- Fix moilscanner update problem

2007-07-16 15:54:21 +00:00 · 2007-07-16 15:54:21 +00:00 · dac6d67c8c
commit dac6d67c8c
parent 1d03199c5e
1 changed files with 39 additions and 22 deletions
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@ -1297,7 +1297,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if
 ##	This is a templated interface, and should only
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.0.2/policy/modules/apps/java.if
 --- nsaserefpolicy/policy/modules/apps/java.if	2007-07-03 07:05:43.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/apps/java.if	2007-07-13 14:03:39.000000000 -0400
+++ serefpolicy-3.0.2/policy/modules/apps/java.if	2007-07-16 11:47:57.000000000 -0400
@@ -32,7 +32,7 @@
 ##	</summary>
 ## </param>
@ -1317,7 +1317,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if
 	allow $1_javaplugin_t $2:fd use;
 	# Unrestricted inheritance from the caller.
 	allow $2 $1_javaplugin_t:process { noatsecure siginh rlimitinh };
-@@ -168,6 +167,50 @@
+@@ -168,6 +167,51 @@
 	optional_policy(`
 		xserver_user_client_template($1,$1_javaplugin_t,$1_javaplugin_tmpfs_t)
 	')
@ -1354,6 +1354,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if
 +template(`java_per_role_template',`
 +	gen_require(`
 +		type java_exec_t;
 +		attribute $1_usertype;
 +	')
 +
 +	type $1_java_t;
@ -1368,7 +1369,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if
 ')
 ########################################
-@@ -221,3 +264,66 @@
+@@ -221,3 +265,66 @@
 	corecmd_search_bin($1)
 	domtrans_pattern($1, java_exec_t, java_t)
 ')
@ -1449,8 +1450,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.0.2/policy/modules/apps/mono.if
 --- nsaserefpolicy/policy/modules/apps/mono.if	2007-05-29 14:10:48.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/apps/mono.if	2007-07-13 09:58:46.000000000 -0400
+++ serefpolicy-3.0.2/policy/modules/apps/mono.if	2007-07-16 11:48:24.000000000 -0400
-@@ -18,3 +18,95 @@
+@@ -18,3 +18,96 @@
 	corecmd_search_bin($1)
 	domtrans_pattern($1, mono_exec_t, mono_t)
 ')
@ -1534,6 +1535,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if
 +template(`mono_per_role_template',`
 +	gen_require(`
 +		type mono_exec_t;
 +		attribute $1_usertype;
 +	')
 +
 +	type $1_mono_t;
@ -5579,16 +5581,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
 /usr/lib/postfix/cleanup --	gen_context(system_u:object_r:postfix_cleanup_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.0.2/policy/modules/services/postfix.if
 --- nsaserefpolicy/policy/modules/services/postfix.if	2007-07-03 07:06:27.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/services/postfix.if	2007-07-13 08:07:53.000000000 -0400
+++ serefpolicy-3.0.2/policy/modules/services/postfix.if	2007-07-16 09:34:02.000000000 -0400
-@@ -118,6 +118,8 @@
+@@ -41,6 +41,8 @@
- 	allow postfix_$1_t self:udp_socket create_socket_perms;
+ 	allow postfix_$1_t self:unix_stream_socket connectto;
- 	domtrans_pattern(postfix_master_t, postfix_$1_exec_t, postfix_$1_t)
+ 	allow postfix_master_t postfix_$1_t:process signal;
 +	#https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244456
 +	allow postfix_$1_t postfix_master_t:file read;
- 	corenet_all_recvfrom_unlabeled(postfix_$1_t)
+ 	allow postfix_$1_t postfix_etc_t:dir list_dir_perms;
- 	corenet_all_recvfrom_netlabel(postfix_$1_t)
+ 	read_files_pattern(postfix_$1_t,postfix_etc_t,postfix_etc_t)
@@ -132,10 +134,8 @@
 	corenet_tcp_connect_all_ports(postfix_$1_t)
 	corenet_sendrecv_all_client_packets(postfix_$1_t)
@ -6013,8 +6015,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
 	fs_search_auto_mountpoints($1_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.0.2/policy/modules/services/rpc.te
 --- nsaserefpolicy/policy/modules/services/rpc.te	2007-07-03 07:06:27.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/services/rpc.te	2007-07-13 08:07:53.000000000 -0400
+++ serefpolicy-3.0.2/policy/modules/services/rpc.te	2007-07-16 11:49:47.000000000 -0400
-@@ -76,9 +76,11 @@
+@@ -59,6 +59,8 @@
 manage_files_pattern(rpcd_t,rpcd_var_run_t,rpcd_var_run_t)
 files_pid_filetrans(rpcd_t,rpcd_var_run_t,file)
 +corecmd_exec_bin(rpcd_t)
 +
 kernel_read_system_state(rpcd_t) 
 kernel_search_network_state(rpcd_t) 
 # for rpc.rquotad
@@ -76,9 +78,11 @@
 miscfiles_read_certs(rpcd_t)
 seutil_dontaudit_search_config(rpcd_t)
@ -6026,7 +6037,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
 ')
 ########################################
-@@ -91,9 +93,13 @@
+@@ -91,9 +95,13 @@
 allow nfsd_t exports_t:file { getattr read };
 allow nfsd_t { nfsd_rw_t nfsd_ro_t }:dir list_dir_perms;
@ -6040,7 +6051,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
 corenet_tcp_bind_all_rpc_ports(nfsd_t)
 corenet_udp_bind_all_rpc_ports(nfsd_t)
-@@ -123,6 +129,7 @@
+@@ -123,6 +131,7 @@
 tunable_policy(`nfs_export_all_rw',`
 	fs_read_noxattr_fs_files(nfsd_t) 
 	auth_manage_all_files_except_shadow(nfsd_t)
@ -6048,7 +6059,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
 ')
 tunable_policy(`nfs_export_all_ro',`
-@@ -143,6 +150,8 @@
+@@ -143,6 +152,8 @@
 manage_files_pattern(gssd_t,gssd_tmp_t,gssd_tmp_t)
 files_tmp_filetrans(gssd_t, gssd_tmp_t, { file dir })
@ -6057,7 +6068,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
 kernel_read_network_state(gssd_t)
 kernel_read_network_state_symlinks(gssd_t)	
 kernel_search_network_sysctl(gssd_t)	
-@@ -158,6 +167,11 @@
+@@ -158,6 +169,11 @@
 miscfiles_read_certs(gssd_t)
@ -9756,7 +9767,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.0.2/policy/modules/system/unconfined.te
 --- nsaserefpolicy/policy/modules/system/unconfined.te	2007-06-15 14:54:34.000000000 -0400
-+++ serefpolicy-3.0.2/policy/modules/system/unconfined.te	2007-07-13 08:07:54.000000000 -0400
+++ serefpolicy-3.0.2/policy/modules/system/unconfined.te	2007-07-16 11:53:43.000000000 -0400
@@ -5,30 +5,36 @@
 #
 # Declarations
@ -9882,7 +9893,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
 ')
 optional_policy(`
-@@ -157,18 +145,6 @@
+@@ -157,22 +145,12 @@
 optional_policy(`
 	postfix_run_map(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
@ -9901,7 +9912,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
 ')
 optional_policy(`
-@@ -182,10 +158,6 @@
+ 	rpm_run(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
 +	# Allow SELinux aware applications to request rpm_script execution
 +	rpm_transition_script(unconfined_t)
 ')
 optional_policy(`
@@ -182,10 +160,6 @@
 ')
 optional_policy(`
@ -9912,7 +9929,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
 	sysnet_run_dhcpc(unconfined_t,unconfined_r,{ unconfined_devpts_t unconfined_tty_device_t })
 	sysnet_dbus_chat_dhcpc(unconfined_t)
 ')
-@@ -207,7 +179,7 @@
+@@ -207,7 +181,7 @@
 ')
 optional_policy(`
@ -9921,7 +9938,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
 ')
 optional_policy(`
-@@ -229,6 +201,12 @@
+@@ -229,6 +203,12 @@
 	unconfined_dbus_chat(unconfined_execmem_t)
 	optional_policy(`