Rebuild with latest code

This commit is contained in:
Dan Walsh 2010-10-08 17:00:50 -04:00
parent 6f934680a8
commit dd20c25744
2 changed files with 174 additions and 72 deletions

View File

@ -858,6 +858,16 @@ index aa0dcc6..0faba2a 100644
+ dbus_read_config(prelink_t) + dbus_read_config(prelink_t)
+ ') + ')
+') +')
diff --git a/policy/modules/admin/readahead.fc b/policy/modules/admin/readahead.fc
index 7077413..70edcd6 100644
--- a/policy/modules/admin/readahead.fc
+++ b/policy/modules/admin/readahead.fc
@@ -1,3 +1,5 @@
/usr/sbin/readahead.* -- gen_context(system_u:object_r:readahead_exec_t,s0)
/sbin/readahead.* -- gen_context(system_u:object_r:readahead_exec_t,s0)
/var/lib/readahead(/.*)? gen_context(system_u:object_r:readahead_var_lib_t,s0)
+/lib/systemd/systemd-readahead.* -- gen_context(system_u:object_r:readahead_exec_t,s0)
+
diff --git a/policy/modules/admin/readahead.te b/policy/modules/admin/readahead.te diff --git a/policy/modules/admin/readahead.te b/policy/modules/admin/readahead.te
index 2df2f1d..c1aaa79 100644 index 2df2f1d..c1aaa79 100644
--- a/policy/modules/admin/readahead.te --- a/policy/modules/admin/readahead.te
@ -1545,11 +1555,27 @@ index c368bdc..c927b85 100644
+type sudo_db_t; +type sudo_db_t;
+files_type(sudo_db_t) +files_type(sudo_db_t)
+ +
diff --git a/policy/modules/admin/tmpreaper.fc b/policy/modules/admin/tmpreaper.fc
index 81077db..8208e86 100644
--- a/policy/modules/admin/tmpreaper.fc
+++ b/policy/modules/admin/tmpreaper.fc
@@ -1,2 +1,3 @@
/usr/sbin/tmpreaper -- gen_context(system_u:object_r:tmpreaper_exec_t,s0)
/usr/sbin/tmpwatch -- gen_context(system_u:object_r:tmpreaper_exec_t,s0)
+/lib/systemd/systemd-tmpfiles -- gen_context(system_u:object_r:tmpreaper_exec_t,s0)
diff --git a/policy/modules/admin/tmpreaper.te b/policy/modules/admin/tmpreaper.te diff --git a/policy/modules/admin/tmpreaper.te b/policy/modules/admin/tmpreaper.te
index 6a5004b..50cd538 100644 index 6a5004b..c59c3cd 100644
--- a/policy/modules/admin/tmpreaper.te --- a/policy/modules/admin/tmpreaper.te
+++ b/policy/modules/admin/tmpreaper.te +++ b/policy/modules/admin/tmpreaper.te
@@ -25,8 +25,11 @@ fs_getattr_xattr_fs(tmpreaper_t) @@ -7,6 +7,7 @@ policy_module(tmpreaper, 1.5.0)
type tmpreaper_t;
type tmpreaper_exec_t;
+init_system_domain(tmpreaper_t, tmpreaper_exec_t)
application_domain(tmpreaper_t, tmpreaper_exec_t)
role system_r types tmpreaper_t;
@@ -25,8 +26,11 @@ fs_getattr_xattr_fs(tmpreaper_t)
files_read_etc_files(tmpreaper_t) files_read_etc_files(tmpreaper_t)
files_read_var_lib_files(tmpreaper_t) files_read_var_lib_files(tmpreaper_t)
files_purge_tmp(tmpreaper_t) files_purge_tmp(tmpreaper_t)
@ -1561,7 +1587,7 @@ index 6a5004b..50cd538 100644
files_getattr_all_dirs(tmpreaper_t) files_getattr_all_dirs(tmpreaper_t)
files_getattr_all_files(tmpreaper_t) files_getattr_all_files(tmpreaper_t)
@@ -52,7 +55,9 @@ optional_policy(` @@ -52,7 +56,9 @@ optional_policy(`
') ')
optional_policy(` optional_policy(`
@ -1571,7 +1597,7 @@ index 6a5004b..50cd538 100644
apache_delete_cache_files(tmpreaper_t) apache_delete_cache_files(tmpreaper_t)
apache_setattr_cache_dirs(tmpreaper_t) apache_setattr_cache_dirs(tmpreaper_t)
') ')
@@ -66,6 +71,14 @@ optional_policy(` @@ -66,6 +72,14 @@ optional_policy(`
') ')
optional_policy(` optional_policy(`
@ -7182,7 +7208,7 @@ index 82842a0..369c3b5 100644
dbus_system_bus_client($1_wm_t) dbus_system_bus_client($1_wm_t)
dbus_session_bus_client($1_wm_t) dbus_session_bus_client($1_wm_t)
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index 0eb1d97..46af2a4 100644 index 0eb1d97..303d994 100644
--- a/policy/modules/kernel/corecommands.fc --- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc +++ b/policy/modules/kernel/corecommands.fc
@@ -9,8 +9,11 @@ @@ -9,8 +9,11 @@
@ -7216,7 +7242,7 @@ index 0eb1d97..46af2a4 100644
/etc/profile.d(/.*)? gen_context(system_u:object_r:bin_t,s0) /etc/profile.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
/etc/xen/qemu-ifup -- gen_context(system_u:object_r:bin_t,s0) /etc/xen/qemu-ifup -- gen_context(system_u:object_r:bin_t,s0)
/etc/xen/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0) /etc/xen/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
@@ -109,6 +117,8 @@ ifdef(`distro_debian',` @@ -109,11 +117,14 @@ ifdef(`distro_debian',`
/etc/mysql/debian-start -- gen_context(system_u:object_r:bin_t,s0) /etc/mysql/debian-start -- gen_context(system_u:object_r:bin_t,s0)
') ')
@ -7225,7 +7251,13 @@ index 0eb1d97..46af2a4 100644
# #
# /lib # /lib
# #
@@ -126,6 +136,8 @@ ifdef(`distro_gentoo',`
/lib/udev/[^/]* -- gen_context(system_u:object_r:bin_t,s0)
+/lib/udev/devices/MAKEDEV -l gen_context(system_u:object_r:bin_t,s0)
/lib/udev/scsi_id -- gen_context(system_u:object_r:bin_t,s0)
/lib64/udev/[^/]* -- gen_context(system_u:object_r:bin_t,s0)
@@ -126,6 +137,8 @@ ifdef(`distro_gentoo',`
/lib/rcscripts/net\.modules\.d/helpers\.d/dhclient-.* -- gen_context(system_u:object_r:bin_t,s0) /lib/rcscripts/net\.modules\.d/helpers\.d/dhclient-.* -- gen_context(system_u:object_r:bin_t,s0)
/lib/rcscripts/net\.modules\.d/helpers\.d/udhcpc-.* -- gen_context(system_u:object_r:bin_t,s0) /lib/rcscripts/net\.modules\.d/helpers\.d/udhcpc-.* -- gen_context(system_u:object_r:bin_t,s0)
') ')
@ -7234,7 +7266,7 @@ index 0eb1d97..46af2a4 100644
# #
# /sbin # /sbin
@@ -145,6 +157,12 @@ ifdef(`distro_gentoo',` @@ -145,6 +158,12 @@ ifdef(`distro_gentoo',`
/opt/(.*/)?sbin(/.*)? gen_context(system_u:object_r:bin_t,s0) /opt/(.*/)?sbin(/.*)? gen_context(system_u:object_r:bin_t,s0)
@ -7247,7 +7279,7 @@ index 0eb1d97..46af2a4 100644
ifdef(`distro_gentoo',` ifdef(`distro_gentoo',`
/opt/RealPlayer/realplay(\.bin)? gen_context(system_u:object_r:bin_t,s0) /opt/RealPlayer/realplay(\.bin)? gen_context(system_u:object_r:bin_t,s0)
/opt/RealPlayer/postint(/.*)? gen_context(system_u:object_r:bin_t,s0) /opt/RealPlayer/postint(/.*)? gen_context(system_u:object_r:bin_t,s0)
@@ -169,6 +187,7 @@ ifdef(`distro_gentoo',` @@ -169,6 +188,7 @@ ifdef(`distro_gentoo',`
/usr/lib/fence(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/lib/fence(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/pgsql/test/regress/.*\.sh -- gen_context(system_u:object_r:bin_t,s0) /usr/lib/pgsql/test/regress/.*\.sh -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/qt.*/bin(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/lib/qt.*/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
@ -7255,7 +7287,7 @@ index 0eb1d97..46af2a4 100644
/usr/lib(64)?/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:bin_t,s0) /usr/lib(64)?/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/apt/methods.+ -- gen_context(system_u:object_r:bin_t,s0) /usr/lib(64)?/apt/methods.+ -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/ConsoleKit/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/lib(64)?/ConsoleKit/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
@@ -205,7 +224,8 @@ ifdef(`distro_gentoo',` @@ -205,7 +225,8 @@ ifdef(`distro_gentoo',`
/usr/lib(64)?/xen/bin(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/lib(64)?/xen/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/libexec(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/libexec(/.*)? gen_context(system_u:object_r:bin_t,s0)
@ -7265,7 +7297,7 @@ index 0eb1d97..46af2a4 100644
/usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0) /usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
@@ -218,8 +238,11 @@ ifdef(`distro_gentoo',` @@ -218,8 +239,11 @@ ifdef(`distro_gentoo',`
/usr/sbin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0) /usr/sbin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/sbin/smrsh -- gen_context(system_u:object_r:shell_exec_t,s0) /usr/sbin/smrsh -- gen_context(system_u:object_r:shell_exec_t,s0)
@ -7277,7 +7309,7 @@ index 0eb1d97..46af2a4 100644
/usr/share/debconf/.+ -- gen_context(system_u:object_r:bin_t,s0) /usr/share/debconf/.+ -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/denyhosts/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/share/denyhosts/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/denyhosts/plugins(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/share/denyhosts/plugins(/.*)? gen_context(system_u:object_r:bin_t,s0)
@@ -228,6 +251,8 @@ ifdef(`distro_gentoo',` @@ -228,6 +252,8 @@ ifdef(`distro_gentoo',`
/usr/share/cluster/svclib_nfslock -- gen_context(system_u:object_r:bin_t,s0) /usr/share/cluster/svclib_nfslock -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/e16/misc(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/share/e16/misc(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/gedit-2/plugins/externaltools/tools(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/share/gedit-2/plugins/externaltools/tools(/.*)? gen_context(system_u:object_r:bin_t,s0)
@ -7286,7 +7318,7 @@ index 0eb1d97..46af2a4 100644
/usr/share/gnucash/finance-quote-check -- gen_context(system_u:object_r:bin_t,s0) /usr/share/gnucash/finance-quote-check -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/gnucash/finance-quote-helper -- gen_context(system_u:object_r:bin_t,s0) /usr/share/gnucash/finance-quote-helper -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0) /usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
@@ -314,6 +339,7 @@ ifdef(`distro_redhat', ` @@ -314,6 +340,7 @@ ifdef(`distro_redhat', `
/usr/share/texmf/web2c/mktexdir -- gen_context(system_u:object_r:bin_t,s0) /usr/share/texmf/web2c/mktexdir -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/texmf/web2c/mktexnam -- gen_context(system_u:object_r:bin_t,s0) /usr/share/texmf/web2c/mktexnam -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/texmf/web2c/mktexupd -- gen_context(system_u:object_r:bin_t,s0) /usr/share/texmf/web2c/mktexupd -- gen_context(system_u:object_r:bin_t,s0)
@ -7294,7 +7326,7 @@ index 0eb1d97..46af2a4 100644
') ')
ifdef(`distro_suse', ` ifdef(`distro_suse', `
@@ -340,3 +366,27 @@ ifdef(`distro_suse', ` @@ -340,3 +367,27 @@ ifdef(`distro_suse', `
ifdef(`distro_suse',` ifdef(`distro_suse',`
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0) /var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
') ')
@ -8987,25 +9019,31 @@ index 07352a5..12e9ecf 100644
#Temporarily in policy until FC5 dissappears #Temporarily in policy until FC5 dissappears
typealias etc_runtime_t alias firstboot_rw_t; typealias etc_runtime_t alias firstboot_rw_t;
diff --git a/policy/modules/kernel/filesystem.fc b/policy/modules/kernel/filesystem.fc diff --git a/policy/modules/kernel/filesystem.fc b/policy/modules/kernel/filesystem.fc
index 59bae6a..16f0f9e 100644 index 59bae6a..2e55e71 100644
--- a/policy/modules/kernel/filesystem.fc --- a/policy/modules/kernel/filesystem.fc
+++ b/policy/modules/kernel/filesystem.fc +++ b/policy/modules/kernel/filesystem.fc
@@ -2,5 +2,10 @@ @@ -2,5 +2,16 @@
/dev/shm/.* <<none>> /dev/shm/.* <<none>>
/cgroup -d gen_context(system_u:object_r:cgroup_t,s0) /cgroup -d gen_context(system_u:object_r:cgroup_t,s0)
+/cgroup/.* <<none>> +/cgroup/.* <<none>>
+/lib/udev/devices/hugepages -d gen_context(system_u:object_r:hugetlbfs_t,s0)
+/lib/udev/devices/hugepages/.* <<none>>
+
+/lib/udev/devices/shm -d gen_context(system_u:object_r:tmpfs_t,s0)
+/lib/udev/devices/shm/.* <<none>>
+
+/sys/fs/cgroup -d gen_context(system_u:object_r:cgroup_t,s0) +/sys/fs/cgroup -d gen_context(system_u:object_r:cgroup_t,s0)
/sys/fs/cgroup(/.*)? <<none>> /sys/fs/cgroup(/.*)? <<none>>
+ +
+/dev/hugepages -d gen_context(system_u:object_r:hugetlbfs_t,s0) +/dev/hugepages -d gen_context(system_u:object_r:hugetlbfs_t,s0)
+/dev/hugepages(/.*)? <<none>> +/dev/hugepages(/.*)? <<none>>
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index 437a42a..51d47a0 100644 index 437a42a..c0e1d3a 100644
--- a/policy/modules/kernel/filesystem.if --- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if +++ b/policy/modules/kernel/filesystem.if
@@ -646,6 +646,7 @@ interface(`fs_search_cgroup_dirs',` @@ -646,11 +646,31 @@ interface(`fs_search_cgroup_dirs',`
') ')
search_dirs_pattern($1, cgroup_t, cgroup_t) search_dirs_pattern($1, cgroup_t, cgroup_t)
@ -9013,7 +9051,31 @@ index 437a42a..51d47a0 100644
dev_search_sysfs($1) dev_search_sysfs($1)
') ')
@@ -665,6 +666,7 @@ interface(`fs_list_cgroup_dirs', ` ########################################
## <summary>
+## Relabelto cgroup directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`fs_relabelto_cgroup_dirs',`
+ gen_require(`
+ type cgroup_t;
+
+ ')
+
+ relabelto_dirs_pattern($1, cgroup_t, cgroup_t)
+')
+
+########################################
+## <summary>
## list cgroup directories.
## </summary>
## <param name="domain">
@@ -665,6 +685,7 @@ interface(`fs_list_cgroup_dirs', `
') ')
list_dirs_pattern($1, cgroup_t, cgroup_t) list_dirs_pattern($1, cgroup_t, cgroup_t)
@ -9021,7 +9083,7 @@ index 437a42a..51d47a0 100644
dev_search_sysfs($1) dev_search_sysfs($1)
') ')
@@ -684,6 +686,7 @@ interface(`fs_delete_cgroup_dirs', ` @@ -684,6 +705,7 @@ interface(`fs_delete_cgroup_dirs', `
') ')
delete_dirs_pattern($1, cgroup_t, cgroup_t) delete_dirs_pattern($1, cgroup_t, cgroup_t)
@ -9029,7 +9091,7 @@ index 437a42a..51d47a0 100644
dev_search_sysfs($1) dev_search_sysfs($1)
') ')
@@ -704,6 +707,7 @@ interface(`fs_manage_cgroup_dirs',` @@ -704,6 +726,7 @@ interface(`fs_manage_cgroup_dirs',`
') ')
manage_dirs_pattern($1, cgroup_t, cgroup_t) manage_dirs_pattern($1, cgroup_t, cgroup_t)
@ -9037,7 +9099,7 @@ index 437a42a..51d47a0 100644
dev_search_sysfs($1) dev_search_sysfs($1)
') ')
@@ -724,6 +728,7 @@ interface(`fs_read_cgroup_files',` @@ -724,6 +747,7 @@ interface(`fs_read_cgroup_files',`
') ')
read_files_pattern($1, cgroup_t, cgroup_t) read_files_pattern($1, cgroup_t, cgroup_t)
@ -9045,7 +9107,7 @@ index 437a42a..51d47a0 100644
dev_search_sysfs($1) dev_search_sysfs($1)
') ')
@@ -743,6 +748,7 @@ interface(`fs_write_cgroup_files', ` @@ -743,6 +767,7 @@ interface(`fs_write_cgroup_files', `
') ')
write_files_pattern($1, cgroup_t, cgroup_t) write_files_pattern($1, cgroup_t, cgroup_t)
@ -9053,7 +9115,7 @@ index 437a42a..51d47a0 100644
dev_search_sysfs($1) dev_search_sysfs($1)
') ')
@@ -763,6 +769,7 @@ interface(`fs_rw_cgroup_files',` @@ -763,6 +788,7 @@ interface(`fs_rw_cgroup_files',`
') ')
rw_files_pattern($1, cgroup_t, cgroup_t) rw_files_pattern($1, cgroup_t, cgroup_t)
@ -9061,7 +9123,7 @@ index 437a42a..51d47a0 100644
dev_search_sysfs($1) dev_search_sysfs($1)
') ')
@@ -803,6 +810,7 @@ interface(`fs_manage_cgroup_files',` @@ -803,6 +829,7 @@ interface(`fs_manage_cgroup_files',`
') ')
manage_files_pattern($1, cgroup_t, cgroup_t) manage_files_pattern($1, cgroup_t, cgroup_t)
@ -9069,7 +9131,7 @@ index 437a42a..51d47a0 100644
dev_search_sysfs($1) dev_search_sysfs($1)
') ')
@@ -1227,6 +1235,24 @@ interface(`fs_dontaudit_append_cifs_files',` @@ -1227,6 +1254,24 @@ interface(`fs_dontaudit_append_cifs_files',`
######################################## ########################################
## <summary> ## <summary>
@ -9094,7 +9156,7 @@ index 437a42a..51d47a0 100644
## Do not audit attempts to read or ## Do not audit attempts to read or
## write files on a CIFS or SMB filesystem. ## write files on a CIFS or SMB filesystem.
## </summary> ## </summary>
@@ -1241,7 +1267,7 @@ interface(`fs_dontaudit_rw_cifs_files',` @@ -1241,7 +1286,7 @@ interface(`fs_dontaudit_rw_cifs_files',`
type cifs_t; type cifs_t;
') ')
@ -9103,7 +9165,7 @@ index 437a42a..51d47a0 100644
') ')
######################################## ########################################
@@ -1504,6 +1530,25 @@ interface(`fs_cifs_domtrans',` @@ -1504,6 +1549,25 @@ interface(`fs_cifs_domtrans',`
domain_auto_transition_pattern($1, cifs_t, $2) domain_auto_transition_pattern($1, cifs_t, $2)
') ')
@ -9129,7 +9191,7 @@ index 437a42a..51d47a0 100644
####################################### #######################################
## <summary> ## <summary>
## Create, read, write, and delete dirs ## Create, read, write, and delete dirs
@@ -1931,7 +1976,26 @@ interface(`fs_read_fusefs_symlinks',` @@ -1931,7 +1995,26 @@ interface(`fs_read_fusefs_symlinks',`
######################################## ########################################
## <summary> ## <summary>
@ -9157,7 +9219,7 @@ index 437a42a..51d47a0 100644
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
## <summary> ## <summary>
@@ -1946,6 +2010,41 @@ interface(`fs_rw_hugetlbfs_files',` @@ -1946,6 +2029,41 @@ interface(`fs_rw_hugetlbfs_files',`
rw_files_pattern($1, hugetlbfs_t, hugetlbfs_t) rw_files_pattern($1, hugetlbfs_t, hugetlbfs_t)
') ')
@ -9199,7 +9261,7 @@ index 437a42a..51d47a0 100644
######################################## ########################################
## <summary> ## <summary>
@@ -1999,6 +2098,7 @@ interface(`fs_list_inotifyfs',` @@ -1999,6 +2117,7 @@ interface(`fs_list_inotifyfs',`
') ')
allow $1 inotifyfs_t:dir list_dir_perms; allow $1 inotifyfs_t:dir list_dir_perms;
@ -9207,7 +9269,7 @@ index 437a42a..51d47a0 100644
') ')
######################################## ########################################
@@ -2395,6 +2495,25 @@ interface(`fs_exec_nfs_files',` @@ -2395,6 +2514,25 @@ interface(`fs_exec_nfs_files',`
######################################## ########################################
## <summary> ## <summary>
@ -9233,7 +9295,7 @@ index 437a42a..51d47a0 100644
## Append files ## Append files
## on a NFS filesystem. ## on a NFS filesystem.
## </summary> ## </summary>
@@ -2435,6 +2554,24 @@ interface(`fs_dontaudit_append_nfs_files',` @@ -2435,6 +2573,24 @@ interface(`fs_dontaudit_append_nfs_files',`
######################################## ########################################
## <summary> ## <summary>
@ -9258,7 +9320,7 @@ index 437a42a..51d47a0 100644
## Do not audit attempts to read or ## Do not audit attempts to read or
## write files on a NFS filesystem. ## write files on a NFS filesystem.
## </summary> ## </summary>
@@ -2449,7 +2586,7 @@ interface(`fs_dontaudit_rw_nfs_files',` @@ -2449,7 +2605,7 @@ interface(`fs_dontaudit_rw_nfs_files',`
type nfs_t; type nfs_t;
') ')
@ -9267,7 +9329,7 @@ index 437a42a..51d47a0 100644
') ')
######################################## ########################################
@@ -2637,6 +2774,24 @@ interface(`fs_dontaudit_read_removable_files',` @@ -2637,6 +2793,24 @@ interface(`fs_dontaudit_read_removable_files',`
######################################## ########################################
## <summary> ## <summary>
@ -9292,7 +9354,7 @@ index 437a42a..51d47a0 100644
## Read removable storage symbolic links. ## Read removable storage symbolic links.
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
@@ -2845,7 +3000,7 @@ interface(`fs_dontaudit_manage_nfs_files',` @@ -2845,7 +3019,7 @@ interface(`fs_dontaudit_manage_nfs_files',`
######################################### #########################################
## <summary> ## <summary>
## Create, read, write, and delete symbolic links ## Create, read, write, and delete symbolic links
@ -9301,7 +9363,7 @@ index 437a42a..51d47a0 100644
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
## <summary> ## <summary>
@@ -3970,6 +4125,24 @@ interface(`fs_dontaudit_use_tmpfs_chr_dev',` @@ -3970,6 +4144,42 @@ interface(`fs_dontaudit_use_tmpfs_chr_dev',`
######################################## ########################################
## <summary> ## <summary>
@ -9322,11 +9384,29 @@ index 437a42a..51d47a0 100644
+') +')
+ +
+######################################## +########################################
+## <summary>
+## Relabelfrom directory on tmpfs filesystems.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`fs_relabelfrom_tmpfs_dir',`
+ gen_require(`
+ type tmpfs_t;
+ ')
+
+ relabelfrom_dirs_pattern($1, tmpfs_t, tmpfs_t)
+')
+
+########################################
+## <summary> +## <summary>
## Relabel character nodes on tmpfs filesystems. ## Relabel character nodes on tmpfs filesystems.
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
@@ -4662,3 +4835,24 @@ interface(`fs_unconfined',` @@ -4662,3 +4872,24 @@ interface(`fs_unconfined',`
typeattribute $1 filesystem_unconfined_type; typeattribute $1 filesystem_unconfined_type;
') ')
@ -9807,6 +9887,16 @@ index 3723150..bde6daa 100644
allow $1 fixed_disk_device_t:blk_file create_blk_file_perms; allow $1 fixed_disk_device_t:blk_file create_blk_file_perms;
dev_add_entry_generic_dirs($1) dev_add_entry_generic_dirs($1)
') ')
diff --git a/policy/modules/kernel/terminal.fc b/policy/modules/kernel/terminal.fc
index 3994e57..ee146ae 100644
--- a/policy/modules/kernel/terminal.fc
+++ b/policy/modules/kernel/terminal.fc
@@ -40,3 +40,5 @@ ifdef(`distro_gentoo',`
# used by init scripts to initally populate udev /dev
/lib/udev/devices/console -c gen_context(system_u:object_r:console_device_t,s0)
')
+
+/lib/udev/devices/pts -d gen_context(system_u:object_r:devpts_t,s0-mls_systemhigh)
diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if
index 492bf76..87a6942 100644 index 492bf76..87a6942 100644
--- a/policy/modules/kernel/terminal.if --- a/policy/modules/kernel/terminal.if
@ -38623,7 +38713,7 @@ index 8419a01..5865dba 100644
+ allow $1 init_t:unix_stream_socket rw_stream_socket_perms; + allow $1 init_t:unix_stream_socket rw_stream_socket_perms;
+') +')
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 698c11e..e90e509 100644 index 698c11e..d92e0c3 100644
--- a/policy/modules/system/init.te --- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te +++ b/policy/modules/system/init.te
@@ -16,6 +16,27 @@ gen_require(` @@ -16,6 +16,27 @@ gen_require(`
@ -38713,7 +38803,7 @@ index 698c11e..e90e509 100644
# Early devtmpfs # Early devtmpfs
dev_rw_generic_chr_files(init_t) dev_rw_generic_chr_files(init_t)
@@ -127,9 +154,12 @@ domain_kill_all_domains(init_t) @@ -127,9 +154,13 @@ domain_kill_all_domains(init_t)
domain_signal_all_domains(init_t) domain_signal_all_domains(init_t)
domain_signull_all_domains(init_t) domain_signull_all_domains(init_t)
domain_sigstop_all_domains(init_t) domain_sigstop_all_domains(init_t)
@ -38723,10 +38813,11 @@ index 698c11e..e90e509 100644
files_read_etc_files(init_t) files_read_etc_files(init_t)
+files_read_all_pids(init_t) +files_read_all_pids(init_t)
+files_read_system_conf_files(init_t)
files_rw_generic_pids(init_t) files_rw_generic_pids(init_t)
files_dontaudit_search_isid_type_dirs(init_t) files_dontaudit_search_isid_type_dirs(init_t)
files_manage_etc_runtime_files(init_t) files_manage_etc_runtime_files(init_t)
@@ -162,12 +192,15 @@ init_domtrans_script(init_t) @@ -162,12 +193,15 @@ init_domtrans_script(init_t)
libs_rw_ld_so_cache(init_t) libs_rw_ld_so_cache(init_t)
logging_send_syslog_msg(init_t) logging_send_syslog_msg(init_t)
@ -38742,7 +38833,7 @@ index 698c11e..e90e509 100644
ifdef(`distro_gentoo',` ifdef(`distro_gentoo',`
allow init_t self:process { getcap setcap }; allow init_t self:process { getcap setcap };
') ')
@@ -178,7 +211,7 @@ ifdef(`distro_redhat',` @@ -178,7 +212,7 @@ ifdef(`distro_redhat',`
fs_tmpfs_filetrans(init_t, initctl_t, fifo_file) fs_tmpfs_filetrans(init_t, initctl_t, fifo_file)
') ')
@ -38751,7 +38842,7 @@ index 698c11e..e90e509 100644
corecmd_shell_domtrans(init_t, initrc_t) corecmd_shell_domtrans(init_t, initrc_t)
',` ',`
# Run the shell in the sysadm role for single-user mode. # Run the shell in the sysadm role for single-user mode.
@@ -186,12 +219,74 @@ tunable_policy(`init_upstart',` @@ -186,12 +220,79 @@ tunable_policy(`init_upstart',`
sysadm_shell_domtrans(init_t) sysadm_shell_domtrans(init_t)
') ')
@ -38769,6 +38860,8 @@ index 698c11e..e90e509 100644
+ +
+ kernel_list_unlabeled(init_t) + kernel_list_unlabeled(init_t)
+ kernel_read_network_state(init_t) + kernel_read_network_state(init_t)
+ kernel_rw_kernel_sysctl(init_t)
+ kernel_read_all_sysctls(init_t)
+ kernel_unmount_debugfs(init_t) + kernel_unmount_debugfs(init_t)
+ +
+ dev_write_kmsg(init_t) + dev_write_kmsg(init_t)
@ -38782,14 +38875,17 @@ index 698c11e..e90e509 100644
+ +
+ files_mounton_all_mountpoints(init_t) + files_mounton_all_mountpoints(init_t)
+ files_manage_all_pids_dirs(init_t) + files_manage_all_pids_dirs(init_t)
+ files_manage_urandom_seed(init_t)
+ +
+ fs_manage_cgroup_dirs(init_t) + fs_manage_cgroup_dirs(init_t)
+ fs_manage_hugetlbfs_dirs(init_t) + fs_manage_hugetlbfs_dirs(init_t)
+ fs_manage_tmpfs_dirs(init_t) + fs_manage_tmpfs_dirs(init_t)
+ fs_relabelfrom_tmpfs_dir(init_t)
+ fs_mount_all_fs(init_t) + fs_mount_all_fs(init_t)
+ fs_list_auto_mountpoints(init_t) + fs_list_auto_mountpoints(init_t)
+ fs_read_cgroup_files(init_t) + fs_read_cgroup_files(init_t)
+ fs_write_cgroup_files(init_t) + fs_write_cgroup_files(init_t)
+ fs_relabelto_cgroup_dirs(init_t)
+ fs_search_cgroup_dirs(daemon) + fs_search_cgroup_dirs(daemon)
+ +
+ selinux_compute_create_context(init_t) + selinux_compute_create_context(init_t)
@ -38826,7 +38922,7 @@ index 698c11e..e90e509 100644
') ')
optional_policy(` optional_policy(`
@@ -199,10 +294,19 @@ optional_policy(` @@ -199,10 +300,19 @@ optional_policy(`
') ')
optional_policy(` optional_policy(`
@ -38846,7 +38942,7 @@ index 698c11e..e90e509 100644
unconfined_domain(init_t) unconfined_domain(init_t)
') ')
@@ -212,7 +316,7 @@ optional_policy(` @@ -212,7 +322,7 @@ optional_policy(`
# #
allow initrc_t self:process { getpgid setsched setpgid setrlimit getsched }; allow initrc_t self:process { getpgid setsched setpgid setrlimit getsched };
@ -38855,7 +38951,7 @@ index 698c11e..e90e509 100644
dontaudit initrc_t self:capability sys_module; # sysctl is triggering this dontaudit initrc_t self:capability sys_module; # sysctl is triggering this
allow initrc_t self:passwd rootok; allow initrc_t self:passwd rootok;
allow initrc_t self:key manage_key_perms; allow initrc_t self:key manage_key_perms;
@@ -241,6 +345,7 @@ manage_fifo_files_pattern(initrc_t, initrc_state_t, initrc_state_t) @@ -241,6 +351,7 @@ manage_fifo_files_pattern(initrc_t, initrc_state_t, initrc_state_t)
allow initrc_t initrc_var_run_t:file manage_file_perms; allow initrc_t initrc_var_run_t:file manage_file_perms;
files_pid_filetrans(initrc_t, initrc_var_run_t, file) files_pid_filetrans(initrc_t, initrc_var_run_t, file)
@ -38863,7 +38959,7 @@ index 698c11e..e90e509 100644
can_exec(initrc_t, initrc_tmp_t) can_exec(initrc_t, initrc_tmp_t)
manage_files_pattern(initrc_t, initrc_tmp_t, initrc_tmp_t) manage_files_pattern(initrc_t, initrc_tmp_t, initrc_tmp_t)
@@ -258,11 +363,23 @@ kernel_change_ring_buffer_level(initrc_t) @@ -258,11 +369,23 @@ kernel_change_ring_buffer_level(initrc_t)
kernel_clear_ring_buffer(initrc_t) kernel_clear_ring_buffer(initrc_t)
kernel_get_sysvipc_info(initrc_t) kernel_get_sysvipc_info(initrc_t)
kernel_read_all_sysctls(initrc_t) kernel_read_all_sysctls(initrc_t)
@ -38887,7 +38983,7 @@ index 698c11e..e90e509 100644
corecmd_exec_all_executables(initrc_t) corecmd_exec_all_executables(initrc_t)
@@ -291,6 +408,7 @@ dev_read_sound_mixer(initrc_t) @@ -291,6 +414,7 @@ dev_read_sound_mixer(initrc_t)
dev_write_sound_mixer(initrc_t) dev_write_sound_mixer(initrc_t)
dev_setattr_all_chr_files(initrc_t) dev_setattr_all_chr_files(initrc_t)
dev_rw_lvm_control(initrc_t) dev_rw_lvm_control(initrc_t)
@ -38895,7 +38991,7 @@ index 698c11e..e90e509 100644
dev_delete_lvm_control_dev(initrc_t) dev_delete_lvm_control_dev(initrc_t)
dev_manage_generic_symlinks(initrc_t) dev_manage_generic_symlinks(initrc_t)
dev_manage_generic_files(initrc_t) dev_manage_generic_files(initrc_t)
@@ -298,13 +416,13 @@ dev_manage_generic_files(initrc_t) @@ -298,13 +422,13 @@ dev_manage_generic_files(initrc_t)
dev_delete_generic_symlinks(initrc_t) dev_delete_generic_symlinks(initrc_t)
dev_getattr_all_blk_files(initrc_t) dev_getattr_all_blk_files(initrc_t)
dev_getattr_all_chr_files(initrc_t) dev_getattr_all_chr_files(initrc_t)
@ -38911,7 +39007,7 @@ index 698c11e..e90e509 100644
domain_sigchld_all_domains(initrc_t) domain_sigchld_all_domains(initrc_t)
domain_read_all_domains_state(initrc_t) domain_read_all_domains_state(initrc_t)
domain_getattr_all_domains(initrc_t) domain_getattr_all_domains(initrc_t)
@@ -323,8 +441,10 @@ files_getattr_all_symlinks(initrc_t) @@ -323,8 +447,10 @@ files_getattr_all_symlinks(initrc_t)
files_getattr_all_pipes(initrc_t) files_getattr_all_pipes(initrc_t)
files_getattr_all_sockets(initrc_t) files_getattr_all_sockets(initrc_t)
files_purge_tmp(initrc_t) files_purge_tmp(initrc_t)
@ -38923,7 +39019,7 @@ index 698c11e..e90e509 100644
files_delete_all_pids(initrc_t) files_delete_all_pids(initrc_t)
files_delete_all_pid_dirs(initrc_t) files_delete_all_pid_dirs(initrc_t)
files_read_etc_files(initrc_t) files_read_etc_files(initrc_t)
@@ -340,8 +460,12 @@ files_list_isid_type_dirs(initrc_t) @@ -340,8 +466,12 @@ files_list_isid_type_dirs(initrc_t)
files_mounton_isid_type_dirs(initrc_t) files_mounton_isid_type_dirs(initrc_t)
files_list_default(initrc_t) files_list_default(initrc_t)
files_mounton_default(initrc_t) files_mounton_default(initrc_t)
@ -38937,7 +39033,7 @@ index 698c11e..e90e509 100644
fs_list_inotifyfs(initrc_t) fs_list_inotifyfs(initrc_t)
fs_register_binary_executable_type(initrc_t) fs_register_binary_executable_type(initrc_t)
# rhgb-console writes to ramfs # rhgb-console writes to ramfs
@@ -351,6 +475,8 @@ fs_mount_all_fs(initrc_t) @@ -351,6 +481,8 @@ fs_mount_all_fs(initrc_t)
fs_unmount_all_fs(initrc_t) fs_unmount_all_fs(initrc_t)
fs_remount_all_fs(initrc_t) fs_remount_all_fs(initrc_t)
fs_getattr_all_fs(initrc_t) fs_getattr_all_fs(initrc_t)
@ -38946,7 +39042,7 @@ index 698c11e..e90e509 100644
# initrc_t needs to do a pidof which requires ptrace # initrc_t needs to do a pidof which requires ptrace
mcs_ptrace_all(initrc_t) mcs_ptrace_all(initrc_t)
@@ -363,6 +489,7 @@ mls_process_read_up(initrc_t) @@ -363,6 +495,7 @@ mls_process_read_up(initrc_t)
mls_process_write_down(initrc_t) mls_process_write_down(initrc_t)
mls_rangetrans_source(initrc_t) mls_rangetrans_source(initrc_t)
mls_fd_share_all_levels(initrc_t) mls_fd_share_all_levels(initrc_t)
@ -38954,7 +39050,7 @@ index 698c11e..e90e509 100644
selinux_get_enforce_mode(initrc_t) selinux_get_enforce_mode(initrc_t)
@@ -380,6 +507,7 @@ auth_read_pam_pid(initrc_t) @@ -380,6 +513,7 @@ auth_read_pam_pid(initrc_t)
auth_delete_pam_pid(initrc_t) auth_delete_pam_pid(initrc_t)
auth_delete_pam_console_data(initrc_t) auth_delete_pam_console_data(initrc_t)
auth_use_nsswitch(initrc_t) auth_use_nsswitch(initrc_t)
@ -38962,7 +39058,7 @@ index 698c11e..e90e509 100644
libs_rw_ld_so_cache(initrc_t) libs_rw_ld_so_cache(initrc_t)
libs_exec_lib_files(initrc_t) libs_exec_lib_files(initrc_t)
@@ -394,13 +522,14 @@ logging_read_audit_config(initrc_t) @@ -394,13 +528,14 @@ logging_read_audit_config(initrc_t)
miscfiles_read_localization(initrc_t) miscfiles_read_localization(initrc_t)
# slapd needs to read cert files from its initscript # slapd needs to read cert files from its initscript
@ -38978,7 +39074,7 @@ index 698c11e..e90e509 100644
userdom_read_user_home_content_files(initrc_t) userdom_read_user_home_content_files(initrc_t)
# Allow access to the sysadm TTYs. Note that this will give access to the # Allow access to the sysadm TTYs. Note that this will give access to the
# TTYs to any process in the initrc_t domain. Therefore, daemons and such # TTYs to any process in the initrc_t domain. Therefore, daemons and such
@@ -473,7 +602,7 @@ ifdef(`distro_redhat',` @@ -473,7 +608,7 @@ ifdef(`distro_redhat',`
# Red Hat systems seem to have a stray # Red Hat systems seem to have a stray
# fd open from the initrd # fd open from the initrd
@ -38987,7 +39083,7 @@ index 698c11e..e90e509 100644
files_dontaudit_read_root_files(initrc_t) files_dontaudit_read_root_files(initrc_t)
# These seem to be from the initrd # These seem to be from the initrd
@@ -519,6 +648,19 @@ ifdef(`distro_redhat',` @@ -519,6 +654,19 @@ ifdef(`distro_redhat',`
optional_policy(` optional_policy(`
bind_manage_config_dirs(initrc_t) bind_manage_config_dirs(initrc_t)
bind_write_config(initrc_t) bind_write_config(initrc_t)
@ -39007,7 +39103,7 @@ index 698c11e..e90e509 100644
') ')
optional_policy(` optional_policy(`
@@ -526,10 +668,17 @@ ifdef(`distro_redhat',` @@ -526,10 +674,17 @@ ifdef(`distro_redhat',`
rpc_write_exports(initrc_t) rpc_write_exports(initrc_t)
rpc_manage_nfs_state_data(initrc_t) rpc_manage_nfs_state_data(initrc_t)
') ')
@ -39025,7 +39121,7 @@ index 698c11e..e90e509 100644
') ')
optional_policy(` optional_policy(`
@@ -544,6 +693,35 @@ ifdef(`distro_suse',` @@ -544,6 +699,35 @@ ifdef(`distro_suse',`
') ')
') ')
@ -39061,7 +39157,7 @@ index 698c11e..e90e509 100644
optional_policy(` optional_policy(`
amavis_search_lib(initrc_t) amavis_search_lib(initrc_t)
amavis_setattr_pid_files(initrc_t) amavis_setattr_pid_files(initrc_t)
@@ -556,6 +734,8 @@ optional_policy(` @@ -556,6 +740,8 @@ optional_policy(`
optional_policy(` optional_policy(`
apache_read_config(initrc_t) apache_read_config(initrc_t)
apache_list_modules(initrc_t) apache_list_modules(initrc_t)
@ -39070,7 +39166,7 @@ index 698c11e..e90e509 100644
') ')
optional_policy(` optional_policy(`
@@ -572,6 +752,7 @@ optional_policy(` @@ -572,6 +758,7 @@ optional_policy(`
optional_policy(` optional_policy(`
cgroup_stream_connect_cgred(initrc_t) cgroup_stream_connect_cgred(initrc_t)
@ -39078,7 +39174,7 @@ index 698c11e..e90e509 100644
') ')
optional_policy(` optional_policy(`
@@ -584,6 +765,11 @@ optional_policy(` @@ -584,6 +771,11 @@ optional_policy(`
') ')
optional_policy(` optional_policy(`
@ -39090,7 +39186,7 @@ index 698c11e..e90e509 100644
dev_getattr_printer_dev(initrc_t) dev_getattr_printer_dev(initrc_t)
cups_read_log(initrc_t) cups_read_log(initrc_t)
@@ -600,6 +786,9 @@ optional_policy(` @@ -600,6 +792,9 @@ optional_policy(`
dbus_connect_system_bus(initrc_t) dbus_connect_system_bus(initrc_t)
dbus_system_bus_client(initrc_t) dbus_system_bus_client(initrc_t)
dbus_read_config(initrc_t) dbus_read_config(initrc_t)
@ -39100,7 +39196,7 @@ index 698c11e..e90e509 100644
optional_policy(` optional_policy(`
consolekit_dbus_chat(initrc_t) consolekit_dbus_chat(initrc_t)
@@ -701,7 +890,13 @@ optional_policy(` @@ -701,7 +896,13 @@ optional_policy(`
') ')
optional_policy(` optional_policy(`
@ -39114,7 +39210,7 @@ index 698c11e..e90e509 100644
mta_dontaudit_read_spool_symlinks(initrc_t) mta_dontaudit_read_spool_symlinks(initrc_t)
') ')
@@ -724,6 +919,10 @@ optional_policy(` @@ -724,6 +925,10 @@ optional_policy(`
') ')
optional_policy(` optional_policy(`
@ -39125,7 +39221,7 @@ index 698c11e..e90e509 100644
postgresql_manage_db(initrc_t) postgresql_manage_db(initrc_t)
postgresql_read_config(initrc_t) postgresql_read_config(initrc_t)
') ')
@@ -745,6 +944,10 @@ optional_policy(` @@ -745,6 +950,10 @@ optional_policy(`
') ')
optional_policy(` optional_policy(`
@ -39136,7 +39232,7 @@ index 698c11e..e90e509 100644
fs_write_ramfs_sockets(initrc_t) fs_write_ramfs_sockets(initrc_t)
fs_search_ramfs(initrc_t) fs_search_ramfs(initrc_t)
@@ -766,8 +969,6 @@ optional_policy(` @@ -766,8 +975,6 @@ optional_policy(`
# bash tries ioctl for some reason # bash tries ioctl for some reason
files_dontaudit_ioctl_all_pids(initrc_t) files_dontaudit_ioctl_all_pids(initrc_t)
@ -39145,7 +39241,7 @@ index 698c11e..e90e509 100644
') ')
optional_policy(` optional_policy(`
@@ -776,14 +977,21 @@ optional_policy(` @@ -776,14 +983,21 @@ optional_policy(`
') ')
optional_policy(` optional_policy(`
@ -39167,7 +39263,7 @@ index 698c11e..e90e509 100644
optional_policy(` optional_policy(`
ssh_dontaudit_read_server_keys(initrc_t) ssh_dontaudit_read_server_keys(initrc_t)
@@ -805,11 +1013,19 @@ optional_policy(` @@ -805,11 +1019,19 @@ optional_policy(`
') ')
optional_policy(` optional_policy(`
@ -39188,7 +39284,7 @@ index 698c11e..e90e509 100644
ifdef(`distro_redhat',` ifdef(`distro_redhat',`
# system-config-services causes avc messages that should be dontaudited # system-config-services causes avc messages that should be dontaudited
@@ -819,6 +1035,25 @@ optional_policy(` @@ -819,6 +1041,25 @@ optional_policy(`
optional_policy(` optional_policy(`
mono_domtrans(initrc_t) mono_domtrans(initrc_t)
') ')
@ -39214,7 +39310,7 @@ index 698c11e..e90e509 100644
') ')
optional_policy(` optional_policy(`
@@ -844,3 +1079,55 @@ optional_policy(` @@ -844,3 +1085,55 @@ optional_policy(`
optional_policy(` optional_policy(`
zebra_read_config(initrc_t) zebra_read_config(initrc_t)
') ')

View File

@ -21,7 +21,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.9.6 Version: 3.9.6
Release: 1%{?dist} Release: 2%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Source: serefpolicy-%{version}.tgz Source: serefpolicy-%{version}.tgz
@ -470,6 +470,12 @@ exit 0
%endif %endif
%changelog %changelog
* Fri Oct 8 2010 Dan Walsh <dwalsh@redhat.com> 3.9.6-2
- Lots of fixes for systemd
- systemd now executes readahead and tmpwatch type scripts
- Needs to manage random seed
* Thu Oct 7 2010 Dan Walsh <dwalsh@redhat.com> 3.9.6-1 * Thu Oct 7 2010 Dan Walsh <dwalsh@redhat.com> 3.9.6-1
- Allow smbd to use sys_admin - Allow smbd to use sys_admin
- Remove duplicate file context for tcfmgr - Remove duplicate file context for tcfmgr