- Allow cron to search nfs and samba homedirs

This commit is contained in:
Daniel J Walsh 2007-09-18 14:45:04 +00:00
parent aeba2fc7e3
commit f6ec2754c5

View File

@ -4769,7 +4769,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
+/usr/local/Brother/inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0) +/usr/local/Brother/inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.0.8/policy/modules/services/cups.te diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.0.8/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2007-09-12 10:34:50.000000000 -0400 --- nsaserefpolicy/policy/modules/services/cups.te 2007-09-12 10:34:50.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/services/cups.te 2007-09-17 16:20:18.000000000 -0400 +++ serefpolicy-3.0.8/policy/modules/services/cups.te 2007-09-18 10:43:40.000000000 -0400
@@ -81,12 +81,11 @@ @@ -81,12 +81,11 @@
# /usr/lib/cups/backend/serial needs sys_admin(?!) # /usr/lib/cups/backend/serial needs sys_admin(?!)
allow cupsd_t self:capability { sys_admin dac_override dac_read_search kill setgid setuid fsetid net_bind_service fowner chown dac_override sys_resource sys_tty_config }; allow cupsd_t self:capability { sys_admin dac_override dac_read_search kill setgid setuid fsetid net_bind_service fowner chown dac_override sys_resource sys_tty_config };
@ -4847,7 +4847,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
files_list_world_readable(cupsd_t) files_list_world_readable(cupsd_t)
files_read_world_readable_files(cupsd_t) files_read_world_readable_files(cupsd_t)
files_read_world_readable_symlinks(cupsd_t) files_read_world_readable_symlinks(cupsd_t)
@@ -221,17 +228,37 @@ @@ -202,6 +209,7 @@
files_dontaudit_getattr_all_tmp_files(cupsd_t)
selinux_compute_access_vector(cupsd_t)
+selinux_validate_context(cupsd_t)
init_exec_script_files(cupsd_t)
@@ -221,17 +229,37 @@
sysnet_read_config(cupsd_t) sysnet_read_config(cupsd_t)
@ -4885,7 +4893,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
apm_domtrans_client(cupsd_t) apm_domtrans_client(cupsd_t)
') ')
@@ -263,16 +290,16 @@ @@ -263,16 +291,16 @@
') ')
optional_policy(` optional_policy(`
@ -4906,7 +4914,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
seutil_sigchld_newrole(cupsd_t) seutil_sigchld_newrole(cupsd_t)
') ')
@@ -377,6 +404,14 @@ @@ -377,6 +405,14 @@
') ')
optional_policy(` optional_policy(`
@ -4921,7 +4929,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
cron_system_entry(cupsd_config_t, cupsd_config_exec_t) cron_system_entry(cupsd_config_t, cupsd_config_exec_t)
') ')
@@ -560,7 +595,7 @@ @@ -560,7 +596,7 @@
dev_read_urand(hplip_t) dev_read_urand(hplip_t)
dev_read_rand(hplip_t) dev_read_rand(hplip_t)
dev_rw_generic_usb_dev(hplip_t) dev_rw_generic_usb_dev(hplip_t)
@ -4930,7 +4938,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
fs_getattr_all_fs(hplip_t) fs_getattr_all_fs(hplip_t)
fs_search_auto_mountpoints(hplip_t) fs_search_auto_mountpoints(hplip_t)
@@ -587,8 +622,6 @@ @@ -587,8 +623,6 @@
userdom_dontaudit_search_sysadm_home_dirs(hplip_t) userdom_dontaudit_search_sysadm_home_dirs(hplip_t)
userdom_dontaudit_search_all_users_home_content(hplip_t) userdom_dontaudit_search_all_users_home_content(hplip_t)