[selinux-policy] Move dontaudit sys_ptrace line from permissive.te to domain.te Remove policy for hal, it no longer e
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 13 19:43:18 UTC 2011
commit 2453975e3d34aef55de4b48253d9418c05bf429d
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Oct 13 15:43:15 2011 -0400
Move dontaudit sys_ptrace line from permissive.te to domain.te
Remove policy for hal, it no longer exists
modules-mls.conf | 7 -------
modules-targeted.conf | 7 -------
ptrace.patch | 14 --------------
selinux-policy.spec | 8 ++++++--
4 files changed, 6 insertions(+), 30 deletions(-)
---
diff --git a/modules-mls.conf b/modules-mls.conf
index 28ac668..b4ac026 100644
--- a/modules-mls.conf
+++ b/modules-mls.conf
@@ -620,13 +620,6 @@ gnome = module
gnomeclock = module
# Layer: services
-# Module: hal
-#
-# Hardware abstraction layer
-#
-hal = module
-
-# Layer: services
# Module: plymouthd
#
# Plymouth
diff --git a/modules-targeted.conf b/modules-targeted.conf
index 6930073..c806c9d 100644
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@@ -703,13 +703,6 @@ gnome = module
gnomeclock = module
# Layer: services
-# Module: hal
-#
-# Hardware abstraction layer
-#
-hal = module
-
-# Layer: services
# Module: hddtemp
#
# hddtemp hard disk temperature tool running as a daemon
diff --git a/ptrace.patch b/ptrace.patch
index a78dd8c..ab0d753 100644
--- a/ptrace.patch
+++ b/ptrace.patch
@@ -83,20 +83,6 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/ncftool.te.ptrace serefpolicy-3
allow ncftool_t self:process signal;
allow ncftool_t self:fifo_file manage_fifo_file_perms;
-diff -up serefpolicy-3.10.0/policy/modules/admin/permissivedomains.te.ptrace serefpolicy-3.10.0/policy/modules/admin/permissivedomains.te
---- serefpolicy-3.10.0/policy/modules/admin/permissivedomains.te.ptrace 2011-10-11 16:42:15.590761731 -0400
-+++ serefpolicy-3.10.0/policy/modules/admin/permissivedomains.te 2011-10-11 16:43:18.809744020 -0400
-@@ -266,3 +266,10 @@ optional_policy(`
- permissive virt_qmf_t;
- ')
-
-+optional_policy(`
-+ gen_require(`
-+ attribute domain;
-+ ')
-+
-+ dontaudit domain self:capability sys_ptrace;
-+')
diff -up serefpolicy-3.10.0/policy/modules/admin/rpm.te.ptrace serefpolicy-3.10.0/policy/modules/admin/rpm.te
--- serefpolicy-3.10.0/policy/modules/admin/rpm.te.ptrace 2011-10-11 16:42:16.020761610 -0400
+++ serefpolicy-3.10.0/policy/modules/admin/rpm.te 2011-10-11 16:42:16.085761591 -0400
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 3956c6f..6dc825a 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.10.0
-Release: 39.2%{?dist}
+Release: 39.3%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -218,7 +218,7 @@ fi;
if [ -e /etc/selinux/%2/.rebuild ]; then \
rm /etc/selinux/%2/.rebuild; \
if [ %1 -ne 1 ]; then \
- /usr/sbin/semodule -n -s %2 -r hotplug howl java mono moilscanner gamin audio_entropy iscsid polkit_auth polkit rtkit_daemon ModemManager telepathysofiasip ethereal passanger qpidd 2>/dev/null; \
+ /usr/sbin/semodule -n -s %2 -r hal hotplug howl java mono moilscanner gamin audio_entropy iscsid polkit_auth polkit rtkit_daemon ModemManager telepathysofiasip ethereal passanger qpidd 2>/dev/null; \
fi \
/usr/sbin/semodule -B -s %2; \
else \
@@ -480,6 +480,10 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Thu Oct 13 2011 Dan Walsh <dwalsh at redhat.com> 3.10.0-39.3
+- Move dontaudit sys_ptrace line from permissive.te to domain.te
+- Remove policy for hal, it no longer exists
+
* Wed Oct 12 2011 Dan Walsh <dwalsh at redhat.com> 3.10.0-39.2
- Don't check md5 size or mtime on certain config files
More information about the scm-commits
mailing list