[selinux-policy] - Allow clamscan to read proc_t - Allow mount_t to write to debufs_t dir - Dontaudit mount_t trying
Daniel J Walsh
dwalsh at fedoraproject.org
Mon Aug 23 21:33:58 UTC 2010
commit 66ec626d238cde09eed6d482b84057f8db8db9a8
Author: Dan Walsh <dwalsh at redhat.com>
Date: Mon Aug 23 17:33:55 2010 -0400
- Allow clamscan to read proc_t
- Allow mount_t to write to debufs_t dir
- Dontaudit mount_t trying to write to security_t dir
policy-F14.patch | 13 ++++++++++++-
1 files changed, 12 insertions(+), 1 deletions(-)
---
diff --git a/policy-F14.patch b/policy-F14.patch
index 1357638..a8e99be 100644
--- a/policy-F14.patch
+++ b/policy-F14.patch
@@ -2569,6 +2569,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdow
+optional_policy(`
xserver_dontaudit_write_log(shutdown_t)
')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/smoltclient.te serefpolicy-3.8.8/policy/modules/admin/smoltclient.te
+--- nsaserefpolicy/policy/modules/admin/smoltclient.te 2010-07-27 16:06:04.000000000 -0400
++++ serefpolicy-3.8.8/policy/modules/admin/smoltclient.te 2010-08-23 17:32:41.000000000 -0400
+@@ -42,6 +42,7 @@
+
+ fs_getattr_all_fs(smoltclient_t)
+ fs_getattr_all_dirs(smoltclient_t)
++fs_list_auto_mountpoints(smoltclient_t)
+
+ files_getattr_generic_locks(smoltclient_t)
+ files_read_etc_files(smoltclient_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.8.8/policy/modules/admin/sudo.if
--- nsaserefpolicy/policy/modules/admin/sudo.if 2010-07-27 16:06:04.000000000 -0400
+++ serefpolicy-3.8.8/policy/modules/admin/sudo.if 2010-07-30 14:06:53.000000000 -0400
@@ -9419,7 +9430,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
+/cgroup(/.*)? gen_context(system_u:object_r:cgroup_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.8.8/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2010-07-27 16:06:05.000000000 -0400
-+++ serefpolicy-3.8.8/policy/modules/kernel/filesystem.if 2010-08-13 10:09:00.000000000 -0400
++++ serefpolicy-3.8.8/policy/modules/kernel/filesystem.if 2010-08-23 17:32:34.000000000 -0400
@@ -1233,7 +1233,7 @@
type cifs_t;
')
More information about the scm-commits
mailing list