[selinux-policy: 1973/3172] trunk: 7 patches from Fedora policy, cherry picked by david hrdeman.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:55:26 UTC 2010
commit 6224fc1485687e94716cf79d5312a499bf986e20
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Thu Jul 24 23:56:03 2008 +0000
trunk: 7 patches from Fedora policy, cherry picked by david hrdeman.
Changelog | 2 ++
config/appconfig-mcs/unconfined_u_default_contexts | 9 +++++++++
config/appconfig-mls/unconfined_u_default_contexts | 9 +++++++++
.../unconfined_u_default_contexts | 9 +++++++++
policy/modules/admin/kismet.te | 3 ++-
policy/modules/apps/slocate.te | 3 ++-
policy/modules/roles/secadm.te | 6 +++++-
policy/modules/services/apm.te | 6 +++++-
policy/modules/services/openca.te | 4 ++--
policy/modules/services/portslave.te | 4 ++--
10 files changed, 47 insertions(+), 8 deletions(-)
---
diff --git a/Changelog b/Changelog
index 9408404..9de9e4a 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,5 @@
+- Several misc changes from the Fedora policy, cherry picked by David
+ Hrdeman.
- Large whitespace fix from Dominick Grift.
- Pam_mount fix for local login from Stefan Schulze Frielinghaus.
- Issuing commands to upstart is over a datagram socket, not the initctl
diff --git a/config/appconfig-mcs/unconfined_u_default_contexts b/config/appconfig-mcs/unconfined_u_default_contexts
new file mode 100644
index 0000000..53b04ec
--- /dev/null
+++ b/config/appconfig-mcs/unconfined_u_default_contexts
@@ -0,0 +1,9 @@
+system_r:crond_t:s0 unconfined_r:unconfined_t:s0
+system_r:initrc_t:s0 unconfined_r:unconfined_t:s0
+system_r:local_login_t:s0 unconfined_r:unconfined_t:s0
+system_r:remote_login_t:s0 unconfined_r:unconfined_t:s0
+system_r:rshd_t:s0 unconfined_r:unconfined_t:s0
+system_r:sshd_t:s0 unconfined_r:unconfined_t:s0
+system_r:sysadm_su_t:s0 unconfined_r:unconfined_t:s0
+system_r:unconfined_t:s0 unconfined_r:unconfined_t:s0
+system_r:xdm_t:s0 unconfined_r:unconfined_t:s0
diff --git a/config/appconfig-mls/unconfined_u_default_contexts b/config/appconfig-mls/unconfined_u_default_contexts
new file mode 100644
index 0000000..53b04ec
--- /dev/null
+++ b/config/appconfig-mls/unconfined_u_default_contexts
@@ -0,0 +1,9 @@
+system_r:crond_t:s0 unconfined_r:unconfined_t:s0
+system_r:initrc_t:s0 unconfined_r:unconfined_t:s0
+system_r:local_login_t:s0 unconfined_r:unconfined_t:s0
+system_r:remote_login_t:s0 unconfined_r:unconfined_t:s0
+system_r:rshd_t:s0 unconfined_r:unconfined_t:s0
+system_r:sshd_t:s0 unconfined_r:unconfined_t:s0
+system_r:sysadm_su_t:s0 unconfined_r:unconfined_t:s0
+system_r:unconfined_t:s0 unconfined_r:unconfined_t:s0
+system_r:xdm_t:s0 unconfined_r:unconfined_t:s0
diff --git a/config/appconfig-standard/unconfined_u_default_contexts b/config/appconfig-standard/unconfined_u_default_contexts
new file mode 100644
index 0000000..1b26b60
--- /dev/null
+++ b/config/appconfig-standard/unconfined_u_default_contexts
@@ -0,0 +1,9 @@
+system_r:crond_t unconfined_r:unconfined_t
+system_r:initrc_t unconfined_r:unconfined_t
+system_r:local_login_t unconfined_r:unconfined_t
+system_r:remote_login_t unconfined_r:unconfined_t
+system_r:rshd_t unconfined_r:unconfined_t
+system_r:sshd_t unconfined_r:unconfined_t
+system_r:sysadm_su_t unconfined_r:unconfined_t
+system_r:unconfined_t unconfined_r:unconfined_t
+system_r:xdm_t unconfined_r:unconfined_t
diff --git a/policy/modules/admin/kismet.te b/policy/modules/admin/kismet.te
index 980bba6..57c94e8 100644
--- a/policy/modules/admin/kismet.te
+++ b/policy/modules/admin/kismet.te
@@ -1,5 +1,5 @@
-policy_module(kismet, 1.0.0)
+policy_module(kismet, 1.0.1)
########################################
#
@@ -26,6 +26,7 @@ logging_log_file(kismet_log_t)
#
allow kismet_t self:capability { net_admin setuid setgid };
+allow kismet_t self:packet_socket create_socket_perms;
manage_files_pattern(kismet_t, kismet_log_t, kismet_log_t)
allow kismet_t kismet_log_t:dir setattr;
diff --git a/policy/modules/apps/slocate.te b/policy/modules/apps/slocate.te
index f25fb97..7939fb6 100644
--- a/policy/modules/apps/slocate.te
+++ b/policy/modules/apps/slocate.te
@@ -1,5 +1,5 @@
-policy_module(slocate, 1.7.0)
+policy_module(slocate, 1.7.1)
#################################
#
@@ -47,6 +47,7 @@ files_read_etc_files(locate_t)
fs_getattr_all_fs(locate_t)
fs_getattr_all_files(locate_t)
fs_list_all(locate_t)
+fs_list_inotifyfs(locate_t)
# getpwnam
auth_use_nsswitch(locate_t)
diff --git a/policy/modules/roles/secadm.te b/policy/modules/roles/secadm.te
index 1831961..665298d 100644
--- a/policy/modules/roles/secadm.te
+++ b/policy/modules/roles/secadm.te
@@ -1,5 +1,5 @@
-policy_module(secadm, 1.0.0)
+policy_module(secadm, 1.0.1)
########################################
#
@@ -48,6 +48,10 @@ optional_policy(`
')
optional_policy(`
+ dmesg_exec(secadm_t)
+')
+
+optional_policy(`
netlabel_run_mgmt(secadm_t, secadm_r, { secadm_tty_device_t secadm_devpts_t })
')
diff --git a/policy/modules/services/apm.te b/policy/modules/services/apm.te
index b408f87..8f8efff 100644
--- a/policy/modules/services/apm.te
+++ b/policy/modules/services/apm.te
@@ -1,5 +1,5 @@
-policy_module(apm, 1.7.0)
+policy_module(apm, 1.7.1)
########################################
#
@@ -191,6 +191,10 @@ optional_policy(`
dbus_stub(apmd_t)
optional_policy(`
+ consolekit_dbus_chat(apmd_t)
+ ')
+
+ optional_policy(`
networkmanager_dbus_chat(apmd_t)
')
')
diff --git a/policy/modules/services/openca.te b/policy/modules/services/openca.te
index a097200..0d76e60 100644
--- a/policy/modules/services/openca.te
+++ b/policy/modules/services/openca.te
@@ -1,5 +1,5 @@
-policy_module(openca, 1.1.0)
+policy_module(openca, 1.1.1)
########################################
#
@@ -18,7 +18,7 @@ role system_r types openca_ca_t;
# /etc/openca standard files
type openca_etc_t;
-files_type(openca_etc_t)
+files_config_file(openca_etc_t)
# /etc/openca template files
type openca_etc_in_t;
diff --git a/policy/modules/services/portslave.te b/policy/modules/services/portslave.te
index 8b6eb55..5623b6c 100644
--- a/policy/modules/services/portslave.te
+++ b/policy/modules/services/portslave.te
@@ -1,5 +1,5 @@
-policy_module(portslave, 1.4.0)
+policy_module(portslave, 1.4.1)
########################################
#
@@ -12,7 +12,7 @@ init_domain(portslave_t, portslave_exec_t)
init_daemon_domain(portslave_t, portslave_exec_t)
type portslave_etc_t;
-files_type(portslave_etc_t)
+files_config_file(portslave_etc_t)
type portslave_lock_t;
files_lock_file(portslave_lock_t)
More information about the scm-commits
mailing list