- Add file context for /dev/mspblk.*
This commit is contained in:
parent
f77dd2c9db
commit
f0375d509e
|
@ -218,6 +218,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/con
|
||||||
+system_r:sshd_t xguest_r:xguest_t
|
+system_r:sshd_t xguest_r:xguest_t
|
||||||
+system_r:crond_t xguest_r:xguest_crond_t
|
+system_r:crond_t xguest_r:xguest_crond_t
|
||||||
+system_r:xdm_t xguest_r:xguest_t
|
+system_r:xdm_t xguest_r:xguest_t
|
||||||
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-3.5.8/policy/flask/access_vectors
|
||||||
|
--- nsaserefpolicy/policy/flask/access_vectors 2008-08-07 11:15:00.000000000 -0400
|
||||||
|
+++ serefpolicy-3.5.8/policy/flask/access_vectors 2008-09-22 13:22:25.000000000 -0400
|
||||||
|
@@ -616,6 +616,7 @@
|
||||||
|
nlmsg_write
|
||||||
|
nlmsg_relay
|
||||||
|
nlmsg_readpriv
|
||||||
|
+ nlmsg_tty_audit
|
||||||
|
}
|
||||||
|
|
||||||
|
class netlink_ip6fw_socket
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.5.8/policy/global_tunables
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.5.8/policy/global_tunables
|
||||||
--- nsaserefpolicy/policy/global_tunables 2008-08-07 11:15:13.000000000 -0400
|
--- nsaserefpolicy/policy/global_tunables 2008-08-07 11:15:13.000000000 -0400
|
||||||
+++ serefpolicy-3.5.8/policy/global_tunables 2008-09-17 08:49:08.000000000 -0400
|
+++ serefpolicy-3.5.8/policy/global_tunables 2008-09-17 08:49:08.000000000 -0400
|
||||||
|
@ -870,7 +881,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
ifdef(`distro_suse', `
|
ifdef(`distro_suse', `
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.5.8/policy/modules/admin/rpm.if
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.5.8/policy/modules/admin/rpm.if
|
||||||
--- nsaserefpolicy/policy/modules/admin/rpm.if 2008-08-07 11:15:13.000000000 -0400
|
--- nsaserefpolicy/policy/modules/admin/rpm.if 2008-08-07 11:15:13.000000000 -0400
|
||||||
+++ serefpolicy-3.5.8/policy/modules/admin/rpm.if 2008-09-17 08:49:08.000000000 -0400
|
+++ serefpolicy-3.5.8/policy/modules/admin/rpm.if 2008-09-22 09:09:03.000000000 -0400
|
||||||
@@ -152,6 +152,24 @@
|
@@ -152,6 +152,24 @@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
@ -8049,7 +8060,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
#
|
#
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.5.8/policy/modules/kernel/kernel.if
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.5.8/policy/modules/kernel/kernel.if
|
||||||
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2008-08-07 11:15:01.000000000 -0400
|
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2008-08-07 11:15:01.000000000 -0400
|
||||||
+++ serefpolicy-3.5.8/policy/modules/kernel/kernel.if 2008-09-17 08:49:08.000000000 -0400
|
+++ serefpolicy-3.5.8/policy/modules/kernel/kernel.if 2008-09-22 12:18:03.000000000 -0400
|
||||||
@@ -1198,6 +1198,7 @@
|
@@ -1198,6 +1198,7 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
|
@ -8058,7 +8069,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -1768,6 +1769,7 @@
|
@@ -1234,6 +1235,7 @@
|
||||||
|
interface(`kernel_read_sysctl',`
|
||||||
|
gen_require(`
|
||||||
|
type sysctl_t;
|
||||||
|
+ type proc_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
list_dirs_pattern($1, proc_t, sysctl_t)
|
||||||
|
@@ -1768,6 +1770,7 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
dontaudit $1 sysctl_type:dir list_dir_perms;
|
dontaudit $1 sysctl_type:dir list_dir_perms;
|
||||||
|
@ -8066,7 +8085,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
@@ -2582,6 +2584,24 @@
|
@@ -2582,6 +2585,24 @@
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
|
@ -8271,6 +8290,25 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
neverallow ~{ selinux_unconfined_type can_load_policy } security_t:security load_policy;
|
neverallow ~{ selinux_unconfined_type can_load_policy } security_t:security load_policy;
|
||||||
neverallow ~{ selinux_unconfined_type can_setenforce } security_t:security setenforce;
|
neverallow ~{ selinux_unconfined_type can_setenforce } security_t:security setenforce;
|
||||||
neverallow ~{ selinux_unconfined_type can_setsecparam } security_t:security setsecparam;
|
neverallow ~{ selinux_unconfined_type can_setsecparam } security_t:security setsecparam;
|
||||||
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-3.5.8/policy/modules/kernel/storage.fc
|
||||||
|
--- nsaserefpolicy/policy/modules/kernel/storage.fc 2008-08-07 11:15:01.000000000 -0400
|
||||||
|
+++ serefpolicy-3.5.8/policy/modules/kernel/storage.fc 2008-09-22 12:22:40.000000000 -0400
|
||||||
|
@@ -27,6 +27,7 @@
|
||||||
|
/dev/mcdx? -b gen_context(system_u:object_r:removable_device_t,s0)
|
||||||
|
/dev/megadev.* -c gen_context(system_u:object_r:removable_device_t,s0)
|
||||||
|
/dev/mmcblk.* -b gen_context(system_u:object_r:removable_device_t,s0)
|
||||||
|
+/dev/mspblk.* -b gen_context(system_u:object_r:removable_device_t,s0)
|
||||||
|
/dev/nb[^/]+ -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
|
||||||
|
/dev/optcd -b gen_context(system_u:object_r:removable_device_t,s0)
|
||||||
|
/dev/p[fg][0-3] -b gen_context(system_u:object_r:removable_device_t,s0)
|
||||||
|
@@ -65,6 +66,7 @@
|
||||||
|
|
||||||
|
/dev/md/.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
|
||||||
|
/dev/mapper/.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
|
||||||
|
+/dev/mspblk.* -b gen_context(system_u:object_r:removable_device_t,s0)
|
||||||
|
|
||||||
|
/dev/raw/raw[0-9]+ -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
|
||||||
|
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.fc serefpolicy-3.5.8/policy/modules/roles/guest.fc
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.fc serefpolicy-3.5.8/policy/modules/roles/guest.fc
|
||||||
--- nsaserefpolicy/policy/modules/roles/guest.fc 1969-12-31 19:00:00.000000000 -0500
|
--- nsaserefpolicy/policy/modules/roles/guest.fc 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ serefpolicy-3.5.8/policy/modules/roles/guest.fc 2008-09-17 08:49:08.000000000 -0400
|
+++ serefpolicy-3.5.8/policy/modules/roles/guest.fc 2008-09-17 08:49:08.000000000 -0400
|
||||||
|
@ -19377,7 +19415,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.5.8/policy/modules/services/networkmanager.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.5.8/policy/modules/services/networkmanager.te
|
||||||
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2008-09-11 11:28:34.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2008-09-11 11:28:34.000000000 -0400
|
||||||
+++ serefpolicy-3.5.8/policy/modules/services/networkmanager.te 2008-09-17 08:49:08.000000000 -0400
|
+++ serefpolicy-3.5.8/policy/modules/services/networkmanager.te 2008-09-22 09:09:30.000000000 -0400
|
||||||
@@ -29,9 +29,9 @@
|
@@ -29,9 +29,9 @@
|
||||||
|
|
||||||
# networkmanager will ptrace itself if gdb is installed
|
# networkmanager will ptrace itself if gdb is installed
|
||||||
|
@ -19470,7 +19508,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
@@ -168,9 +184,16 @@
|
@@ -168,9 +184,17 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
@ -19483,6 +19521,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
+')
|
+')
|
||||||
+
|
+
|
||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
|
+ rpm_exec(NetworkManager_t)
|
||||||
+ rpm_read_db(NetworkManager_t)
|
+ rpm_read_db(NetworkManager_t)
|
||||||
+ rpm_dontaudit_manage_db(NetworkManager_t)
|
+ rpm_dontaudit_manage_db(NetworkManager_t)
|
||||||
')
|
')
|
||||||
|
@ -22006,7 +22045,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
')
|
')
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.5.8/policy/modules/services/prelude.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.5.8/policy/modules/services/prelude.te
|
||||||
--- nsaserefpolicy/policy/modules/services/prelude.te 2008-08-07 11:15:11.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/prelude.te 2008-08-07 11:15:11.000000000 -0400
|
||||||
+++ serefpolicy-3.5.8/policy/modules/services/prelude.te 2008-09-19 10:06:36.000000000 -0400
|
+++ serefpolicy-3.5.8/policy/modules/services/prelude.te 2008-09-22 09:13:31.000000000 -0400
|
||||||
@@ -13,18 +13,56 @@
|
@@ -13,18 +13,56 @@
|
||||||
type prelude_spool_t;
|
type prelude_spool_t;
|
||||||
files_type(prelude_spool_t)
|
files_type(prelude_spool_t)
|
||||||
|
@ -22074,7 +22113,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
corecmd_search_bin(prelude_t)
|
corecmd_search_bin(prelude_t)
|
||||||
|
|
||||||
corenet_all_recvfrom_unlabeled(prelude_t)
|
corenet_all_recvfrom_unlabeled(prelude_t)
|
||||||
@@ -56,6 +97,9 @@
|
@@ -56,15 +97,23 @@
|
||||||
corenet_tcp_sendrecv_all_if(prelude_t)
|
corenet_tcp_sendrecv_all_if(prelude_t)
|
||||||
corenet_tcp_sendrecv_all_nodes(prelude_t)
|
corenet_tcp_sendrecv_all_nodes(prelude_t)
|
||||||
corenet_tcp_bind_all_nodes(prelude_t)
|
corenet_tcp_bind_all_nodes(prelude_t)
|
||||||
|
@ -22084,14 +22123,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
|
|
||||||
dev_read_rand(prelude_t)
|
dev_read_rand(prelude_t)
|
||||||
dev_read_urand(prelude_t)
|
dev_read_urand(prelude_t)
|
||||||
@@ -65,6 +109,11 @@
|
|
||||||
|
+kernel_read_sysctl(prelude_t)
|
||||||
|
+
|
||||||
|
# Init script handling
|
||||||
|
domain_use_interactive_fds(prelude_t)
|
||||||
|
|
||||||
files_read_etc_files(prelude_t)
|
files_read_etc_files(prelude_t)
|
||||||
files_read_usr_files(prelude_t)
|
files_read_usr_files(prelude_t)
|
||||||
+files_search_tmp(prelude_t)
|
+files_search_tmp(prelude_t)
|
||||||
+
|
+
|
||||||
+files_search_tmp(prelude_t)
|
|
||||||
+
|
|
||||||
+fs_rw_anon_inodefs_files(prelude_t)
|
+fs_rw_anon_inodefs_files(prelude_t)
|
||||||
|
|
||||||
auth_use_nsswitch(prelude_t)
|
auth_use_nsswitch(prelude_t)
|
||||||
|
@ -22104,7 +22145,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
|
|
||||||
dev_read_rand(prelude_audisp_t)
|
dev_read_rand(prelude_audisp_t)
|
||||||
dev_read_urand(prelude_audisp_t)
|
dev_read_urand(prelude_audisp_t)
|
||||||
@@ -123,9 +173,122 @@
|
@@ -117,15 +167,129 @@
|
||||||
|
# Init script handling
|
||||||
|
domain_use_interactive_fds(prelude_audisp_t)
|
||||||
|
|
||||||
|
+kernel_read_sysctl(prelude_audisp_t)
|
||||||
|
+
|
||||||
|
files_read_etc_files(prelude_audisp_t)
|
||||||
|
|
||||||
|
libs_use_ld_so(prelude_audisp_t)
|
||||||
libs_use_shared_libs(prelude_audisp_t)
|
libs_use_shared_libs(prelude_audisp_t)
|
||||||
|
|
||||||
logging_send_syslog_msg(prelude_audisp_t)
|
logging_send_syslog_msg(prelude_audisp_t)
|
||||||
|
@ -22216,7 +22265,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
+
|
+
|
||||||
+miscfiles_read_localization(prelude_lml_t)
|
+miscfiles_read_localization(prelude_lml_t)
|
||||||
+
|
+
|
||||||
+# if prelude_lml wants to relay to a remote prelude-manager using dns
|
|
||||||
+sysnet_dns_name_resolve(prelude_lml_t)
|
+sysnet_dns_name_resolve(prelude_lml_t)
|
||||||
+
|
+
|
||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
|
@ -22227,7 +22275,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# prewikka_cgi Declarations
|
# prewikka_cgi Declarations
|
||||||
@@ -133,8 +296,19 @@
|
@@ -133,8 +297,19 @@
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
apache_content_template(prewikka)
|
apache_content_template(prewikka)
|
||||||
|
@ -28730,7 +28778,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
')
|
')
|
||||||
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.5.8/policy/modules/services/xserver.te
|
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.5.8/policy/modules/services/xserver.te
|
||||||
--- nsaserefpolicy/policy/modules/services/xserver.te 2008-08-07 11:15:11.000000000 -0400
|
--- nsaserefpolicy/policy/modules/services/xserver.te 2008-08-07 11:15:11.000000000 -0400
|
||||||
+++ serefpolicy-3.5.8/policy/modules/services/xserver.te 2008-09-17 08:49:09.000000000 -0400
|
+++ serefpolicy-3.5.8/policy/modules/services/xserver.te 2008-09-22 09:10:33.000000000 -0400
|
||||||
@@ -8,6 +8,14 @@
|
@@ -8,6 +8,14 @@
|
||||||
|
|
||||||
## <desc>
|
## <desc>
|
||||||
|
@ -29035,7 +29083,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
# Talk to the console mouse server.
|
# Talk to the console mouse server.
|
||||||
gpm_stream_connect(xdm_t)
|
gpm_stream_connect(xdm_t)
|
||||||
gpm_setattr_gpmctl(xdm_t)
|
gpm_setattr_gpmctl(xdm_t)
|
||||||
@@ -382,16 +485,32 @@
|
@@ -382,16 +485,33 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
@ -29045,6 +29093,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
+
|
+
|
||||||
+# On crash gdm execs gdb to dump stack
|
+# On crash gdm execs gdb to dump stack
|
||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
|
+ rpm_exec(xdm_t)
|
||||||
+ rpm_read_db(xdm_t)
|
+ rpm_read_db(xdm_t)
|
||||||
+ rpm_dontaudit_manage_db(xdm_t)
|
+ rpm_dontaudit_manage_db(xdm_t)
|
||||||
+')
|
+')
|
||||||
|
@ -29069,7 +29118,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
|
|
||||||
ifndef(`distro_redhat',`
|
ifndef(`distro_redhat',`
|
||||||
allow xdm_t self:process { execheap execmem };
|
allow xdm_t self:process { execheap execmem };
|
||||||
@@ -427,7 +546,7 @@
|
@@ -427,7 +547,7 @@
|
||||||
allow xdm_xserver_t xdm_var_lib_t:file { getattr read };
|
allow xdm_xserver_t xdm_var_lib_t:file { getattr read };
|
||||||
dontaudit xdm_xserver_t xdm_var_lib_t:dir search;
|
dontaudit xdm_xserver_t xdm_var_lib_t:dir search;
|
||||||
|
|
||||||
|
@ -29078,7 +29127,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
|
|
||||||
# Label pid and temporary files with derived types.
|
# Label pid and temporary files with derived types.
|
||||||
manage_files_pattern(xdm_xserver_t, xdm_tmp_t, xdm_tmp_t)
|
manage_files_pattern(xdm_xserver_t, xdm_tmp_t, xdm_tmp_t)
|
||||||
@@ -439,6 +558,15 @@
|
@@ -439,6 +559,15 @@
|
||||||
can_exec(xdm_xserver_t, xkb_var_lib_t)
|
can_exec(xdm_xserver_t, xkb_var_lib_t)
|
||||||
files_search_var_lib(xdm_xserver_t)
|
files_search_var_lib(xdm_xserver_t)
|
||||||
|
|
||||||
|
@ -29094,7 +29143,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
# VNC v4 module in X server
|
# VNC v4 module in X server
|
||||||
corenet_tcp_bind_vnc_port(xdm_xserver_t)
|
corenet_tcp_bind_vnc_port(xdm_xserver_t)
|
||||||
|
|
||||||
@@ -450,10 +578,19 @@
|
@@ -450,10 +579,19 @@
|
||||||
# xdm_xserver_t may no longer have any reason
|
# xdm_xserver_t may no longer have any reason
|
||||||
# to read ROLE_home_t - examine this in more detail
|
# to read ROLE_home_t - examine this in more detail
|
||||||
# (xauth?)
|
# (xauth?)
|
||||||
|
@ -29115,7 +29164,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
tunable_policy(`use_nfs_home_dirs',`
|
tunable_policy(`use_nfs_home_dirs',`
|
||||||
fs_manage_nfs_dirs(xdm_xserver_t)
|
fs_manage_nfs_dirs(xdm_xserver_t)
|
||||||
fs_manage_nfs_files(xdm_xserver_t)
|
fs_manage_nfs_files(xdm_xserver_t)
|
||||||
@@ -468,8 +605,19 @@
|
@@ -468,8 +606,19 @@
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
dbus_system_bus_client_template(xdm_xserver, xdm_xserver_t)
|
dbus_system_bus_client_template(xdm_xserver, xdm_xserver_t)
|
||||||
|
@ -29135,7 +29184,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
resmgr_stream_connect(xdm_t)
|
resmgr_stream_connect(xdm_t)
|
||||||
@@ -481,8 +629,25 @@
|
@@ -481,8 +630,25 @@
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
@ -29163,7 +29212,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
|
|
||||||
ifndef(`distro_redhat',`
|
ifndef(`distro_redhat',`
|
||||||
allow xdm_xserver_t self:process { execheap execmem };
|
allow xdm_xserver_t self:process { execheap execmem };
|
||||||
@@ -491,7 +656,6 @@
|
@@ -491,7 +657,6 @@
|
||||||
ifdef(`distro_rhel4',`
|
ifdef(`distro_rhel4',`
|
||||||
allow xdm_xserver_t self:process { execheap execmem };
|
allow xdm_xserver_t self:process { execheap execmem };
|
||||||
')
|
')
|
||||||
|
@ -29171,7 +29220,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@@ -544,3 +708,56 @@
|
@@ -544,3 +709,56 @@
|
||||||
#
|
#
|
||||||
allow pam_t xdm_t:fifo_file { getattr ioctl write };
|
allow pam_t xdm_t:fifo_file { getattr ioctl write };
|
||||||
') dnl end TODO
|
') dnl end TODO
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
Summary: SELinux policy configuration
|
Summary: SELinux policy configuration
|
||||||
Name: selinux-policy
|
Name: selinux-policy
|
||||||
Version: 3.5.8
|
Version: 3.5.8
|
||||||
Release: 4%{?dist}
|
Release: 5%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: serefpolicy-%{version}.tgz
|
Source: serefpolicy-%{version}.tgz
|
||||||
|
@ -381,6 +381,9 @@ exit 0
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Sep 22 2008 Dan Walsh <dwalsh@redhat.com> 3.5.8-5
|
||||||
|
- Add file context for /dev/mspblk.*
|
||||||
|
|
||||||
* Sun Sep 21 2008 Dan Walsh <dwalsh@redhat.com> 3.5.8-4
|
* Sun Sep 21 2008 Dan Walsh <dwalsh@redhat.com> 3.5.8-4
|
||||||
- Fix transition to nsplugin
|
- Fix transition to nsplugin
|
||||||
'
|
'
|
||||||
|
|
Loading…
Reference in New Issue