- Allow confined users to login with dbus
This commit is contained in:
Daniel J Walsh
parent
a80e7ac6a3
commit
ed32c64290
@ -14730,7 +14730,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.5.8/policy/modules/services/dbus.if
|
||||
--- nsaserefpolicy/policy/modules/services/dbus.if 2008-08-07 11:15:11.000000000 -0400
|
||||
+++ serefpolicy-3.5.8/policy/modules/services/dbus.if 2008-09-17 08:49:08.000000000 -0400
|
||||
+++ serefpolicy-3.5.8/policy/modules/services/dbus.if 2008-09-23 15:34:03.000000000 -0400
|
||||
@@ -53,6 +53,7 @@
|
||||
gen_require(`
|
||||
type system_dbusd_exec_t, system_dbusd_t, dbusd_etc_t;
|
||||
@ -14748,7 +14748,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
type $1_dbusd_tmp_t;
|
||||
files_tmp_file($1_dbusd_tmp_t)
|
||||
|
||||
@@ -84,14 +83,18 @@
|
||||
@@ -84,14 +83,19 @@
|
||||
allow $1_dbusd_t self:tcp_socket create_stream_socket_perms;
|
||||
allow $1_dbusd_t self:netlink_selinux_socket create_socket_perms;
|
||||
|
||||
@ -14760,6 +14760,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
- type_change $2 $1_dbusd_t:dbus $1_dbusd_$1_t;
|
||||
+ allow $2 $1_dbusd_t:unix_stream_socket { getattr connectto };
|
||||
+ allow $2 $1_dbusd_t:unix_dgram_socket getattr;
|
||||
+ allow $1_dbusd_t $2:unix_stream_socket rw_socket_perms;
|
||||
|
||||
# SE-DBus specific permissions
|
||||
- allow $1_dbusd_$1_t { $1_dbusd_t self }:dbus send_msg;
|
||||
@ -14771,7 +14772,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
allow $1_dbusd_t dbusd_etc_t:dir list_dir_perms;
|
||||
read_files_pattern($1_dbusd_t, dbusd_etc_t, dbusd_etc_t)
|
||||
@@ -102,10 +105,9 @@
|
||||
@@ -102,10 +106,9 @@
|
||||
files_tmp_filetrans($1_dbusd_t, $1_dbusd_tmp_t, { file dir })
|
||||
|
||||
domtrans_pattern($2, system_dbusd_exec_t, $1_dbusd_t)
|
||||
@ -14784,7 +14785,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
allow $1_dbusd_t $2:process sigkill;
|
||||
allow $2 $1_dbusd_t:fd use;
|
||||
allow $2 $1_dbusd_t:fifo_file rw_fifo_file_perms;
|
||||
@@ -115,8 +117,8 @@
|
||||
@@ -115,8 +118,8 @@
|
||||
kernel_read_kernel_sysctls($1_dbusd_t)
|
||||
|
||||
corecmd_list_bin($1_dbusd_t)
|
||||
@ -14794,7 +14795,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
corecmd_read_bin_pipes($1_dbusd_t)
|
||||
corecmd_read_bin_sockets($1_dbusd_t)
|
||||
|
||||
@@ -139,6 +141,7 @@
|
||||
@@ -139,6 +142,7 @@
|
||||
|
||||
fs_getattr_romfs($1_dbusd_t)
|
||||
fs_getattr_xattr_fs($1_dbusd_t)
|
||||
@ -14802,7 +14803,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
selinux_get_fs_mount($1_dbusd_t)
|
||||
selinux_validate_context($1_dbusd_t)
|
||||
@@ -161,12 +164,24 @@
|
||||
@@ -161,12 +165,24 @@
|
||||
seutil_read_config($1_dbusd_t)
|
||||
seutil_read_default_contexts($1_dbusd_t)
|
||||
|
||||
@ -14828,7 +14829,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
tunable_policy(`read_default_t',`
|
||||
files_list_default($1_dbusd_t)
|
||||
files_read_default_files($1_dbusd_t)
|
||||
@@ -180,8 +195,15 @@
|
||||
@@ -180,9 +196,17 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -14842,9 +14843,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+ xserver_dontaudit_xdm_lib_search($1_dbusd_t)
|
||||
+ xserver_rw_xdm_home_files($1_dbusd_t)
|
||||
')
|
||||
+
|
||||
')
|
||||
|
||||
@@ -207,14 +229,12 @@
|
||||
#######################################
|
||||
@@ -207,14 +231,12 @@
|
||||
type system_dbusd_t, system_dbusd_t;
|
||||
type system_dbusd_var_run_t, system_dbusd_var_lib_t;
|
||||
class dbus send_msg;
|
||||
@ -14862,7 +14865,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
read_files_pattern($2, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
|
||||
files_search_var_lib($2)
|
||||
@@ -223,6 +243,10 @@
|
||||
@@ -223,6 +245,10 @@
|
||||
files_search_pids($2)
|
||||
stream_connect_pattern($2, system_dbusd_var_run_t, system_dbusd_var_run_t, system_dbusd_t)
|
||||
dbus_read_config($2)
|
||||
@ -14873,7 +14876,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
#######################################
|
||||
@@ -251,18 +275,16 @@
|
||||
@@ -251,18 +277,16 @@
|
||||
template(`dbus_user_bus_client_template',`
|
||||
gen_require(`
|
||||
type $1_dbusd_t;
|
||||
@ -14894,7 +14897,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -292,6 +314,55 @@
|
||||
@@ -292,6 +316,55 @@
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
@ -14950,7 +14953,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
## Read dbus configuration.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
@@ -366,3 +437,75 @@
|
||||
@@ -366,3 +439,75 @@
|
||||
|
||||
allow $1 system_dbusd_t:dbus *;
|
||||
')
|
||||
@ -15028,7 +15031,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+')
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.5.8/policy/modules/services/dbus.te
|
||||
--- nsaserefpolicy/policy/modules/services/dbus.te 2008-08-07 11:15:11.000000000 -0400
|
||||
+++ serefpolicy-3.5.8/policy/modules/services/dbus.te 2008-09-17 08:49:08.000000000 -0400
|
||||
+++ serefpolicy-3.5.8/policy/modules/services/dbus.te 2008-09-23 15:32:31.000000000 -0400
|
||||
@@ -9,9 +9,10 @@
|
||||
#
|
||||
# Delcarations
|
||||
@ -15115,6 +15118,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
+ consolekit_dbus_chat(system_dbusd_t)
|
||||
+')
|
||||
+
|
||||
+optional_policy(`
|
||||
+ gnome_exec_gconf(system_dbusd_t)
|
||||
+')
|
||||
+
|
||||
@ -15136,10 +15143,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
+
|
||||
+optional_policy(`
|
||||
+ consolekit_dbus_chat(system_dbusd_t)
|
||||
+')
|
||||
+
|
||||
+optional_policy(`
|
||||
+ gen_require(`
|
||||
+ type unconfined_dbusd_t;
|
||||
+ ')
|
||||
@ -19515,7 +19518,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+/var/run/nm-dhclient.* gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.5.8/policy/modules/services/networkmanager.if
|
||||
--- nsaserefpolicy/policy/modules/services/networkmanager.if 2008-09-11 11:28:34.000000000 -0400
|
||||
+++ serefpolicy-3.5.8/policy/modules/services/networkmanager.if 2008-09-17 08:49:08.000000000 -0400
|
||||
+++ serefpolicy-3.5.8/policy/modules/services/networkmanager.if 2008-09-23 11:18:34.000000000 -0400
|
||||
@@ -118,6 +118,24 @@
|
||||
|
||||
########################################
|
||||
@ -19543,13 +19546,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
## <param name="domain">
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.5.8/policy/modules/services/networkmanager.te
|
||||
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2008-09-11 11:28:34.000000000 -0400
|
||||
+++ serefpolicy-3.5.8/policy/modules/services/networkmanager.te 2008-09-22 09:09:30.000000000 -0400
|
||||
+++ serefpolicy-3.5.8/policy/modules/services/networkmanager.te 2008-09-23 16:02:33.000000000 -0400
|
||||
@@ -29,9 +29,9 @@
|
||||
|
||||
# networkmanager will ptrace itself if gdb is installed
|
||||
# and it receives a unexpected signal (rh bug #204161)
|
||||
-allow NetworkManager_t self:capability { kill setgid setuid dac_override net_admin net_raw net_bind_service ipc_lock };
|
||||
+allow NetworkManager_t self:capability { chown fsetid kill setgid setuid sys_nice dac_override net_admin net_raw net_bind_service ipc_lock };
|
||||
+allow NetworkManager_t self:capability { chown fsetid kill setgid setuid sys_admin sys_nice dac_override net_admin net_raw net_bind_service ipc_lock };
|
||||
dontaudit NetworkManager_t self:capability { sys_tty_config sys_ptrace };
|
||||
-allow NetworkManager_t self:process { ptrace setcap setpgid getsched signal_perms };
|
||||
+allow NetworkManager_t self:process { ptrace getcap setcap setpgid getsched setsched signal_perms };
|
||||
@ -21909,7 +21912,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
/etc/ppp(/.*)? -- gen_context(system_u:object_r:pppd_etc_rw_t,s0)
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.5.8/policy/modules/services/ppp.if
|
||||
--- nsaserefpolicy/policy/modules/services/ppp.if 2008-09-11 11:28:34.000000000 -0400
|
||||
+++ serefpolicy-3.5.8/policy/modules/services/ppp.if 2008-09-17 08:49:08.000000000 -0400
|
||||
+++ serefpolicy-3.5.8/policy/modules/services/ppp.if 2008-09-23 15:53:43.000000000 -0400
|
||||
@@ -310,6 +310,24 @@
|
||||
|
||||
########################################
|
||||
@ -26773,7 +26776,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.5.8/policy/modules/services/squid.te
|
||||
--- nsaserefpolicy/policy/modules/services/squid.te 2008-08-07 11:15:11.000000000 -0400
|
||||
+++ serefpolicy-3.5.8/policy/modules/services/squid.te 2008-09-17 08:49:09.000000000 -0400
|
||||
+++ serefpolicy-3.5.8/policy/modules/services/squid.te 2008-09-23 15:23:35.000000000 -0400
|
||||
@@ -31,12 +31,15 @@
|
||||
type squid_var_run_t;
|
||||
files_pid_file(squid_var_run_t)
|
||||
@ -26829,7 +26832,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
libs_use_ld_so(squid_t)
|
||||
libs_use_shared_libs(squid_t)
|
||||
@@ -149,11 +158,7 @@
|
||||
@@ -146,14 +155,11 @@
|
||||
|
||||
tunable_policy(`squid_connect_any',`
|
||||
corenet_tcp_connect_all_ports(squid_t)
|
||||
+ corenet_tcp_bind_all_ports(squid_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -26842,7 +26849,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -168,7 +173,12 @@
|
||||
@@ -168,7 +174,12 @@
|
||||
udev_read_db(squid_t)
|
||||
')
|
||||
|
||||
@ -30107,7 +30114,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
#
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.5.8/policy/modules/system/init.if
|
||||
--- nsaserefpolicy/policy/modules/system/init.if 2008-09-12 10:48:05.000000000 -0400
|
||||
+++ serefpolicy-3.5.8/policy/modules/system/init.if 2008-09-17 08:49:09.000000000 -0400
|
||||
+++ serefpolicy-3.5.8/policy/modules/system/init.if 2008-09-23 11:15:16.000000000 -0400
|
||||
@@ -278,6 +278,27 @@
|
||||
kernel_dontaudit_use_fds($1)
|
||||
')
|
||||
@ -30320,7 +30327,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+')
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.5.8/policy/modules/system/init.te
|
||||
--- nsaserefpolicy/policy/modules/system/init.te 2008-09-12 10:48:05.000000000 -0400
|
||||
+++ serefpolicy-3.5.8/policy/modules/system/init.te 2008-09-17 08:49:09.000000000 -0400
|
||||
+++ serefpolicy-3.5.8/policy/modules/system/init.te 2008-09-23 15:44:50.000000000 -0400
|
||||
@@ -17,6 +17,20 @@
|
||||
## </desc>
|
||||
gen_tunable(init_upstart,false)
|
||||
@ -30393,7 +30400,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
nscd_socket_use(init_t)
|
||||
')
|
||||
|
||||
@@ -204,7 +230,7 @@
|
||||
@@ -204,9 +230,10 @@
|
||||
#
|
||||
|
||||
allow initrc_t self:process { getpgid setsched setpgid setrlimit getsched };
|
||||
@ -30401,8 +30408,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
+allow initrc_t self:capability ~{ audit_control audit_write sys_admin sys_module };
|
||||
dontaudit initrc_t self:capability sys_module; # sysctl is triggering this
|
||||
allow initrc_t self:passwd rootok;
|
||||
+allow initrc_t self:key { search };
|
||||
|
||||
@@ -219,7 +245,8 @@
|
||||
# Allow IPC with self
|
||||
allow initrc_t self:unix_dgram_socket create_socket_perms;
|
||||
@@ -219,7 +246,8 @@
|
||||
term_create_pty(initrc_t,initrc_devpts_t)
|
||||
|
||||
# Going to single user mode
|
||||
@ -30412,7 +30422,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
can_exec(initrc_t, init_script_file_type)
|
||||
|
||||
@@ -232,6 +259,7 @@
|
||||
@@ -232,6 +260,7 @@
|
||||
|
||||
allow initrc_t initrc_var_run_t:file manage_file_perms;
|
||||
files_pid_filetrans(initrc_t,initrc_var_run_t,file)
|
||||
@ -30420,7 +30430,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
can_exec(initrc_t,initrc_tmp_t)
|
||||
allow initrc_t initrc_tmp_t:file manage_file_perms;
|
||||
@@ -276,7 +304,7 @@
|
||||
@@ -276,7 +305,7 @@
|
||||
dev_read_sound_mixer(initrc_t)
|
||||
dev_write_sound_mixer(initrc_t)
|
||||
dev_setattr_all_chr_files(initrc_t)
|
||||
@ -30429,7 +30439,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
dev_delete_lvm_control_dev(initrc_t)
|
||||
dev_manage_generic_symlinks(initrc_t)
|
||||
dev_manage_generic_files(initrc_t)
|
||||
@@ -521,6 +549,31 @@
|
||||
@@ -371,6 +400,7 @@
|
||||
libs_use_shared_libs(initrc_t)
|
||||
libs_exec_lib_files(initrc_t)
|
||||
|
||||
+logging_send_audit_msgs(initrc_t)
|
||||
logging_send_syslog_msg(initrc_t)
|
||||
logging_manage_generic_logs(initrc_t)
|
||||
logging_read_all_logs(initrc_t)
|
||||
@@ -521,6 +551,31 @@
|
||||
')
|
||||
')
|
||||
|
||||
@ -30461,7 +30479,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
optional_policy(`
|
||||
amavis_search_lib(initrc_t)
|
||||
amavis_setattr_pid_files(initrc_t)
|
||||
@@ -579,6 +632,10 @@
|
||||
@@ -579,6 +634,10 @@
|
||||
dbus_read_config(initrc_t)
|
||||
|
||||
optional_policy(`
|
||||
@ -30472,7 +30490,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
networkmanager_dbus_chat(initrc_t)
|
||||
')
|
||||
')
|
||||
@@ -664,12 +721,6 @@
|
||||
@@ -664,12 +723,6 @@
|
||||
mta_read_config(initrc_t)
|
||||
mta_dontaudit_read_spool_symlinks(initrc_t)
|
||||
')
|
||||
@ -30485,7 +30503,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
optional_policy(`
|
||||
ifdef(`distro_redhat',`
|
||||
@@ -730,6 +781,9 @@
|
||||
@@ -730,6 +783,9 @@
|
||||
|
||||
# why is this needed:
|
||||
rpm_manage_db(initrc_t)
|
||||
@ -30495,7 +30513,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -742,10 +796,12 @@
|
||||
@@ -742,10 +798,12 @@
|
||||
squid_manage_logs(initrc_t)
|
||||
')
|
||||
|
||||
@ -30508,7 +30526,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
|
||||
optional_policy(`
|
||||
ssh_dontaudit_read_server_keys(initrc_t)
|
||||
@@ -763,6 +819,11 @@
|
||||
@@ -763,6 +821,11 @@
|
||||
uml_setattr_util_sockets(initrc_t)
|
||||
')
|
||||
|
||||
@ -30520,7 +30538,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
optional_policy(`
|
||||
unconfined_domain(initrc_t)
|
||||
|
||||
@@ -777,6 +838,10 @@
|
||||
@@ -777,6 +840,10 @@
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -30531,7 +30549,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
vmware_read_system_config(initrc_t)
|
||||
vmware_append_system_config(initrc_t)
|
||||
')
|
||||
@@ -799,3 +864,11 @@
|
||||
@@ -799,3 +866,11 @@
|
||||
optional_policy(`
|
||||
zebra_read_config(initrc_t)
|
||||
')
|
||||
@ -32469,8 +32487,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||
')
|
||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.5.8/policy/modules/system/sysnetwork.fc
|
||||
--- nsaserefpolicy/policy/modules/system/sysnetwork.fc 2008-08-07 11:15:12.000000000 -0400
|
||||
+++ serefpolicy-3.5.8/policy/modules/system/sysnetwork.fc 2008-09-17 08:49:09.000000000 -0400
|
||||
@@ -57,3 +57,5 @@
|
||||
+++ serefpolicy-3.5.8/policy/modules/system/sysnetwork.fc 2008-09-23 14:00:14.000000000 -0400
|
||||
@@ -11,6 +11,7 @@
|
||||
/etc/dhclient-script -- gen_context(system_u:object_r:dhcp_etc_t,s0)
|
||||
/etc/dhcpc.* gen_context(system_u:object_r:dhcp_etc_t,s0)
|
||||
/etc/dhcpd\.conf -- gen_context(system_u:object_r:dhcp_etc_t,s0)
|
||||
+/etc/hosts -- gen_context(system_u:object_r:net_conf_t,s0)
|
||||
/etc/resolv\.conf.* -- gen_context(system_u:object_r:net_conf_t,s0)
|
||||
/etc/yp\.conf.* -- gen_context(system_u:object_r:net_conf_t,s0)
|
||||
|
||||
@@ -57,3 +58,5 @@
|
||||
ifdef(`distro_gentoo',`
|
||||
/var/lib/dhcpc(/.*)? gen_context(system_u:object_r:dhcpc_state_t,s0)
|
||||
')
|
||||
|
||||
@ -17,7 +17,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.5.8
|
||||
Release: 6%{?dist}
|
||||
Release: 7%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
@ -381,6 +381,9 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Sep 23 2008 Dan Walsh <dwalsh@redhat.com> 3.5.8-7
|
||||
- Allow confined users to login with dbus
|
||||
|
||||
* Mon Sep 22 2008 Dan Walsh <dwalsh@redhat.com> 3.5.8-6
|
||||
- Fix transition to nsplugin
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user