- Additional access for nsplugin
- Allow xdm setcap/getcap until pulseaudio is fixed
This commit is contained in:
Daniel J Walsh
parent
478aeeca6b
commit
e54cb216a8
@ -25383,7 +25383,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||||||
+
|
+
|
||||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.3.1/policy/modules/services/xserver.te
|
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.3.1/policy/modules/services/xserver.te
|
||||||
--- nsaserefpolicy/policy/modules/services/xserver.te 2007-12-19 11:32:17.000000000 +0100
|
--- nsaserefpolicy/policy/modules/services/xserver.te 2007-12-19 11:32:17.000000000 +0100
|
||||||
+++ serefpolicy-3.3.1/policy/modules/services/xserver.te 2008-03-28 22:07:37.000000000 +0100
|
+++ serefpolicy-3.3.1/policy/modules/services/xserver.te 2008-03-28 23:04:06.000000000 +0100
|
||||||
@@ -8,6 +8,14 @@
|
@@ -8,6 +8,14 @@
|
||||||
|
|
||||||
## <desc>
|
## <desc>
|
||||||
@ -25545,11 +25545,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
|
|||||||
-allow xdm_t self:capability { setgid setuid sys_resource kill sys_tty_config mknod chown dac_override dac_read_search fowner fsetid ipc_owner sys_nice sys_rawio net_bind_service };
|
-allow xdm_t self:capability { setgid setuid sys_resource kill sys_tty_config mknod chown dac_override dac_read_search fowner fsetid ipc_owner sys_nice sys_rawio net_bind_service };
|
||||||
-allow xdm_t self:process { setexec setpgid getsched setsched setrlimit signal_perms setkeycreate };
|
-allow xdm_t self:process { setexec setpgid getsched setsched setrlimit signal_perms setkeycreate };
|
||||||
+allow xdm_t self:capability { setgid setuid sys_ptrace sys_resource kill sys_tty_config mknod chown dac_override dac_read_search fowner fsetid ipc_owner sys_nice sys_rawio net_bind_service };
|
+allow xdm_t self:capability { setgid setuid sys_ptrace sys_resource kill sys_tty_config mknod chown dac_override dac_read_search fowner fsetid ipc_owner sys_nice sys_rawio net_bind_service };
|
||||||
+allow xdm_t self:capability { getcap setcap };
|
|
||||||
+
|
+
|
||||||
+dontaudit xdm_t self:capability sys_admin;
|
+dontaudit xdm_t self:capability sys_admin;
|
||||||
+
|
+
|
||||||
+allow xdm_t self:process { getattr setexec setpgid getsched ptrace setsched setrlimit signal_perms };
|
+allow xdm_t self:process { getattr setexec setpgid getsched ptrace setsched setrlimit signal_perms };
|
||||||
|
+allow xdm_t self:process { getcap setcap };
|
||||||
+
|
+
|
||||||
allow xdm_t self:fifo_file rw_fifo_file_perms;
|
allow xdm_t self:fifo_file rw_fifo_file_perms;
|
||||||
allow xdm_t self:shm create_shm_perms;
|
allow xdm_t self:shm create_shm_perms;
|
||||||
|
|||||||
@ -17,7 +17,7 @@
|
|||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.3.1
|
Version: 3.3.1
|
||||||
Release: 24%{?dist}
|
Release: 25%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
@ -387,6 +387,10 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Mar 27 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-25
|
||||||
|
- Additional access for nsplugin
|
||||||
|
- Allow xdm setcap/getcap until pulseaudio is fixed
|
||||||
|
|
||||||
* Tue Mar 25 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-24
|
* Tue Mar 25 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-24
|
||||||
- Allow mount to mkdir on tmpfs
|
- Allow mount to mkdir on tmpfs
|
||||||
- Allow ifconfig to search debugfs
|
- Allow ifconfig to search debugfs
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user