*** empty log message ***
This commit is contained in:
Daniel J Walsh
parent
6203f422e2
commit
dc00fc32b6
@ -4661,8 +4661,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+corecmd_executable_file(wm_exec_t)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.6.12/policy/modules/kernel/corecommands.fc
|
||||
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2009-03-05 10:34:00.000000000 -0500
|
||||
+++ serefpolicy-3.6.12/policy/modules/kernel/corecommands.fc 2009-04-07 16:01:44.000000000 -0400
|
||||
@@ -134,6 +134,8 @@
|
||||
+++ serefpolicy-3.6.12/policy/modules/kernel/corecommands.fc 2009-04-17 07:21:07.000000000 -0400
|
||||
@@ -32,6 +32,8 @@
|
||||
#
|
||||
# /etc
|
||||
#
|
||||
+/etc/acpi/actions(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
+
|
||||
/etc/apcupsd/apccontrol -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/etc/apcupsd/changeme -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/etc/apcupsd/commfailure -- gen_context(system_u:object_r:bin_t,s0)
|
||||
@@ -134,6 +136,8 @@
|
||||
/opt/vmware/workstation/lib/lib/wrapper-gtk24\.sh -- gen_context(system_u:object_r:bin_t,s0)
|
||||
')
|
||||
|
||||
@ -4671,7 +4680,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
#
|
||||
# /usr
|
||||
#
|
||||
@@ -299,3 +301,14 @@
|
||||
@@ -299,3 +303,14 @@
|
||||
ifdef(`distro_suse',`
|
||||
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
|
||||
')
|
||||
@ -5607,7 +5616,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
########################################
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.6.12/policy/modules/kernel/filesystem.te
|
||||
--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2009-03-04 15:43:10.000000000 -0500
|
||||
+++ serefpolicy-3.6.12/policy/modules/kernel/filesystem.te 2009-04-07 16:01:44.000000000 -0400
|
||||
+++ serefpolicy-3.6.12/policy/modules/kernel/filesystem.te 2009-04-17 08:55:09.000000000 -0400
|
||||
@@ -206,6 +206,10 @@
|
||||
genfscon ntfs-3g / gen_context(system_u:object_r:dosfs_t,s0)
|
||||
genfscon ntfs / gen_context(system_u:object_r:dosfs_t,s0)
|
||||
@ -5619,7 +5628,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
type fusefs_t;
|
||||
fs_noxattr_type(fusefs_t)
|
||||
@@ -244,8 +248,6 @@
|
||||
@@ -244,12 +248,12 @@
|
||||
genfscon afs / gen_context(system_u:object_r:nfs_t,s0)
|
||||
genfscon dazukofs / gen_context(system_u:object_r:nfs_t,s0)
|
||||
genfscon coda / gen_context(system_u:object_r:nfs_t,s0)
|
||||
@ -5628,6 +5637,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
genfscon lustre / gen_context(system_u:object_r:nfs_t,s0)
|
||||
genfscon ncpfs / gen_context(system_u:object_r:nfs_t,s0)
|
||||
genfscon reiserfs / gen_context(system_u:object_r:nfs_t,s0)
|
||||
genfscon panfs / gen_context(system_u:object_r:nfs_t,s0)
|
||||
+genfscon xenfs / gen_context(system_u:object_r:nfs_t,s0)
|
||||
+genfscon gadgetfs / gen_context(system_u:object_r:nfs_t,s0)
|
||||
|
||||
########################################
|
||||
#
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.6.12/policy/modules/kernel/kernel.if
|
||||
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2009-01-05 15:39:38.000000000 -0500
|
||||
+++ serefpolicy-3.6.12/policy/modules/kernel/kernel.if 2009-04-13 08:28:24.000000000 -0400
|
||||
@ -21467,7 +21482,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+')
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.6.12/policy/modules/services/spamassassin.te
|
||||
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2009-01-19 11:06:49.000000000 -0500
|
||||
+++ serefpolicy-3.6.12/policy/modules/services/spamassassin.te 2009-04-07 16:01:44.000000000 -0400
|
||||
+++ serefpolicy-3.6.12/policy/modules/services/spamassassin.te 2009-04-16 11:03:14.000000000 -0400
|
||||
@@ -20,6 +20,35 @@
|
||||
## </desc>
|
||||
gen_tunable(spamd_enable_home_dirs, true)
|
||||
@ -21531,7 +21546,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
sysnet_read_config(spamassassin_t)
|
||||
')
|
||||
@@ -216,16 +253,31 @@
|
||||
@@ -216,16 +253,32 @@
|
||||
allow spamc_t self:unix_stream_socket connectto;
|
||||
allow spamc_t self:tcp_socket create_stream_socket_perms;
|
||||
allow spamc_t self:udp_socket create_socket_perms;
|
||||
@ -21552,6 +21567,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+manage_fifo_files_pattern(spamc_t, spamc_home_t, spamc_home_t)
|
||||
+manage_sock_files_pattern(spamc_t, spamc_home_t, spamc_home_t)
|
||||
+userdom_user_home_dir_filetrans(spamc_t, spamc_home_t, { dir file lnk_file sock_file fifo_file })
|
||||
+userdom_append_user_home_content_files(spamc_t)
|
||||
+
|
||||
# Allow connecting to a local spamd
|
||||
allow spamc_t spamd_t:unix_stream_socket connectto;
|
||||
@ -21563,7 +21579,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
corenet_all_recvfrom_unlabeled(spamc_t)
|
||||
corenet_all_recvfrom_netlabel(spamc_t)
|
||||
@@ -255,9 +307,15 @@
|
||||
@@ -255,9 +308,15 @@
|
||||
files_dontaudit_search_var(spamc_t)
|
||||
# cjp: this may be removable:
|
||||
files_list_home(spamc_t)
|
||||
@ -21579,7 +21595,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
miscfiles_read_localization(spamc_t)
|
||||
|
||||
# cjp: this should probably be removed:
|
||||
@@ -265,31 +323,35 @@
|
||||
@@ -265,31 +324,35 @@
|
||||
|
||||
sysnet_read_config(spamc_t)
|
||||
|
||||
@ -21627,7 +21643,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -301,7 +363,7 @@
|
||||
@@ -301,7 +364,7 @@
|
||||
# setuids to the user running spamc. Comment this if you are not
|
||||
# using this ability.
|
||||
|
||||
@ -21636,7 +21652,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
dontaudit spamd_t self:capability sys_tty_config;
|
||||
allow spamd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
|
||||
allow spamd_t self:fd use;
|
||||
@@ -317,10 +379,13 @@
|
||||
@@ -317,10 +380,13 @@
|
||||
allow spamd_t self:unix_stream_socket connectto;
|
||||
allow spamd_t self:tcp_socket create_stream_socket_perms;
|
||||
allow spamd_t self:udp_socket create_socket_perms;
|
||||
@ -21651,7 +21667,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
files_spool_filetrans(spamd_t, spamd_spool_t, { file dir })
|
||||
|
||||
manage_dirs_pattern(spamd_t, spamd_tmp_t, spamd_tmp_t)
|
||||
@@ -329,10 +394,11 @@
|
||||
@@ -329,10 +395,11 @@
|
||||
|
||||
# var/lib files for spamd
|
||||
allow spamd_t spamd_var_lib_t:dir list_dir_perms;
|
||||
@ -21664,7 +21680,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
files_pid_filetrans(spamd_t, spamd_var_run_t, { dir file })
|
||||
|
||||
kernel_read_all_sysctls(spamd_t)
|
||||
@@ -382,22 +448,27 @@
|
||||
@@ -382,22 +449,27 @@
|
||||
|
||||
init_dontaudit_rw_utmp(spamd_t)
|
||||
|
||||
@ -21696,7 +21712,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
fs_manage_cifs_files(spamd_t)
|
||||
')
|
||||
|
||||
@@ -415,6 +486,7 @@
|
||||
@@ -415,6 +487,7 @@
|
||||
|
||||
optional_policy(`
|
||||
dcc_domtrans_client(spamd_t)
|
||||
@ -21704,7 +21720,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
dcc_stream_connect_dccifd(spamd_t)
|
||||
')
|
||||
|
||||
@@ -424,10 +496,6 @@
|
||||
@@ -424,10 +497,6 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -21715,7 +21731,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
postfix_read_config(spamd_t)
|
||||
')
|
||||
|
||||
@@ -442,6 +510,10 @@
|
||||
@@ -442,6 +511,10 @@
|
||||
|
||||
optional_policy(`
|
||||
razor_domtrans(spamd_t)
|
||||
@ -25479,7 +25495,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+')
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.6.12/policy/modules/system/init.te
|
||||
--- nsaserefpolicy/policy/modules/system/init.te 2009-01-19 11:07:34.000000000 -0500
|
||||
+++ serefpolicy-3.6.12/policy/modules/system/init.te 2009-04-16 10:02:04.000000000 -0400
|
||||
+++ serefpolicy-3.6.12/policy/modules/system/init.te 2009-04-17 07:33:11.000000000 -0400
|
||||
@@ -17,6 +17,20 @@
|
||||
## </desc>
|
||||
gen_tunable(init_upstart,false)
|
||||
@ -25741,7 +25757,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
networkmanager_dbus_chat(initrc_t)
|
||||
')
|
||||
')
|
||||
@@ -647,6 +720,11 @@
|
||||
@@ -591,6 +664,10 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
+ hal_write_log(initrc_t)
|
||||
+')
|
||||
+
|
||||
+optional_policy(`
|
||||
dev_read_usbfs(initrc_t)
|
||||
|
||||
# init scripts run /etc/hotplug/usb.rc
|
||||
@@ -647,6 +724,11 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -25753,7 +25780,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
mailman_list_data(initrc_t)
|
||||
mailman_read_data_symlinks(initrc_t)
|
||||
')
|
||||
@@ -655,12 +733,6 @@
|
||||
@@ -655,12 +737,6 @@
|
||||
mta_read_config(initrc_t)
|
||||
mta_dontaudit_read_spool_symlinks(initrc_t)
|
||||
')
|
||||
@ -25766,7 +25793,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
optional_policy(`
|
||||
ifdef(`distro_redhat',`
|
||||
@@ -721,6 +793,9 @@
|
||||
@@ -721,6 +797,9 @@
|
||||
|
||||
# why is this needed:
|
||||
rpm_manage_db(initrc_t)
|
||||
@ -25776,7 +25803,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -733,10 +808,12 @@
|
||||
@@ -733,10 +812,12 @@
|
||||
squid_manage_logs(initrc_t)
|
||||
')
|
||||
|
||||
@ -25789,7 +25816,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
optional_policy(`
|
||||
ssh_dontaudit_read_server_keys(initrc_t)
|
||||
@@ -754,6 +831,11 @@
|
||||
@@ -754,6 +835,11 @@
|
||||
uml_setattr_util_sockets(initrc_t)
|
||||
')
|
||||
|
||||
@ -25801,7 +25828,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
optional_policy(`
|
||||
unconfined_domain(initrc_t)
|
||||
|
||||
@@ -761,6 +843,8 @@
|
||||
@@ -761,6 +847,8 @@
|
||||
# system-config-services causes avc messages that should be dontaudited
|
||||
unconfined_dontaudit_rw_pipes(daemon)
|
||||
')
|
||||
@ -25810,7 +25837,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
optional_policy(`
|
||||
mono_domtrans(initrc_t)
|
||||
@@ -768,6 +852,10 @@
|
||||
@@ -768,6 +856,10 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -25821,7 +25848,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
vmware_read_system_config(initrc_t)
|
||||
vmware_append_system_config(initrc_t)
|
||||
')
|
||||
@@ -790,3 +878,25 @@
|
||||
@@ -790,3 +882,25 @@
|
||||
optional_policy(`
|
||||
zebra_read_config(initrc_t)
|
||||
')
|
||||
@ -25937,7 +25964,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.if serefpolicy-3.6.12/policy/modules/system/iscsi.if
|
||||
--- nsaserefpolicy/policy/modules/system/iscsi.if 2008-08-07 11:15:12.000000000 -0400
|
||||
+++ serefpolicy-3.6.12/policy/modules/system/iscsi.if 2009-04-09 10:18:10.000000000 -0400
|
||||
+++ serefpolicy-3.6.12/policy/modules/system/iscsi.if 2009-04-17 07:27:34.000000000 -0400
|
||||
@@ -17,3 +17,43 @@
|
||||
|
||||
domtrans_pattern($1,iscsid_exec_t,iscsid_t)
|
||||
@ -25975,11 +26002,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+#
|
||||
+interface(`iscsi_stream_connect',`
|
||||
+ gen_require(`
|
||||
+ type iscsi_t, iscsi_var_lib_t;
|
||||
+ type iscsid_t, iscsi_var_lib_t;
|
||||
+ ')
|
||||
+
|
||||
+ files_search_pids($1)
|
||||
+ stream_connect_pattern($1,iscsi_var_lib_t,iscsi_var_lib_t,iscsi_t)
|
||||
+ stream_connect_pattern($1,iscsi_var_lib_t,iscsi_var_lib_t,iscsid_t)
|
||||
+')
|
||||
+
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.6.12/policy/modules/system/iscsi.te
|
||||
@ -26004,7 +26031,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+miscfiles_read_localization(iscsid_t)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.12/policy/modules/system/libraries.fc
|
||||
--- nsaserefpolicy/policy/modules/system/libraries.fc 2009-01-05 15:39:43.000000000 -0500
|
||||
+++ serefpolicy-3.6.12/policy/modules/system/libraries.fc 2009-04-07 16:01:44.000000000 -0400
|
||||
+++ serefpolicy-3.6.12/policy/modules/system/libraries.fc 2009-04-16 13:27:53.000000000 -0400
|
||||
@@ -60,12 +60,15 @@
|
||||
#
|
||||
# /opt
|
||||
@ -26101,10 +26128,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
/usr/lib(64)?/xorg/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/X11R6/lib/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/X11R6/lib/libOSMesa\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
-/usr/X11R6/lib/libOSMesa\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
+/usr/X11R6/lib/libOSMesa.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/X11R6/lib/libfglrx_gamma\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
+/usr/lib/libfglrx_gamma\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
+/usr/lib/libOSMesa\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
+/usr/lib(64)?/libOSMesa.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?/libHermes\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?/valgrind/hp2ps -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
/usr/lib(64)?/valgrind/stage2 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||
@ -29107,7 +29135,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+/dev/shm/mono.* gen_context(system_u:object_r:user_tmpfs_t,s0)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.12/policy/modules/system/userdomain.if
|
||||
--- nsaserefpolicy/policy/modules/system/userdomain.if 2009-01-19 11:07:34.000000000 -0500
|
||||
+++ serefpolicy-3.6.12/policy/modules/system/userdomain.if 2009-04-14 14:04:17.000000000 -0400
|
||||
+++ serefpolicy-3.6.12/policy/modules/system/userdomain.if 2009-04-16 11:03:07.000000000 -0400
|
||||
@@ -30,8 +30,9 @@
|
||||
')
|
||||
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
%endif
|
||||
%define POLICYVER 23
|
||||
%define libsepolver 2.0.20-1
|
||||
%define POLICYCOREUTILSVER 2.0.62-7
|
||||
%define POLICYCOREUTILSVER 2.0.62-10
|
||||
%define CHECKPOLICYVER 2.0.16-3
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
@ -50,7 +50,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
BuildArch: noarch
|
||||
BuildRequires: python gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-python >= %{POLICYCOREUTILSVER} bzip2
|
||||
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} libsemanage >= 2.0.14-3
|
||||
Requires(post): /usr/bin/bunzip2 /bin/mktemp
|
||||
Requires(post): /usr/bin/bunzip2 /bin/mktemp /bin/awk
|
||||
Requires: checkpolicy >= %{CHECKPOLICYVER} m4
|
||||
Obsoletes: selinux-policy-devel
|
||||
Provides: selinux-policy-devel
|
||||
@ -94,7 +94,7 @@ cp -f $RPM_SOURCE_DIR/modules-%1.conf ./policy/modules.conf \
|
||||
cp -f $RPM_SOURCE_DIR/booleans-%1.conf ./policy/booleans.conf \
|
||||
|
||||
%define moduleList() %([ -f %{_sourcedir}/modules-%{1}.conf ] && \
|
||||
awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "%%s.pp.bz2 ", $1 }' %{_sourcedir}/modules-%{1}.conf )
|
||||
awk '$1 !~ "/^#/" && $1 != "unconfined" && $1 != "unconfineduser" && $2 == "=" && $3 == "module" { printf "%%s.pp.bz2 ", $1 }' %{_sourcedir}/modules-%{1}.conf )
|
||||
|
||||
%define installCmds() \
|
||||
make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 base.pp \
|
||||
@ -172,7 +172,7 @@ semodule -b base.pp.bz2 -i unconfined.pp.bz2 unconfineduser.pp.bz2 -s %1; \
|
||||
|
||||
%define loadpolicy() \
|
||||
( cd /usr/share/selinux/%1; \
|
||||
semodule -b base.pp.bz2 -i %{expand:%%moduleList %1} -s %1; \
|
||||
semodule -b base.pp.bz2 -i %{expand:%%moduleList %1} %2 -s %1; \
|
||||
); \
|
||||
|
||||
%define relabel() \
|
||||
@ -311,12 +311,18 @@ SELinux Reference policy targeted base module.
|
||||
%saveFileContext targeted
|
||||
|
||||
%post targeted
|
||||
set -x
|
||||
if [ $1 -eq 1 ]; then
|
||||
%loadpolicy targeted
|
||||
%loadpolicy targeted "unconfined.pp.bz2 unconfineduser.pp.bz2"
|
||||
restorecon -R /root /var/log /var/run 2> /dev/null
|
||||
else
|
||||
semodule -n -s targeted -r moilscanner -r mailscanner -r gamin -r audio_entropy -r iscsid 2>/dev/null
|
||||
%loadpolicy targeted unconfined.pp unconfineduser.pp
|
||||
|
||||
packages=""
|
||||
for i in `semodule -l | awk '{print $1 }' | grep -E "(^unconfined$|^unconfineduser$)"`; do
|
||||
packages="$packages $i.pp.bz2"
|
||||
done
|
||||
%loadpolicy targeted $packages
|
||||
%relabel targeted
|
||||
fi
|
||||
exit 0
|
||||
@ -440,8 +446,12 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Apr 14 2009 Dan Walsh <dwalsh@redhat.com> 3.6.12-6
|
||||
|
||||
* Fri Apr 17 2009 Dan Walsh <dwalsh@redhat.com> 3.6.12-6
|
||||
- Allow cupsd_t to create link files in print_spool_t
|
||||
- Fix iscsi_stream_connect typo
|
||||
- Fix labeling on /etc/acpi/actions
|
||||
- Don't reinstall unconfine and unconfineuser on upgrade if they are not installed
|
||||
|
||||
* Tue Apr 14 2009 Dan Walsh <dwalsh@redhat.com> 3.6.12-5
|
||||
- Allow audioentroy to read etc files
|
||||
|
||||
Loading…
Reference in New Issue
Block a user