rpms
/
selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Additional access for nsplugin 

- Allow xdm setcap/getcap until pulseaudio is fixed
This commit is contained in:
Daniel J Walsh 2008-03-28 22:07:45 +00:00
parent 478aeeca6b
commit e54cb216a8
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
policy-20071130.patch
View File

@ -25383,7 +25383,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
+ +
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.3.1/policy/modules/services/xserver.te diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.3.1/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2007-12-19 11:32:17.000000000 +0100 --- nsaserefpolicy/policy/modules/services/xserver.te 2007-12-19 11:32:17.000000000 +0100
+++ serefpolicy-3.3.1/policy/modules/services/xserver.te 2008-03-28 22:07:37.000000000 +0100 +++ serefpolicy-3.3.1/policy/modules/services/xserver.te 2008-03-28 23:04:06.000000000 +0100
@@ -8,6 +8,14 @@ @@ -8,6 +8,14 @@
## <desc> ## <desc>
@ -25545,11 +25545,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
-allow xdm_t self:capability { setgid setuid sys_resource kill sys_tty_config mknod chown dac_override dac_read_search fowner fsetid ipc_owner sys_nice sys_rawio net_bind_service }; -allow xdm_t self:capability { setgid setuid sys_resource kill sys_tty_config mknod chown dac_override dac_read_search fowner fsetid ipc_owner sys_nice sys_rawio net_bind_service };
-allow xdm_t self:process { setexec setpgid getsched setsched setrlimit signal_perms setkeycreate }; -allow xdm_t self:process { setexec setpgid getsched setsched setrlimit signal_perms setkeycreate };
+allow xdm_t self:capability { setgid setuid sys_ptrace sys_resource kill sys_tty_config mknod chown dac_override dac_read_search fowner fsetid ipc_owner sys_nice sys_rawio net_bind_service }; +allow xdm_t self:capability { setgid setuid sys_ptrace sys_resource kill sys_tty_config mknod chown dac_override dac_read_search fowner fsetid ipc_owner sys_nice sys_rawio net_bind_service };
+allow xdm_t self:capability { getcap setcap };
+ +
+dontaudit xdm_t self:capability sys_admin; +dontaudit xdm_t self:capability sys_admin;
+ +
+allow xdm_t self:process { getattr setexec setpgid getsched ptrace setsched setrlimit signal_perms }; +allow xdm_t self:process { getattr setexec setpgid getsched ptrace setsched setrlimit signal_perms };
+allow xdm_t self:process { getcap setcap };
+ +
allow xdm_t self:fifo_file rw_fifo_file_perms; allow xdm_t self:fifo_file rw_fifo_file_perms;
allow xdm_t self:shm create_shm_perms; allow xdm_t self:shm create_shm_perms;

6
selinux-policy.spec
View File

@ -17,7 +17,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.3.1 Version: 3.3.1
Release: 24%{?dist} Release: 25%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Source: serefpolicy-%{version}.tgz Source: serefpolicy-%{version}.tgz
@ -387,6 +387,10 @@ exit 0
%endif %endif
%changelog %changelog
* Thu Mar 27 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-25
- Additional access for nsplugin
- Allow xdm setcap/getcap until pulseaudio is fixed
* Tue Mar 25 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-24 * Tue Mar 25 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-24
- Allow mount to mkdir on tmpfs - Allow mount to mkdir on tmpfs
- Allow ifconfig to search debugfs - Allow ifconfig to search debugfs