- Move users file to selection by spec file.
- Allow vncserver to run as unconfined_u:unconfined_r:unconfined_t
This commit is contained in:
Daniel J Walsh
parent
7723ea3a29
commit
fc05ac0660
|
|
@ -197,3 +197,4 @@ serefpolicy-3.7.3.tgz
|
|||
serefpolicy-3.7.4.tgz
|
||||
serefpolicy-3.7.5.tgz
|
||||
serefpolicy-3.7.6.tgz
|
||||
serefpolicy-3.7.7.tgz
|
||||
|
|
|
|||
|
|
@ -60,6 +60,13 @@ awstats = module
|
|||
#
|
||||
abrt = module
|
||||
|
||||
# Layer: services
|
||||
# Module: aiccu
|
||||
#
|
||||
# SixXS Automatic IPv6 Connectivity Client Utility
|
||||
#
|
||||
aiccu = module
|
||||
|
||||
# Layer: admin
|
||||
# Module: amanda
|
||||
#
|
||||
|
|
|
|||
2
nsadiff
2
nsadiff
|
|
@ -1 +1 @@
|
|||
diff --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.7.6 > /tmp/diff
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.7.7 > /tmp/diff
|
||||
|
|
|
|||
2386
policy-F13.patch
2386
policy-F13.patch
File diff suppressed because it is too large
Load Diff
|
|
@ -19,7 +19,7 @@
|
|||
%define CHECKPOLICYVER 2.0.21-1
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.7.6
|
||||
Version: 3.7.7
|
||||
Release: 1%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
|
|
@ -45,6 +45,10 @@ Source18: setrans-minimum.conf
|
|||
Source19: securetty_types-minimum
|
||||
Source20: customizable_types
|
||||
Source21: config.tgz
|
||||
Source22: users-mls
|
||||
Source23: users-targeted
|
||||
Source24: users-olpc
|
||||
Source25: users-minimum
|
||||
|
||||
Url: http://oss.tresys.com/repos/refpolicy/
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
|
|
@ -98,6 +102,7 @@ make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOL
|
|||
make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 conf \
|
||||
cp -f $RPM_SOURCE_DIR/modules-%1.conf ./policy/modules.conf \
|
||||
cp -f $RPM_SOURCE_DIR/booleans-%1.conf ./policy/booleans.conf \
|
||||
cp -f $RPM_SOURCE_DIR/users-%1 ./policy/users \
|
||||
|
||||
%define moduleList() %([ -f %{_sourcedir}/modules-%{1}.conf ] && \
|
||||
awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "%%s.pp.bz2 ", $1 }' %{_sourcedir}/modules-%{1}.conf )
|
||||
|
|
@ -450,6 +455,10 @@ exit 0
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Jan 7 2010 Dan Walsh <dwalsh@redhat.com> 3.7.7-1
|
||||
- Move users file to selection by spec file.
|
||||
- Allow vncserver to run as unconfined_u:unconfined_r:unconfined_t
|
||||
|
||||
* Thu Jan 7 2010 Dan Walsh <dwalsh@redhat.com> 3.7.6-1
|
||||
- Update to upstream
|
||||
|
||||
|
|
|
|||
2
sources
2
sources
|
|
@ -1,2 +1,2 @@
|
|||
3651679c4b12a31d2ba5f4305bba5540 config.tgz
|
||||
0e56f0205d64ac083d61ec1d15873df7 serefpolicy-3.7.6.tgz
|
||||
2cec5f31faaf708d21bbcffabde5533d serefpolicy-3.7.7.tgz
|
||||
|
|
|
|||
|
|
@ -0,0 +1,38 @@
|
|||
##################################
|
||||
#
|
||||
# Core User configuration.
|
||||
#
|
||||
|
||||
#
|
||||
# gen_user(username, prefix, role_set, mls_defaultlevel, mls_range, [mcs_catetories])
|
||||
#
|
||||
# Note: Identities without a prefix wil not be listed
|
||||
# in the users_extra file used by genhomedircon.
|
||||
|
||||
#
|
||||
# system_u is the user identity for system processes and objects.
|
||||
# There should be no corresponding Unix user identity for system,
|
||||
# and a user process should never be assigned the system user
|
||||
# identity.
|
||||
#
|
||||
gen_user(system_u,, system_r unconfined_u, s0, s0 - mls_systemhigh, mcs_allcats)
|
||||
|
||||
#
|
||||
# user_u is a generic user identity for Linux users who have no
|
||||
# SELinux user identity defined. The modified daemons will use
|
||||
# this user identity in the security context if there is no matching
|
||||
# SELinux user identity for a Linux user. If you do not want to
|
||||
# permit any access to such users, then remove this entry.
|
||||
#
|
||||
gen_user(user_u, user, user_r, s0, s0)
|
||||
gen_user(staff_u, user, staff_r system_r sysadm_r unconfined_r, s0, s0 - mls_systemhigh, mcs_allcats)
|
||||
gen_user(sysadm_u, user, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats)
|
||||
|
||||
#
|
||||
# The following users correspond to Unix identities.
|
||||
# These identities are typically assigned as the user attribute
|
||||
# when login starts the user shell. Users with access to the sysadm_r
|
||||
# role should use the staff_r role instead of the user_r role when
|
||||
# not in the sysadm_r.
|
||||
#
|
||||
gen_user(root, user, unconfined_r sysadm_r staff_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
##################################
|
||||
#
|
||||
# Core User configuration.
|
||||
#
|
||||
|
||||
#
|
||||
# gen_user(username, prefix, role_set, mls_defaultlevel, mls_range, [mcs_catetories])
|
||||
#
|
||||
# Note: Identities without a prefix wil not be listed
|
||||
# in the users_extra file used by genhomedircon.
|
||||
|
||||
#
|
||||
# system_u is the user identity for system processes and objects.
|
||||
# There should be no corresponding Unix user identity for system,
|
||||
# and a user process should never be assigned the system user
|
||||
# identity.
|
||||
#
|
||||
gen_user(system_u,, system_r, s0, s0 - mls_systemhigh, mcs_allcats)
|
||||
|
||||
#
|
||||
# user_u is a generic user identity for Linux users who have no
|
||||
# SELinux user identity defined. The modified daemons will use
|
||||
# this user identity in the security context if there is no matching
|
||||
# SELinux user identity for a Linux user. If you do not want to
|
||||
# permit any access to such users, then remove this entry.
|
||||
#
|
||||
gen_user(user_u, user, user_r, s0, s0)
|
||||
gen_user(staff_u, user, staff_r system_r sysadm_r secadm_r auditadm_r, s0, s0 - mls_systemhigh, mcs_allcats)
|
||||
gen_user(sysadm_u, user, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats)
|
||||
|
||||
#
|
||||
# The following users correspond to Unix identities.
|
||||
# These identities are typically assigned as the user attribute
|
||||
# when login starts the user shell. Users with access to the sysadm_r
|
||||
# role should use the staff_r role instead of the user_r role when
|
||||
# not in the sysadm_r.
|
||||
#
|
||||
gen_user(root, user, sysadm_r staff_r secadm_r auditadm_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
##################################
|
||||
#
|
||||
# Core User configuration.
|
||||
#
|
||||
|
||||
#
|
||||
# gen_user(username, prefix, role_set, mls_defaultlevel, mls_range, [mcs_catetories])
|
||||
#
|
||||
# Note: Identities without a prefix wil not be listed
|
||||
# in the users_extra file used by genhomedircon.
|
||||
|
||||
#
|
||||
# system_u is the user identity for system processes and objects.
|
||||
# There should be no corresponding Unix user identity for system,
|
||||
# and a user process should never be assigned the system user
|
||||
# identity.
|
||||
#
|
||||
gen_user(system_u,, system_r unconfined_u, s0, s0 - mls_systemhigh, mcs_allcats)
|
||||
|
||||
#
|
||||
# user_u is a generic user identity for Linux users who have no
|
||||
# SELinux user identity defined. The modified daemons will use
|
||||
# this user identity in the security context if there is no matching
|
||||
# SELinux user identity for a Linux user. If you do not want to
|
||||
# permit any access to such users, then remove this entry.
|
||||
#
|
||||
gen_user(user_u, user, user_r, s0, s0)
|
||||
gen_user(staff_u, user, staff_r system_r sysadm_r unconfined_r, s0, s0 - mls_systemhigh, mcs_allcats)
|
||||
gen_user(sysadm_u, user, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats)
|
||||
|
||||
#
|
||||
# The following users correspond to Unix identities.
|
||||
# These identities are typically assigned as the user attribute
|
||||
# when login starts the user shell. Users with access to the sysadm_r
|
||||
# role should use the staff_r role instead of the user_r role when
|
||||
# not in the sysadm_r.
|
||||
#
|
||||
gen_user(root, user, unconfined_r sysadm_r staff_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
##################################
|
||||
#
|
||||
# Core User configuration.
|
||||
#
|
||||
|
||||
#
|
||||
# gen_user(username, prefix, role_set, mls_defaultlevel, mls_range, [mcs_catetories])
|
||||
#
|
||||
# Note: Identities without a prefix wil not be listed
|
||||
# in the users_extra file used by genhomedircon.
|
||||
|
||||
#
|
||||
# system_u is the user identity for system processes and objects.
|
||||
# There should be no corresponding Unix user identity for system,
|
||||
# and a user process should never be assigned the system user
|
||||
# identity.
|
||||
#
|
||||
gen_user(system_u,, system_r unconfined_u, s0, s0 - mls_systemhigh, mcs_allcats)
|
||||
|
||||
#
|
||||
# user_u is a generic user identity for Linux users who have no
|
||||
# SELinux user identity defined. The modified daemons will use
|
||||
# this user identity in the security context if there is no matching
|
||||
# SELinux user identity for a Linux user. If you do not want to
|
||||
# permit any access to such users, then remove this entry.
|
||||
#
|
||||
gen_user(user_u, user, user_r, s0, s0)
|
||||
gen_user(staff_u, user, staff_r system_r sysadm_r unconfined_r, s0, s0 - mls_systemhigh, mcs_allcats)
|
||||
gen_user(sysadm_u, user, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats)
|
||||
|
||||
#
|
||||
# The following users correspond to Unix identities.
|
||||
# These identities are typically assigned as the user attribute
|
||||
# when login starts the user shell. Users with access to the sysadm_r
|
||||
# role should use the staff_r role instead of the user_r role when
|
||||
# not in the sysadm_r.
|
||||
#
|
||||
gen_user(root, user, unconfined_r sysadm_r staff_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
|
||||
Loading…
Reference in New Issue