[selinux-policy: 1745/3172] six simple patches from dan

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 21:35:47 UTC 2010 

commit f6a590d7b486e82666b466586a6413a966412ec6
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Mon Jun 11 14:09:09 2007 +0000

    six simple patches from dan

 policy/modules/apps/mozilla.if            |    1 +
 policy/modules/apps/mozilla.te            |    2 +-
 policy/modules/services/oddjob.te         |    4 ++--
 policy/modules/services/openvpn.fc        |    4 ++--
 policy/modules/services/openvpn.te        |    2 +-
 policy/modules/services/ppp.te            |    5 ++---
 policy/modules/services/setroubleshoot.te |    4 ++--
 policy/modules/services/tftp.te           |    3 ++-
 8 files changed, 13 insertions(+), 12 deletions(-)
---
diff --git a/policy/modules/apps/mozilla.if b/policy/modules/apps/mozilla.if
index 5056fb1..207db69 100644
--- a/policy/modules/apps/mozilla.if
+++ b/policy/modules/apps/mozilla.if
@@ -150,6 +150,7 @@ template(`mozilla_per_role_template',`
 	corenet_dontaudit_tcp_bind_generic_port($1_mozilla_t)
 
 	dev_read_urand($1_mozilla_t)
+	dev_read_rand($1_mozilla_t)
 	dev_write_sound($1_mozilla_t)
 	dev_read_sound($1_mozilla_t)
 	dev_dontaudit_rw_dri($1_mozilla_t)
diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
index 069ded0..305c1cc 100644
--- a/policy/modules/apps/mozilla.te
+++ b/policy/modules/apps/mozilla.te
@@ -1,5 +1,5 @@
 
-policy_module(mozilla,1.2.0)
+policy_module(mozilla,1.2.1)
 
 ########################################
 #
diff --git a/policy/modules/services/oddjob.te b/policy/modules/services/oddjob.te
index 63563b1..44b655b 100644
--- a/policy/modules/services/oddjob.te
+++ b/policy/modules/services/oddjob.te
@@ -1,5 +1,5 @@
 
-policy_module(oddjob,1.2.0)
+policy_module(oddjob,1.2.1)
 
 ########################################
 #
@@ -27,7 +27,7 @@ files_pid_file(oddjob_var_run_t)
 # oddjob local policy
 #
 
-allow oddjob_t self:capability { audit_write setgid } ;
+allow oddjob_t self:capability setgid;
 allow oddjob_t self:process { setexec signal };
 allow oddjob_t self:fifo_file { read write };
 allow oddjob_t self:unix_stream_socket create_stream_socket_perms;
diff --git a/policy/modules/services/openvpn.fc b/policy/modules/services/openvpn.fc
index 046d5d7..bbcd6c6 100644
--- a/policy/modules/services/openvpn.fc
+++ b/policy/modules/services/openvpn.fc
@@ -11,5 +11,5 @@
 #
 # /var
 #
-/var/log/openvpn.*	--	gen_context(system_u:object_r:openvpn_var_log_t,s0)
-/var/run/openvpn.*	--	gen_context(system_u:object_r:openvpn_var_run_t,s0)
+/var/log/openvpn(/.*)?		gen_context(system_u:object_r:openvpn_var_log_t,s0)
+/var/run/openvpn(/.*)?		gen_context(system_u:object_r:openvpn_var_run_t,s0)
diff --git a/policy/modules/services/openvpn.te b/policy/modules/services/openvpn.te
index 47abf8f..28b6f76 100644
--- a/policy/modules/services/openvpn.te
+++ b/policy/modules/services/openvpn.te
@@ -1,5 +1,5 @@
 
-policy_module(openvpn,1.2.0)
+policy_module(openvpn,1.2.1)
 
 ########################################
 #
diff --git a/policy/modules/services/ppp.te b/policy/modules/services/ppp.te
index b8c25d8..005af7b 100644
--- a/policy/modules/services/ppp.te
+++ b/policy/modules/services/ppp.te
@@ -1,5 +1,5 @@
 
-policy_module(ppp,1.4.0)
+policy_module(ppp,1.4.1)
 
 ########################################
 #
@@ -155,7 +155,6 @@ domain_use_interactive_fds(pppd_t)
 
 files_exec_etc_files(pppd_t)
 files_manage_etc_runtime_files(pppd_t)
-files_etc_filetrans_etc_runtime(pppd_t, { dir file })
 files_dontaudit_write_etc_files(pppd_t)
 
 # for scripts
@@ -171,9 +170,9 @@ logging_send_syslog_msg(pppd_t)
 
 miscfiles_read_localization(pppd_t)
 
-sysnet_read_config(pppd_t)
 sysnet_exec_ifconfig(pppd_t)
 sysnet_manage_config(pppd_t)
+sysnet_etc_filetrans_config(pppd_t)
 
 userdom_dontaudit_use_unpriv_user_fds(pppd_t)
 userdom_dontaudit_search_sysadm_home_dirs(pppd_t)
diff --git a/policy/modules/services/setroubleshoot.te b/policy/modules/services/setroubleshoot.te
index 5efbe41..99090db 100644
--- a/policy/modules/services/setroubleshoot.te
+++ b/policy/modules/services/setroubleshoot.te
@@ -1,5 +1,5 @@
 
-policy_module(setroubleshoot,1.3.0)
+policy_module(setroubleshoot,1.3.1)
 
 ########################################
 #
@@ -28,7 +28,7 @@ files_pid_file(setroubleshoot_var_run_t)
 #
 
 allow setroubleshootd_t self:capability { dac_override sys_tty_config };
-allow setroubleshootd_t self:process { signal getattr getsched };
+allow setroubleshootd_t self:process { signull signal getattr getsched };
 allow setroubleshootd_t self:fifo_file rw_fifo_file_perms;
 allow setroubleshootd_t self:tcp_socket create_stream_socket_perms;
 allow setroubleshootd_t self:unix_stream_socket { create_stream_socket_perms connectto };
diff --git a/policy/modules/services/tftp.te b/policy/modules/services/tftp.te
index afcd774..7e57399 100644
--- a/policy/modules/services/tftp.te
+++ b/policy/modules/services/tftp.te
@@ -1,5 +1,5 @@
 
-policy_module(tftp,1.4.0)
+policy_module(tftp,1.4.1)
 
 ########################################
 #
@@ -69,6 +69,7 @@ libs_use_shared_libs(tftpd_t)
 logging_send_syslog_msg(tftpd_t)
 
 miscfiles_read_localization(tftpd_t)
+miscfiles_read_public_files(tftpd_t)
 
 sysnet_read_config(tftpd_t)
 sysnet_use_ldap(tftpd_t)

More information about the scm-commits mailing list