- Allow cron to search nfs and samba homedirs

2007-09-18 14:45:04 +00:00 · 2007-09-18 14:45:04 +00:00 · f6ec2754c5
commit f6ec2754c5
parent aeba2fc7e3
1 changed files with 14 additions and 6 deletions
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@ -4769,7 +4769,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
 +/usr/local/Brother/inf(/.*)?	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.0.8/policy/modules/services/cups.te
 --- nsaserefpolicy/policy/modules/services/cups.te	2007-09-12 10:34:50.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/cups.te	2007-09-17 16:20:18.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/services/cups.te	2007-09-18 10:43:40.000000000 -0400
@@ -81,12 +81,11 @@
 # /usr/lib/cups/backend/serial needs sys_admin(?!)
 allow cupsd_t self:capability { sys_admin dac_override dac_read_search kill setgid setuid fsetid net_bind_service fowner chown dac_override sys_resource sys_tty_config };
@ -4847,7 +4847,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
 files_list_world_readable(cupsd_t)
 files_read_world_readable_files(cupsd_t)
 files_read_world_readable_symlinks(cupsd_t)
-@@ -221,17 +228,37 @@
+@@ -202,6 +209,7 @@
 files_dontaudit_getattr_all_tmp_files(cupsd_t)
 selinux_compute_access_vector(cupsd_t)
 +selinux_validate_context(cupsd_t)
 init_exec_script_files(cupsd_t)
@@ -221,17 +229,37 @@
 sysnet_read_config(cupsd_t)
@ -4885,7 +4893,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
 	apm_domtrans_client(cupsd_t)
 ')
-@@ -263,16 +290,16 @@
+@@ -263,16 +291,16 @@
 ')
 optional_policy(`
@ -4906,7 +4914,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
 	seutil_sigchld_newrole(cupsd_t)
 ')
-@@ -377,6 +404,14 @@
+@@ -377,6 +405,14 @@
 ')
 optional_policy(`
@ -4921,7 +4929,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
 	cron_system_entry(cupsd_config_t, cupsd_config_exec_t)
 ')
-@@ -560,7 +595,7 @@
+@@ -560,7 +596,7 @@
 dev_read_urand(hplip_t)
 dev_read_rand(hplip_t)
 dev_rw_generic_usb_dev(hplip_t)
@ -4930,7 +4938,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
 fs_getattr_all_fs(hplip_t)
 fs_search_auto_mountpoints(hplip_t)
-@@ -587,8 +622,6 @@
+@@ -587,8 +623,6 @@
 userdom_dontaudit_search_sysadm_home_dirs(hplip_t)
 userdom_dontaudit_search_all_users_home_content(hplip_t)