
network_port(syslogd, udp,514,s0)
|
||||
network_port(telnetd, tcp,23,s0)
|
||||
network_port(tftp, udp,69,s0)
|
||||
|
|
@ -7261,7 +7271,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
## all protocols (TCP, UDP, etc)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.5.9/policy/modules/kernel/domain.te
|
||||
--- nsaserefpolicy/policy/modules/kernel/domain.te 2008-08-07 11:15:01.000000000 -0400
|
||||
+++ serefpolicy-3.5.9/policy/modules/kernel/domain.te 2008-09-25 08:33:18.000000000 -0400
|
||||
+++ serefpolicy-3.5.9/policy/modules/kernel/domain.te 2008-09-25 15:20:04.000000000 -0400
|
||||
@@ -5,6 +5,13 @@
|
||||
#
|
||||
# Declarations
|
||||
|
|
@ -14248,7 +14258,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.5.9/policy/modules/services/dbus.if
|
||||
--- nsaserefpolicy/policy/modules/services/dbus.if 2008-08-07 11:15:11.000000000 -0400
|
||||
+++ serefpolicy-3.5.9/policy/modules/services/dbus.if 2008-09-25 08:33:18.000000000 -0400
|
||||
+++ serefpolicy-3.5.9/policy/modules/services/dbus.if 2008-09-25 15:21:22.000000000 -0400
|
||||
@@ -53,6 +53,7 @@
|
||||
gen_require(`
|
||||
type system_dbusd_exec_t, system_dbusd_t, dbusd_etc_t;
|
||||
|
|
@ -18661,7 +18671,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
## <param name="domain">
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.5.9/policy/modules/services/networkmanager.te
|
||||
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2008-09-24 09:07:28.000000000 -0400
|
||||
+++ serefpolicy-3.5.9/policy/modules/services/networkmanager.te 2008-09-25 08:33:18.000000000 -0400
|
||||
+++ serefpolicy-3.5.9/policy/modules/services/networkmanager.te 2008-09-25 15:14:50.000000000 -0400
|
||||
@@ -33,9 +33,9 @@
|
||||
|
||||
# networkmanager will ptrace itself if gdb is installed
|
||||
|
|
@ -18720,7 +18730,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
libs_use_ld_so(NetworkManager_t)
|
||||
libs_use_shared_libs(NetworkManager_t)
|
||||
|
||||
@@ -133,9 +141,12 @@
|
||||
@@ -128,14 +136,18 @@
|
||||
# in /etc created by NetworkManager will be labelled net_conf_t.
|
||||
sysnet_manage_config(NetworkManager_t)
|
||||
sysnet_etc_filetrans_config(NetworkManager_t)
|
||||
+sysnet_read_dhcp_config(NetworkManager_t)
|
||||
|
||||
userdom_dontaudit_use_unpriv_user_fds(NetworkManager_t)
|
||||
userdom_dontaudit_use_unpriv_users_ttys(NetworkManager_t)
|
||||
# Read gnome-keyring
|
||||
userdom_read_unpriv_users_home_content_files(NetworkManager_t)
|
||||
|
|
@ -18733,7 +18749,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
optional_policy(`
|
||||
bind_domtrans(NetworkManager_t)
|
||||
bind_manage_cache(NetworkManager_t)
|
||||
@@ -151,21 +162,26 @@
|
||||
@@ -151,21 +163,26 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -18765,7 +18781,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -174,9 +190,17 @@
|
||||
@@ -174,9 +191,17 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -31056,36 +31072,37 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
')
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.5.9/policy/modules/system/unconfined.fc
|
||||
--- nsaserefpolicy/policy/modules/system/unconfined.fc 2008-09-11 16:42:49.000000000 -0400
|
||||
+++ serefpolicy-3.5.9/policy/modules/system/unconfined.fc 2008-09-25 08:33:18.000000000 -0400
|
||||
@@ -2,15 +2,11 @@
|
||||
+++ serefpolicy-3.5.9/policy/modules/system/unconfined.fc 2008-09-25 14:37:47.000000000 -0400
|
||||
@@ -2,15 +2,29 @@
|
||||
# e.g.:
|
||||
# /usr/local/bin/appsrv -- gen_context(system_u:object_r:unconfined_exec_t,s0)
|
||||
# For the time being until someone writes a sane policy, we need initrc to transition to unconfined_t
|
||||
-/usr/bin/qemu.* -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
|
||||
/usr/bin/valgrind -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
|
||||
-/usr/bin/valgrind -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
|
||||
-/usr/bin/vncserver -- gen_context(system_u:object_r:unconfined_exec_t,s0)
|
||||
+/usr/bin/vncserver -- gen_context(system_u:object_r:unconfined_notrans_exec_t,s0)
|
||||
|
||||
/usr/lib/ia32el/ia32x_loader -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
|
||||
-
|
||||
-/usr/lib/ia32el/ia32x_loader -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
|
||||
-/usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
|
||||
-
|
||||
/usr/local/RealPlayer/realplay\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
|
||||
-
|
||||
-/usr/local/RealPlayer/realplay\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
|
||||
+/usr/bin/valgrind -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
||||
+/usr/bin/vncserver -- gen_context(system_u:object_r:unconfined_notrans_exec_t,s0)
|
||||
|
||||
+/usr/lib/ia32el/ia32x_loader -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
||||
+/usr/local/RealPlayer/realplay\.bin -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
||||
ifdef(`distro_gentoo',`
|
||||
/usr/lib32/openoffice/program/[^/]+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
|
||||
-/usr/lib32/openoffice/program/[^/]+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
|
||||
+/usr/lib32/openoffice/program/[^/]+\.bin -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
||||
')
|
||||
@@ -14,3 +10,20 @@
|
||||
ifdef(`distro_gentoo',`
|
||||
/usr/lib32/openoffice/program/[^/]+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
|
||||
')
|
||||
+/usr/bin/rhythmbox -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
|
||||
+/usr/bin/sbcl -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
|
||||
+/usr/bin/totem.* -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
||||
+/usr/bin/rhythmbox -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
||||
+/usr/bin/sbcl -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
||||
+
|
||||
+/usr/sbin/mock -- gen_context(system_u:object_r:unconfined_notrans_exec_t,s0)
|
||||
+/usr/sbin/sysreport -- gen_context(system_u:object_r:unconfined_notrans_exec_t,s0)
|
||||
+
|
||||
+/usr/lib64/erlang/erts-[^/]+/bin/beam.smp -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
|
||||
+/usr/lib/erlang/erts-[^/]+/bin/beam.smp -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
|
||||
+/usr/lib64/erlang/erts-[^/]+/bin/beam.smp -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
||||
+/usr/lib/erlang/erts-[^/]+/bin/beam.smp -- gen_context(system_u:object_r:execmem_exec_t,s0)
|
||||
+
|
||||
+/usr/bin/haddock.* -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
|
||||
+/usr/bin/hasktags -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
|
||||
|
|
@ -31097,7 +31114,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
+/opt/real/(.*/)?realplay\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.5.9/policy/modules/system/unconfined.if
|
||||
--- nsaserefpolicy/policy/modules/system/unconfined.if 2008-09-11 16:42:49.000000000 -0400
|
||||
+++ serefpolicy-3.5.9/policy/modules/system/unconfined.if 2008-09-25 08:33:18.000000000 -0400
|
||||
+++ serefpolicy-3.5.9/policy/modules/system/unconfined.if 2008-09-25 14:28:00.000000000 -0400
|
||||
@@ -12,14 +12,13 @@
|
||||
#
|
||||
interface(`unconfined_domain_noaudit',`
|
||||
|
|
@ -31249,10 +31266,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
+interface(`unconfined_execmem_domtrans',`
|
||||
+
|
||||
+ gen_require(`
|
||||
+ type unconfined_execmem_t, unconfined_execmem_exec_t;
|
||||
+ type unconfined_execmem_t, execmem_exec_t;
|
||||
+ ')
|
||||
+
|
||||
+ domtrans_pattern($1, unconfined_execmem_exec_t, unconfined_execmem_t)
|
||||
+ domtrans_pattern($1, execmem_exec_t, unconfined_execmem_t)
|
||||
+')
|
||||
+
|
||||
+########################################
|
||||
|
|
@ -31428,8 +31445,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
+
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.5.9/policy/modules/system/unconfined.te
|
||||
--- nsaserefpolicy/policy/modules/system/unconfined.te 2008-09-11 16:42:49.000000000 -0400
|
||||
+++ serefpolicy-3.5.9/policy/modules/system/unconfined.te 2008-09-25 08:33:18.000000000 -0400
|
||||
@@ -1,40 +1,80 @@
|
||||
+++ serefpolicy-3.5.9/policy/modules/system/unconfined.te 2008-09-25 14:27:15.000000000 -0400
|
||||
@@ -1,40 +1,81 @@
|
||||
|
||||
-policy_module(unconfined, 2.3.1)
|
||||
+policy_module(unconfined, 2.3.0)
|
||||
|
|
@ -31482,26 +31499,30 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
+role system_r types unconfined_t;
|
||||
|
||||
type unconfined_execmem_t;
|
||||
type unconfined_execmem_exec_t;
|
||||
init_system_domain(unconfined_execmem_t, unconfined_execmem_exec_t)
|
||||
-type unconfined_execmem_exec_t;
|
||||
-init_system_domain(unconfined_execmem_t, unconfined_execmem_exec_t)
|
||||
+type execmem_exec_t;
|
||||
+init_system_domain(unconfined_execmem_t, execmem_exec_t)
|
||||
role unconfined_r types unconfined_execmem_t;
|
||||
|
||||
+type execmem_exec_t alias unconfined_execmem_exec_t;
|
||||
+
|
||||
+type unconfined_notrans_t;
|
||||
+type unconfined_notrans_exec_t;
|
||||
+init_system_domain(unconfined_notrans_t, unconfined_notrans_exec_t)
|
||||
+role unconfined_r types unconfined_notrans_t;
|
||||
+
|
||||
|
||||
########################################
|
||||
#
|
||||
# Local policy
|
||||
#
|
||||
|
||||
-domtrans_pattern(unconfined_t, unconfined_execmem_exec_t, unconfined_execmem_t)
|
||||
+dontaudit unconfined_t self:dir write;
|
||||
+
|
||||
+allow unconfined_t self:system syslog_read;
|
||||
+dontaudit unconfined_t self:capability sys_module;
|
||||
+
|
||||
domtrans_pattern(unconfined_t, unconfined_execmem_exec_t, unconfined_execmem_t)
|
||||
+domtrans_pattern(unconfined_t, execmem_exec_t, unconfined_execmem_t)
|
||||
|
||||
files_create_boot_flag(unconfined_t)
|
||||
+files_create_default_dir(unconfined_t)
|
||||
|
|
@ -31515,7 +31536,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
libs_run_ldconfig(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
|
||||
|
||||
@@ -42,28 +82,37 @@
|
||||
@@ -42,28 +83,37 @@
|
||||
logging_run_auditctl(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
|
||||
|
||||
mount_run_unconfined(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
|
||||
|
|
@ -31557,7 +31578,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -75,12 +124,6 @@
|
||||
@@ -75,12 +125,6 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -31570,7 +31591,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
init_dbus_chat_script(unconfined_t)
|
||||
|
||||
dbus_stub(unconfined_t)
|
||||
@@ -106,12 +149,24 @@
|
||||
@@ -106,12 +150,24 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -31595,7 +31616,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -123,31 +178,33 @@
|
||||
@@ -123,31 +179,33 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -31636,7 +31657,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -159,43 +216,48 @@
|
||||
@@ -159,43 +217,48 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -31701,7 +31722,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -203,7 +265,7 @@
|
||||
@@ -203,7 +266,7 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -31710,7 +31731,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -215,11 +277,12 @@
|
||||
@@ -215,11 +278,12 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -31725,7 +31746,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
')
|
||||
|
||||
########################################
|
||||
@@ -229,14 +292,35 @@
|
||||
@@ -229,14 +293,35 @@
|
||||
|
||||
allow unconfined_execmem_t self:process { execstack execmem };
|
||||
unconfined_domain_noaudit(unconfined_execmem_t)
|
||||
|
|
|
|||
Loading…
Reference in New Issue