- Fix confined users
- Allow xguest to read/write xguest_dbusd_t
This commit is contained in:
Daniel J Walsh
parent
2362056f7a
commit
e704a148fe
|
|
@ -13412,7 +13412,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
+')
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.5.13/policy/modules/services/cups.te
|
||||
--- nsaserefpolicy/policy/modules/services/cups.te 2008-10-16 17:21:16.000000000 -0400
|
||||
+++ serefpolicy-3.5.13/policy/modules/services/cups.te 2008-10-28 11:19:44.000000000 -0400
|
||||
+++ serefpolicy-3.5.13/policy/modules/services/cups.te 2008-10-29 13:51:55.000000000 -0400
|
||||
@@ -20,6 +20,12 @@
|
||||
type cupsd_etc_t;
|
||||
files_config_file(cupsd_etc_t)
|
||||
|
|
@ -13592,7 +13592,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
auth_use_nsswitch(cupsd_t)
|
||||
|
||||
libs_use_ld_so(cupsd_t)
|
||||
@@ -219,17 +256,22 @@
|
||||
@@ -219,17 +256,21 @@
|
||||
miscfiles_read_fonts(cupsd_t)
|
||||
|
||||
seutil_read_config(cupsd_t)
|
||||
|
|
@ -13608,16 +13608,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
lpd_manage_spool(cupsd_t)
|
||||
+lpd_read_config(cupsd_t)
|
||||
+lpd_exec_lpr(cupsd_t)
|
||||
+lpd_relabel_spool(cupsd_t)
|
||||
|
||||
ifdef(`enable_mls',`
|
||||
lpd_relabel_spool(cupsd_t)
|
||||
+
|
||||
- lpd_relabel_spool(cupsd_t)
|
||||
+ mls_trusted_object(cupsd_var_run_t)
|
||||
+ init_ranged_daemon_domain(cupsd_t, cupsd_exec_t,mls_systemhigh)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -246,8 +288,16 @@
|
||||
@@ -246,8 +287,16 @@
|
||||
userdom_dbus_send_all_users(cupsd_t)
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -13634,7 +13634,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -263,6 +313,10 @@
|
||||
@@ -263,6 +312,10 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -13645,7 +13645,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
# cups execs smbtool which reads samba_etc_t files
|
||||
samba_read_config(cupsd_t)
|
||||
samba_rw_var_files(cupsd_t)
|
||||
@@ -281,7 +335,7 @@
|
||||
@@ -281,7 +334,7 @@
|
||||
# Cups configuration daemon local policy
|
||||
#
|
||||
|
||||
|
|
@ -13654,7 +13654,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
dontaudit cupsd_config_t self:capability sys_tty_config;
|
||||
allow cupsd_config_t self:process signal_perms;
|
||||
allow cupsd_config_t self:fifo_file rw_fifo_file_perms;
|
||||
@@ -313,7 +367,7 @@
|
||||
@@ -313,7 +366,7 @@
|
||||
files_pid_filetrans(cupsd_config_t, cupsd_config_var_run_t, file)
|
||||
|
||||
kernel_read_system_state(cupsd_config_t)
|
||||
|
|
@ -13663,7 +13663,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
corenet_all_recvfrom_unlabeled(cupsd_config_t)
|
||||
corenet_all_recvfrom_netlabel(cupsd_config_t)
|
||||
@@ -326,6 +380,7 @@
|
||||
@@ -326,6 +379,7 @@
|
||||
dev_read_sysfs(cupsd_config_t)
|
||||
dev_read_urand(cupsd_config_t)
|
||||
dev_read_rand(cupsd_config_t)
|
||||
|
|
@ -13671,7 +13671,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
fs_getattr_all_fs(cupsd_config_t)
|
||||
fs_search_auto_mountpoints(cupsd_config_t)
|
||||
@@ -343,7 +398,7 @@
|
||||
@@ -343,7 +397,7 @@
|
||||
files_read_var_symlinks(cupsd_config_t)
|
||||
|
||||
# Alternatives asks for this
|
||||
|
|
@ -13680,7 +13680,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
auth_use_nsswitch(cupsd_config_t)
|
||||
|
||||
@@ -353,6 +408,7 @@
|
||||
@@ -353,6 +407,7 @@
|
||||
logging_send_syslog_msg(cupsd_config_t)
|
||||
|
||||
miscfiles_read_localization(cupsd_config_t)
|
||||
|
|
@ -13688,7 +13688,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
seutil_dontaudit_search_config(cupsd_config_t)
|
||||
|
||||
@@ -365,14 +421,16 @@
|
||||
@@ -365,14 +420,16 @@
|
||||
sysadm_dontaudit_search_home_dirs(cupsd_config_t)
|
||||
|
||||
ifdef(`distro_redhat',`
|
||||
|
|
@ -13707,7 +13707,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
cron_system_entry(cupsd_config_t, cupsd_config_exec_t)
|
||||
')
|
||||
|
||||
@@ -388,6 +446,7 @@
|
||||
@@ -388,6 +445,7 @@
|
||||
optional_policy(`
|
||||
hal_domtrans(cupsd_config_t)
|
||||
hal_read_tmp_files(cupsd_config_t)
|
||||
|
|
@ -13715,7 +13715,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -500,7 +559,7 @@
|
||||
@@ -500,7 +558,7 @@
|
||||
allow hplip_t self:udp_socket create_socket_perms;
|
||||
allow hplip_t self:rawip_socket create_socket_perms;
|
||||
|
||||
|
|
@ -13724,7 +13724,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
cups_stream_connect(hplip_t)
|
||||
|
||||
@@ -509,6 +568,8 @@
|
||||
@@ -509,6 +567,8 @@
|
||||
read_lnk_files_pattern(hplip_t, hplip_etc_t, hplip_etc_t)
|
||||
files_search_etc(hplip_t)
|
||||
|
||||
|
|
@ -13733,7 +13733,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
manage_files_pattern(hplip_t, hplip_var_run_t, hplip_var_run_t)
|
||||
files_pid_filetrans(hplip_t, hplip_var_run_t, file)
|
||||
|
||||
@@ -538,7 +599,8 @@
|
||||
@@ -538,7 +598,8 @@
|
||||
dev_read_urand(hplip_t)
|
||||
dev_read_rand(hplip_t)
|
||||
dev_rw_generic_usb_dev(hplip_t)
|
||||
|
|
@ -13743,7 +13743,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
fs_getattr_all_fs(hplip_t)
|
||||
fs_search_auto_mountpoints(hplip_t)
|
||||
@@ -564,12 +626,14 @@
|
||||
@@ -564,12 +625,14 @@
|
||||
userdom_dontaudit_use_unpriv_user_fds(hplip_t)
|
||||
userdom_dontaudit_search_all_users_home_content(hplip_t)
|
||||
|
||||
|
|
@ -13759,7 +13759,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -651,3 +715,44 @@
|
||||
@@ -651,3 +714,44 @@
|
||||
optional_policy(`
|
||||
udev_read_db(ptal_t)
|
||||
')
|
||||
|
|
@ -25531,7 +25531,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
')
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.5.13/policy/modules/services/xserver.te
|
||||
--- nsaserefpolicy/policy/modules/services/xserver.te 2008-10-16 17:21:16.000000000 -0400
|
||||
+++ serefpolicy-3.5.13/policy/modules/services/xserver.te 2008-10-28 11:30:36.000000000 -0400
|
||||
+++ serefpolicy-3.5.13/policy/modules/services/xserver.te 2008-10-29 13:26:13.000000000 -0400
|
||||
@@ -8,6 +8,14 @@
|
||||
|
||||
## <desc>
|
||||
|
|
@ -25670,7 +25670,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
manage_dirs_pattern(xdm_t, xdm_tmpfs_t, xdm_tmpfs_t)
|
||||
manage_files_pattern(xdm_t, xdm_tmpfs_t, xdm_tmpfs_t)
|
||||
@@ -176,15 +238,30 @@
|
||||
@@ -176,15 +238,31 @@
|
||||
manage_fifo_files_pattern(xdm_t, xdm_tmpfs_t, xdm_tmpfs_t)
|
||||
manage_sock_files_pattern(xdm_t, xdm_tmpfs_t, xdm_tmpfs_t)
|
||||
fs_tmpfs_filetrans(xdm_t, xdm_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
|
||||
|
|
@ -25685,6 +25685,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
+files_search_spool(xdm_t)
|
||||
+manage_dirs_pattern(xdm_t, xdm_spool_t, xdm_spool_t)
|
||||
+manage_files_pattern(xdm_t, xdm_spool_t, xdm_spool_t)
|
||||
+files_spool_filetrans(xdm_t, xdm_spool_t, { file dir })
|
||||
|
||||
manage_dirs_pattern(xdm_t, xdm_var_lib_t, xdm_var_lib_t)
|
||||
manage_files_pattern(xdm_t, xdm_var_lib_t, xdm_var_lib_t)
|
||||
|
|
@ -25703,7 +25704,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
allow xdm_t xdm_xserver_t:process signal;
|
||||
allow xdm_t xdm_xserver_t:unix_stream_socket connectto;
|
||||
@@ -198,6 +275,7 @@
|
||||
@@ -198,6 +276,7 @@
|
||||
allow xdm_t xdm_xserver_t:process { noatsecure siginh rlimitinh signal sigkill };
|
||||
|
||||
allow xdm_t xdm_xserver_t:shm rw_shm_perms;
|
||||
|
|
@ -25711,7 +25712,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
# connect to xdm xserver over stream socket
|
||||
stream_connect_pattern(xdm_t, xdm_xserver_tmp_t, xdm_xserver_tmp_t, xdm_xserver_t)
|
||||
@@ -229,6 +307,7 @@
|
||||
@@ -229,6 +308,7 @@
|
||||
corenet_udp_sendrecv_all_ports(xdm_t)
|
||||
corenet_tcp_bind_all_nodes(xdm_t)
|
||||
corenet_udp_bind_all_nodes(xdm_t)
|
||||
|
|
@ -25719,7 +25720,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
corenet_tcp_connect_all_ports(xdm_t)
|
||||
corenet_sendrecv_all_client_packets(xdm_t)
|
||||
# xdm tries to bind to biff_port_t
|
||||
@@ -241,6 +320,7 @@
|
||||
@@ -241,6 +321,7 @@
|
||||
dev_getattr_mouse_dev(xdm_t)
|
||||
dev_setattr_mouse_dev(xdm_t)
|
||||
dev_rw_apm_bios(xdm_t)
|
||||
|
|
@ -25727,7 +25728,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
dev_setattr_apm_bios_dev(xdm_t)
|
||||
dev_rw_dri(xdm_t)
|
||||
dev_rw_agp(xdm_t)
|
||||
@@ -253,14 +333,17 @@
|
||||
@@ -253,14 +334,17 @@
|
||||
dev_setattr_video_dev(xdm_t)
|
||||
dev_getattr_scanner_dev(xdm_t)
|
||||
dev_setattr_scanner_dev(xdm_t)
|
||||
|
|
@ -25747,7 +25748,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
files_read_etc_files(xdm_t)
|
||||
files_read_var_files(xdm_t)
|
||||
@@ -271,9 +354,13 @@
|
||||
@@ -271,9 +355,13 @@
|
||||
files_read_usr_files(xdm_t)
|
||||
# Poweroff wants to create the /poweroff file when run from xdm
|
||||
files_create_boot_flag(xdm_t)
|
||||
|
|
@ -25761,7 +25762,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
storage_dontaudit_read_fixed_disk(xdm_t)
|
||||
storage_dontaudit_write_fixed_disk(xdm_t)
|
||||
@@ -282,6 +369,7 @@
|
||||
@@ -282,6 +370,7 @@
|
||||
storage_dontaudit_raw_write_removable_device(xdm_t)
|
||||
storage_dontaudit_setattr_removable_dev(xdm_t)
|
||||
storage_dontaudit_rw_scsi_generic(xdm_t)
|
||||
|
|
@ -25769,7 +25770,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
term_setattr_console(xdm_t)
|
||||
term_use_unallocated_ttys(xdm_t)
|
||||
@@ -290,6 +378,7 @@
|
||||
@@ -290,6 +379,7 @@
|
||||
auth_domtrans_pam_console(xdm_t)
|
||||
auth_manage_pam_pid(xdm_t)
|
||||
auth_manage_pam_console_data(xdm_t)
|
||||
|
|
@ -25777,7 +25778,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
auth_rw_faillog(xdm_t)
|
||||
auth_write_login_records(xdm_t)
|
||||
|
||||
@@ -301,21 +390,26 @@
|
||||
@@ -301,21 +391,26 @@
|
||||
libs_exec_lib_files(xdm_t)
|
||||
|
||||
logging_read_generic_logs(xdm_t)
|
||||
|
|
@ -25809,7 +25810,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
xserver_rw_session_template(xdm, xdm_t, xdm_tmpfs_t)
|
||||
xserver_unconfined(xdm_t)
|
||||
@@ -348,10 +442,12 @@
|
||||
@@ -348,10 +443,12 @@
|
||||
|
||||
optional_policy(`
|
||||
alsa_domtrans(xdm_t)
|
||||
|
|
@ -25822,7 +25823,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -359,6 +455,22 @@
|
||||
@@ -359,6 +456,22 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -25845,7 +25846,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
# Talk to the console mouse server.
|
||||
gpm_stream_connect(xdm_t)
|
||||
gpm_setattr_gpmctl(xdm_t)
|
||||
@@ -382,16 +494,34 @@
|
||||
@@ -382,16 +495,34 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -25881,7 +25882,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
ifndef(`distro_redhat',`
|
||||
allow xdm_t self:process { execheap execmem };
|
||||
@@ -411,6 +541,10 @@
|
||||
@@ -411,6 +542,10 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -25892,7 +25893,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
xfs_stream_connect(xdm_t)
|
||||
')
|
||||
|
||||
@@ -427,7 +561,7 @@
|
||||
@@ -427,7 +562,7 @@
|
||||
allow xdm_xserver_t xdm_var_lib_t:file { getattr read };
|
||||
dontaudit xdm_xserver_t xdm_var_lib_t:dir search;
|
||||
|
||||
|
|
@ -25901,7 +25902,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
# Label pid and temporary files with derived types.
|
||||
manage_files_pattern(xdm_xserver_t, xdm_tmp_t, xdm_tmp_t)
|
||||
@@ -439,6 +573,15 @@
|
||||
@@ -439,6 +574,15 @@
|
||||
can_exec(xdm_xserver_t, xkb_var_lib_t)
|
||||
files_search_var_lib(xdm_xserver_t)
|
||||
|
||||
|
|
@ -25917,7 +25918,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
# VNC v4 module in X server
|
||||
corenet_tcp_bind_vnc_port(xdm_xserver_t)
|
||||
|
||||
@@ -450,10 +593,19 @@
|
||||
@@ -450,10 +594,19 @@
|
||||
# xdm_xserver_t may no longer have any reason
|
||||
# to read ROLE_home_t - examine this in more detail
|
||||
# (xauth?)
|
||||
|
|
@ -25938,7 +25939,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
tunable_policy(`use_nfs_home_dirs',`
|
||||
fs_manage_nfs_dirs(xdm_xserver_t)
|
||||
fs_manage_nfs_files(xdm_xserver_t)
|
||||
@@ -468,8 +620,19 @@
|
||||
@@ -468,8 +621,19 @@
|
||||
|
||||
optional_policy(`
|
||||
dbus_system_bus_client_template(xdm_xserver, xdm_xserver_t)
|
||||
|
|
@ -25958,7 +25959,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
optional_policy(`
|
||||
resmgr_stream_connect(xdm_t)
|
||||
@@ -481,8 +644,25 @@
|
||||
@@ -481,8 +645,25 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -25986,7 +25987,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
ifndef(`distro_redhat',`
|
||||
allow xdm_xserver_t self:process { execheap execmem };
|
||||
@@ -491,7 +671,6 @@
|
||||
@@ -491,7 +672,6 @@
|
||||
ifdef(`distro_rhel4',`
|
||||
allow xdm_xserver_t self:process { execheap execmem };
|
||||
')
|
||||
|
|
@ -25994,7 +25995,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
########################################
|
||||
#
|
||||
@@ -512,6 +691,27 @@
|
||||
@@ -512,6 +692,27 @@
|
||||
allow xserver_unconfined_type { x_domain x_server_domain }:x_resource *;
|
||||
allow xserver_unconfined_type xevent_type:{ x_event x_synthetic_event } *;
|
||||
|
||||
|
|
@ -26022,7 +26023,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
ifdef(`TODO',`
|
||||
# Need to further investigate these permissions and
|
||||
# perhaps define derived types.
|
||||
@@ -544,3 +744,56 @@
|
||||
@@ -544,3 +745,70 @@
|
||||
#
|
||||
allow pam_t xdm_t:fifo_file { getattr ioctl write };
|
||||
') dnl end TODO
|
||||
|
|
@ -26079,6 +26080,20 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
+')
|
||||
+
|
||||
+allow xdm_t iceauth_home_t:file read_file_perms;
|
||||
+
|
||||
+
|
||||
+# Hack to handle the problem of using the nvidia blobs
|
||||
+tunable_policy(`allow_execmem',`
|
||||
+ # Allow making anonymous memory executable, e.g.
|
||||
+ # for runtime-code generation or executable stack.
|
||||
+ allow xdm_t self:process execmem;
|
||||
+')
|
||||
+
|
||||
+tunable_policy(`allow_execstack',`
|
||||
+ # Allow making the stack executable via mprotect;
|
||||
+ # execstack implies execmem;
|
||||
+ allow xdm_t self:process { execstack execmem };
|
||||
+')
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebra.te serefpolicy-3.5.13/policy/modules/services/zebra.te
|
||||
--- nsaserefpolicy/policy/modules/services/zebra.te 2008-10-16 17:21:16.000000000 -0400
|
||||
+++ serefpolicy-3.5.13/policy/modules/services/zebra.te 2008-10-28 10:56:19.000000000 -0400
|
||||
|
|
@ -26889,7 +26904,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
+')
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.5.13/policy/modules/system/init.te
|
||||
--- nsaserefpolicy/policy/modules/system/init.te 2008-10-14 11:58:09.000000000 -0400
|
||||
+++ serefpolicy-3.5.13/policy/modules/system/init.te 2008-10-28 10:56:19.000000000 -0400
|
||||
+++ serefpolicy-3.5.13/policy/modules/system/init.te 2008-10-29 14:03:43.000000000 -0400
|
||||
@@ -17,6 +17,20 @@
|
||||
## </desc>
|
||||
gen_tunable(init_upstart,false)
|
||||
|
|
@ -29448,7 +29463,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
+/opt/real/(.*/)?realplay\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.5.13/policy/modules/system/unconfined.if
|
||||
--- nsaserefpolicy/policy/modules/system/unconfined.if 2008-09-11 16:42:49.000000000 -0400
|
||||
+++ serefpolicy-3.5.13/policy/modules/system/unconfined.if 2008-10-28 10:56:19.000000000 -0400
|
||||
+++ serefpolicy-3.5.13/policy/modules/system/unconfined.if 2008-10-29 13:21:22.000000000 -0400
|
||||
@@ -12,14 +12,13 @@
|
||||
#
|
||||
interface(`unconfined_domain_noaudit',`
|
||||
|
|
|
|||
Loading…
Reference in New Issue