[selinux-policy: 3/3] MCS fixes quota fixes
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Nov 4 17:36:45 UTC 2011
commit 01e90f94b87815975af42bcae9685eb032c45a78
Author: Dan Walsh <dwalsh at redhat.com>
Date: Fri Nov 4 13:36:24 2011 -0400
MCS fixes
quota fixes
consoletype.patch | 140 +++++++++++++++++++++++++++++++++++++++++++++++++++
selinux-policy.spec | 8 ---
2 files changed, 140 insertions(+), 8 deletions(-)
---
diff --git a/consoletype.patch b/consoletype.patch
new file mode 100644
index 0000000..5229a96
--- /dev/null
+++ b/consoletype.patch
@@ -0,0 +1,140 @@
+diff --git a/policy/modules/admin/consoletype.te b/policy/modules/admin/consoletype.te
+index 50e9ee4..72417f5 100644
+--- a/policy/modules/admin/consoletype.te
++++ b/policy/modules/admin/consoletype.te
+@@ -7,8 +7,8 @@ policy_module(consoletype, 1.10.0)
+
+ type consoletype_t;
+ type consoletype_exec_t;
+-init_domain(consoletype_t, consoletype_exec_t)
+-init_system_domain(consoletype_t, consoletype_exec_t)
++application_domain(consoletype_t, consoletype_exec_t)
++role system_r types consoletype_t;
+
+ ########################################
+ #
+diff --git a/policy/modules/admin/firstboot.te b/policy/modules/admin/firstboot.te
+index f808287..bd59f2e 100644
+--- a/policy/modules/admin/firstboot.te
++++ b/policy/modules/admin/firstboot.te
+@@ -97,10 +97,6 @@ userdom_home_filetrans_user_home_dir(firstboot_t)
+ userdom_user_home_dir_filetrans_user_home_content(firstboot_t, { dir file lnk_file fifo_file sock_file })
+
+ optional_policy(`
+- consoletype_domtrans(firstboot_t)
+-')
+-
+-optional_policy(`
+ dbus_system_bus_client(firstboot_t)
+
+ optional_policy(`
+diff --git a/policy/modules/apps/usernetctl.if b/policy/modules/apps/usernetctl.if
+index ba9b9d6..09ae47c 100644
+--- a/policy/modules/apps/usernetctl.if
++++ b/policy/modules/apps/usernetctl.if
+@@ -47,10 +47,6 @@ interface(`usernetctl_run',`
+ sysnet_run_dhcpc(usernetctl_t, $2)
+
+ optional_policy(`
+- consoletype_run(usernetctl_t, $2)
+- ')
+-
+- optional_policy(`
+ iptables_run(usernetctl_t, $2)
+ ')
+
+diff --git a/policy/modules/apps/usernetctl.te b/policy/modules/apps/usernetctl.te
+index f938024..93edd6b 100644
+--- a/policy/modules/apps/usernetctl.te
++++ b/policy/modules/apps/usernetctl.te
+@@ -61,6 +61,10 @@ sysnet_read_config(usernetctl_t)
+ userdom_use_inherited_user_terminals(usernetctl_t)
+
+ optional_policy(`
++ consoletype_exec(usernetctl_t)
++')
++
++optional_policy(`
+ hostname_exec(usernetctl_t)
+ ')
+
+diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
+index c6aa0bc..9cfa342 100644
+--- a/policy/modules/roles/sysadm.te
++++ b/policy/modules/roles/sysadm.te
+@@ -151,7 +151,7 @@ optional_policy(`
+ ')
+
+ optional_policy(`
+- consoletype_run(sysadm_t, sysadm_r)
++ consoletype_exec(sysadm_t)
+ ')
+
+ optional_policy(`
+diff --git a/policy/modules/services/networkmanager.te b/policy/modules/services/networkmanager.te
+index c985b07..0931220 100644
+--- a/policy/modules/services/networkmanager.te
++++ b/policy/modules/services/networkmanager.te
+@@ -205,7 +205,7 @@ optional_policy(`
+ ')
+
+ optional_policy(`
+- consoletype_domtrans(NetworkManager_t)
++ consoletype_exec(NetworkManager_t)
+ ')
+
+ optional_policy(`
+diff --git a/policy/modules/services/puppet.te b/policy/modules/services/puppet.te
+index 5f6e7b8..6a68d33 100644
+--- a/policy/modules/services/puppet.te
++++ b/policy/modules/services/puppet.te
+@@ -148,7 +148,7 @@ tunable_policy(`puppet_manage_all_files',`
+ ')
+
+ optional_policy(`
+- consoletype_domtrans(puppet_t)
++ consoletype_exec(puppet_t)
+ ')
+
+ optional_policy(`
+diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
+index be800df..22c9f0d 100644
+--- a/policy/modules/system/sysnetwork.if
++++ b/policy/modules/system/sysnetwork.if
+@@ -49,10 +49,6 @@ interface(`sysnet_run_dhcpc',`
+ sysnet_run_ifconfig(dhcpc_t, $2)
+
+ optional_policy(`
+- consoletype_run(dhcpc_t, $2)
+- ')
+-
+- optional_policy(`
+ hostname_run(dhcpc_t, $2)
+ ')
+
+diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
+index 767ccbd..b9b4dd9 100644
+--- a/policy/modules/system/sysnetwork.te
++++ b/policy/modules/system/sysnetwork.te
+@@ -170,7 +170,7 @@ ifdef(`distro_ubuntu',`
+ ')
+
+ optional_policy(`
+- consoletype_domtrans(dhcpc_t)
++ consoletype_exec(dhcpc_t)
+ ')
+
+ optional_policy(`
+diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
+index c31aeb2..8febc7a 100644
+--- a/policy/modules/system/udev.te
++++ b/policy/modules/system/udev.te
+@@ -240,7 +240,7 @@ optional_policy(`
+ ')
+
+ optional_policy(`
+- consoletype_domtrans(udev_t)
++ consoletype_exec(udev_t)
+ ')
+
+ optional_policy(`
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 425e12f..fd06d08 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -485,7 +485,6 @@ SELinux Reference policy mls base module.
%endif
%changelog
-<<<<<<< HEAD
* Fri Nov 4 2011 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-54
- MCS fixes
- quota fixes
@@ -493,13 +492,6 @@ SELinux Reference policy mls base module.
* Thu Nov 4 2011 Dan Walsh <dwalsh at redhat.com> 3.10.0-53.1
- Remove transitions to consoletype
-||||||| merged common ancestors
-=======
-* Fri Nov 4 2011 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-54
-- MCS fixes
-- quota fixes
-
->>>>>>> 76b2f513a3b64cbd70fb9183587a6e2e5e56dbaa
* Tue Nov 1 2011 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-53
- Make nvidia* to be labeled correctly
- Fix abrt_manage_cache() interface
More information about the scm-commits
mailing list