rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Allow xserver access to urand

Browse Source
This commit is contained in:
Daniel J Walsh 2007-08-18 11:54:11 +00:00
parent 7f6883ca6e
commit f012074e0f
2 changed files with 35 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
policy-20070703.patch
View File

@ -7027,8 +7027,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radi
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb.te serefpolicy-3.0.5/policy/modules/services/rhgb.te diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb.te serefpolicy-3.0.5/policy/modules/services/rhgb.te
--- nsaserefpolicy/policy/modules/services/rhgb.te 2007-07-25 10:37:42.000000000 -0400 --- nsaserefpolicy/policy/modules/services/rhgb.te 2007-07-25 10:37:42.000000000 -0400
+++ serefpolicy-3.0.5/policy/modules/services/rhgb.te 2007-08-07 09:39:49.000000000 -0400 +++ serefpolicy-3.0.5/policy/modules/services/rhgb.te 2007-08-18 06:24:55.000000000 -0400
@@ -109,6 +109,7 @@ @@ -59,6 +59,7 @@
corenet_sendrecv_all_client_packets(rhgb_t)
dev_read_sysfs(rhgb_t)
+dev_read_urand(rhgb_t)
domain_use_interactive_fds(rhgb_t)
@@ -109,6 +110,7 @@
userdom_dontaudit_use_unpriv_user_fds(rhgb_t) userdom_dontaudit_use_unpriv_user_fds(rhgb_t)
userdom_dontaudit_search_sysadm_home_dirs(rhgb_t) userdom_dontaudit_search_sysadm_home_dirs(rhgb_t)
@ -8106,8 +8114,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.0.5/policy/modules/services/xserver.if diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.0.5/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2007-07-03 07:06:27.000000000 -0400 --- nsaserefpolicy/policy/modules/services/xserver.if 2007-07-03 07:06:27.000000000 -0400
+++ serefpolicy-3.0.5/policy/modules/services/xserver.if 2007-08-07 09:39:49.000000000 -0400 +++ serefpolicy-3.0.5/policy/modules/services/xserver.if 2007-08-18 06:25:18.000000000 -0400
@@ -141,7 +141,7 @@ @@ -126,6 +126,8 @@
# read events - the synaptics touchpad driver reads raw events
dev_rw_input_dev($1_xserver_t)
dev_rwx_zero($1_xserver_t)
+ dev_read_urand($1_xserver_t)
+
domain_mmap_low($1_xserver_t)
@@ -141,7 +143,7 @@
fs_getattr_xattr_fs($1_xserver_t) fs_getattr_xattr_fs($1_xserver_t)
fs_search_nfs($1_xserver_t) fs_search_nfs($1_xserver_t)
fs_search_auto_mountpoints($1_xserver_t) fs_search_auto_mountpoints($1_xserver_t)
@ -8116,7 +8133,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
init_getpgid($1_xserver_t) init_getpgid($1_xserver_t)
@@ -353,12 +353,6 @@ @@ -353,12 +355,6 @@
# allow ps to show xauth # allow ps to show xauth
ps_process_pattern($2,$1_xauth_t) ps_process_pattern($2,$1_xauth_t)
@ -8129,7 +8146,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
domain_use_interactive_fds($1_xauth_t) domain_use_interactive_fds($1_xauth_t)
files_read_etc_files($1_xauth_t) files_read_etc_files($1_xauth_t)
@@ -387,6 +381,14 @@ @@ -387,6 +383,14 @@
') ')
optional_policy(` optional_policy(`
@ -8144,7 +8161,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
nis_use_ypbind($1_xauth_t) nis_use_ypbind($1_xauth_t)
') ')
@@ -537,16 +539,14 @@ @@ -537,16 +541,14 @@
gen_require(` gen_require(`
type xdm_t, xdm_tmp_t; type xdm_t, xdm_tmp_t;
@ -8163,7 +8180,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
# for when /tmp/.X11-unix is created by the system # for when /tmp/.X11-unix is created by the system
allow $2 xdm_t:fd use; allow $2 xdm_t:fd use;
@@ -555,25 +555,46 @@ @@ -555,25 +557,46 @@
allow $2 xdm_tmp_t:sock_file { read write }; allow $2 xdm_tmp_t:sock_file { read write };
dontaudit $2 xdm_t:tcp_socket { read write }; dontaudit $2 xdm_t:tcp_socket { read write };
@ -8219,7 +8236,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
') ')
') ')
@@ -626,6 +647,24 @@ @@ -626,6 +649,24 @@
######################################## ########################################
## <summary> ## <summary>
@ -8244,7 +8261,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
## Transition to a user Xauthority domain. ## Transition to a user Xauthority domain.
## </summary> ## </summary>
## <desc> ## <desc>
@@ -659,6 +698,73 @@ @@ -659,6 +700,73 @@
######################################## ########################################
## <summary> ## <summary>
@ -8318,7 +8335,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
## Transition to a user Xauthority domain. ## Transition to a user Xauthority domain.
## </summary> ## </summary>
## <desc> ## <desc>
@@ -1136,7 +1242,7 @@ @@ -1136,7 +1244,7 @@
type xdm_xserver_tmp_t; type xdm_xserver_tmp_t;
') ')
@ -8327,7 +8344,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
') ')
######################################## ########################################
@@ -1325,3 +1431,62 @@ @@ -1325,3 +1433,62 @@
files_search_tmp($1) files_search_tmp($1)
stream_connect_pattern($1,xdm_xserver_tmp_t,xdm_xserver_tmp_t,xdm_xserver_t) stream_connect_pattern($1,xdm_xserver_tmp_t,xdm_xserver_tmp_t,xdm_xserver_t)
') ')
@ -10802,7 +10819,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
+') +')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.0.5/policy/modules/system/selinuxutil.te diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.0.5/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2007-08-02 08:17:28.000000000 -0400 --- nsaserefpolicy/policy/modules/system/selinuxutil.te 2007-08-02 08:17:28.000000000 -0400
+++ serefpolicy-3.0.5/policy/modules/system/selinuxutil.te 2007-08-07 09:39:49.000000000 -0400 +++ serefpolicy-3.0.5/policy/modules/system/selinuxutil.te 2007-08-15 06:15:41.000000000 -0400
@@ -76,7 +76,6 @@ @@ -76,7 +76,6 @@
type restorecond_exec_t; type restorecond_exec_t;
init_daemon_domain(restorecond_t,restorecond_exec_t) init_daemon_domain(restorecond_t,restorecond_exec_t)

7
selinux-policy.spec
View File

@ -17,7 +17,7 @@
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.0.5 Version: 3.0.5
Release: 7%{?dist} Release: 8%{?dist}
License: GPL License: GPL
Group: System Environment/Base Group: System Environment/Base
Source: serefpolicy-%{version}.tgz Source: serefpolicy-%{version}.tgz
@ -288,7 +288,7 @@ SELinux Reference policy targeted base module.
%saveFileContext targeted %saveFileContext targeted
%post targeted %post targeted
semodule -r moilscanner 2>/dev/null semodule -s targeted -r moilscanner 2>/dev/null
%loadpolicy targeted %loadpolicy targeted
%relabel targeted %relabel targeted
exit 0 exit 0
@ -360,6 +360,9 @@ exit 0
%endif %endif
%changelog %changelog
* Sat Aug 18 2007 Dan Walsh <dwalsh@redhat.com> 3.0.5-8
- Allow xserver access to urand
* Tue Aug 14 2007 Dan Walsh <dwalsh@redhat.com> 3.0.5-7 * Tue Aug 14 2007 Dan Walsh <dwalsh@redhat.com> 3.0.5-7
- allow dovecot to search mountpoints - allow dovecot to search mountpoints