*** empty log message ***
This commit is contained in:
Daniel J Walsh
parent
6203f422e2
commit
dc00fc32b6
@ -4661,8 +4661,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+corecmd_executable_file(wm_exec_t)
|
+corecmd_executable_file(wm_exec_t)
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.6.12/policy/modules/kernel/corecommands.fc
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.6.12/policy/modules/kernel/corecommands.fc
|
||||||
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2009-03-05 10:34:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2009-03-05 10:34:00.000000000 -0500
|
||||||
+++ serefpolicy-3.6.12/policy/modules/kernel/corecommands.fc 2009-04-07 16:01:44.000000000 -0400
|
+++ serefpolicy-3.6.12/policy/modules/kernel/corecommands.fc 2009-04-17 07:21:07.000000000 -0400
|
||||||
@@ -134,6 +134,8 @@
|
@@ -32,6 +32,8 @@
|
||||||
|
#
|
||||||
|
# /etc
|
||||||
|
#
|
||||||
|
+/etc/acpi/actions(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
+
|
||||||
|
/etc/apcupsd/apccontrol -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
/etc/apcupsd/changeme -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
/etc/apcupsd/commfailure -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
|
@@ -134,6 +136,8 @@
|
||||||
/opt/vmware/workstation/lib/lib/wrapper-gtk24\.sh -- gen_context(system_u:object_r:bin_t,s0)
|
/opt/vmware/workstation/lib/lib/wrapper-gtk24\.sh -- gen_context(system_u:object_r:bin_t,s0)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -4671,7 +4680,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
#
|
#
|
||||||
# /usr
|
# /usr
|
||||||
#
|
#
|
||||||
@@ -299,3 +301,14 @@
|
@@ -299,3 +303,14 @@
|
||||||
ifdef(`distro_suse',`
|
ifdef(`distro_suse',`
|
||||||
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
|
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
|
||||||
')
|
')
|
||||||
@ -5607,7 +5616,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
########################################
|
########################################
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.6.12/policy/modules/kernel/filesystem.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.6.12/policy/modules/kernel/filesystem.te
|
||||||
--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2009-03-04 15:43:10.000000000 -0500
|
--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2009-03-04 15:43:10.000000000 -0500
|
||||||
+++ serefpolicy-3.6.12/policy/modules/kernel/filesystem.te 2009-04-07 16:01:44.000000000 -0400
|
+++ serefpolicy-3.6.12/policy/modules/kernel/filesystem.te 2009-04-17 08:55:09.000000000 -0400
|
||||||
@@ -206,6 +206,10 @@
|
@@ -206,6 +206,10 @@
|
||||||
genfscon ntfs-3g / gen_context(system_u:object_r:dosfs_t,s0)
|
genfscon ntfs-3g / gen_context(system_u:object_r:dosfs_t,s0)
|
||||||
genfscon ntfs / gen_context(system_u:object_r:dosfs_t,s0)
|
genfscon ntfs / gen_context(system_u:object_r:dosfs_t,s0)
|
||||||
@ -5619,7 +5628,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
|
|
||||||
type fusefs_t;
|
type fusefs_t;
|
||||||
fs_noxattr_type(fusefs_t)
|
fs_noxattr_type(fusefs_t)
|
||||||
@@ -244,8 +248,6 @@
|
@@ -244,12 +248,12 @@
|
||||||
genfscon afs / gen_context(system_u:object_r:nfs_t,s0)
|
genfscon afs / gen_context(system_u:object_r:nfs_t,s0)
|
||||||
genfscon dazukofs / gen_context(system_u:object_r:nfs_t,s0)
|
genfscon dazukofs / gen_context(system_u:object_r:nfs_t,s0)
|
||||||
genfscon coda / gen_context(system_u:object_r:nfs_t,s0)
|
genfscon coda / gen_context(system_u:object_r:nfs_t,s0)
|
||||||
@ -5628,6 +5637,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
genfscon lustre / gen_context(system_u:object_r:nfs_t,s0)
|
genfscon lustre / gen_context(system_u:object_r:nfs_t,s0)
|
||||||
genfscon ncpfs / gen_context(system_u:object_r:nfs_t,s0)
|
genfscon ncpfs / gen_context(system_u:object_r:nfs_t,s0)
|
||||||
genfscon reiserfs / gen_context(system_u:object_r:nfs_t,s0)
|
genfscon reiserfs / gen_context(system_u:object_r:nfs_t,s0)
|
||||||
|
genfscon panfs / gen_context(system_u:object_r:nfs_t,s0)
|
||||||
|
+genfscon xenfs / gen_context(system_u:object_r:nfs_t,s0)
|
||||||
|
+genfscon gadgetfs / gen_context(system_u:object_r:nfs_t,s0)
|
||||||
|
|
||||||
|
########################################
|
||||||
|
#
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.6.12/policy/modules/kernel/kernel.if
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.6.12/policy/modules/kernel/kernel.if
|
||||||
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2009-01-05 15:39:38.000000000 -0500
|
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2009-01-05 15:39:38.000000000 -0500
|
||||||
+++ serefpolicy-3.6.12/policy/modules/kernel/kernel.if 2009-04-13 08:28:24.000000000 -0400
|
+++ serefpolicy-3.6.12/policy/modules/kernel/kernel.if 2009-04-13 08:28:24.000000000 -0400
|
||||||
@ -21467,7 +21482,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+')
|
+')
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.6.12/policy/modules/services/spamassassin.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.6.12/policy/modules/services/spamassassin.te
|
||||||
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2009-01-19 11:06:49.000000000 -0500
|
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2009-01-19 11:06:49.000000000 -0500
|
||||||
+++ serefpolicy-3.6.12/policy/modules/services/spamassassin.te 2009-04-07 16:01:44.000000000 -0400
|
+++ serefpolicy-3.6.12/policy/modules/services/spamassassin.te 2009-04-16 11:03:14.000000000 -0400
|
||||||
@@ -20,6 +20,35 @@
|
@@ -20,6 +20,35 @@
|
||||||
## </desc>
|
## </desc>
|
||||||
gen_tunable(spamd_enable_home_dirs, true)
|
gen_tunable(spamd_enable_home_dirs, true)
|
||||||
@ -21531,7 +21546,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
|
|
||||||
sysnet_read_config(spamassassin_t)
|
sysnet_read_config(spamassassin_t)
|
||||||
')
|
')
|
||||||
@@ -216,16 +253,31 @@
|
@@ -216,16 +253,32 @@
|
||||||
allow spamc_t self:unix_stream_socket connectto;
|
allow spamc_t self:unix_stream_socket connectto;
|
||||||
allow spamc_t self:tcp_socket create_stream_socket_perms;
|
allow spamc_t self:tcp_socket create_stream_socket_perms;
|
||||||
allow spamc_t self:udp_socket create_socket_perms;
|
allow spamc_t self:udp_socket create_socket_perms;
|
||||||
@ -21552,6 +21567,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+manage_fifo_files_pattern(spamc_t, spamc_home_t, spamc_home_t)
|
+manage_fifo_files_pattern(spamc_t, spamc_home_t, spamc_home_t)
|
||||||
+manage_sock_files_pattern(spamc_t, spamc_home_t, spamc_home_t)
|
+manage_sock_files_pattern(spamc_t, spamc_home_t, spamc_home_t)
|
||||||
+userdom_user_home_dir_filetrans(spamc_t, spamc_home_t, { dir file lnk_file sock_file fifo_file })
|
+userdom_user_home_dir_filetrans(spamc_t, spamc_home_t, { dir file lnk_file sock_file fifo_file })
|
||||||
|
+userdom_append_user_home_content_files(spamc_t)
|
||||||
+
|
+
|
||||||
# Allow connecting to a local spamd
|
# Allow connecting to a local spamd
|
||||||
allow spamc_t spamd_t:unix_stream_socket connectto;
|
allow spamc_t spamd_t:unix_stream_socket connectto;
|
||||||
@ -21563,7 +21579,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
|
|
||||||
corenet_all_recvfrom_unlabeled(spamc_t)
|
corenet_all_recvfrom_unlabeled(spamc_t)
|
||||||
corenet_all_recvfrom_netlabel(spamc_t)
|
corenet_all_recvfrom_netlabel(spamc_t)
|
||||||
@@ -255,9 +307,15 @@
|
@@ -255,9 +308,15 @@
|
||||||
files_dontaudit_search_var(spamc_t)
|
files_dontaudit_search_var(spamc_t)
|
||||||
# cjp: this may be removable:
|
# cjp: this may be removable:
|
||||||
files_list_home(spamc_t)
|
files_list_home(spamc_t)
|
||||||
@ -21579,7 +21595,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
miscfiles_read_localization(spamc_t)
|
miscfiles_read_localization(spamc_t)
|
||||||
|
|
||||||
# cjp: this should probably be removed:
|
# cjp: this should probably be removed:
|
||||||
@@ -265,31 +323,35 @@
|
@@ -265,31 +324,35 @@
|
||||||
|
|
||||||
sysnet_read_config(spamc_t)
|
sysnet_read_config(spamc_t)
|
||||||
|
|
||||||
@ -21627,7 +21643,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -301,7 +363,7 @@
|
@@ -301,7 +364,7 @@
|
||||||
# setuids to the user running spamc. Comment this if you are not
|
# setuids to the user running spamc. Comment this if you are not
|
||||||
# using this ability.
|
# using this ability.
|
||||||
|
|
||||||
@ -21636,7 +21652,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
dontaudit spamd_t self:capability sys_tty_config;
|
dontaudit spamd_t self:capability sys_tty_config;
|
||||||
allow spamd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
|
allow spamd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
|
||||||
allow spamd_t self:fd use;
|
allow spamd_t self:fd use;
|
||||||
@@ -317,10 +379,13 @@
|
@@ -317,10 +380,13 @@
|
||||||
allow spamd_t self:unix_stream_socket connectto;
|
allow spamd_t self:unix_stream_socket connectto;
|
||||||
allow spamd_t self:tcp_socket create_stream_socket_perms;
|
allow spamd_t self:tcp_socket create_stream_socket_perms;
|
||||||
allow spamd_t self:udp_socket create_socket_perms;
|
allow spamd_t self:udp_socket create_socket_perms;
|
||||||
@ -21651,7 +21667,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
files_spool_filetrans(spamd_t, spamd_spool_t, { file dir })
|
files_spool_filetrans(spamd_t, spamd_spool_t, { file dir })
|
||||||
|
|
||||||
manage_dirs_pattern(spamd_t, spamd_tmp_t, spamd_tmp_t)
|
manage_dirs_pattern(spamd_t, spamd_tmp_t, spamd_tmp_t)
|
||||||
@@ -329,10 +394,11 @@
|
@@ -329,10 +395,11 @@
|
||||||
|
|
||||||
# var/lib files for spamd
|
# var/lib files for spamd
|
||||||
allow spamd_t spamd_var_lib_t:dir list_dir_perms;
|
allow spamd_t spamd_var_lib_t:dir list_dir_perms;
|
||||||
@ -21664,7 +21680,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
files_pid_filetrans(spamd_t, spamd_var_run_t, { dir file })
|
files_pid_filetrans(spamd_t, spamd_var_run_t, { dir file })
|
||||||
|
|
||||||
kernel_read_all_sysctls(spamd_t)
|
kernel_read_all_sysctls(spamd_t)
|
||||||
@@ -382,22 +448,27 @@
|
@@ -382,22 +449,27 @@
|
||||||
|
|
||||||
init_dontaudit_rw_utmp(spamd_t)
|
init_dontaudit_rw_utmp(spamd_t)
|
||||||
|
|
||||||
@ -21696,7 +21712,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
fs_manage_cifs_files(spamd_t)
|
fs_manage_cifs_files(spamd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -415,6 +486,7 @@
|
@@ -415,6 +487,7 @@
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
dcc_domtrans_client(spamd_t)
|
dcc_domtrans_client(spamd_t)
|
||||||
@ -21704,7 +21720,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
dcc_stream_connect_dccifd(spamd_t)
|
dcc_stream_connect_dccifd(spamd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -424,10 +496,6 @@
|
@@ -424,10 +497,6 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -21715,7 +21731,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
postfix_read_config(spamd_t)
|
postfix_read_config(spamd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@@ -442,6 +510,10 @@
|
@@ -442,6 +511,10 @@
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
razor_domtrans(spamd_t)
|
razor_domtrans(spamd_t)
|
||||||
@ -25479,7 +25495,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+')
|
+')
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.6.12/policy/modules/system/init.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.6.12/policy/modules/system/init.te
|
||||||
--- nsaserefpolicy/policy/modules/system/init.te 2009-01-19 11:07:34.000000000 -0500
|
--- nsaserefpolicy/policy/modules/system/init.te 2009-01-19 11:07:34.000000000 -0500
|
||||||
+++ serefpolicy-3.6.12/policy/modules/system/init.te 2009-04-16 10:02:04.000000000 -0400
|
+++ serefpolicy-3.6.12/policy/modules/system/init.te 2009-04-17 07:33:11.000000000 -0400
|
||||||
@@ -17,6 +17,20 @@
|
@@ -17,6 +17,20 @@
|
||||||
## </desc>
|
## </desc>
|
||||||
gen_tunable(init_upstart,false)
|
gen_tunable(init_upstart,false)
|
||||||
@ -25741,7 +25757,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
networkmanager_dbus_chat(initrc_t)
|
networkmanager_dbus_chat(initrc_t)
|
||||||
')
|
')
|
||||||
')
|
')
|
||||||
@@ -647,6 +720,11 @@
|
@@ -591,6 +664,10 @@
|
||||||
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
+ hal_write_log(initrc_t)
|
||||||
|
+')
|
||||||
|
+
|
||||||
|
+optional_policy(`
|
||||||
|
dev_read_usbfs(initrc_t)
|
||||||
|
|
||||||
|
# init scripts run /etc/hotplug/usb.rc
|
||||||
|
@@ -647,6 +724,11 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -25753,7 +25780,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
mailman_list_data(initrc_t)
|
mailman_list_data(initrc_t)
|
||||||
mailman_read_data_symlinks(initrc_t)
|
mailman_read_data_symlinks(initrc_t)
|
||||||
')
|
')
|
||||||
@@ -655,12 +733,6 @@
|
@@ -655,12 +737,6 @@
|
||||||
mta_read_config(initrc_t)
|
mta_read_config(initrc_t)
|
||||||
mta_dontaudit_read_spool_symlinks(initrc_t)
|
mta_dontaudit_read_spool_symlinks(initrc_t)
|
||||||
')
|
')
|
||||||
@ -25766,7 +25793,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
ifdef(`distro_redhat',`
|
ifdef(`distro_redhat',`
|
||||||
@@ -721,6 +793,9 @@
|
@@ -721,6 +797,9 @@
|
||||||
|
|
||||||
# why is this needed:
|
# why is this needed:
|
||||||
rpm_manage_db(initrc_t)
|
rpm_manage_db(initrc_t)
|
||||||
@ -25776,7 +25803,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -733,10 +808,12 @@
|
@@ -733,10 +812,12 @@
|
||||||
squid_manage_logs(initrc_t)
|
squid_manage_logs(initrc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -25789,7 +25816,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
ssh_dontaudit_read_server_keys(initrc_t)
|
ssh_dontaudit_read_server_keys(initrc_t)
|
||||||
@@ -754,6 +831,11 @@
|
@@ -754,6 +835,11 @@
|
||||||
uml_setattr_util_sockets(initrc_t)
|
uml_setattr_util_sockets(initrc_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -25801,7 +25828,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
optional_policy(`
|
optional_policy(`
|
||||||
unconfined_domain(initrc_t)
|
unconfined_domain(initrc_t)
|
||||||
|
|
||||||
@@ -761,6 +843,8 @@
|
@@ -761,6 +847,8 @@
|
||||||
# system-config-services causes avc messages that should be dontaudited
|
# system-config-services causes avc messages that should be dontaudited
|
||||||
unconfined_dontaudit_rw_pipes(daemon)
|
unconfined_dontaudit_rw_pipes(daemon)
|
||||||
')
|
')
|
||||||
@ -25810,7 +25837,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
mono_domtrans(initrc_t)
|
mono_domtrans(initrc_t)
|
||||||
@@ -768,6 +852,10 @@
|
@@ -768,6 +856,10 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@ -25821,7 +25848,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
vmware_read_system_config(initrc_t)
|
vmware_read_system_config(initrc_t)
|
||||||
vmware_append_system_config(initrc_t)
|
vmware_append_system_config(initrc_t)
|
||||||
')
|
')
|
||||||
@@ -790,3 +878,25 @@
|
@@ -790,3 +882,25 @@
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
zebra_read_config(initrc_t)
|
zebra_read_config(initrc_t)
|
||||||
')
|
')
|
||||||
@ -25937,7 +25964,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
|
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.if serefpolicy-3.6.12/policy/modules/system/iscsi.if
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.if serefpolicy-3.6.12/policy/modules/system/iscsi.if
|
||||||
--- nsaserefpolicy/policy/modules/system/iscsi.if 2008-08-07 11:15:12.000000000 -0400
|
--- nsaserefpolicy/policy/modules/system/iscsi.if 2008-08-07 11:15:12.000000000 -0400
|
||||||
+++ serefpolicy-3.6.12/policy/modules/system/iscsi.if 2009-04-09 10:18:10.000000000 -0400
|
+++ serefpolicy-3.6.12/policy/modules/system/iscsi.if 2009-04-17 07:27:34.000000000 -0400
|
||||||
@@ -17,3 +17,43 @@
|
@@ -17,3 +17,43 @@
|
||||||
|
|
||||||
domtrans_pattern($1,iscsid_exec_t,iscsid_t)
|
domtrans_pattern($1,iscsid_exec_t,iscsid_t)
|
||||||
@ -25975,11 +26002,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+#
|
+#
|
||||||
+interface(`iscsi_stream_connect',`
|
+interface(`iscsi_stream_connect',`
|
||||||
+ gen_require(`
|
+ gen_require(`
|
||||||
+ type iscsi_t, iscsi_var_lib_t;
|
+ type iscsid_t, iscsi_var_lib_t;
|
||||||
+ ')
|
+ ')
|
||||||
+
|
+
|
||||||
+ files_search_pids($1)
|
+ files_search_pids($1)
|
||||||
+ stream_connect_pattern($1,iscsi_var_lib_t,iscsi_var_lib_t,iscsi_t)
|
+ stream_connect_pattern($1,iscsi_var_lib_t,iscsi_var_lib_t,iscsid_t)
|
||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.6.12/policy/modules/system/iscsi.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.6.12/policy/modules/system/iscsi.te
|
||||||
@ -26004,7 +26031,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+miscfiles_read_localization(iscsid_t)
|
+miscfiles_read_localization(iscsid_t)
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.12/policy/modules/system/libraries.fc
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.12/policy/modules/system/libraries.fc
|
||||||
--- nsaserefpolicy/policy/modules/system/libraries.fc 2009-01-05 15:39:43.000000000 -0500
|
--- nsaserefpolicy/policy/modules/system/libraries.fc 2009-01-05 15:39:43.000000000 -0500
|
||||||
+++ serefpolicy-3.6.12/policy/modules/system/libraries.fc 2009-04-07 16:01:44.000000000 -0400
|
+++ serefpolicy-3.6.12/policy/modules/system/libraries.fc 2009-04-16 13:27:53.000000000 -0400
|
||||||
@@ -60,12 +60,15 @@
|
@@ -60,12 +60,15 @@
|
||||||
#
|
#
|
||||||
# /opt
|
# /opt
|
||||||
@ -26101,10 +26128,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
/usr/lib(64)?/xorg/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib(64)?/xorg/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/usr/X11R6/lib/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/X11R6/lib/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/usr/lib(64)?/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib(64)?/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/usr/X11R6/lib/libOSMesa\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
-/usr/X11R6/lib/libOSMesa\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
|
+/usr/X11R6/lib/libOSMesa.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/usr/X11R6/lib/libfglrx_gamma\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/X11R6/lib/libfglrx_gamma\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
+/usr/lib/libfglrx_gamma\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
+/usr/lib/libfglrx_gamma\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
+/usr/lib/libOSMesa\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
+/usr/lib(64)?/libOSMesa.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/usr/lib(64)?/libHermes\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib(64)?/libHermes\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/usr/lib(64)?/valgrind/hp2ps -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib(64)?/valgrind/hp2ps -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
/usr/lib(64)?/valgrind/stage2 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
/usr/lib(64)?/valgrind/stage2 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
|
||||||
@ -29107,7 +29135,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||||||
+/dev/shm/mono.* gen_context(system_u:object_r:user_tmpfs_t,s0)
|
+/dev/shm/mono.* gen_context(system_u:object_r:user_tmpfs_t,s0)
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.12/policy/modules/system/userdomain.if
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.12/policy/modules/system/userdomain.if
|
||||||
--- nsaserefpolicy/policy/modules/system/userdomain.if 2009-01-19 11:07:34.000000000 -0500
|
--- nsaserefpolicy/policy/modules/system/userdomain.if 2009-01-19 11:07:34.000000000 -0500
|
||||||
+++ serefpolicy-3.6.12/policy/modules/system/userdomain.if 2009-04-14 14:04:17.000000000 -0400
|
+++ serefpolicy-3.6.12/policy/modules/system/userdomain.if 2009-04-16 11:03:07.000000000 -0400
|
||||||
@@ -30,8 +30,9 @@
|
@@ -30,8 +30,9 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
|
|||||||
@ -15,7 +15,7 @@
|
|||||||
%endif
|
%endif
|
||||||
%define POLICYVER 23
|
%define POLICYVER 23
|
||||||
%define libsepolver 2.0.20-1
|
%define libsepolver 2.0.20-1
|
||||||
%define POLICYCOREUTILSVER 2.0.62-7
|
%define POLICYCOREUTILSVER 2.0.62-10
|
||||||
%define CHECKPOLICYVER 2.0.16-3
|
%define CHECKPOLICYVER 2.0.16-3
|
||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
@ -50,7 +50,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
BuildRequires: python gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-python >= %{POLICYCOREUTILSVER} bzip2
|
BuildRequires: python gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-python >= %{POLICYCOREUTILSVER} bzip2
|
||||||
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} libsemanage >= 2.0.14-3
|
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} libsemanage >= 2.0.14-3
|
||||||
Requires(post): /usr/bin/bunzip2 /bin/mktemp
|
Requires(post): /usr/bin/bunzip2 /bin/mktemp /bin/awk
|
||||||
Requires: checkpolicy >= %{CHECKPOLICYVER} m4
|
Requires: checkpolicy >= %{CHECKPOLICYVER} m4
|
||||||
Obsoletes: selinux-policy-devel
|
Obsoletes: selinux-policy-devel
|
||||||
Provides: selinux-policy-devel
|
Provides: selinux-policy-devel
|
||||||
@ -94,7 +94,7 @@ cp -f $RPM_SOURCE_DIR/modules-%1.conf ./policy/modules.conf \
|
|||||||
cp -f $RPM_SOURCE_DIR/booleans-%1.conf ./policy/booleans.conf \
|
cp -f $RPM_SOURCE_DIR/booleans-%1.conf ./policy/booleans.conf \
|
||||||
|
|
||||||
%define moduleList() %([ -f %{_sourcedir}/modules-%{1}.conf ] && \
|
%define moduleList() %([ -f %{_sourcedir}/modules-%{1}.conf ] && \
|
||||||
awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "%%s.pp.bz2 ", $1 }' %{_sourcedir}/modules-%{1}.conf )
|
awk '$1 !~ "/^#/" && $1 != "unconfined" && $1 != "unconfineduser" && $2 == "=" && $3 == "module" { printf "%%s.pp.bz2 ", $1 }' %{_sourcedir}/modules-%{1}.conf )
|
||||||
|
|
||||||
%define installCmds() \
|
%define installCmds() \
|
||||||
make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 base.pp \
|
make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 base.pp \
|
||||||
@ -172,7 +172,7 @@ semodule -b base.pp.bz2 -i unconfined.pp.bz2 unconfineduser.pp.bz2 -s %1; \
|
|||||||
|
|
||||||
%define loadpolicy() \
|
%define loadpolicy() \
|
||||||
( cd /usr/share/selinux/%1; \
|
( cd /usr/share/selinux/%1; \
|
||||||
semodule -b base.pp.bz2 -i %{expand:%%moduleList %1} -s %1; \
|
semodule -b base.pp.bz2 -i %{expand:%%moduleList %1} %2 -s %1; \
|
||||||
); \
|
); \
|
||||||
|
|
||||||
%define relabel() \
|
%define relabel() \
|
||||||
@ -311,12 +311,18 @@ SELinux Reference policy targeted base module.
|
|||||||
%saveFileContext targeted
|
%saveFileContext targeted
|
||||||
|
|
||||||
%post targeted
|
%post targeted
|
||||||
|
set -x
|
||||||
if [ $1 -eq 1 ]; then
|
if [ $1 -eq 1 ]; then
|
||||||
%loadpolicy targeted
|
%loadpolicy targeted "unconfined.pp.bz2 unconfineduser.pp.bz2"
|
||||||
restorecon -R /root /var/log /var/run 2> /dev/null
|
restorecon -R /root /var/log /var/run 2> /dev/null
|
||||||
else
|
else
|
||||||
semodule -n -s targeted -r moilscanner -r mailscanner -r gamin -r audio_entropy -r iscsid 2>/dev/null
|
semodule -n -s targeted -r moilscanner -r mailscanner -r gamin -r audio_entropy -r iscsid 2>/dev/null
|
||||||
%loadpolicy targeted unconfined.pp unconfineduser.pp
|
|
||||||
|
packages=""
|
||||||
|
for i in `semodule -l | awk '{print $1 }' | grep -E "(^unconfined$|^unconfineduser$)"`; do
|
||||||
|
packages="$packages $i.pp.bz2"
|
||||||
|
done
|
||||||
|
%loadpolicy targeted $packages
|
||||||
%relabel targeted
|
%relabel targeted
|
||||||
fi
|
fi
|
||||||
exit 0
|
exit 0
|
||||||
@ -440,8 +446,12 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Apr 14 2009 Dan Walsh <dwalsh@redhat.com> 3.6.12-6
|
|
||||||
|
* Fri Apr 17 2009 Dan Walsh <dwalsh@redhat.com> 3.6.12-6
|
||||||
- Allow cupsd_t to create link files in print_spool_t
|
- Allow cupsd_t to create link files in print_spool_t
|
||||||
|
- Fix iscsi_stream_connect typo
|
||||||
|
- Fix labeling on /etc/acpi/actions
|
||||||
|
- Don't reinstall unconfine and unconfineuser on upgrade if they are not installed
|
||||||
|
|
||||||
* Tue Apr 14 2009 Dan Walsh <dwalsh@redhat.com> 3.6.12-5
|
* Tue Apr 14 2009 Dan Walsh <dwalsh@redhat.com> 3.6.12-5
|
||||||
- Allow audioentroy to read etc files
|
- Allow audioentroy to read etc files
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user