[selinux-policy: 1745/3172] six simple patches from dan
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:35:47 UTC 2010
commit f6a590d7b486e82666b466586a6413a966412ec6
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Mon Jun 11 14:09:09 2007 +0000
six simple patches from dan
policy/modules/apps/mozilla.if | 1 +
policy/modules/apps/mozilla.te | 2 +-
policy/modules/services/oddjob.te | 4 ++--
policy/modules/services/openvpn.fc | 4 ++--
policy/modules/services/openvpn.te | 2 +-
policy/modules/services/ppp.te | 5 ++---
policy/modules/services/setroubleshoot.te | 4 ++--
policy/modules/services/tftp.te | 3 ++-
8 files changed, 13 insertions(+), 12 deletions(-)
---
diff --git a/policy/modules/apps/mozilla.if b/policy/modules/apps/mozilla.if
index 5056fb1..207db69 100644
--- a/policy/modules/apps/mozilla.if
+++ b/policy/modules/apps/mozilla.if
@@ -150,6 +150,7 @@ template(`mozilla_per_role_template',`
corenet_dontaudit_tcp_bind_generic_port($1_mozilla_t)
dev_read_urand($1_mozilla_t)
+ dev_read_rand($1_mozilla_t)
dev_write_sound($1_mozilla_t)
dev_read_sound($1_mozilla_t)
dev_dontaudit_rw_dri($1_mozilla_t)
diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
index 069ded0..305c1cc 100644
--- a/policy/modules/apps/mozilla.te
+++ b/policy/modules/apps/mozilla.te
@@ -1,5 +1,5 @@
-policy_module(mozilla,1.2.0)
+policy_module(mozilla,1.2.1)
########################################
#
diff --git a/policy/modules/services/oddjob.te b/policy/modules/services/oddjob.te
index 63563b1..44b655b 100644
--- a/policy/modules/services/oddjob.te
+++ b/policy/modules/services/oddjob.te
@@ -1,5 +1,5 @@
-policy_module(oddjob,1.2.0)
+policy_module(oddjob,1.2.1)
########################################
#
@@ -27,7 +27,7 @@ files_pid_file(oddjob_var_run_t)
# oddjob local policy
#
-allow oddjob_t self:capability { audit_write setgid } ;
+allow oddjob_t self:capability setgid;
allow oddjob_t self:process { setexec signal };
allow oddjob_t self:fifo_file { read write };
allow oddjob_t self:unix_stream_socket create_stream_socket_perms;
diff --git a/policy/modules/services/openvpn.fc b/policy/modules/services/openvpn.fc
index 046d5d7..bbcd6c6 100644
--- a/policy/modules/services/openvpn.fc
+++ b/policy/modules/services/openvpn.fc
@@ -11,5 +11,5 @@
#
# /var
#
-/var/log/openvpn.* -- gen_context(system_u:object_r:openvpn_var_log_t,s0)
-/var/run/openvpn.* -- gen_context(system_u:object_r:openvpn_var_run_t,s0)
+/var/log/openvpn(/.*)? gen_context(system_u:object_r:openvpn_var_log_t,s0)
+/var/run/openvpn(/.*)? gen_context(system_u:object_r:openvpn_var_run_t,s0)
diff --git a/policy/modules/services/openvpn.te b/policy/modules/services/openvpn.te
index 47abf8f..28b6f76 100644
--- a/policy/modules/services/openvpn.te
+++ b/policy/modules/services/openvpn.te
@@ -1,5 +1,5 @@
-policy_module(openvpn,1.2.0)
+policy_module(openvpn,1.2.1)
########################################
#
diff --git a/policy/modules/services/ppp.te b/policy/modules/services/ppp.te
index b8c25d8..005af7b 100644
--- a/policy/modules/services/ppp.te
+++ b/policy/modules/services/ppp.te
@@ -1,5 +1,5 @@
-policy_module(ppp,1.4.0)
+policy_module(ppp,1.4.1)
########################################
#
@@ -155,7 +155,6 @@ domain_use_interactive_fds(pppd_t)
files_exec_etc_files(pppd_t)
files_manage_etc_runtime_files(pppd_t)
-files_etc_filetrans_etc_runtime(pppd_t, { dir file })
files_dontaudit_write_etc_files(pppd_t)
# for scripts
@@ -171,9 +170,9 @@ logging_send_syslog_msg(pppd_t)
miscfiles_read_localization(pppd_t)
-sysnet_read_config(pppd_t)
sysnet_exec_ifconfig(pppd_t)
sysnet_manage_config(pppd_t)
+sysnet_etc_filetrans_config(pppd_t)
userdom_dontaudit_use_unpriv_user_fds(pppd_t)
userdom_dontaudit_search_sysadm_home_dirs(pppd_t)
diff --git a/policy/modules/services/setroubleshoot.te b/policy/modules/services/setroubleshoot.te
index 5efbe41..99090db 100644
--- a/policy/modules/services/setroubleshoot.te
+++ b/policy/modules/services/setroubleshoot.te
@@ -1,5 +1,5 @@
-policy_module(setroubleshoot,1.3.0)
+policy_module(setroubleshoot,1.3.1)
########################################
#
@@ -28,7 +28,7 @@ files_pid_file(setroubleshoot_var_run_t)
#
allow setroubleshootd_t self:capability { dac_override sys_tty_config };
-allow setroubleshootd_t self:process { signal getattr getsched };
+allow setroubleshootd_t self:process { signull signal getattr getsched };
allow setroubleshootd_t self:fifo_file rw_fifo_file_perms;
allow setroubleshootd_t self:tcp_socket create_stream_socket_perms;
allow setroubleshootd_t self:unix_stream_socket { create_stream_socket_perms connectto };
diff --git a/policy/modules/services/tftp.te b/policy/modules/services/tftp.te
index afcd774..7e57399 100644
--- a/policy/modules/services/tftp.te
+++ b/policy/modules/services/tftp.te
@@ -1,5 +1,5 @@
-policy_module(tftp,1.4.0)
+policy_module(tftp,1.4.1)
########################################
#
@@ -69,6 +69,7 @@ libs_use_shared_libs(tftpd_t)
logging_send_syslog_msg(tftpd_t)
miscfiles_read_localization(tftpd_t)
+miscfiles_read_public_files(tftpd_t)
sysnet_read_config(tftpd_t)
sysnet_use_ldap(tftpd_t)
More information about the scm-commits
mailing list