[selinux-policy/f14/master] - More access needed for devicekit - Add dbadm policy
Daniel J Walsh
dwalsh at fedoraproject.org
Mon Aug 30 15:17:02 UTC 2010
commit 60fc6e4317c3bfefcb8b98f997e416ce8ef8df40
Author: Dan Walsh <dwalsh at redhat.com>
Date: Fri Aug 27 11:59:51 2010 -0400
- More access needed for devicekit
- Add dbadm policy
modules-mls.conf | 7 +++++++
modules-targeted.conf | 7 +++++++
policy-F14.patch | 22 +++++++++++++++++-----
selinux-policy.spec | 6 +++++-
sources | 1 -
5 files changed, 36 insertions(+), 7 deletions(-)
---
diff --git a/modules-mls.conf b/modules-mls.conf
index e73af3b..c406c69 100644
--- a/modules-mls.conf
+++ b/modules-mls.conf
@@ -1813,6 +1813,13 @@ telepathy = module
vmware = module
# Layer: role
+# Module: dbadm
+#
+# Minimally prived root role for managing databases
+#
+dbadm = module
+
+# Layer: role
# Module: logadm
#
# Minimally prived root role for managing logging system
diff --git a/modules-targeted.conf b/modules-targeted.conf
index 0b350d3..3164f2c 100644
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@@ -2016,6 +2016,13 @@ rssh = module
vmware = module
# Layer: role
+# Module: dbadm
+#
+# Minimally prived root role for managing databases
+#
+dbadm = module
+
+# Layer: role
# Module: logadm
#
# Minimally prived root role for managing logging system
diff --git a/policy-F14.patch b/policy-F14.patch
index 11cdb34..369bac3 100644
--- a/policy-F14.patch
+++ b/policy-F14.patch
@@ -10282,10 +10282,10 @@ index 0000000..8b2cdf3
+
diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te
new file mode 100644
-index 0000000..faef468
+index 0000000..821d0dd
--- /dev/null
+++ b/policy/modules/roles/unconfineduser.te
-@@ -0,0 +1,458 @@
+@@ -0,0 +1,462 @@
+policy_module(unconfineduser, 1.0.0)
+
+########################################
@@ -10474,7 +10474,11 @@ index 0000000..faef468
+ ')
+
+ optional_policy(`
-+ xserver_rw_shm(unconfined_usertype)
++ gen_require(`
++ type user_tmpfs_t;
++ ')
++
++ xserver_rw_session(unconfined_usertype, user_tmpfs_t)
+ xserver_run_xauth(unconfined_usertype, unconfined_r)
+ xserver_dbus_chat_xdm(unconfined_usertype)
+ ')
@@ -15706,7 +15710,7 @@ index 8ba9425..d53ee7e 100644
+ gnome_dontaudit_search_config(denyhosts_t)
+')
diff --git a/policy/modules/services/devicekit.te b/policy/modules/services/devicekit.te
-index f231f17..a7de603 100644
+index f231f17..1e554a9 100644
--- a/policy/modules/services/devicekit.te
+++ b/policy/modules/services/devicekit.te
@@ -75,10 +75,12 @@ manage_dirs_pattern(devicekit_disk_t, devicekit_var_lib_t, devicekit_var_lib_t)
@@ -15761,7 +15765,15 @@ index f231f17..a7de603 100644
allow devicekit_power_t self:fifo_file rw_fifo_file_perms;
allow devicekit_power_t self:unix_dgram_socket create_socket_perms;
allow devicekit_power_t self:netlink_kobject_uevent_socket create_socket_perms;
-@@ -225,6 +241,8 @@ auth_use_nsswitch(devicekit_power_t)
+@@ -212,6 +228,7 @@ dev_rw_generic_usb_dev(devicekit_power_t)
+ dev_rw_generic_chr_files(devicekit_power_t)
+ dev_rw_netcontrol(devicekit_power_t)
+ dev_rw_sysfs(devicekit_power_t)
++dev_read_rand(devicekit_power_t)
+
+ files_read_kernel_img(devicekit_power_t)
+ files_read_etc_files(devicekit_power_t)
+@@ -225,6 +242,8 @@ auth_use_nsswitch(devicekit_power_t)
miscfiles_read_localization(devicekit_power_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 4e87e9a..a39aad9 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.9.0
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -469,6 +469,10 @@ exit 0
%endif
%changelog
+* Thu Aug 26 2010 Dan Walsh <dwalsh at redhat.com> 3.9.0-2
+- More access needed for devicekit
+- Add dbadm policy
+
* Thu Aug 26 2010 Dan Walsh <dwalsh at redhat.com> 3.9.0-1
- Merge with upstream
diff --git a/sources b/sources
index 5304f11..cb5f564 100644
--- a/sources
+++ b/sources
@@ -1,2 +1 @@
-1f8151f0184945098f3cc3ca0b53e861 serefpolicy-3.8.8.tgz
9012ab09af5480459942d4a54de91db4 serefpolicy-3.9.0.tgz
More information about the scm-commits
mailing list