[selinux-policy/f14/master] - Update policy for mozilla_plugin_t

Daniel J Walsh dwalsh at fedoraproject.org
Mon Aug 23 22:15:56 UTC 2010 

commit 6392787a899f81c65310e0962d232d2e53ebf851
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Mon Aug 23 18:15:52 2010 -0400

    - Update policy for mozilla_plugin_t

 policy-F14.patch |   22 ++++++++++++----------
 1 files changed, 12 insertions(+), 10 deletions(-)
---
diff --git a/policy-F14.patch b/policy-F14.patch
index c1a4af3..f0caa77 100644
--- a/policy-F14.patch
+++ b/policy-F14.patch
@@ -4846,7 +4846,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
  ## </summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.8.8/policy/modules/apps/mozilla.te
 --- nsaserefpolicy/policy/modules/apps/mozilla.te	2010-07-27 16:06:04.000000000 -0400
-+++ serefpolicy-3.8.8/policy/modules/apps/mozilla.te	2010-08-23 17:58:35.000000000 -0400
++++ serefpolicy-3.8.8/policy/modules/apps/mozilla.te	2010-08-23 18:10:04.000000000 -0400
 @@ -25,6 +25,7 @@
  type mozilla_home_t;
  typealias mozilla_home_t alias { user_mozilla_home_t staff_mozilla_home_t sysadm_mozilla_home_t };
@@ -4928,7 +4928,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
 +
 +read_files_pattern(mozilla_plugin_t, mozilla_home_t, mozilla_home_t)
 +
-+kernel_request_load_module(podsleuth_plugin_t)
++kernel_request_load_module(mozilla_plugin_t)
 +
 +corecmd_exec_bin(mozilla_plugin_t)
 +corecmd_exec_shell(mozilla_plugin_t)
@@ -9734,7 +9734,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.8.8/policy/modules/kernel/kernel.if
 --- nsaserefpolicy/policy/modules/kernel/kernel.if	2010-07-27 16:12:33.000000000 -0400
-+++ serefpolicy-3.8.8/policy/modules/kernel/kernel.if	2010-08-23 17:02:01.000000000 -0400
++++ serefpolicy-3.8.8/policy/modules/kernel/kernel.if	2010-08-23 18:10:26.000000000 -0400
 @@ -698,6 +698,26 @@
  
  ########################################
@@ -32490,7 +32490,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.if
  ## <rolecap/>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.8.8/policy/modules/system/lvm.te
 --- nsaserefpolicy/policy/modules/system/lvm.te	2010-07-27 16:06:06.000000000 -0400
-+++ serefpolicy-3.8.8/policy/modules/system/lvm.te	2010-07-30 14:06:53.000000000 -0400
++++ serefpolicy-3.8.8/policy/modules/system/lvm.te	2010-08-23 18:10:53.000000000 -0400
 @@ -141,6 +141,11 @@
  ')
  
@@ -32511,9 +32511,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
  allow lvm_t self:file rw_file_perms;
  allow lvm_t self:fifo_file manage_fifo_file_perms;
  allow lvm_t self:unix_dgram_socket create_socket_perms;
-@@ -211,11 +217,13 @@
+@@ -210,12 +216,15 @@
+ files_etc_filetrans(lvm_t, lvm_metadata_t, file)
  files_search_mnt(lvm_t)
  
++kernel_get_sysvipc_info(lvm_t)
  kernel_read_system_state(lvm_t)
 +kernel_read_kernel_sysctls(lvm_t)
  # Read system variables in /proc/sys
@@ -32525,7 +32527,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
  kernel_search_debugfs(lvm_t)
  
  corecmd_exec_bin(lvm_t)
-@@ -242,6 +250,7 @@
+@@ -242,6 +251,7 @@
  dev_dontaudit_getattr_generic_blk_files(lvm_t)
  dev_dontaudit_getattr_generic_pipes(lvm_t)
  dev_create_generic_dirs(lvm_t)
@@ -32533,7 +32535,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
  
  domain_use_interactive_fds(lvm_t)
  domain_read_all_domains_state(lvm_t)
-@@ -251,8 +260,9 @@
+@@ -251,8 +261,9 @@
  files_read_etc_runtime_files(lvm_t)
  # for when /usr is not mounted:
  files_dontaudit_search_isid_type_dirs(lvm_t)
@@ -32544,7 +32546,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
  fs_search_auto_mountpoints(lvm_t)
  fs_list_tmpfs(lvm_t)
  fs_read_tmpfs_symlinks(lvm_t)
-@@ -262,6 +272,7 @@
+@@ -262,6 +273,7 @@
  
  mls_file_read_all_levels(lvm_t)
  mls_file_write_to_clearance(lvm_t)
@@ -32552,7 +32554,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
  
  selinux_get_fs_mount(lvm_t)
  selinux_validate_context(lvm_t)
-@@ -309,6 +320,11 @@
+@@ -309,6 +321,11 @@
  ')
  
  optional_policy(`
@@ -32564,7 +32566,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
  	bootloader_rw_tmp_files(lvm_t)
  ')
  
-@@ -329,6 +345,10 @@
+@@ -329,6 +346,10 @@
  ')
  
  optional_policy(`

More information about the scm-commits mailing list