* Tue May 13 2014 Miroslav Grepl<mgrepl@redhat.com> 3.13.1-

- Add missing dyntransition for sandbox_x_domain
2014-05-13 14:42:28 +02:00 · 2014-05-13 14:42:28 +02:00 · dfbb9aca62
parent dbf4ab85b0
commit dfbb9aca62
2 changed files with 6 additions and 2 deletions
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@ -85948,10 +85948,10 @@ index 0000000..6caef63
 +/usr/share/sandbox/start --	gen_context(system_u:object_r:sandbox_exec_t,s0)
 diff --git a/sandboxX.if b/sandboxX.if
 new file mode 100644
-index 0000000..3258f45
+index 0000000..03bdcef
 --- /dev/null
 +++ b/sandboxX.if
-@@ -0,0 +1,394 @@
+@@ -0,0 +1,395 @@
 +
 +## <summary>policy for sandboxX </summary>
 +
@ -85980,6 +85980,7 @@ index 0000000..3258f45
 +	')
 +
 +	allow $1 sandbox_x_domain:process { signal_perms transition };
 +	allow $1 sandbox_x_domain:process dyntransition;
 +	dontaudit $1 sandbox_x_domain:process { noatsecure siginh rlimitinh };
 +	allow sandbox_x_domain $1:process { sigchld signull };
 +	allow { sandbox_x_domain sandbox_xserver_t } $1:fd use;
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -588,6 +588,9 @@ SELinux Reference policy mls base module.
 %endif
 %changelog
 * Tue May 13 2014 Miroslav Grepl<mgrepl@redhat.com> 3.13.1-53
 - Add missing dyntransition for sandbox_x_domain
 * Wed May 7 2014 Miroslav Grepl<mgrepl@redhat.com> 3.13.1-52
 - More rules for gears and openshift
 - Added iotop policy. Thanks William Brown