- Allow ifconfig_t to read dhcpc_state_t
This commit is contained in:
Daniel J Walsh
parent
af0cf6e416
commit
eb7e6dca5e
|
|
@ -12353,7 +12353,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
+
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.5.4/policy/modules/services/clamav.te
|
||||
--- nsaserefpolicy/policy/modules/services/clamav.te 2008-08-07 11:15:11.000000000 -0400
|
||||
+++ serefpolicy-3.5.4/policy/modules/services/clamav.te 2008-08-11 16:39:48.000000000 -0400
|
||||
+++ serefpolicy-3.5.4/policy/modules/services/clamav.te 2008-08-13 15:22:54.000000000 -0400
|
||||
@@ -13,7 +13,7 @@
|
||||
|
||||
# configuration files
|
||||
|
|
@ -12383,7 +12383,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
corenet_all_recvfrom_unlabeled(clamd_t)
|
||||
corenet_all_recvfrom_netlabel(clamd_t)
|
||||
@@ -120,6 +126,9 @@
|
||||
@@ -97,6 +103,8 @@
|
||||
corenet_tcp_bind_all_nodes(clamd_t)
|
||||
corenet_tcp_bind_clamd_port(clamd_t)
|
||||
corenet_sendrecv_clamd_server_packets(clamd_t)
|
||||
+corenet_tcp_bind_generic_port(clamd_t)
|
||||
+corenet_tcp_connect_generic_port(clamd_t)
|
||||
|
||||
dev_read_rand(clamd_t)
|
||||
dev_read_urand(clamd_t)
|
||||
@@ -120,6 +128,9 @@
|
||||
cron_use_system_job_fds(clamd_t)
|
||||
cron_rw_pipes(clamd_t)
|
||||
|
||||
|
|
@ -12393,7 +12402,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
optional_policy(`
|
||||
amavis_read_lib_files(clamd_t)
|
||||
amavis_read_spool_files(clamd_t)
|
||||
@@ -127,6 +136,10 @@
|
||||
@@ -127,6 +138,10 @@
|
||||
amavis_create_pid_files(clamd_t)
|
||||
')
|
||||
|
||||
|
|
@ -12404,7 +12413,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
########################################
|
||||
#
|
||||
# Freshclam local policy
|
||||
@@ -197,7 +210,7 @@
|
||||
@@ -197,7 +212,7 @@
|
||||
allow clamscan_t self:fifo_file rw_file_perms;
|
||||
allow clamscan_t self:unix_stream_socket create_stream_socket_perms;
|
||||
allow clamscan_t self:unix_dgram_socket create_socket_perms;
|
||||
|
|
@ -12413,7 +12422,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
|
||||
# configuration files
|
||||
allow clamscan_t clamd_etc_t:dir list_dir_perms;
|
||||
@@ -213,6 +226,14 @@
|
||||
@@ -213,6 +228,14 @@
|
||||
manage_files_pattern(clamscan_t, clamd_var_lib_t, clamd_var_lib_t)
|
||||
allow clamscan_t clamd_var_lib_t:dir list_dir_perms;
|
||||
|
||||
|
|
@ -12428,7 +12437,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
kernel_read_kernel_sysctls(clamscan_t)
|
||||
|
||||
files_read_etc_files(clamscan_t)
|
||||
@@ -230,6 +251,12 @@
|
||||
@@ -230,6 +253,12 @@
|
||||
|
||||
clamav_stream_connect(clamscan_t)
|
||||
|
||||
|
|
@ -14316,7 +14325,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.5.4/policy/modules/services/dbus.if
|
||||
--- nsaserefpolicy/policy/modules/services/dbus.if 2008-08-07 11:15:11.000000000 -0400
|
||||
+++ serefpolicy-3.5.4/policy/modules/services/dbus.if 2008-08-13 14:33:26.000000000 -0400
|
||||
+++ serefpolicy-3.5.4/policy/modules/services/dbus.if 2008-08-13 15:01:27.000000000 -0400
|
||||
@@ -53,6 +53,7 @@
|
||||
gen_require(`
|
||||
type system_dbusd_exec_t, system_dbusd_t, dbusd_etc_t;
|
||||
|
|
@ -14426,7 +14435,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
xserver_use_xdm_fds($1_dbusd_t)
|
||||
xserver_rw_xdm_pipes($1_dbusd_t)
|
||||
+ xserver_dontaudit_xdm_lib_search($1_dbusd_t)
|
||||
+ xserver_rw_xdm_home_files',`
|
||||
+ xserver_rw_xdm_home_files($1_dbusd_t)
|
||||
')
|
||||
')
|
||||
|
||||
|
|
@ -16365,7 +16374,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
|||
+')
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.5.4/policy/modules/services/ftp.te
|
||||
--- nsaserefpolicy/policy/modules/services/ftp.te 2008-08-07 11:15:11.000000000 -0400
|
||||
+++ serefpolicy-3.5.4/policy/modules/services/ftp.te 2008-08-11 16:39:48.000000000 -0400
|
||||
+++ serefpolicy-3.5.4/policy/modules/services/ftp.te 2008-08-13 14:54:18.000000000 -0400
|
||||
@@ -75,6 +75,9 @@
|
||||
type xferlog_t;
|
||||
logging_log_file(xferlog_t)
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@
|
|||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.5.4
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
|
|
@ -380,6 +380,9 @@ exit 0
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Aug 12 2008 Dan Walsh <dwalsh@redhat.com> 3.5.4-2
|
||||
- Allow ifconfig_t to read dhcpc_state_t
|
||||
|
||||
* Mon Aug 11 2008 Dan Walsh <dwalsh@redhat.com> 3.5.4-1
|
||||
- Update to upstream
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue