rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- More xselinux rules

Browse Source
This commit is contained in:
Daniel J Walsh 2008-02-29 22:33:22 +00:00
parent 9a0f35b9ad
commit d8c160273b
2 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
policy-20071130.patch
View File

@ -22901,7 +22901,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
/var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.3.1/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2007-12-04 11:02:50.000000000 -0500
+++ serefpolicy-3.3.1/policy/modules/services/xserver.if 2008-02-29 17:16:49.000000000 -0500
+++ serefpolicy-3.3.1/policy/modules/services/xserver.if 2008-02-29 17:24:22.000000000 -0500
@@ -15,6 +15,11 @@
template(`xserver_common_domain_template',`
gen_require(`
@ -23568,22 +23568,22 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
+ # can receive own events
+ allow $3 $2_input_xevent_t:{ x_event x_synthetic_event } receive;
+ allow $3 input_xevent_t:{ x_event x_synthetic_event } receive;
+ allow $1_t $2_input_xevent_t:{ x_event x_synthetic_event } receive;
+ allow $1_t $2_input_xevent_t:{ x_event x_synthetic_event } { send receive };
+
+ allow $3 $2_property_xevent_t:{ x_event x_synthetic_event } receive;
+ allow $1_t $2_property_xevent_t:{ x_event x_synthetic_event } receive;
+ allow $1_t $2_property_xevent_t:{ x_event x_synthetic_event } { send receive };
+
+ allow $3 $2_focus_xevent_t:{ x_event x_synthetic_event } receive;
+ allow $1_t $2_focus_xevent_t:{ x_event x_synthetic_event } receive;
+ allow $1_t $2_focus_xevent_t:{ x_event x_synthetic_event } { send receive };
+
+ allow $3 $2_manage_xevent_t:{ x_event x_synthetic_event } receive;
+ allow $1_t $2_manage_xevent_t:{ x_event x_synthetic_event } { send receive };
+
+ allow $3 $2_default_xevent_t:{ x_event x_synthetic_event } receive;
+ allow $1_t $2_default_xevent_t:{ x_event x_synthetic_event } receive;
+ allow $1_t $2_default_xevent_t:{ x_event x_synthetic_event } {send receive };
+
+ allow $3 $2_client_xevent_t:{ x_event x_synthetic_event } { send receive };
+ allow $1_t $2_client_xevent_t:{ x_event x_synthetic_event } { send };
+ allow $1_t $2_client_xevent_t:{ x_event x_synthetic_event } { send receive };
+ type_transition $2_t input_xevent_t:x_event $2_input_xevent_t;
+ type_transition $2_t property_xevent_t:x_event $2_property_xevent_t;
+ type_transition $2_t focus_xevent_t:x_event $2_focus_xevent_t;

5
selinux-policy.spec
View File

@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.3.1
Release: 8%{?dist}
Release: 9%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@ -388,6 +388,9 @@ exit 0
%endif
%changelog
* Fri Feb 29 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-9
- More xselinux rules
* Thu Feb 28 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-8
- Change httpd_$1_script_r*_t to httpd_$1_content_r*_t