- Update from upstream
This commit is contained in:
parent
f9778219aa
commit
d8c8b2b904
@ -7279,7 +7279,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
|
|||||||
+')
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.0.5/policy/modules/services/setroubleshoot.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.0.5/policy/modules/services/setroubleshoot.te
|
||||||
--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2007-07-25 10:37:42.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2007-07-25 10:37:42.000000000 -0400
|
||||||
+++ serefpolicy-3.0.5/policy/modules/services/setroubleshoot.te 2007-08-03 14:06:26.000000000 -0400
|
+++ serefpolicy-3.0.5/policy/modules/services/setroubleshoot.te 2007-08-03 16:01:19.000000000 -0400
|
||||||
@@ -33,7 +33,6 @@
|
@@ -33,7 +33,6 @@
|
||||||
allow setroubleshootd_t self:tcp_socket create_stream_socket_perms;
|
allow setroubleshootd_t self:tcp_socket create_stream_socket_perms;
|
||||||
allow setroubleshootd_t self:unix_stream_socket { create_stream_socket_perms connectto };
|
allow setroubleshootd_t self:unix_stream_socket { create_stream_socket_perms connectto };
|
||||||
@ -7297,7 +7297,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
|
|||||||
kernel_read_kernel_sysctls(setroubleshootd_t)
|
kernel_read_kernel_sysctls(setroubleshootd_t)
|
||||||
kernel_read_system_state(setroubleshootd_t)
|
kernel_read_system_state(setroubleshootd_t)
|
||||||
kernel_read_network_state(setroubleshootd_t)
|
kernel_read_network_state(setroubleshootd_t)
|
||||||
@@ -76,6 +77,9 @@
|
@@ -68,6 +69,7 @@
|
||||||
|
corenet_sendrecv_smtp_client_packets(setroubleshootd_t)
|
||||||
|
|
||||||
|
dev_read_urand(setroubleshootd_t)
|
||||||
|
+dev_read_sysfs(setroubleshootd_t)
|
||||||
|
|
||||||
|
domain_dontaudit_search_all_domains_state(setroubleshootd_t)
|
||||||
|
|
||||||
|
@@ -76,6 +78,9 @@
|
||||||
files_getattr_all_dirs(setroubleshootd_t)
|
files_getattr_all_dirs(setroubleshootd_t)
|
||||||
files_getattr_all_files(setroubleshootd_t)
|
files_getattr_all_files(setroubleshootd_t)
|
||||||
|
|
||||||
@ -7307,7 +7315,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
|
|||||||
selinux_get_enforce_mode(setroubleshootd_t)
|
selinux_get_enforce_mode(setroubleshootd_t)
|
||||||
selinux_validate_context(setroubleshootd_t)
|
selinux_validate_context(setroubleshootd_t)
|
||||||
|
|
||||||
@@ -108,6 +112,3 @@
|
@@ -108,6 +113,3 @@
|
||||||
rpm_use_script_fds(setroubleshootd_t)
|
rpm_use_script_fds(setroubleshootd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -10782,7 +10790,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
|
|||||||
+')
|
+')
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.0.5/policy/modules/system/unconfined.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.0.5/policy/modules/system/unconfined.te
|
||||||
--- nsaserefpolicy/policy/modules/system/unconfined.te 2007-07-25 10:37:42.000000000 -0400
|
--- nsaserefpolicy/policy/modules/system/unconfined.te 2007-07-25 10:37:42.000000000 -0400
|
||||||
+++ serefpolicy-3.0.5/policy/modules/system/unconfined.te 2007-08-03 14:06:26.000000000 -0400
|
+++ serefpolicy-3.0.5/policy/modules/system/unconfined.te 2007-08-03 16:28:55.000000000 -0400
|
||||||
@@ -5,28 +5,36 @@
|
@@ -5,28 +5,36 @@
|
||||||
#
|
#
|
||||||
# Declarations
|
# Declarations
|
||||||
@ -10835,7 +10843,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
|
|||||||
|
|
||||||
libs_run_ldconfig(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
libs_run_ldconfig(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
||||||
|
|
||||||
@@ -42,23 +51,22 @@
|
@@ -42,37 +51,30 @@
|
||||||
logging_run_auditctl(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
logging_run_auditctl(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
||||||
|
|
||||||
mount_run_unconfined(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
mount_run_unconfined(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
||||||
@ -10853,35 +10861,35 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
|
|||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
- ada_domtrans(unconfined_t)
|
- ada_domtrans(unconfined_t)
|
||||||
|
-')
|
||||||
|
-
|
||||||
|
-optional_policy(`
|
||||||
|
- apache_run_helper(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
||||||
|
- apache_per_role_template(unconfined,unconfined_t,unconfined_r)
|
||||||
|
- # this is disallowed usage:
|
||||||
|
- unconfined_domain(httpd_unconfined_script_t)
|
||||||
+ ada_run(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
+ ada_run(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
apache_run_helper(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
- bind_run_ndc(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
||||||
- apache_per_role_template(unconfined,unconfined_t,unconfined_r)
|
+ bootloader_run(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
||||||
- # this is disallowed usage:
|
|
||||||
- unconfined_domain(httpd_unconfined_script_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
@@ -66,16 +74,6 @@
|
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
- bootloader_run(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
- bootloader_run(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
||||||
-')
|
+ apache_run_helper(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
||||||
-
|
')
|
||||||
-optional_policy(`
|
|
||||||
|
optional_policy(`
|
||||||
- cron_per_role_template(unconfined,unconfined_t,unconfined_r)
|
- cron_per_role_template(unconfined,unconfined_t,unconfined_r)
|
||||||
- # this is disallowed usage:
|
- # this is disallowed usage:
|
||||||
- unconfined_domain(unconfined_crond_t)
|
- unconfined_domain(unconfined_crond_t)
|
||||||
-')
|
+ bind_run_ndc(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
||||||
-
|
')
|
||||||
-optional_policy(`
|
|
||||||
init_dbus_chat_script(unconfined_t)
|
|
||||||
|
|
||||||
dbus_stub(unconfined_t)
|
optional_policy(`
|
||||||
@@ -118,11 +116,7 @@
|
@@ -118,11 +120,7 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -10894,7 +10902,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -134,11 +128,7 @@
|
@@ -134,11 +132,7 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -10907,7 +10915,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -155,22 +145,12 @@
|
@@ -155,22 +149,12 @@
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
postfix_run_map(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
postfix_run_map(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
||||||
@ -10932,7 +10940,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -180,10 +160,6 @@
|
@@ -180,10 +164,6 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -10943,7 +10951,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
|
|||||||
sysnet_run_dhcpc(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
sysnet_run_dhcpc(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
|
||||||
sysnet_dbus_chat_dhcpc(unconfined_t)
|
sysnet_dbus_chat_dhcpc(unconfined_t)
|
||||||
')
|
')
|
||||||
@@ -205,11 +181,12 @@
|
@@ -205,11 +185,12 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -10957,7 +10965,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -227,6 +204,17 @@
|
@@ -227,6 +208,17 @@
|
||||||
unconfined_dbus_chat(unconfined_execmem_t)
|
unconfined_dbus_chat(unconfined_execmem_t)
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
@ -303,8 +303,8 @@ semanage user -a -P xguest -R xguest_r xguest_u
|
|||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
%files targeted
|
%files targeted
|
||||||
|
%config(noreplace) %{_sysconfdir}/selinux/targeted/contexts/users/xguest_u
|
||||||
%fileList targeted
|
%fileList targeted
|
||||||
%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/xguest_u
|
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if %{BUILD_OLPC}
|
%if %{BUILD_OLPC}
|
||||||
|
Loading…
Reference in New Issue
Block a user