[selinux-policy: 2912/3172] Allow a couple of sandbox issues. Remove postgresl managing of etc_files, until I find out why it is
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 23:19:15 UTC 2010
commit c2dae98501c8259e1b6f6c59de6326d9d3678d40
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Sep 14 10:02:43 2010 -0400
Allow a couple of sandbox issues.
Remove postgresl managing of etc_files, until I find out why it is needed.
Dontaudit leaks from rpm to mount
policy/modules/apps/sandbox.te | 7 +++++++
policy/modules/services/postgresql.te | 3 +--
policy/modules/system/mount.te | 1 +
3 files changed, 9 insertions(+), 2 deletions(-)
---
diff --git a/policy/modules/apps/sandbox.te b/policy/modules/apps/sandbox.te
index 942bb30..2251b02 100644
--- a/policy/modules/apps/sandbox.te
+++ b/policy/modules/apps/sandbox.te
@@ -262,6 +262,13 @@ optional_policy(`
hal_dbus_chat(sandbox_x_client_t)
')
+
+allow sandbox_web_t self:process setsched;
+
+optional_policy(`
+ nsplugin_read_rw_files(sandbox_web_t)
+')
+
########################################
#
# sandbox_web_client_t local policy
diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te
index a5b6508..0ed1671 100644
--- a/policy/modules/services/postgresql.te
+++ b/policy/modules/services/postgresql.te
@@ -251,8 +251,7 @@ domain_dontaudit_list_all_domains_state(postgresql_t)
domain_use_interactive_fds(postgresql_t)
files_dontaudit_search_home(postgresql_t)
-files_manage_etc_files(postgresql_t)
-files_search_etc(postgresql_t)
+files_read_etc_files(postgresql_t)
files_read_etc_runtime_files(postgresql_t)
files_read_usr_files(postgresql_t)
diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
index 1f8fee9..0fcd4e7 100644
--- a/policy/modules/system/mount.te
+++ b/policy/modules/system/mount.te
@@ -283,6 +283,7 @@ optional_policy(`
# for kernel package installation
optional_policy(`
rpm_rw_pipes(mount_t)
+ rpm_dontaudit_leaks(mount_t)
')
optional_policy(`
More information about the scm-commits
mailing list