- Allow ifconfig_t to read dhcpc_state_t
This commit is contained in:
parent
af0cf6e416
commit
eb7e6dca5e
|
@ -12353,7 +12353,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
+
|
+
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.5.4/policy/modules/services/clamav.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.5.4/policy/modules/services/clamav.te
|
||||||
--- nsaserefpolicy/policy/modules/services/clamav.te 2008-08-07 11:15:11.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/clamav.te 2008-08-07 11:15:11.000000000 -0400
|
||||||
+++ serefpolicy-3.5.4/policy/modules/services/clamav.te 2008-08-11 16:39:48.000000000 -0400
|
+++ serefpolicy-3.5.4/policy/modules/services/clamav.te 2008-08-13 15:22:54.000000000 -0400
|
||||||
@@ -13,7 +13,7 @@
|
@@ -13,7 +13,7 @@
|
||||||
|
|
||||||
# configuration files
|
# configuration files
|
||||||
|
@ -12383,7 +12383,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
|
|
||||||
corenet_all_recvfrom_unlabeled(clamd_t)
|
corenet_all_recvfrom_unlabeled(clamd_t)
|
||||||
corenet_all_recvfrom_netlabel(clamd_t)
|
corenet_all_recvfrom_netlabel(clamd_t)
|
||||||
@@ -120,6 +126,9 @@
|
@@ -97,6 +103,8 @@
|
||||||
|
corenet_tcp_bind_all_nodes(clamd_t)
|
||||||
|
corenet_tcp_bind_clamd_port(clamd_t)
|
||||||
|
corenet_sendrecv_clamd_server_packets(clamd_t)
|
||||||
|
+corenet_tcp_bind_generic_port(clamd_t)
|
||||||
|
+corenet_tcp_connect_generic_port(clamd_t)
|
||||||
|
|
||||||
|
dev_read_rand(clamd_t)
|
||||||
|
dev_read_urand(clamd_t)
|
||||||
|
@@ -120,6 +128,9 @@
|
||||||
cron_use_system_job_fds(clamd_t)
|
cron_use_system_job_fds(clamd_t)
|
||||||
cron_rw_pipes(clamd_t)
|
cron_rw_pipes(clamd_t)
|
||||||
|
|
||||||
|
@ -12393,7 +12402,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
amavis_read_lib_files(clamd_t)
|
amavis_read_lib_files(clamd_t)
|
||||||
amavis_read_spool_files(clamd_t)
|
amavis_read_spool_files(clamd_t)
|
||||||
@@ -127,6 +136,10 @@
|
@@ -127,6 +138,10 @@
|
||||||
amavis_create_pid_files(clamd_t)
|
amavis_create_pid_files(clamd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
@ -12404,7 +12413,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# Freshclam local policy
|
# Freshclam local policy
|
||||||
@@ -197,7 +210,7 @@
|
@@ -197,7 +212,7 @@
|
||||||
allow clamscan_t self:fifo_file rw_file_perms;
|
allow clamscan_t self:fifo_file rw_file_perms;
|
||||||
allow clamscan_t self:unix_stream_socket create_stream_socket_perms;
|
allow clamscan_t self:unix_stream_socket create_stream_socket_perms;
|
||||||
allow clamscan_t self:unix_dgram_socket create_socket_perms;
|
allow clamscan_t self:unix_dgram_socket create_socket_perms;
|
||||||
|
@ -12413,7 +12422,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
|
|
||||||
# configuration files
|
# configuration files
|
||||||
allow clamscan_t clamd_etc_t:dir list_dir_perms;
|
allow clamscan_t clamd_etc_t:dir list_dir_perms;
|
||||||
@@ -213,6 +226,14 @@
|
@@ -213,6 +228,14 @@
|
||||||
manage_files_pattern(clamscan_t, clamd_var_lib_t, clamd_var_lib_t)
|
manage_files_pattern(clamscan_t, clamd_var_lib_t, clamd_var_lib_t)
|
||||||
allow clamscan_t clamd_var_lib_t:dir list_dir_perms;
|
allow clamscan_t clamd_var_lib_t:dir list_dir_perms;
|
||||||
|
|
||||||
|
@ -12428,7 +12437,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
kernel_read_kernel_sysctls(clamscan_t)
|
kernel_read_kernel_sysctls(clamscan_t)
|
||||||
|
|
||||||
files_read_etc_files(clamscan_t)
|
files_read_etc_files(clamscan_t)
|
||||||
@@ -230,6 +251,12 @@
|
@@ -230,6 +253,12 @@
|
||||||
|
|
||||||
clamav_stream_connect(clamscan_t)
|
clamav_stream_connect(clamscan_t)
|
||||||
|
|
||||||
|
@ -14316,7 +14325,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
|
/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.5.4/policy/modules/services/dbus.if
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.5.4/policy/modules/services/dbus.if
|
||||||
--- nsaserefpolicy/policy/modules/services/dbus.if 2008-08-07 11:15:11.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/dbus.if 2008-08-07 11:15:11.000000000 -0400
|
||||||
+++ serefpolicy-3.5.4/policy/modules/services/dbus.if 2008-08-13 14:33:26.000000000 -0400
|
+++ serefpolicy-3.5.4/policy/modules/services/dbus.if 2008-08-13 15:01:27.000000000 -0400
|
||||||
@@ -53,6 +53,7 @@
|
@@ -53,6 +53,7 @@
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type system_dbusd_exec_t, system_dbusd_t, dbusd_etc_t;
|
type system_dbusd_exec_t, system_dbusd_t, dbusd_etc_t;
|
||||||
|
@ -14426,7 +14435,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
xserver_use_xdm_fds($1_dbusd_t)
|
xserver_use_xdm_fds($1_dbusd_t)
|
||||||
xserver_rw_xdm_pipes($1_dbusd_t)
|
xserver_rw_xdm_pipes($1_dbusd_t)
|
||||||
+ xserver_dontaudit_xdm_lib_search($1_dbusd_t)
|
+ xserver_dontaudit_xdm_lib_search($1_dbusd_t)
|
||||||
+ xserver_rw_xdm_home_files',`
|
+ xserver_rw_xdm_home_files($1_dbusd_t)
|
||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
|
@ -16365,7 +16374,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
+')
|
+')
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.5.4/policy/modules/services/ftp.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.5.4/policy/modules/services/ftp.te
|
||||||
--- nsaserefpolicy/policy/modules/services/ftp.te 2008-08-07 11:15:11.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/ftp.te 2008-08-07 11:15:11.000000000 -0400
|
||||||
+++ serefpolicy-3.5.4/policy/modules/services/ftp.te 2008-08-11 16:39:48.000000000 -0400
|
+++ serefpolicy-3.5.4/policy/modules/services/ftp.te 2008-08-13 14:54:18.000000000 -0400
|
||||||
@@ -75,6 +75,9 @@
|
@@ -75,6 +75,9 @@
|
||||||
type xferlog_t;
|
type xferlog_t;
|
||||||
logging_log_file(xferlog_t)
|
logging_log_file(xferlog_t)
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.5.4
|
Version: 3.5.4
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
|
@ -380,6 +380,9 @@ exit 0
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Aug 12 2008 Dan Walsh <dwalsh@redhat.com> 3.5.4-2
|
||||||
|
- Allow ifconfig_t to read dhcpc_state_t
|
||||||
|
|
||||||
* Mon Aug 11 2008 Dan Walsh <dwalsh@redhat.com> 3.5.4-1
|
* Mon Aug 11 2008 Dan Walsh <dwalsh@redhat.com> 3.5.4-1
|
||||||
- Update to upstream
|
- Update to upstream
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue