* Thu Feb 11 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-171
- Allow setroubleshoot_fixit_t to use temporary files
This commit is contained in:
parent
ead49a5633
commit
d6823d337b
Binary file not shown.
@ -97165,10 +97165,10 @@ index 3a9a70b..903109c 100644
|
||||
logging_list_logs($1)
|
||||
admin_pattern($1, setroubleshoot_var_log_t)
|
||||
diff --git a/setroubleshoot.te b/setroubleshoot.te
|
||||
index ce67935..24c746f 100644
|
||||
index ce67935..4985c02 100644
|
||||
--- a/setroubleshoot.te
|
||||
+++ b/setroubleshoot.te
|
||||
@@ -7,68 +7,95 @@ policy_module(setroubleshoot, 1.12.1)
|
||||
@@ -7,68 +7,111 @@ policy_module(setroubleshoot, 1.12.1)
|
||||
|
||||
type setroubleshootd_t alias setroubleshoot_t;
|
||||
type setroubleshootd_exec_t;
|
||||
@ -97197,6 +97197,12 @@ index ce67935..24c746f 100644
|
||||
+
|
||||
+type setroubleshoot_tmpfs_t;
|
||||
+files_tmpfs_file(setroubleshoot_tmpfs_t)
|
||||
+
|
||||
+type setroubleshoot_fixit_tmp_t;
|
||||
+files_tmp_file(setroubleshoot_fixit_tmp_t)
|
||||
+
|
||||
+type setroubleshoot_fixit_tmpfs_t;
|
||||
+files_tmpfs_file(setroubleshoot_fixit_tmpfs_t)
|
||||
+
|
||||
########################################
|
||||
#
|
||||
@ -97219,8 +97225,7 @@ index ce67935..24c746f 100644
|
||||
+allow setroubleshootd_t self:unix_stream_socket { create_stream_socket_perms connectto };
|
||||
+allow setroubleshootd_t self:unix_dgram_socket create_socket_perms;
|
||||
+
|
||||
|
||||
-allow setroubleshootd_t setroubleshoot_var_lib_t:dir setattr_dir_perms;
|
||||
+
|
||||
+manage_files_pattern(setroubleshootd_t, setroubleshoot_tmp_t, setroubleshoot_tmp_t)
|
||||
+manage_dirs_pattern(setroubleshootd_t, setroubleshoot_tmp_t, setroubleshoot_tmp_t)
|
||||
+files_tmp_filetrans(setroubleshootd_t, setroubleshoot_tmp_t, { file dir })
|
||||
@ -97231,6 +97236,17 @@ index ce67935..24c746f 100644
|
||||
+fs_tmpfs_filetrans(setroubleshootd_t, setroubleshoot_tmpfs_t, { file dir })
|
||||
+allow setroubleshootd_t setroubleshoot_tmpfs_t:file mmap_file_perms;
|
||||
+
|
||||
+manage_files_pattern(setroubleshoot_fixit_t, setroubleshoot_fixit_tmp_t, setroubleshoot_fixit_tmp_t)
|
||||
+manage_dirs_pattern(setroubleshoot_fixit_t, setroubleshoot_fixit_tmp_t, setroubleshoot_fixit_tmp_t)
|
||||
+files_tmp_filetrans(setroubleshoot_fixit_t, setroubleshoot_fixit_tmp_t, { file dir })
|
||||
+allow setroubleshoot_fixit_t setroubleshoot_fixit_tmp_t:file mmap_file_perms;
|
||||
|
||||
-allow setroubleshootd_t setroubleshoot_var_lib_t:dir setattr_dir_perms;
|
||||
+manage_files_pattern(setroubleshoot_fixit_t, setroubleshoot_fixit_tmpfs_t, setroubleshoot_fixit_tmpfs_t)
|
||||
+manage_dirs_pattern(setroubleshoot_fixit_t, setroubleshoot_fixit_tmpfs_t, setroubleshoot_fixit_tmpfs_t)
|
||||
+fs_tmpfs_filetrans(setroubleshoot_fixit_t, setroubleshoot_fixit_tmpfs_t, { file dir })
|
||||
+allow setroubleshoot_fixit_t setroubleshoot_fixit_tmpfs_t:file mmap_file_perms;
|
||||
+
|
||||
+# database files
|
||||
+allow setroubleshootd_t setroubleshoot_var_lib_t:dir setattr;
|
||||
manage_files_pattern(setroubleshootd_t, setroubleshoot_var_lib_t, setroubleshoot_var_lib_t)
|
||||
@ -97280,7 +97296,7 @@ index ce67935..24c746f 100644
|
||||
|
||||
dev_read_urand(setroubleshootd_t)
|
||||
dev_read_sysfs(setroubleshootd_t)
|
||||
@@ -76,10 +103,9 @@ dev_getattr_all_blk_files(setroubleshootd_t)
|
||||
@@ -76,10 +119,9 @@ dev_getattr_all_blk_files(setroubleshootd_t)
|
||||
dev_getattr_all_chr_files(setroubleshootd_t)
|
||||
dev_getattr_mtrr_dev(setroubleshootd_t)
|
||||
|
||||
@ -97292,7 +97308,7 @@ index ce67935..24c746f 100644
|
||||
files_list_all(setroubleshootd_t)
|
||||
files_getattr_all_files(setroubleshootd_t)
|
||||
files_getattr_all_pipes(setroubleshootd_t)
|
||||
@@ -109,27 +135,24 @@ init_read_utmp(setroubleshootd_t)
|
||||
@@ -109,27 +151,24 @@ init_read_utmp(setroubleshootd_t)
|
||||
init_dontaudit_write_utmp(setroubleshootd_t)
|
||||
|
||||
libs_exec_ld_so(setroubleshootd_t)
|
||||
@ -97325,7 +97341,7 @@ index ce67935..24c746f 100644
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -137,10 +160,18 @@ optional_policy(`
|
||||
@@ -137,10 +176,18 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -97344,7 +97360,7 @@ index ce67935..24c746f 100644
|
||||
rpm_exec(setroubleshootd_t)
|
||||
rpm_signull(setroubleshootd_t)
|
||||
rpm_read_db(setroubleshootd_t)
|
||||
@@ -150,26 +181,36 @@ optional_policy(`
|
||||
@@ -150,26 +197,36 @@ optional_policy(`
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -97383,7 +97399,7 @@ index ce67935..24c746f 100644
|
||||
files_list_tmp(setroubleshoot_fixit_t)
|
||||
|
||||
auth_use_nsswitch(setroubleshoot_fixit_t)
|
||||
@@ -177,23 +218,26 @@ auth_use_nsswitch(setroubleshoot_fixit_t)
|
||||
@@ -177,23 +234,26 @@ auth_use_nsswitch(setroubleshoot_fixit_t)
|
||||
logging_send_audit_msgs(setroubleshoot_fixit_t)
|
||||
logging_send_syslog_msg(setroubleshoot_fixit_t)
|
||||
|
||||
|
@ -19,7 +19,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.13.1
|
||||
Release: 170%{?dist}
|
||||
Release: 171%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
@ -664,6 +664,9 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Feb 11 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-171
|
||||
- Allow setroubleshoot_fixit_t to use temporary files
|
||||
|
||||
* Wed Feb 10 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-170
|
||||
- Allow abrt_dump_oops_t to getattr filesystem nsfs files. rhbz#1300334
|
||||
- Allow ulogd_t to create netlink_netfilter sockets. rhbz#1305426
|
||||
|
Loading…
Reference in New Issue
Block a user