[selinux-policy/f14/master] - Allow clamscan to read proc_t - Allow mount_t to write to debufs_t dir - Dontaudit mount_t trying

Daniel J Walsh dwalsh at fedoraproject.org
Mon Aug 23 21:34:11 UTC 2010 

commit 2a891e6d498aa65a6f5adfafd4581d95e835fc46
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Mon Aug 23 17:34:08 2010 -0400

    - Allow clamscan to read proc_t
    - Allow mount_t to write to debufs_t dir
    - Dontaudit mount_t trying to write to security_t dir

 policy-F14.patch |   13 ++++++++++++-
 1 files changed, 12 insertions(+), 1 deletions(-)
---
diff --git a/policy-F14.patch b/policy-F14.patch
index 1357638..a8e99be 100644
--- a/policy-F14.patch
+++ b/policy-F14.patch
@@ -2569,6 +2569,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdow
 +optional_policy(`
  	xserver_dontaudit_write_log(shutdown_t)
  ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/smoltclient.te serefpolicy-3.8.8/policy/modules/admin/smoltclient.te
+--- nsaserefpolicy/policy/modules/admin/smoltclient.te	2010-07-27 16:06:04.000000000 -0400
++++ serefpolicy-3.8.8/policy/modules/admin/smoltclient.te	2010-08-23 17:32:41.000000000 -0400
+@@ -42,6 +42,7 @@
+ 
+ fs_getattr_all_fs(smoltclient_t)
+ fs_getattr_all_dirs(smoltclient_t)
++fs_list_auto_mountpoints(smoltclient_t)
+ 
+ files_getattr_generic_locks(smoltclient_t)
+ files_read_etc_files(smoltclient_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.8.8/policy/modules/admin/sudo.if
 --- nsaserefpolicy/policy/modules/admin/sudo.if	2010-07-27 16:06:04.000000000 -0400
 +++ serefpolicy-3.8.8/policy/modules/admin/sudo.if	2010-07-30 14:06:53.000000000 -0400
@@ -9419,7 +9430,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
 +/cgroup(/.*)? 	 	gen_context(system_u:object_r:cgroup_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.8.8/policy/modules/kernel/filesystem.if
 --- nsaserefpolicy/policy/modules/kernel/filesystem.if	2010-07-27 16:06:05.000000000 -0400
-+++ serefpolicy-3.8.8/policy/modules/kernel/filesystem.if	2010-08-13 10:09:00.000000000 -0400
++++ serefpolicy-3.8.8/policy/modules/kernel/filesystem.if	2010-08-23 17:32:34.000000000 -0400
 @@ -1233,7 +1233,7 @@
  		type cifs_t;
  	')

More information about the scm-commits mailing list