* Thu Feb 11 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-171
- Allow setroubleshoot_fixit_t to use temporary files
This commit is contained in:
parent
ead49a5633
commit
d6823d337b
Binary file not shown.
@ -97165,10 +97165,10 @@ index 3a9a70b..903109c 100644
|
|||||||
logging_list_logs($1)
|
logging_list_logs($1)
|
||||||
admin_pattern($1, setroubleshoot_var_log_t)
|
admin_pattern($1, setroubleshoot_var_log_t)
|
||||||
diff --git a/setroubleshoot.te b/setroubleshoot.te
|
diff --git a/setroubleshoot.te b/setroubleshoot.te
|
||||||
index ce67935..24c746f 100644
|
index ce67935..4985c02 100644
|
||||||
--- a/setroubleshoot.te
|
--- a/setroubleshoot.te
|
||||||
+++ b/setroubleshoot.te
|
+++ b/setroubleshoot.te
|
||||||
@@ -7,68 +7,95 @@ policy_module(setroubleshoot, 1.12.1)
|
@@ -7,68 +7,111 @@ policy_module(setroubleshoot, 1.12.1)
|
||||||
|
|
||||||
type setroubleshootd_t alias setroubleshoot_t;
|
type setroubleshootd_t alias setroubleshoot_t;
|
||||||
type setroubleshootd_exec_t;
|
type setroubleshootd_exec_t;
|
||||||
@ -97197,6 +97197,12 @@ index ce67935..24c746f 100644
|
|||||||
+
|
+
|
||||||
+type setroubleshoot_tmpfs_t;
|
+type setroubleshoot_tmpfs_t;
|
||||||
+files_tmpfs_file(setroubleshoot_tmpfs_t)
|
+files_tmpfs_file(setroubleshoot_tmpfs_t)
|
||||||
|
+
|
||||||
|
+type setroubleshoot_fixit_tmp_t;
|
||||||
|
+files_tmp_file(setroubleshoot_fixit_tmp_t)
|
||||||
|
+
|
||||||
|
+type setroubleshoot_fixit_tmpfs_t;
|
||||||
|
+files_tmpfs_file(setroubleshoot_fixit_tmpfs_t)
|
||||||
+
|
+
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -97219,8 +97225,7 @@ index ce67935..24c746f 100644
|
|||||||
+allow setroubleshootd_t self:unix_stream_socket { create_stream_socket_perms connectto };
|
+allow setroubleshootd_t self:unix_stream_socket { create_stream_socket_perms connectto };
|
||||||
+allow setroubleshootd_t self:unix_dgram_socket create_socket_perms;
|
+allow setroubleshootd_t self:unix_dgram_socket create_socket_perms;
|
||||||
+
|
+
|
||||||
|
+
|
||||||
-allow setroubleshootd_t setroubleshoot_var_lib_t:dir setattr_dir_perms;
|
|
||||||
+manage_files_pattern(setroubleshootd_t, setroubleshoot_tmp_t, setroubleshoot_tmp_t)
|
+manage_files_pattern(setroubleshootd_t, setroubleshoot_tmp_t, setroubleshoot_tmp_t)
|
||||||
+manage_dirs_pattern(setroubleshootd_t, setroubleshoot_tmp_t, setroubleshoot_tmp_t)
|
+manage_dirs_pattern(setroubleshootd_t, setroubleshoot_tmp_t, setroubleshoot_tmp_t)
|
||||||
+files_tmp_filetrans(setroubleshootd_t, setroubleshoot_tmp_t, { file dir })
|
+files_tmp_filetrans(setroubleshootd_t, setroubleshoot_tmp_t, { file dir })
|
||||||
@ -97231,6 +97236,17 @@ index ce67935..24c746f 100644
|
|||||||
+fs_tmpfs_filetrans(setroubleshootd_t, setroubleshoot_tmpfs_t, { file dir })
|
+fs_tmpfs_filetrans(setroubleshootd_t, setroubleshoot_tmpfs_t, { file dir })
|
||||||
+allow setroubleshootd_t setroubleshoot_tmpfs_t:file mmap_file_perms;
|
+allow setroubleshootd_t setroubleshoot_tmpfs_t:file mmap_file_perms;
|
||||||
+
|
+
|
||||||
|
+manage_files_pattern(setroubleshoot_fixit_t, setroubleshoot_fixit_tmp_t, setroubleshoot_fixit_tmp_t)
|
||||||
|
+manage_dirs_pattern(setroubleshoot_fixit_t, setroubleshoot_fixit_tmp_t, setroubleshoot_fixit_tmp_t)
|
||||||
|
+files_tmp_filetrans(setroubleshoot_fixit_t, setroubleshoot_fixit_tmp_t, { file dir })
|
||||||
|
+allow setroubleshoot_fixit_t setroubleshoot_fixit_tmp_t:file mmap_file_perms;
|
||||||
|
|
||||||
|
-allow setroubleshootd_t setroubleshoot_var_lib_t:dir setattr_dir_perms;
|
||||||
|
+manage_files_pattern(setroubleshoot_fixit_t, setroubleshoot_fixit_tmpfs_t, setroubleshoot_fixit_tmpfs_t)
|
||||||
|
+manage_dirs_pattern(setroubleshoot_fixit_t, setroubleshoot_fixit_tmpfs_t, setroubleshoot_fixit_tmpfs_t)
|
||||||
|
+fs_tmpfs_filetrans(setroubleshoot_fixit_t, setroubleshoot_fixit_tmpfs_t, { file dir })
|
||||||
|
+allow setroubleshoot_fixit_t setroubleshoot_fixit_tmpfs_t:file mmap_file_perms;
|
||||||
|
+
|
||||||
+# database files
|
+# database files
|
||||||
+allow setroubleshootd_t setroubleshoot_var_lib_t:dir setattr;
|
+allow setroubleshootd_t setroubleshoot_var_lib_t:dir setattr;
|
||||||
manage_files_pattern(setroubleshootd_t, setroubleshoot_var_lib_t, setroubleshoot_var_lib_t)
|
manage_files_pattern(setroubleshootd_t, setroubleshoot_var_lib_t, setroubleshoot_var_lib_t)
|
||||||
@ -97280,7 +97296,7 @@ index ce67935..24c746f 100644
|
|||||||
|
|
||||||
dev_read_urand(setroubleshootd_t)
|
dev_read_urand(setroubleshootd_t)
|
||||||
dev_read_sysfs(setroubleshootd_t)
|
dev_read_sysfs(setroubleshootd_t)
|
||||||
@@ -76,10 +103,9 @@ dev_getattr_all_blk_files(setroubleshootd_t)
|
@@ -76,10 +119,9 @@ dev_getattr_all_blk_files(setroubleshootd_t)
|
||||||
dev_getattr_all_chr_files(setroubleshootd_t)
|
dev_getattr_all_chr_files(setroubleshootd_t)
|
||||||
dev_getattr_mtrr_dev(setroubleshootd_t)
|
dev_getattr_mtrr_dev(setroubleshootd_t)
|
||||||
|
|
||||||
@ -97292,7 +97308,7 @@ index ce67935..24c746f 100644
|
|||||||
files_list_all(setroubleshootd_t)
|
files_list_all(setroubleshootd_t)
|
||||||
files_getattr_all_files(setroubleshootd_t)
|
files_getattr_all_files(setroubleshootd_t)
|
||||||
files_getattr_all_pipes(setroubleshootd_t)
|
files_getattr_all_pipes(setroubleshootd_t)
|
||||||
@@ -109,27 +135,24 @@ init_read_utmp(setroubleshootd_t)
|
@@ -109,27 +151,24 @@ init_read_utmp(setroubleshootd_t)
|
||||||
init_dontaudit_write_utmp(setroubleshootd_t)
|
init_dontaudit_write_utmp(setroubleshootd_t)
|
||||||
|
|
||||||
libs_exec_ld_so(setroubleshootd_t)
|
libs_exec_ld_so(setroubleshootd_t)
|
||||||
@ -97325,7 +97341,7 @@ index ce67935..24c746f 100644
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -137,10 +160,18 @@ optional_policy(`
|
@@ -137,10 +176,18 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -97344,7 +97360,7 @@ index ce67935..24c746f 100644
|
|||||||
rpm_exec(setroubleshootd_t)
|
rpm_exec(setroubleshootd_t)
|
||||||
rpm_signull(setroubleshootd_t)
|
rpm_signull(setroubleshootd_t)
|
||||||
rpm_read_db(setroubleshootd_t)
|
rpm_read_db(setroubleshootd_t)
|
||||||
@@ -150,26 +181,36 @@ optional_policy(`
|
@@ -150,26 +197,36 @@ optional_policy(`
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -97383,7 +97399,7 @@ index ce67935..24c746f 100644
|
|||||||
files_list_tmp(setroubleshoot_fixit_t)
|
files_list_tmp(setroubleshoot_fixit_t)
|
||||||
|
|
||||||
auth_use_nsswitch(setroubleshoot_fixit_t)
|
auth_use_nsswitch(setroubleshoot_fixit_t)
|
||||||
@@ -177,23 +218,26 @@ auth_use_nsswitch(setroubleshoot_fixit_t)
|
@@ -177,23 +234,26 @@ auth_use_nsswitch(setroubleshoot_fixit_t)
|
||||||
logging_send_audit_msgs(setroubleshoot_fixit_t)
|
logging_send_audit_msgs(setroubleshoot_fixit_t)
|
||||||
logging_send_syslog_msg(setroubleshoot_fixit_t)
|
logging_send_syslog_msg(setroubleshoot_fixit_t)
|
||||||
|
|
||||||
|
@ -19,7 +19,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.13.1
|
Version: 3.13.1
|
||||||
Release: 170%{?dist}
|
Release: 171%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -664,6 +664,9 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Feb 11 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-171
|
||||||
|
- Allow setroubleshoot_fixit_t to use temporary files
|
||||||
|
|
||||||
* Wed Feb 10 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-170
|
* Wed Feb 10 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-170
|
||||||
- Allow abrt_dump_oops_t to getattr filesystem nsfs files. rhbz#1300334
|
- Allow abrt_dump_oops_t to getattr filesystem nsfs files. rhbz#1300334
|
||||||
- Allow ulogd_t to create netlink_netfilter sockets. rhbz#1305426
|
- Allow ulogd_t to create netlink_netfilter sockets. rhbz#1305426
|
||||||
|
Loading…
Reference in New Issue
Block a user