- Remove dmesg boolean

- Allow user domains to read/write game data
2008-05-06 20:43:08 +00:00 · 2008-05-06 20:43:08 +00:00 · da67f18558
parent 58d7ee7ef1
commit da67f18558
1 changed files with 30 additions and 17 deletions
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@ -6887,7 +6887,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
 ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2008-02-26 08:23:11.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in	2008-05-06 14:02:43.000000000 -0400
+++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in	2008-05-06 15:59:51.000000000 -0400
@@ -75,6 +75,7 @@
 network_port(aol, udp,5190,s0, tcp,5190,s0, udp,5191,s0, tcp,5191,s0, udp,5192,s0, tcp,5192,s0, udp,5193,s0, tcp,5193,s0) 
 network_port(apcupsd, tcp,3551,s0, udp,3551,s0)
@ -9496,7 +9496,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.3.1/policy/modules/services/apache.te
 --- nsaserefpolicy/policy/modules/services/apache.te	2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/apache.te	2008-05-06 14:02:43.000000000 -0400
+++ serefpolicy-3.3.1/policy/modules/services/apache.te	2008-05-06 16:40:13.000000000 -0400
@@ -20,6 +20,8 @@
 # Declarations
 #
@ -9724,14 +9724,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +	filetrans_pattern(httpd_sys_script_t,httpd_sys_content_t,httpd_sys_content_rw_t, { file dir lnk_file })
 +	can_exec(httpd_sys_script_t, httpd_sys_content_t)
 +')
+
+tunable_policy(`allow_httpd_sys_script_anon_write',`
+	miscfiles_manage_public_files(httpd_sys_script_t)
+') 
 
 -	manage_dirs_pattern(httpd_t,httpdcontent,httpdcontent)
 -	manage_files_pattern(httpd_t,httpdcontent,httpdcontent)
 -	manage_lnk_files_pattern(httpd_t,httpdcontent,httpdcontent)
-+tunable_policy(`allow_httpd_sys_script_anon_write',`
-+	miscfiles_manage_public_files(httpd_sys_script_t)
-+') 
-+
 +tunable_policy(`httpd_enable_cgi && httpd_unified && httpd_builtin_scripting',`
 +	domtrans_pattern(httpd_t, httpd_sys_content_t, httpd_sys_script_t)
 +	filetrans_pattern(httpd_t, httpd_sys_content_t, httpd_sys_content_rw_t, { file dir lnk_file })
@ -9827,7 +9827,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 	snmp_dontaudit_read_snmp_var_lib_files(httpd_t)
 	snmp_dontaudit_write_snmp_var_lib_files(httpd_t)
 ')
-@@ -521,6 +610,20 @@
+@@ -521,6 +610,22 @@
 	userdom_use_sysadm_terms(httpd_helper_t)
 ')
 
@ -9839,6 +9839,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +	domtrans_pattern(httpd_t, httpd_unconfined_script_exec_t, httpd_unconfined_script_t)
 +	unconfined_domain(httpd_unconfined_script_t)
 +
+	role system_r types httpd_unconfined_script_t;
+
 +	tunable_policy(`httpd_tty_comm',`
 +		unconfined_use_terminals(httpd_helper_t)
 +	')
@ -9848,7 +9850,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 ########################################
 #
 # Apache PHP script local policy
-@@ -550,18 +653,24 @@
+@@ -550,18 +655,24 @@
 
 fs_search_auto_mountpoints(httpd_php_t)
 
@ -9876,7 +9878,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 ')
 
 ########################################
-@@ -585,6 +694,8 @@
+@@ -585,6 +696,8 @@
 manage_files_pattern(httpd_suexec_t,httpd_suexec_tmp_t,httpd_suexec_tmp_t)
 files_tmp_filetrans(httpd_suexec_t, httpd_suexec_tmp_t, { file dir })
 
@ -9885,7 +9887,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 kernel_read_kernel_sysctls(httpd_suexec_t)
 kernel_list_proc(httpd_suexec_t)
 kernel_read_proc_symlinks(httpd_suexec_t)
-@@ -593,9 +704,7 @@
+@@ -593,9 +706,7 @@
 
 fs_search_auto_mountpoints(httpd_suexec_t)
 
@ -9896,7 +9898,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 
 files_read_etc_files(httpd_suexec_t)
 files_read_usr_files(httpd_suexec_t)
-@@ -628,6 +737,7 @@
+@@ -628,6 +739,7 @@
 	corenet_sendrecv_all_client_packets(httpd_suexec_t)
 ')
 
@ -9904,7 +9906,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 tunable_policy(`httpd_enable_cgi && httpd_unified',`
 	domtrans_pattern(httpd_suexec_t, httpdcontent, httpd_sys_script_t)
 ')
-@@ -638,6 +748,12 @@
+@@ -638,6 +750,12 @@
 	fs_exec_nfs_files(httpd_suexec_t)
 ')
 
@ -9917,7 +9919,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
 	fs_read_cifs_files(httpd_suexec_t)
 	fs_read_cifs_symlinks(httpd_suexec_t)
-@@ -655,10 +771,6 @@
+@@ -655,10 +773,6 @@
 	dontaudit httpd_suexec_t httpd_t:unix_stream_socket { read write };
 ')
 
@ -9928,7 +9930,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 ########################################
 #
 # Apache system script local policy
-@@ -668,7 +780,8 @@
+@@ -668,7 +782,8 @@
 
 dontaudit httpd_sys_script_t httpd_config_t:dir search;
 
@ -9938,7 +9940,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 
 allow httpd_sys_script_t squirrelmail_spool_t:dir list_dir_perms;
 read_files_pattern(httpd_sys_script_t,squirrelmail_spool_t,squirrelmail_spool_t)
-@@ -682,15 +795,44 @@
+@@ -682,15 +797,44 @@
 # Should we add a boolean?
 apache_domtrans_rotatelogs(httpd_sys_script_t)
 
@ -9984,7 +9986,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
 	fs_read_cifs_files(httpd_sys_script_t)
 	fs_read_cifs_symlinks(httpd_sys_script_t)
-@@ -700,9 +842,15 @@
+@@ -700,9 +844,15 @@
 	clamav_domtrans_clamscan(httpd_sys_script_t)
 ')
 
@ -10000,7 +10002,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 ')
 
 ########################################
-@@ -724,3 +872,47 @@
+@@ -724,3 +874,47 @@
 logging_search_logs(httpd_rotatelogs_t)
 
 miscfiles_read_localization(httpd_rotatelogs_t)
@ -30102,6 +30104,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
 +	hal_rw_pipes(mount_t)
 +')
 +
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/netlabel.te serefpolicy-3.3.1/policy/modules/system/netlabel.te
+--- nsaserefpolicy/policy/modules/system/netlabel.te	2008-02-26 08:23:09.000000000 -0500
+++ serefpolicy-3.3.1/policy/modules/system/netlabel.te	2008-05-06 16:12:12.000000000 -0400
+@@ -9,6 +9,7 @@
+ type netlabel_mgmt_t;
+ type netlabel_mgmt_exec_t;
+ application_domain(netlabel_mgmt_t,netlabel_mgmt_exec_t)
+role system_r types netlabl_mgmt_t;
+ 
+ ########################################
+ #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.fc serefpolicy-3.3.1/policy/modules/system/qemu.fc
 --- nsaserefpolicy/policy/modules/system/qemu.fc	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-3.3.1/policy/modules/system/qemu.fc	2008-05-06 14:02:43.000000000 -0400