[selinux-policy/f14/master] - More access needed for devicekit - Add dbadm policy

Daniel J Walsh dwalsh at fedoraproject.org
Mon Aug 30 15:17:02 UTC 2010 

commit 60fc6e4317c3bfefcb8b98f997e416ce8ef8df40
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Fri Aug 27 11:59:51 2010 -0400

    - More access needed for devicekit
    - Add dbadm policy

 modules-mls.conf      |    7 +++++++
 modules-targeted.conf |    7 +++++++
 policy-F14.patch      |   22 +++++++++++++++++-----
 selinux-policy.spec   |    6 +++++-
 sources               |    1 -
 5 files changed, 36 insertions(+), 7 deletions(-)
---
diff --git a/modules-mls.conf b/modules-mls.conf
index e73af3b..c406c69 100644
--- a/modules-mls.conf
+++ b/modules-mls.conf
@@ -1813,6 +1813,13 @@ telepathy = module
 vmware = module
 
 # Layer: role
+# Module: dbadm
+#
+# Minimally prived root role for managing databases
+# 
+dbadm = module
+
+# Layer: role
 # Module: logadm
 #
 # Minimally prived root role for managing logging system
diff --git a/modules-targeted.conf b/modules-targeted.conf
index 0b350d3..3164f2c 100644
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@@ -2016,6 +2016,13 @@ rssh = module
 vmware = module
 
 # Layer: role
+# Module: dbadm
+#
+# Minimally prived root role for managing databases
+# 
+dbadm = module
+
+# Layer: role
 # Module: logadm
 #
 # Minimally prived root role for managing logging system
diff --git a/policy-F14.patch b/policy-F14.patch
index 11cdb34..369bac3 100644
--- a/policy-F14.patch
+++ b/policy-F14.patch
@@ -10282,10 +10282,10 @@ index 0000000..8b2cdf3
 +
 diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te
 new file mode 100644
-index 0000000..faef468
+index 0000000..821d0dd
 --- /dev/null
 +++ b/policy/modules/roles/unconfineduser.te
-@@ -0,0 +1,458 @@
+@@ -0,0 +1,462 @@
 +policy_module(unconfineduser, 1.0.0)
 +
 +########################################
@@ -10474,7 +10474,11 @@ index 0000000..faef468
 +	')
 +
 +	optional_policy(`
-+		xserver_rw_shm(unconfined_usertype)
++		gen_require(`
++			type user_tmpfs_t;
++		')
++	
++		xserver_rw_session(unconfined_usertype, user_tmpfs_t)
 +		xserver_run_xauth(unconfined_usertype, unconfined_r)
 +		xserver_dbus_chat_xdm(unconfined_usertype)
 +	')
@@ -15706,7 +15710,7 @@ index 8ba9425..d53ee7e 100644
 +    gnome_dontaudit_search_config(denyhosts_t)
 +')
 diff --git a/policy/modules/services/devicekit.te b/policy/modules/services/devicekit.te
-index f231f17..a7de603 100644
+index f231f17..1e554a9 100644
 --- a/policy/modules/services/devicekit.te
 +++ b/policy/modules/services/devicekit.te
 @@ -75,10 +75,12 @@ manage_dirs_pattern(devicekit_disk_t, devicekit_var_lib_t, devicekit_var_lib_t)
@@ -15761,7 +15765,15 @@ index f231f17..a7de603 100644
  allow devicekit_power_t self:fifo_file rw_fifo_file_perms;
  allow devicekit_power_t self:unix_dgram_socket create_socket_perms;
  allow devicekit_power_t self:netlink_kobject_uevent_socket create_socket_perms;
-@@ -225,6 +241,8 @@ auth_use_nsswitch(devicekit_power_t)
+@@ -212,6 +228,7 @@ dev_rw_generic_usb_dev(devicekit_power_t)
+ dev_rw_generic_chr_files(devicekit_power_t)
+ dev_rw_netcontrol(devicekit_power_t)
+ dev_rw_sysfs(devicekit_power_t)
++dev_read_rand(devicekit_power_t)
+ 
+ files_read_kernel_img(devicekit_power_t)
+ files_read_etc_files(devicekit_power_t)
+@@ -225,6 +242,8 @@ auth_use_nsswitch(devicekit_power_t)
  
  miscfiles_read_localization(devicekit_power_t)
  
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 4e87e9a..a39aad9 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.9.0
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -469,6 +469,10 @@ exit 0
 %endif
 
 %changelog
+* Thu Aug 26 2010 Dan Walsh <dwalsh at redhat.com> 3.9.0-2
+- More access needed for devicekit
+- Add dbadm policy
+
 * Thu Aug 26 2010 Dan Walsh <dwalsh at redhat.com> 3.9.0-1
 - Merge with upstream
 
diff --git a/sources b/sources
index 5304f11..cb5f564 100644
--- a/sources
+++ b/sources
@@ -1,2 +1 @@
-1f8151f0184945098f3cc3ca0b53e861  serefpolicy-3.8.8.tgz
 9012ab09af5480459942d4a54de91db4  serefpolicy-3.9.0.tgz

More information about the scm-commits mailing list