rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fixes caused by the labeling of /etc/passwd

Browse Source 
Add thumb.patch to transition unconfined_t to thumb_t for Rawhide
This commit is contained in:
Dan Walsh 2011-09-30 10:22:41 -04:00
parent a004ca8c3a
commit e15ae4fa84
3 changed files with 45 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
passwd.patch
View File

@ -138,6 +138,31 @@ index 2b348c7..b89658c 100644
logging_send_syslog_msg(entropyd_t)
miscfiles_read_localization(entropyd_t)
diff --git a/policy/modules/services/plymouthd.te b/policy/modules/services/plymouthd.te
index 4f9a575..5fc3a55 100644
--- a/policy/modules/services/plymouthd.te
+++ b/policy/modules/services/plymouthd.te
@@ -75,6 +75,8 @@ init_signal(plymouthd_t)
logging_link_generic_logs(plymouthd_t)
logging_delete_generic_logs(plymouthd_t)
+auth_read_passwd(plymouthd_t)
+
miscfiles_read_localization(plymouthd_t)
miscfiles_read_fonts(plymouthd_t)
miscfiles_manage_fonts_cache(plymouthd_t)
diff --git a/policy/modules/services/virt.te b/policy/modules/services/virt.te
index 290f8c4..cd2909f 100644
--- a/policy/modules/services/virt.te
+++ b/policy/modules/services/virt.te
@@ -881,6 +881,7 @@ fs_getattr_xattr_fs(svirt_lxc_domain)
fs_list_inotifyfs(svirt_lxc_domain)
fs_dontaudit_getattr_xattr_fs(svirt_lxc_domain)
+auth_dontaudit_read_passwd(svirt_lxc_domain)
auth_dontaudit_read_login_records(svirt_lxc_domain)
auth_dontaudit_write_login_records(svirt_lxc_domain)
auth_search_pam_console_data(svirt_lxc_domain)
diff --git a/policy/modules/system/authlogin.fc b/policy/modules/system/authlogin.fc
index 59742f4..51ca568 100644
--- a/policy/modules/system/authlogin.fc

6
selinux-policy.spec
View File

@ -17,13 +17,14 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.10.0
Release: 34.5%{?dist}
Release: 34.6%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
patch: policy-F16.patch
patch1: unconfined_permissive.patch
patch2: passwd.patch
patch3: thumb.patch
Source1: modules-targeted.conf
Source2: booleans-targeted.conf
Source3: Makefile.devel
@ -470,8 +471,9 @@ SELinux Reference policy mls base module.
%endif
%changelog
* Thu Sep 29 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-34.4
* Fri Sep 29 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-34.4
- Fixes caused by the labeling of /etc/passwd
- Add thumb.patch to transition unconfined_t to thumb_t for Rawhide
* Thu Sep 29 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-34.3
- Add support for Clustered Samba commands

16
thumb.patch Normal file
View File

@ -0,0 +1,16 @@
diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te
index 1105ff5..620e17b 100644
--- a/policy/modules/roles/unconfineduser.te
+++ b/policy/modules/roles/unconfineduser.te
@@ -188,6 +188,11 @@ optional_policy(`
rtkit_scheduled(unconfined_usertype)
')
+ # Might remove later if this proves to be problematic, but would like to gather AVC's
+ optional_policy(`
+ thumb_role(unconfined_r, unconfined_usertype)
+ ')
+
optional_policy(`
setroubleshoot_dbus_chat(unconfined_usertype)
setroubleshoot_dbus_chat_fixit(unconfined_t)