[selinux-policy: 2487/3172] Corecommands patch from Dan Walsh.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 22:41:00 UTC 2010 

commit 4b23c6747b4e762f7d35644d479bf3377a265091
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri Mar 5 10:51:39 2010 -0500

    Corecommands patch from Dan Walsh.

 policy/modules/kernel/corecommands.fc |   16 ++++++++++++----
 policy/modules/kernel/corecommands.if |   19 +++++++++++++++++++
 policy/modules/kernel/corecommands.te |    2 +-
 3 files changed, 32 insertions(+), 5 deletions(-)
---
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index f1b1de2..e6d6ab1 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -44,15 +44,17 @@ ifdef(`distro_redhat',`
 /etc/apcupsd/offbattery		--	gen_context(system_u:object_r:bin_t,s0)
 /etc/apcupsd/onbattery		--	gen_context(system_u:object_r:bin_t,s0)
 
+/etc/avahi/.*\.action 		--	gen_context(system_u:object_r:bin_t,s0)
+
 /etc/cipe/ip-up.*		--	gen_context(system_u:object_r:bin_t,s0)
 /etc/cipe/ip-down.*		--	gen_context(system_u:object_r:bin_t,s0)
 
 /etc/ConsoleKit/run-session.d(/.*)?	gen_context(system_u:object_r:bin_t,s0)
 
-/etc/cron.daily/.*		--	gen_context(system_u:object_r:bin_t,s0)
-/etc/cron.hourly/.*		--	gen_context(system_u:object_r:bin_t,s0)
-/etc/cron.weekly/.*		--	gen_context(system_u:object_r:bin_t,s0)
-/etc/cron.monthly/.*		--	gen_context(system_u:object_r:bin_t,s0)
+/etc/cron.daily(/.*)?			gen_context(system_u:object_r:bin_t,s0)
+/etc/cron.hourly(/.*)?			gen_context(system_u:object_r:bin_t,s0)
+/etc/cron.weekly(/.*)?			gen_context(system_u:object_r:bin_t,s0)
+/etc/cron.monthly(/.*)?			gen_context(system_u:object_r:bin_t,s0)
 
 /etc/dhcp/dhclient\.d(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 
@@ -64,6 +66,7 @@ ifdef(`distro_redhat',`
 /etc/init\.d/functions		--	gen_context(system_u:object_r:bin_t,s0)
 
 /etc/mail/make			--	gen_context(system_u:object_r:bin_t,s0)
+/etc/mgetty\+sendfax/new_fax	--	gen_context(system_u:object_r:bin_t,s0)
 
 /etc/netplug\.d(/.*)? 	 		gen_context(system_u:object_r:bin_t,s0)
 
@@ -159,6 +162,7 @@ ifdef(`distro_gentoo',`
 /usr/lib(.*/)?sbin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 
 /usr/lib/ccache/bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/fence(/.*)?			gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/pgsql/test/regress/.*\.sh --	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/qt.*/bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:bin_t,s0)
@@ -214,7 +218,9 @@ ifdef(`distro_gentoo',`
 /usr/share/apr-0/build/libtool --	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/debconf/.+		--	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/cluster/.*\.sh		gen_context(system_u:object_r:bin_t,s0)
+/usr/share/cluster/ocf-shellfuncs  --   gen_context(system_u:object_r:bin_t,s0)
 /usr/share/cluster/svclib_nfslock --	gen_context(system_u:object_r:bin_t,s0)
+/usr/share/e16/misc(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 /usr/share/gnucash/finance-quote-check -- gen_context(system_u:object_r:bin_t,s0)
 /usr/share/gnucash/finance-quote-helper -- gen_context(system_u:object_r:bin_t,s0)
 /usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
@@ -228,12 +234,14 @@ ifdef(`distro_gentoo',`
 /usr/share/sectool/.*\.py	--	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/selinux/devel/policygentool -- gen_context(system_u:object_r:bin_t,s0)
 /usr/share/smolt/client(/.*)?		gen_context(system_u:object_r:bin_t,s0)
+/usr/share/shorewall/compiler\.pl --	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/shorewall/configpath	--	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/shorewall-perl(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 /usr/share/shorewall-shell(/.*)?	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/shorewall-lite(/.*)? 	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/shorewall6-lite(/.*)?	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/turboprint/lib(/.*)?	--	gen_context(system_u:object_r:bin_t,s0)
+/usr/share/vhostmd/scripts(/.*)?	gen_context(system_u:object_r:bin_t,s0)
 
 /usr/X11R6/lib(64)?/X11/xkb/xkbcomp --	gen_context(system_u:object_r:bin_t,s0)
 
diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if
index 54972ac..314731b 100644
--- a/policy/modules/kernel/corecommands.if
+++ b/policy/modules/kernel/corecommands.if
@@ -956,6 +956,25 @@ interface(`corecmd_getattr_all_executables',`
 
 ########################################
 ## <summary>
+##	Read all executable files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`corecmd_read_all_executables',`
+	gen_require(`
+		attribute exec_type;
+	')
+
+	read_files_pattern($1, exec_type, exec_type)
+')
+
+########################################
+## <summary>
 ##	Execute all executable files.
 ## </summary>
 ## <param name="domain">
diff --git a/policy/modules/kernel/corecommands.te b/policy/modules/kernel/corecommands.te
index d5cf845..f4fac25 100644
--- a/policy/modules/kernel/corecommands.te
+++ b/policy/modules/kernel/corecommands.te
@@ -1,5 +1,5 @@
 
-policy_module(corecommands, 1.12.1)
+policy_module(corecommands, 1.12.2)
 
 ########################################
 #

More information about the scm-commits mailing list