[selinux-policy/f14/master] - Merge with upstream
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Aug 27 00:31:20 UTC 2010
commit e61f5102c4b3e30ef24bde64fe17ee6fc501f937
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Aug 26 20:30:56 2010 -0400
- Merge with upstream
policy-F14.patch | 176 +++++++++++++++++++++++++++++-------------------------
1 files changed, 95 insertions(+), 81 deletions(-)
---
diff --git a/policy-F14.patch b/policy-F14.patch
index a23e4a0..437c188 100644
--- a/policy-F14.patch
+++ b/policy-F14.patch
@@ -205,19 +205,15 @@ index af90ef2..ebe5833 100644
mlsconstrain process { transition dyntransition }
diff --git a/policy/modules/admin/alsa.fc b/policy/modules/admin/alsa.fc
-index 30a0ac7..1b43fbe 100644
+index 30a0ac7..f5fc753 100644
--- a/policy/modules/admin/alsa.fc
+++ b/policy/modules/admin/alsa.fc
-@@ -1,6 +1,8 @@
+@@ -1,3 +1,5 @@
+HOME_DIR/\.asoundrc -- gen_context(system_u:object_r:alsa_home_t,s0)
+
/bin/alsaunmute -- gen_context(system_u:object_r:alsa_exec_t,s0)
--/etc/alsa/asound\.state -- gen_context(system_u:object_r:alsa_etc_rw_t,s0)
-+/etc/alsa/asound\.state -- gen_context(system_u:object_r:alsa_etc_rw_t,s0)
- /etc/alsa/pcm(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0)
- /etc/asound(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0)
- /etc/asound\.state -- gen_context(system_u:object_r:alsa_etc_rw_t,s0)
+ /etc/alsa/asound\.state -- gen_context(system_u:object_r:alsa_etc_rw_t,s0)
diff --git a/policy/modules/admin/alsa.if b/policy/modules/admin/alsa.if
index fe09bea..090b5c9 100644
--- a/policy/modules/admin/alsa.if
@@ -1354,18 +1350,6 @@ index 95dbcf3..bdba9c5 100644
optional_policy(`
java_domtrans_unconfined(rpm_script_t)
-diff --git a/policy/modules/admin/sectoolm.te b/policy/modules/admin/sectoolm.te
-index c8ef84b..d7083b8 100644
---- a/policy/modules/admin/sectoolm.te
-+++ b/policy/modules/admin/sectoolm.te
-@@ -84,6 +84,7 @@ logging_send_syslog_msg(sectoolm_t)
- sysnet_domtrans_ifconfig(sectoolm_t)
-
- userdom_manage_user_tmp_sockets(sectoolm_t)
-+userdom_write_user_tmp_sockets(sectoolm_t)
-
- optional_policy(`
- mount_exec(sectoolm_t)
diff --git a/policy/modules/admin/shorewall.if b/policy/modules/admin/shorewall.if
index 0948921..992a7fc 100644
--- a/policy/modules/admin/shorewall.if
@@ -8355,14 +8339,15 @@ index 07352a5..12e9ecf 100644
#Temporarily in policy until FC5 dissappears
typealias etc_runtime_t alias firstboot_rw_t;
diff --git a/policy/modules/kernel/filesystem.fc b/policy/modules/kernel/filesystem.fc
-index 9306de6..445d291 100644
+index 9306de6..9a1e6a7 100644
--- a/policy/modules/kernel/filesystem.fc
+++ b/policy/modules/kernel/filesystem.fc
-@@ -1,3 +1,3 @@
+@@ -1,3 +1,4 @@
/dev/shm -d gen_context(system_u:object_r:tmpfs_t,s0)
-/cgroup -d gen_context(system_u:object_r:cgroup_t,s0)
+/cgroup(/.*)? gen_context(system_u:object_r:cgroup_t,s0)
++/sys/fs/cgroup(/.*)? gen_context(system_u:object_r:cgroup_t,s0)
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index e3e17ba..3b34959 100644
--- a/policy/modules/kernel/filesystem.if
@@ -13889,7 +13874,7 @@ index fa82327..7f4ca47 100644
# bind to udp/323
corenet_udp_bind_chronyd_port(chronyd_t)
diff --git a/policy/modules/services/clamav.te b/policy/modules/services/clamav.te
-index 8c36027..edee785 100644
+index 8c36027..0a0f374 100644
--- a/policy/modules/services/clamav.te
+++ b/policy/modules/services/clamav.te
@@ -80,6 +80,7 @@ manage_files_pattern(clamd_t, clamd_tmp_t, clamd_tmp_t)
@@ -13904,7 +13889,7 @@ index 8c36027..edee785 100644
logging_log_filetrans(clamd_t, clamd_var_log_t, { dir file })
# pid file
-+manage_dirs_pattern(clamd_t, clamd_var_log_t, clamd_var_log_t)
++manage_dirs_pattern(clamd_t, clamd_var_run_t, clamd_var_run_t)
manage_files_pattern(clamd_t, clamd_var_run_t, clamd_var_run_t)
manage_sock_files_pattern(clamd_t, clamd_var_run_t, clamd_var_run_t)
-files_pid_filetrans(clamd_t, clamd_var_run_t, { file dir })
@@ -14199,7 +14184,7 @@ index 1cf6c4e..90c60df 100644
-/var/lib/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t, s0)
-/var/log/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_log_t, s0)
diff --git a/policy/modules/services/cobbler.if b/policy/modules/services/cobbler.if
-index 293e08d..cde1fc2 100644
+index 293e08d..a57fe37 100644
--- a/policy/modules/services/cobbler.if
+++ b/policy/modules/services/cobbler.if
@@ -26,6 +26,7 @@ interface(`cobblerd_domtrans',`
@@ -14275,7 +14260,7 @@ index 293e08d..cde1fc2 100644
files_search_var_lib($1)
')
-@@ -137,12 +140,52 @@ interface(`cobbler_manage_lib_files',`
+@@ -137,12 +140,51 @@ interface(`cobbler_manage_lib_files',`
type cobbler_var_lib_t;
')
@@ -14287,7 +14272,7 @@ index 293e08d..cde1fc2 100644
########################################
## <summary>
-+## Read and write Cobbler log files.
++## dontaudit read and write Cobbler log files.
+## </summary>
+## <param name="domain">
+## <summary>
@@ -14295,13 +14280,12 @@ index 293e08d..cde1fc2 100644
+## </summary>
+## </param>
+#
-+interface(`cobbler_rw_log',`
++interface(`cobbler_dontaudit_rw_log',`
+ gen_require(`
+ type cobbler_var_log_t;
+ ')
+
-+ rw_files_pattern($1, cobbler_var_log_t, cobbler_var_log_t)
-+ logging_search_logs($1)
++ dontaudit $1 cobbler_var_log_t:file rw_inherited_files_perms;
+')
+
+########################################
@@ -14328,7 +14312,7 @@ index 293e08d..cde1fc2 100644
## All of the rules required to administrate
## an cobblerd environment
## </summary>
-@@ -162,6 +205,9 @@ interface(`cobblerd_admin',`
+@@ -162,6 +204,9 @@ interface(`cobblerd_admin',`
gen_require(`
type cobblerd_t, cobbler_var_lib_t, cobbler_var_log_t;
type cobbler_etc_t, cobblerd_initrc_exec_t;
@@ -14338,7 +14322,7 @@ index 293e08d..cde1fc2 100644
')
allow $1 cobblerd_t:process { ptrace signal_perms getattr };
-@@ -176,10 +222,18 @@ interface(`cobblerd_admin',`
+@@ -176,10 +221,18 @@ interface(`cobblerd_admin',`
logging_search_logs($1)
admin_pattern($1, cobbler_var_log_t)
@@ -15724,7 +15708,7 @@ index 8ba9425..d53ee7e 100644
+ gnome_dontaudit_search_config(denyhosts_t)
+')
diff --git a/policy/modules/services/devicekit.te b/policy/modules/services/devicekit.te
-index f231f17..f532a16 100644
+index f231f17..a7de603 100644
--- a/policy/modules/services/devicekit.te
+++ b/policy/modules/services/devicekit.te
@@ -75,10 +75,12 @@ manage_dirs_pattern(devicekit_disk_t, devicekit_var_lib_t, devicekit_var_lib_t)
@@ -15779,16 +15763,24 @@ index f231f17..f532a16 100644
allow devicekit_power_t self:fifo_file rw_fifo_file_perms;
allow devicekit_power_t self:unix_dgram_socket create_socket_perms;
allow devicekit_power_t self:netlink_kobject_uevent_socket create_socket_perms;
+@@ -225,6 +241,8 @@ auth_use_nsswitch(devicekit_power_t)
+
+ miscfiles_read_localization(devicekit_power_t)
+
++modutils_domtrans_insmod(devicekit_power_t)
++
+ sysnet_read_config(devicekit_power_t)
+ sysnet_domtrans_ifconfig(devicekit_power_t)
+
diff --git a/policy/modules/services/dhcp.te b/policy/modules/services/dhcp.te
-index d4424ad..506dbc6 100644
+index d4424ad..a307b51 100644
--- a/policy/modules/services/dhcp.te
+++ b/policy/modules/services/dhcp.te
-@@ -111,6 +111,11 @@ optional_policy(`
+@@ -111,6 +111,10 @@ optional_policy(`
')
optional_policy(`
-+ # Should we dontaudit or not?
-+ cobbler_rw_log(dhcpd_t)
++ cobbler_dontaudit_rw_log(dhcpd_t)
+')
+
+optional_policy(`
@@ -17242,16 +17234,6 @@ index 24c6253..0a54d67 100644
########################################
#
# Local hald dccm policy
-diff --git a/policy/modules/services/hddtemp.fc b/policy/modules/services/hddtemp.fc
-index 1676612..67ea7b6 100644
---- a/policy/modules/services/hddtemp.fc
-+++ b/policy/modules/services/hddtemp.fc
-@@ -1,5 +1,3 @@
- /etc/rc\.d/init\.d/hddtemp -- gen_context(system_u:object_r:hddtemp_initrc_exec_t,s0)
-
--/etc/sysconfig/hddtemp -- gen_context(system_u:object_r:hddtemp_etc_t,s0)
--
- /usr/sbin/hddtemp -- gen_context(system_u:object_r:hddtemp_exec_t,s0)
diff --git a/policy/modules/services/icecast.te b/policy/modules/services/icecast.te
index a57ffc0..fbcdd74 100644
--- a/policy/modules/services/icecast.te
@@ -17310,7 +17292,7 @@ index 3525d24..e5db539 100644
/etc/rc\.d/init\.d/krb524d -- gen_context(system_u:object_r:kerberos_initrc_exec_t,s0)
/etc/rc\.d/init\.d/krb5kdc -- gen_context(system_u:object_r:kerberos_initrc_exec_t,s0)
diff --git a/policy/modules/services/kerberos.te b/policy/modules/services/kerberos.te
-index 8edc29b..8401e48 100644
+index 8edc29b..6deff48 100644
--- a/policy/modules/services/kerberos.te
+++ b/policy/modules/services/kerberos.te
@@ -126,10 +126,13 @@ corenet_udp_sendrecv_all_ports(kadmind_t)
@@ -17327,7 +17309,15 @@ index 8edc29b..8401e48 100644
dev_read_sysfs(kadmind_t)
dev_read_rand(kadmind_t)
-@@ -198,8 +201,7 @@ allow krb5kdc_t krb5kdc_lock_t:file { rw_file_perms setattr };
+@@ -149,6 +152,7 @@ selinux_validate_context(kadmind_t)
+
+ logging_send_syslog_msg(kadmind_t)
+
++miscfiles_read_certs(kadmind_t)
+ miscfiles_read_localization(kadmind_t)
+
+ seutil_read_file_contexts(kadmind_t)
+@@ -198,8 +202,7 @@ allow krb5kdc_t krb5kdc_lock_t:file { rw_file_perms setattr };
allow krb5kdc_t krb5kdc_log_t:file manage_file_perms;
logging_log_filetrans(krb5kdc_t, krb5kdc_log_t, file)
@@ -17337,6 +17327,14 @@ index 8edc29b..8401e48 100644
manage_dirs_pattern(krb5kdc_t, krb5kdc_tmp_t, krb5kdc_tmp_t)
manage_files_pattern(krb5kdc_t, krb5kdc_tmp_t, krb5kdc_tmp_t)
+@@ -249,6 +252,7 @@ selinux_validate_context(krb5kdc_t)
+
+ logging_send_syslog_msg(krb5kdc_t)
+
++miscfiles_read_certs(krb5kdc_t)
+ miscfiles_read_localization(krb5kdc_t)
+
+ seutil_read_file_contexts(krb5kdc_t)
diff --git a/policy/modules/services/ksmtuned.fc b/policy/modules/services/ksmtuned.fc
index 9c0c835..8360166 100644
--- a/policy/modules/services/ksmtuned.fc
@@ -17402,7 +17400,7 @@ index a73b7a1..ffe035c 100644
miscfiles_read_localization(ksmtuned_t)
+
diff --git a/policy/modules/services/ldap.fc b/policy/modules/services/ldap.fc
-index c62f23e..a66e078 100644
+index c62f23e..335fda1 100644
--- a/policy/modules/services/ldap.fc
+++ b/policy/modules/services/ldap.fc
@@ -1,6 +1,8 @@
@@ -17419,7 +17417,7 @@ index c62f23e..a66e078 100644
/var/run/openldap(/.*)? gen_context(system_u:object_r:slapd_var_run_t,s0)
/var/run/slapd\.args -- gen_context(system_u:object_r:slapd_var_run_t,s0)
/var/run/slapd\.pid -- gen_context(system_u:object_r:slapd_var_run_t,s0)
-+#/var/run/slapd.* -s gen_context(system_u:object_r:slapd_var_run_t,s0)
++/var/run/slapd.* -s gen_context(system_u:object_r:slapd_var_run_t,s0)
diff --git a/policy/modules/services/ldap.if b/policy/modules/services/ldap.if
index 3aa8fa7..e5684f4 100644
--- a/policy/modules/services/ldap.if
@@ -25319,10 +25317,15 @@ index 32a3c13..f56f51f 100644
optional_policy(`
diff --git a/policy/modules/services/virt.fc b/policy/modules/services/virt.fc
-index 2124b6a..03f2501 100644
+index 2124b6a..be4b00f 100644
--- a/policy/modules/services/virt.fc
+++ b/policy/modules/services/virt.fc
-@@ -13,17 +13,19 @@ HOME_DIR/VirtualMachines/isos(/.*)? gen_context(system_u:object_r:virt_content_t
+@@ -1,3 +1,4 @@
++HOME_DIR/.libvirt(/.*)? gen_context(system_u:object_r:virt_content_t,s0)
+ HOME_DIR/.virtinst(/.*)? gen_context(system_u:object_r:virt_content_t,s0)
+ HOME_DIR/VirtualMachines(/.*)? gen_context(system_u:object_r:virt_image_t,s0)
+ HOME_DIR/VirtualMachines/isos(/.*)? gen_context(system_u:object_r:virt_content_t,s0)
+@@ -13,17 +14,19 @@ HOME_DIR/VirtualMachines/isos(/.*)? gen_context(system_u:object_r:virt_content_t
/etc/xen/.*/.* gen_context(system_u:object_r:virt_etc_rw_t,s0)
/usr/sbin/libvirtd -- gen_context(system_u:object_r:virtd_exec_t,s0)
@@ -28061,7 +28064,7 @@ index 88df85d..2fa3974 100644
ssh_sigchld(application_domain_type)
ssh_rw_stream_sockets(application_domain_type)
diff --git a/policy/modules/system/authlogin.fc b/policy/modules/system/authlogin.fc
-index 1c4b1e7..9785c68 100644
+index 1c4b1e7..2997dd7 100644
--- a/policy/modules/system/authlogin.fc
+++ b/policy/modules/system/authlogin.fc
@@ -10,6 +10,7 @@
@@ -28072,6 +28075,14 @@ index 1c4b1e7..9785c68 100644
/sbin/unix_update -- gen_context(system_u:object_r:updpwd_exec_t,s0)
/sbin/unix_verify -- gen_context(system_u:object_r:chkpwd_exec_t,s0)
ifdef(`distro_suse', `
+@@ -27,6 +28,7 @@ ifdef(`distro_gentoo', `
+
+ /var/db/shadow.* -- gen_context(system_u:object_r:shadow_t,s0)
+
++/var/run/user(/.*)? gen_context(system_u:object_r:var_auth_t,s0)
+ /var/lib/abl(/.*)? gen_context(system_u:object_r:var_auth_t,s0)
+ /var/lib/pam_ssh(/.*)? gen_context(system_u:object_r:var_auth_t,s0)
+
diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
index 7fddc24..06185fd 100644
--- a/policy/modules/system/authlogin.if
@@ -28983,7 +28994,7 @@ index f6aafe7..7da8294 100644
+ allow $1 init_t:unix_stream_socket rw_stream_socket_perms;
+')
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
-index bd45076..26a93da 100644
+index bd45076..cd266c0 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -16,6 +16,27 @@ gen_require(`
@@ -29097,7 +29108,7 @@ index bd45076..26a93da 100644
corecmd_shell_domtrans(init_t, initrc_t)
',`
# Run the shell in the sysadm role for single-user mode.
-@@ -185,15 +216,70 @@ tunable_policy(`init_upstart',`
+@@ -185,15 +216,73 @@ tunable_policy(`init_upstart',`
sysadm_shell_domtrans(init_t)
')
@@ -29105,6 +29116,7 @@ index bd45076..26a93da 100644
+modutils_domtrans_insmod(init_t)
+
+tunable_policy(`init_systemd',`
++ allow init_t self:unix_dgram_socket create_socket_perms;
+ allow init_t self:process { setsockcreate setfscreate };
+ allow init_t self:unix_stream_socket { create_stream_socket_perms connectto };
+ allow init_t self:netlink_kobject_uevent_socket create_socket_perms;
@@ -29141,6 +29153,8 @@ index bd45076..26a93da 100644
+ init_read_script_state(init_t)
+
+ seutil_read_file_contexts(init_t)
++
++ storage_getattr_removable_dev(init_t)
+')
+
optional_policy(`
@@ -29168,7 +29182,7 @@ index bd45076..26a93da 100644
nscd_socket_use(init_t)
')
-@@ -202,6 +288,10 @@ optional_policy(`
+@@ -202,6 +291,10 @@ optional_policy(`
')
optional_policy(`
@@ -29179,7 +29193,7 @@ index bd45076..26a93da 100644
unconfined_domain(init_t)
')
-@@ -211,7 +301,7 @@ optional_policy(`
+@@ -211,7 +304,7 @@ optional_policy(`
#
allow initrc_t self:process { getpgid setsched setpgid setrlimit getsched };
@@ -29188,7 +29202,7 @@ index bd45076..26a93da 100644
dontaudit initrc_t self:capability sys_module; # sysctl is triggering this
allow initrc_t self:passwd rootok;
allow initrc_t self:key manage_key_perms;
-@@ -240,6 +330,7 @@ manage_fifo_files_pattern(initrc_t, initrc_state_t, initrc_state_t)
+@@ -240,6 +333,7 @@ manage_fifo_files_pattern(initrc_t, initrc_state_t, initrc_state_t)
allow initrc_t initrc_var_run_t:file manage_file_perms;
files_pid_filetrans(initrc_t, initrc_var_run_t, file)
@@ -29196,7 +29210,7 @@ index bd45076..26a93da 100644
can_exec(initrc_t, initrc_tmp_t)
manage_files_pattern(initrc_t, initrc_tmp_t, initrc_tmp_t)
-@@ -257,11 +348,22 @@ kernel_change_ring_buffer_level(initrc_t)
+@@ -257,11 +351,22 @@ kernel_change_ring_buffer_level(initrc_t)
kernel_clear_ring_buffer(initrc_t)
kernel_get_sysvipc_info(initrc_t)
kernel_read_all_sysctls(initrc_t)
@@ -29219,7 +29233,7 @@ index bd45076..26a93da 100644
corecmd_exec_all_executables(initrc_t)
-@@ -297,11 +399,13 @@ dev_manage_generic_files(initrc_t)
+@@ -297,11 +402,13 @@ dev_manage_generic_files(initrc_t)
dev_delete_generic_symlinks(initrc_t)
dev_getattr_all_blk_files(initrc_t)
dev_getattr_all_chr_files(initrc_t)
@@ -29233,7 +29247,7 @@ index bd45076..26a93da 100644
domain_sigchld_all_domains(initrc_t)
domain_read_all_domains_state(initrc_t)
domain_getattr_all_domains(initrc_t)
-@@ -320,8 +424,10 @@ files_getattr_all_symlinks(initrc_t)
+@@ -320,8 +427,10 @@ files_getattr_all_symlinks(initrc_t)
files_getattr_all_pipes(initrc_t)
files_getattr_all_sockets(initrc_t)
files_purge_tmp(initrc_t)
@@ -29245,7 +29259,7 @@ index bd45076..26a93da 100644
files_delete_all_pids(initrc_t)
files_delete_all_pid_dirs(initrc_t)
files_read_etc_files(initrc_t)
-@@ -337,8 +443,12 @@ files_list_isid_type_dirs(initrc_t)
+@@ -337,8 +446,12 @@ files_list_isid_type_dirs(initrc_t)
files_mounton_isid_type_dirs(initrc_t)
files_list_default(initrc_t)
files_mounton_default(initrc_t)
@@ -29259,7 +29273,7 @@ index bd45076..26a93da 100644
fs_list_inotifyfs(initrc_t)
fs_register_binary_executable_type(initrc_t)
# rhgb-console writes to ramfs
-@@ -348,6 +458,8 @@ fs_mount_all_fs(initrc_t)
+@@ -348,6 +461,8 @@ fs_mount_all_fs(initrc_t)
fs_unmount_all_fs(initrc_t)
fs_remount_all_fs(initrc_t)
fs_getattr_all_fs(initrc_t)
@@ -29268,7 +29282,7 @@ index bd45076..26a93da 100644
# initrc_t needs to do a pidof which requires ptrace
mcs_ptrace_all(initrc_t)
-@@ -360,6 +472,7 @@ mls_process_read_up(initrc_t)
+@@ -360,6 +475,7 @@ mls_process_read_up(initrc_t)
mls_process_write_down(initrc_t)
mls_rangetrans_source(initrc_t)
mls_fd_share_all_levels(initrc_t)
@@ -29276,7 +29290,7 @@ index bd45076..26a93da 100644
selinux_get_enforce_mode(initrc_t)
-@@ -391,13 +504,14 @@ logging_read_audit_config(initrc_t)
+@@ -391,13 +507,14 @@ logging_read_audit_config(initrc_t)
miscfiles_read_localization(initrc_t)
# slapd needs to read cert files from its initscript
@@ -29292,7 +29306,7 @@ index bd45076..26a93da 100644
userdom_read_user_home_content_files(initrc_t)
# Allow access to the sysadm TTYs. Note that this will give access to the
# TTYs to any process in the initrc_t domain. Therefore, daemons and such
-@@ -470,7 +584,7 @@ ifdef(`distro_redhat',`
+@@ -470,7 +587,7 @@ ifdef(`distro_redhat',`
# Red Hat systems seem to have a stray
# fd open from the initrd
@@ -29301,7 +29315,7 @@ index bd45076..26a93da 100644
files_dontaudit_read_root_files(initrc_t)
# These seem to be from the initrd
-@@ -516,6 +630,19 @@ ifdef(`distro_redhat',`
+@@ -516,6 +633,19 @@ ifdef(`distro_redhat',`
optional_policy(`
bind_manage_config_dirs(initrc_t)
bind_write_config(initrc_t)
@@ -29321,7 +29335,7 @@ index bd45076..26a93da 100644
')
optional_policy(`
-@@ -523,10 +650,17 @@ ifdef(`distro_redhat',`
+@@ -523,10 +653,17 @@ ifdef(`distro_redhat',`
rpc_write_exports(initrc_t)
rpc_manage_nfs_state_data(initrc_t)
')
@@ -29339,7 +29353,7 @@ index bd45076..26a93da 100644
')
optional_policy(`
-@@ -541,6 +675,35 @@ ifdef(`distro_suse',`
+@@ -541,6 +678,35 @@ ifdef(`distro_suse',`
')
')
@@ -29375,7 +29389,7 @@ index bd45076..26a93da 100644
optional_policy(`
amavis_search_lib(initrc_t)
amavis_setattr_pid_files(initrc_t)
-@@ -553,6 +716,8 @@ optional_policy(`
+@@ -553,6 +719,8 @@ optional_policy(`
optional_policy(`
apache_read_config(initrc_t)
apache_list_modules(initrc_t)
@@ -29384,7 +29398,7 @@ index bd45076..26a93da 100644
')
optional_policy(`
-@@ -569,6 +734,7 @@ optional_policy(`
+@@ -569,6 +737,7 @@ optional_policy(`
optional_policy(`
cgroup_stream_connect_cgred(initrc_t)
@@ -29392,7 +29406,7 @@ index bd45076..26a93da 100644
')
optional_policy(`
-@@ -581,6 +747,11 @@ optional_policy(`
+@@ -581,6 +750,11 @@ optional_policy(`
')
optional_policy(`
@@ -29404,7 +29418,7 @@ index bd45076..26a93da 100644
dev_getattr_printer_dev(initrc_t)
cups_read_log(initrc_t)
-@@ -597,6 +768,7 @@ optional_policy(`
+@@ -597,6 +771,7 @@ optional_policy(`
dbus_connect_system_bus(initrc_t)
dbus_system_bus_client(initrc_t)
dbus_read_config(initrc_t)
@@ -29412,7 +29426,7 @@ index bd45076..26a93da 100644
optional_policy(`
consolekit_dbus_chat(initrc_t)
-@@ -698,7 +870,12 @@ optional_policy(`
+@@ -698,7 +873,12 @@ optional_policy(`
')
optional_policy(`
@@ -29425,7 +29439,7 @@ index bd45076..26a93da 100644
mta_dontaudit_read_spool_symlinks(initrc_t)
')
-@@ -721,6 +898,10 @@ optional_policy(`
+@@ -721,6 +901,10 @@ optional_policy(`
')
optional_policy(`
@@ -29436,7 +29450,7 @@ index bd45076..26a93da 100644
postgresql_manage_db(initrc_t)
postgresql_read_config(initrc_t)
')
-@@ -742,6 +923,10 @@ optional_policy(`
+@@ -742,6 +926,10 @@ optional_policy(`
')
optional_policy(`
@@ -29447,7 +29461,7 @@ index bd45076..26a93da 100644
fs_write_ramfs_sockets(initrc_t)
fs_search_ramfs(initrc_t)
-@@ -763,8 +948,6 @@ optional_policy(`
+@@ -763,8 +951,6 @@ optional_policy(`
# bash tries ioctl for some reason
files_dontaudit_ioctl_all_pids(initrc_t)
@@ -29456,7 +29470,7 @@ index bd45076..26a93da 100644
')
optional_policy(`
-@@ -773,14 +956,21 @@ optional_policy(`
+@@ -773,14 +959,21 @@ optional_policy(`
')
optional_policy(`
@@ -29478,7 +29492,7 @@ index bd45076..26a93da 100644
optional_policy(`
ssh_dontaudit_read_server_keys(initrc_t)
-@@ -802,11 +992,19 @@ optional_policy(`
+@@ -802,11 +995,19 @@ optional_policy(`
')
optional_policy(`
@@ -29499,7 +29513,7 @@ index bd45076..26a93da 100644
ifdef(`distro_redhat',`
# system-config-services causes avc messages that should be dontaudited
-@@ -816,6 +1014,25 @@ optional_policy(`
+@@ -816,6 +1017,25 @@ optional_policy(`
optional_policy(`
mono_domtrans(initrc_t)
')
@@ -29525,7 +29539,7 @@ index bd45076..26a93da 100644
')
optional_policy(`
-@@ -841,3 +1058,55 @@ optional_policy(`
+@@ -841,3 +1061,55 @@ optional_policy(`
optional_policy(`
zebra_read_config(initrc_t)
')
More information about the scm-commits
mailing list