- Update from upstream
This commit is contained in:
parent
f9778219aa
commit
d8c8b2b904
|
@ -7279,7 +7279,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
|
|||
+')
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.0.5/policy/modules/services/setroubleshoot.te
|
||||
--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2007-07-25 10:37:42.000000000 -0400
|
||||
+++ serefpolicy-3.0.5/policy/modules/services/setroubleshoot.te 2007-08-03 14:06:26.000000000 -0400
|
||||
+++ serefpolicy-3.0.5/policy/modules/services/setroubleshoot.te 2007-08-03 16:01:19.000000000 -0400
|
||||
@@ -33,7 +33,6 @@
|
||||
allow setroubleshootd_t self:tcp_socket create_stream_socket_perms;
|
||||
allow setroubleshootd_t self:unix_stream_socket { create_stream_socket_perms connectto };
|
||||
|
@ -7297,7 +7297,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
|
|||
kernel_read_kernel_sysctls(setroubleshootd_t)
|
||||
kernel_read_system_state(setroubleshootd_t)
|
||||
kernel_read_network_state(setroubleshootd_t)
|
||||
@@ -76,6 +77,9 @@
|
||||
@@ -68,6 +69,7 @@
|
||||
corenet_sendrecv_smtp_client_packets(setroubleshootd_t)
|
||||
|
||||
dev_read_urand(setroubleshootd_t)
|
||||
+dev_read_sysfs(setroubleshootd_t)
|
||||
|
||||
domain_dontaudit_search_all_domains_state(setroubleshootd_t)
|
||||
|
||||
@@ -76,6 +78,9 @@
|
||||
files_getattr_all_dirs(setroubleshootd_t)
|
||||
files_getattr_all_files(setroubleshootd_t)
|
||||
|
||||
|
@ -7307,7 +7315,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
|
|||
selinux_get_enforce_mode(setroubleshootd_t)
|
||||
selinux_validate_context(setroubleshootd_t)
|
||||
|
||||
@@ -108,6 +112,3 @@
|
||||
@@ -108,6 +113,3 @@
|
||||
rpm_use_script_fds(setroubleshootd_t)
|
||||
')
|
||||
|
||||
|
@ -10782,7 +10790,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
|
|||
+')
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.0.5/policy/modules/system/unconfined.te
|
||||
--- nsaserefpolicy/policy/modules/system/unconfined.te 2007-07-25 10:37:42.000000000 -0400
|
||||
+++ serefpolicy-3.0.5/policy/modules/system/unconfined.te 2007-08-03 14:06:26.000000000 -0400
|
||||
+++ serefpolicy-3.0.5/policy/modules/system/unconfined.te 2007-08-03 16:28:55.000000000 -0400
|
||||
@@ -5,28 +5,36 @@
|
||||
#
|
||||
# Declarations
|
||||
|
@ -10835,7 +10843,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
|
|||
|
||||
libs_run_ldconfig(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
||||
|
||||
@@ -42,23 +51,22 @@
|
||||
@@ -42,37 +51,30 @@
|
||||
logging_run_auditctl(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
||||
|
||||
mount_run_unconfined(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
||||
|
@ -10853,35 +10861,35 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
|
|||
|
||||
optional_policy(`
|
||||
- ada_domtrans(unconfined_t)
|
||||
-')
|
||||
-
|
||||
-optional_policy(`
|
||||
- apache_run_helper(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
||||
- apache_per_role_template(unconfined,unconfined_t,unconfined_r)
|
||||
- # this is disallowed usage:
|
||||
- unconfined_domain(httpd_unconfined_script_t)
|
||||
+ ada_run(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
apache_run_helper(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
||||
- apache_per_role_template(unconfined,unconfined_t,unconfined_r)
|
||||
- # this is disallowed usage:
|
||||
- unconfined_domain(httpd_unconfined_script_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -66,16 +74,6 @@
|
||||
- bind_run_ndc(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
||||
+ bootloader_run(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
- bootloader_run(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
||||
-')
|
||||
-
|
||||
-optional_policy(`
|
||||
+ apache_run_helper(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
- cron_per_role_template(unconfined,unconfined_t,unconfined_r)
|
||||
- # this is disallowed usage:
|
||||
- unconfined_domain(unconfined_crond_t)
|
||||
-')
|
||||
-
|
||||
-optional_policy(`
|
||||
init_dbus_chat_script(unconfined_t)
|
||||
+ bind_run_ndc(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
||||
')
|
||||
|
||||
dbus_stub(unconfined_t)
|
||||
@@ -118,11 +116,7 @@
|
||||
optional_policy(`
|
||||
@@ -118,11 +120,7 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
@ -10894,7 +10902,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
|
|||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -134,11 +128,7 @@
|
||||
@@ -134,11 +132,7 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
@ -10907,7 +10915,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
|
|||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -155,22 +145,12 @@
|
||||
@@ -155,22 +149,12 @@
|
||||
|
||||
optional_policy(`
|
||||
postfix_run_map(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
||||
|
@ -10932,7 +10940,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
|
|||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -180,10 +160,6 @@
|
||||
@@ -180,10 +164,6 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
@ -10943,7 +10951,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
|
|||
sysnet_run_dhcpc(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
||||
sysnet_dbus_chat_dhcpc(unconfined_t)
|
||||
')
|
||||
@@ -205,11 +181,12 @@
|
||||
@@ -205,11 +185,12 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
@ -10957,7 +10965,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
|
|||
')
|
||||
|
||||
########################################
|
||||
@@ -227,6 +204,17 @@
|
||||
@@ -227,6 +208,17 @@
|
||||
unconfined_dbus_chat(unconfined_execmem_t)
|
||||
|
||||
optional_policy(`
|
||||
|
|
|
@ -143,7 +143,7 @@ install -m0644 ${RPM_SOURCE_DIR}/setrans-%1.conf %{buildroot}%{_sysconfdir}/seli
|
|||
%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/root \
|
||||
%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/guest_u \
|
||||
%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/user_u \
|
||||
%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/staff_u
|
||||
%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/staff_u
|
||||
|
||||
%define saveFileContext() \
|
||||
if [ -s /etc/selinux/config ]; then \
|
||||
|
@ -303,8 +303,8 @@ semanage user -a -P xguest -R xguest_r xguest_u
|
|||
exit 0
|
||||
|
||||
%files targeted
|
||||
%config(noreplace) %{_sysconfdir}/selinux/targeted/contexts/users/xguest_u
|
||||
%fileList targeted
|
||||
%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/xguest_u
|
||||
%endif
|
||||
|
||||
%if %{BUILD_OLPC}
|
||||
|
|
Loading…
Reference in New Issue