- Fix request_module line to module_request
This commit is contained in:
Daniel J Walsh
parent
d53d158d2b
commit
da08b5716a
@ -1944,7 +1944,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
')
|
')
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.6.32/policy/modules/apps/java.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.6.32/policy/modules/apps/java.te
|
||||||
--- nsaserefpolicy/policy/modules/apps/java.te 2009-08-18 11:41:14.000000000 -0400
|
--- nsaserefpolicy/policy/modules/apps/java.te 2009-08-18 11:41:14.000000000 -0400
|
||||||
+++ serefpolicy-3.6.32/policy/modules/apps/java.te 2009-09-16 10:03:08.000000000 -0400
|
+++ serefpolicy-3.6.32/policy/modules/apps/java.te 2009-09-18 17:16:51.000000000 -0400
|
||||||
@@ -20,6 +20,8 @@
|
@@ -20,6 +20,8 @@
|
||||||
typealias java_t alias { staff_javaplugin_t user_javaplugin_t sysadm_javaplugin_t };
|
typealias java_t alias { staff_javaplugin_t user_javaplugin_t sysadm_javaplugin_t };
|
||||||
typealias java_t alias { auditadm_javaplugin_t secadm_javaplugin_t };
|
typealias java_t alias { auditadm_javaplugin_t secadm_javaplugin_t };
|
||||||
@ -1970,17 +1970,23 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
xserver_user_x_domain_template(java, java_t, java_tmpfs_t)
|
xserver_user_x_domain_template(java, java_t, java_tmpfs_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -147,4 +151,12 @@
|
@@ -143,8 +147,18 @@
|
||||||
|
# execheap is needed for itanium/BEA jrocket
|
||||||
|
allow unconfined_java_t self:process { execstack execmem execheap };
|
||||||
|
|
||||||
|
+ files_execmod_all_files(unconfined_java_t)
|
||||||
|
+
|
||||||
|
init_dbus_chat_script(unconfined_java_t)
|
||||||
|
|
||||||
unconfined_domain_noaudit(unconfined_java_t)
|
unconfined_domain_noaudit(unconfined_java_t)
|
||||||
unconfined_dbus_chat(unconfined_java_t)
|
unconfined_dbus_chat(unconfined_java_t)
|
||||||
+ optional_policy(`
|
+ optional_policy(`
|
||||||
+ hal_dbus_chat(unconfined_java_t)
|
+ hal_dbus_chat(unconfined_java_t)
|
||||||
')
|
+')
|
||||||
+
|
+
|
||||||
+ optional_policy(`
|
+ optional_policy(`
|
||||||
+ rpm_domtrans(unconfined_java_t)
|
+ rpm_domtrans(unconfined_java_t)
|
||||||
+ ')
|
')
|
||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.fc serefpolicy-3.6.32/policy/modules/apps/kdumpgui.fc
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.fc serefpolicy-3.6.32/policy/modules/apps/kdumpgui.fc
|
||||||
@ -5313,7 +5319,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
/var/lib/nfs/rpc_pipefs(/.*)? <<none>>
|
/var/lib/nfs/rpc_pipefs(/.*)? <<none>>
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.6.32/policy/modules/kernel/files.if
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.6.32/policy/modules/kernel/files.if
|
||||||
--- nsaserefpolicy/policy/modules/kernel/files.if 2009-07-14 14:19:57.000000000 -0400
|
--- nsaserefpolicy/policy/modules/kernel/files.if 2009-07-14 14:19:57.000000000 -0400
|
||||||
+++ serefpolicy-3.6.32/policy/modules/kernel/files.if 2009-09-18 11:28:35.000000000 -0400
|
+++ serefpolicy-3.6.32/policy/modules/kernel/files.if 2009-09-18 17:16:00.000000000 -0400
|
||||||
@@ -110,6 +110,11 @@
|
@@ -110,6 +110,11 @@
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
@ -13566,15 +13572,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
')
|
')
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.te serefpolicy-3.6.32/policy/modules/services/policykit.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.te serefpolicy-3.6.32/policy/modules/services/policykit.te
|
||||||
--- nsaserefpolicy/policy/modules/services/policykit.te 2009-08-18 11:41:14.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/policykit.te 2009-08-18 11:41:14.000000000 -0400
|
||||||
+++ serefpolicy-3.6.32/policy/modules/services/policykit.te 2009-09-16 10:03:09.000000000 -0400
|
+++ serefpolicy-3.6.32/policy/modules/services/policykit.te 2009-09-18 17:05:02.000000000 -0400
|
||||||
@@ -36,11 +36,12 @@
|
@@ -36,11 +36,12 @@
|
||||||
# policykit local policy
|
# policykit local policy
|
||||||
#
|
#
|
||||||
|
|
||||||
-allow policykit_t self:capability { setgid setuid };
|
-allow policykit_t self:capability { setgid setuid };
|
||||||
+allow policykit_t self:capability { setgid setuid sys_ptrace };
|
-allow policykit_t self:process getattr;
|
||||||
allow policykit_t self:process getattr;
|
|
||||||
-allow policykit_t self:fifo_file rw_file_perms;
|
-allow policykit_t self:fifo_file rw_file_perms;
|
||||||
|
+allow policykit_t self:capability { setgid setuid sys_ptrace };
|
||||||
|
+allow policykit_t self:process { getsched getattr };
|
||||||
+allow policykit_t self:fifo_file rw_fifo_file_perms;
|
+allow policykit_t self:fifo_file rw_fifo_file_perms;
|
||||||
+
|
+
|
||||||
allow policykit_t self:unix_dgram_socket create_socket_perms;
|
allow policykit_t self:unix_dgram_socket create_socket_perms;
|
||||||
@ -17793,7 +17800,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+
|
+
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.6.32/policy/modules/services/ssh.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.6.32/policy/modules/services/ssh.te
|
||||||
--- nsaserefpolicy/policy/modules/services/ssh.te 2009-08-14 16:14:31.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/ssh.te 2009-08-14 16:14:31.000000000 -0400
|
||||||
+++ serefpolicy-3.6.32/policy/modules/services/ssh.te 2009-09-16 10:03:09.000000000 -0400
|
+++ serefpolicy-3.6.32/policy/modules/services/ssh.te 2009-09-18 17:38:09.000000000 -0400
|
||||||
@@ -41,6 +41,9 @@
|
@@ -41,6 +41,9 @@
|
||||||
files_tmp_file(sshd_tmp_t)
|
files_tmp_file(sshd_tmp_t)
|
||||||
files_poly_parent(sshd_tmp_t)
|
files_poly_parent(sshd_tmp_t)
|
||||||
@ -17831,8 +17838,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
|
|
||||||
# Allow the ssh program to communicate with ssh-agent.
|
# Allow the ssh program to communicate with ssh-agent.
|
||||||
stream_connect_pattern(ssh_t, ssh_agent_tmp_t, ssh_agent_tmp_t, ssh_agent_type)
|
stream_connect_pattern(ssh_t, ssh_agent_tmp_t, ssh_agent_tmp_t, ssh_agent_type)
|
||||||
@@ -131,6 +134,7 @@
|
@@ -126,11 +129,12 @@
|
||||||
read_lnk_files_pattern(ssh_server, home_ssh_t, home_ssh_t)
|
read_lnk_files_pattern(ssh_t, home_ssh_t, home_ssh_t)
|
||||||
|
|
||||||
|
# ssh servers can read the user keys and config
|
||||||
|
-allow ssh_server home_ssh_t:dir list_dir_perms;
|
||||||
|
-read_files_pattern(ssh_server, home_ssh_t, home_ssh_t)
|
||||||
|
-read_lnk_files_pattern(ssh_server, home_ssh_t, home_ssh_t)
|
||||||
|
+manage_dirs_pattern(ssh_server, home_ssh_t, home_ssh_t)
|
||||||
|
+manage_files_pattern(ssh_server, home_ssh_t, home_ssh_t)
|
||||||
|
+userdom_user_home_dir_filetrans(ssh_server, home_ssh_t, dir)
|
||||||
|
|
||||||
kernel_read_kernel_sysctls(ssh_t)
|
kernel_read_kernel_sysctls(ssh_t)
|
||||||
+kernel_read_system_state(ssh_t)
|
+kernel_read_system_state(ssh_t)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user