rpms/selinux-policy/F-12 modules-minimum.conf, 1.51, 1.52 modules-mls.conf, 1.69, 1.70 modules-targeted.conf, 1.160, 1.161 policy-20100106.patch, 1.51, 1.52 selinux-policy.spec, 1.1035, 1.1036
Miroslav Grepl
mgrepl at fedoraproject.org
Mon Mar 15 21:50:37 UTC 2010
Author: mgrepl
Update of /cvs/pkgs/rpms/selinux-policy/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv16655
Modified Files:
modules-minimum.conf modules-mls.conf modules-targeted.conf
policy-20100106.patch selinux-policy.spec
Log Message:
- Add sosreport policy
Index: modules-minimum.conf
===================================================================
RCS file: /cvs/pkgs/rpms/selinux-policy/F-12/modules-minimum.conf,v
retrieving revision 1.51
retrieving revision 1.52
diff -u -p -r1.51 -r1.52
--- modules-minimum.conf 3 Mar 2010 11:48:06 -0000 1.51
+++ modules-minimum.conf 15 Mar 2010 21:50:34 -0000 1.52
@@ -1943,6 +1943,13 @@ munin = module
#
bitlbee = module
+# Layer: system
+# Module: sosreport
+#
+# sosreport debuggin information generator
+#
+sosreport = module
+
# Layer: services
# Module: soundserver
#
Index: modules-mls.conf
===================================================================
RCS file: /cvs/pkgs/rpms/selinux-policy/F-12/modules-mls.conf,v
retrieving revision 1.69
retrieving revision 1.70
diff -u -p -r1.69 -r1.70
--- modules-mls.conf 5 Mar 2010 15:23:41 -0000 1.69
+++ modules-mls.conf 15 Mar 2010 21:50:34 -0000 1.70
@@ -1816,6 +1816,13 @@ munin = module
#
bitlbee = module
+# Layer: system
+# Module: sosreport
+#
+# sosreport debuggin information generator
+#
+sosreport = module
+
# Layer: services
# Module: soundserver
#
Index: modules-targeted.conf
===================================================================
RCS file: /cvs/pkgs/rpms/selinux-policy/F-12/modules-targeted.conf,v
retrieving revision 1.160
retrieving revision 1.161
diff -u -p -r1.160 -r1.161
--- modules-targeted.conf 3 Mar 2010 11:48:06 -0000 1.160
+++ modules-targeted.conf 15 Mar 2010 21:50:34 -0000 1.161
@@ -1943,6 +1943,13 @@ munin = module
#
bitlbee = module
+# Layer: system
+# Module: sosreport
+#
+# sosreport debuggin information generator
+#
+sosreport = module
+
# Layer: services
# Module: soundserver
#
policy-20100106.patch:
config/appconfig-mcs/x_contexts | 109 ----
config/appconfig-mls/x_contexts | 109 ----
config/appconfig-standard/x_contexts | 109 ----
policy/flask/access_vectors | 55 +-
policy/flask/security_classes | 4
policy/modules/admin/consoletype.if | 4
policy/modules/admin/dmesg.fc | 1
policy/modules/admin/logrotate.te | 5
policy/modules/admin/logwatch.te | 5
policy/modules/admin/mcelog.fc | 2
policy/modules/admin/mcelog.if | 20
policy/modules/admin/mcelog.te | 31 +
policy/modules/admin/netutils.fc | 1
policy/modules/admin/netutils.te | 6
policy/modules/admin/prelink.te | 1
policy/modules/admin/quota.te | 1
policy/modules/admin/readahead.te | 2
policy/modules/admin/rpm.if | 60 ++
policy/modules/admin/rpm.te | 2
policy/modules/admin/shutdown.fc | 5
policy/modules/admin/shutdown.if | 100 ++++
policy/modules/admin/shutdown.te | 57 ++
policy/modules/admin/smoltclient.te | 2
policy/modules/admin/usermanage.te | 8
policy/modules/admin/vbetool.te | 13
policy/modules/admin/vpn.te | 7
policy/modules/apps/cdrecord.te | 2
policy/modules/apps/chrome.te | 11
policy/modules/apps/execmem.if | 10
policy/modules/apps/firewallgui.te | 6
policy/modules/apps/gnome.fc | 9
policy/modules/apps/gnome.if | 81 ++-
policy/modules/apps/gnome.te | 8
policy/modules/apps/gpg.fc | 2
policy/modules/apps/gpg.te | 10
policy/modules/apps/java.if | 1
policy/modules/apps/java.te | 1
policy/modules/apps/kdumpgui.te | 4
policy/modules/apps/mozilla.fc | 1
policy/modules/apps/mozilla.if | 36 +
policy/modules/apps/nsplugin.fc | 1
policy/modules/apps/nsplugin.if | 40 +
policy/modules/apps/nsplugin.te | 10
policy/modules/apps/openoffice.if | 1
policy/modules/apps/podsleuth.te | 1
policy/modules/apps/ptchown.te | 1
policy/modules/apps/pulseaudio.fc | 7
policy/modules/apps/pulseaudio.if | 70 ++
policy/modules/apps/pulseaudio.te | 41 +
policy/modules/apps/qemu.te | 1
policy/modules/apps/sambagui.te | 4
policy/modules/apps/sandbox.if | 54 +-
policy/modules/apps/sandbox.te | 49 +
policy/modules/apps/slocate.te | 1
policy/modules/apps/vmware.if | 18
policy/modules/apps/vmware.te | 11
policy/modules/apps/wine.if | 5
policy/modules/apps/wine.te | 18
policy/modules/apps/wm.if | 16
policy/modules/kernel/corecommands.fc | 5
policy/modules/kernel/corenetwork.if.in | 18
policy/modules/kernel/corenetwork.te.in | 7
policy/modules/kernel/devices.fc | 5
policy/modules/kernel/devices.if | 335 ++++++++++++-
policy/modules/kernel/devices.te | 25 -
policy/modules/kernel/domain.if | 24
policy/modules/kernel/domain.te | 6
policy/modules/kernel/files.fc | 2
policy/modules/kernel/files.if | 334 ++++++++++---
policy/modules/kernel/files.te | 7
policy/modules/kernel/filesystem.if | 156 ++++++
policy/modules/kernel/filesystem.te | 12
policy/modules/kernel/kernel.if | 36 +
policy/modules/kernel/terminal.if | 247 +++++++++-
policy/modules/roles/auditadm.te | 2
policy/modules/roles/secadm.te | 2
policy/modules/roles/staff.te | 18
policy/modules/roles/sysadm.te | 12
policy/modules/roles/unconfineduser.fc | 5
policy/modules/roles/unconfineduser.te | 16
policy/modules/roles/xguest.te | 7
policy/modules/services/abrt.if | 5
policy/modules/services/abrt.te | 26 +
policy/modules/services/afs.te | 6
policy/modules/services/aisexec.fc | 2
policy/modules/services/aisexec.te | 8
policy/modules/services/amavis.te | 1
policy/modules/services/apache.fc | 9
policy/modules/services/apache.if | 48 +
policy/modules/services/apache.te | 46 +
policy/modules/services/apcupsd.te | 6
policy/modules/services/arpwatch.te | 2
policy/modules/services/asterisk.te | 1
policy/modules/services/avahi.fc | 2
policy/modules/services/avahi.if | 1
policy/modules/services/bind.if | 19
policy/modules/services/bluetooth.te | 2
policy/modules/services/cachefilesd.fc | 28 +
policy/modules/services/cachefilesd.if | 41 +
policy/modules/services/cachefilesd.te | 146 +++++
policy/modules/services/ccs.te | 6
policy/modules/services/chronyd.fc | 2
policy/modules/services/chronyd.te | 15
policy/modules/services/clogd.if | 24
policy/modules/services/clogd.te | 7
policy/modules/services/cobbler.fc | 5
policy/modules/services/cobbler.if | 156 ++++++
policy/modules/services/cobbler.te | 132 +++++
policy/modules/services/consolekit.te | 19
policy/modules/services/corosync.fc | 3
policy/modules/services/corosync.te | 15
policy/modules/services/cron.te | 9
policy/modules/services/cups.te | 8
policy/modules/services/dbus.if | 7
policy/modules/services/dcc.te | 2
policy/modules/services/devicekit.fc | 4
policy/modules/services/devicekit.te | 14
policy/modules/services/dhcp.if | 19
policy/modules/services/dhcp.te | 4
policy/modules/services/djbdns.if | 38 +
policy/modules/services/djbdns.te | 8
policy/modules/services/dnsmasq.fc | 2
policy/modules/services/dnsmasq.if | 38 +
policy/modules/services/dnsmasq.te | 8
policy/modules/services/dovecot.te | 6
policy/modules/services/exim.if | 18
policy/modules/services/fail2ban.if | 18
policy/modules/services/ftp.fc | 2
policy/modules/services/ftp.if | 37 +
policy/modules/services/ftp.te | 116 ++++
policy/modules/services/git.fc | 17
policy/modules/services/git.if | 466 ++++++++++++++----
policy/modules/services/git.te | 145 +++--
policy/modules/services/gpm.fc | 2
policy/modules/services/hal.te | 13
policy/modules/services/inn.te | 1
policy/modules/services/kerberos.if | 2
policy/modules/services/ldap.fc | 3
policy/modules/services/ldap.te | 13
policy/modules/services/lircd.te | 7
policy/modules/services/mailman.te | 1
policy/modules/services/memcached.te | 14
policy/modules/services/modemmanager.te | 2
policy/modules/services/mta.if | 38 +
policy/modules/services/mta.te | 1
policy/modules/services/munin.te | 3
policy/modules/services/mysql.te | 6
policy/modules/services/nagios.fc | 46 +
policy/modules/services/nagios.if | 28 +
policy/modules/services/nagios.te | 87 +++
policy/modules/services/networkmanager.fc | 1
policy/modules/services/networkmanager.if | 19
policy/modules/services/networkmanager.te | 2
policy/modules/services/nis.fc | 5
policy/modules/services/nis.te | 8
policy/modules/services/nut.te | 11
policy/modules/services/nx.if | 18
policy/modules/services/openvpn.te | 4
policy/modules/services/plymouth.fc | 5
policy/modules/services/plymouth.if | 304 ------------
policy/modules/services/plymouth.te | 102 ----
policy/modules/services/plymouthd.fc | 9
policy/modules/services/plymouthd.if | 322 +++++++++++++
policy/modules/services/plymouthd.te | 106 ++++
policy/modules/services/policykit.te | 20
policy/modules/services/postfix.if | 37 +
policy/modules/services/postfix.te | 9
policy/modules/services/ppp.fc | 2
policy/modules/services/ppp.te | 8
policy/modules/services/prelude.te | 2
policy/modules/services/qmail.if | 18
policy/modules/services/rgmanager.if | 40 +
policy/modules/services/rgmanager.te | 58 +-
policy/modules/services/rhcs.fc | 9
policy/modules/services/rhcs.if | 58 ++
policy/modules/services/rhcs.te | 278 ++---------
policy/modules/services/ricci.te | 8
policy/modules/services/rpc.if | 1
policy/modules/services/rpc.te | 8
policy/modules/services/rsync.if | 38 +
policy/modules/services/samba.te | 18
policy/modules/services/sendmail.te | 4
policy/modules/services/setroubleshoot.te | 4
policy/modules/services/snmp.te | 4
policy/modules/services/snort.te | 1
policy/modules/services/spamassassin.if | 18
policy/modules/services/spamassassin.te | 6
policy/modules/services/ssh.if | 4
policy/modules/services/ssh.te | 84 ---
policy/modules/services/sssd.fc | 4
policy/modules/services/sssd.if | 85 ++-
policy/modules/services/sssd.te | 16
policy/modules/services/tftp.if | 20
policy/modules/services/tftp.te | 1
policy/modules/services/tgtd.te | 1
policy/modules/services/tor.fc | 1
policy/modules/services/tuned.fc | 3
policy/modules/services/tuned.te | 15
policy/modules/services/ucspitcp.te | 5
policy/modules/services/usbmuxd.fc | 6
policy/modules/services/usbmuxd.if | 64 ++
policy/modules/services/usbmuxd.te | 51 ++
policy/modules/services/virt.if | 9
policy/modules/services/virt.te | 15
policy/modules/services/xserver.fc | 18
policy/modules/services/xserver.if | 738 ++++++++++--------------------
policy/modules/services/xserver.te | 384 ++++++++-------
policy/modules/system/application.te | 12
policy/modules/system/daemontools.if | 62 ++
policy/modules/system/daemontools.te | 26 -
policy/modules/system/fstools.fc | 2
policy/modules/system/hostname.te | 3
policy/modules/system/hotplug.te | 4
policy/modules/system/init.if | 35 +
policy/modules/system/init.te | 27 +
policy/modules/system/ipsec.te | 13
policy/modules/system/iptables.if | 10
policy/modules/system/iptables.te | 6
policy/modules/system/iscsi.fc | 3
policy/modules/system/iscsi.te | 10
policy/modules/system/libraries.fc | 24
policy/modules/system/locallogin.te | 22
policy/modules/system/logging.fc | 7
policy/modules/system/logging.if | 18
policy/modules/system/logging.te | 10
policy/modules/system/lvm.fc | 1
policy/modules/system/lvm.if | 4
policy/modules/system/lvm.te | 6
policy/modules/system/miscfiles.fc | 5
policy/modules/system/miscfiles.if | 37 +
policy/modules/system/modutils.te | 2
policy/modules/system/mount.if | 56 ++
policy/modules/system/mount.te | 56 ++
policy/modules/system/selinuxutil.if | 21
policy/modules/system/selinuxutil.te | 1
policy/modules/system/sosreport.fc | 2
policy/modules/system/sosreport.if | 74 +++
policy/modules/system/sosreport.te | 129 +++++
policy/modules/system/sysnetwork.fc | 1
policy/modules/system/sysnetwork.if | 4
policy/modules/system/sysnetwork.te | 3
policy/modules/system/udev.te | 5
policy/modules/system/unconfined.if | 2
policy/modules/system/userdomain.fc | 1
policy/modules/system/userdomain.if | 45 +
policy/modules/system/xen.if | 2
policy/modules/system/xen.te | 22
policy/support/obj_perm_sets.spt | 8
policy/users | 2
249 files changed, 6117 insertions(+), 2322 deletions(-)
Index: policy-20100106.patch
===================================================================
RCS file: /cvs/pkgs/rpms/selinux-policy/F-12/policy-20100106.patch,v
retrieving revision 1.51
retrieving revision 1.52
diff -u -p -r1.51 -r1.52
--- policy-20100106.patch 15 Mar 2010 17:11:27 -0000 1.51
+++ policy-20100106.patch 15 Mar 2010 21:50:34 -0000 1.52
@@ -4590,7 +4590,7 @@ diff -b -B --ignore-all-space --exclude-
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.te serefpolicy-3.6.32/policy/modules/roles/unconfineduser.te
--- nsaserefpolicy/policy/modules/roles/unconfineduser.te 2010-01-18 18:24:22.722530039 +0100
-+++ serefpolicy-3.6.32/policy/modules/roles/unconfineduser.te 2010-03-11 22:33:59.863510767 +0100
++++ serefpolicy-3.6.32/policy/modules/roles/unconfineduser.te 2010-03-15 18:09:26.443629787 +0100
@@ -39,6 +39,8 @@
type unconfined_exec_t;
init_system_domain(unconfined_t, unconfined_exec_t)
@@ -4633,12 +4633,11 @@ diff -b -B --ignore-all-space --exclude-
')
optional_policy(`
-@@ -405,7 +415,8 @@
+@@ -405,7 +415,7 @@
type unconfined_execmem_t;
type nsplugin_exec_t;
')
- domtrans_pattern(unconfined_t, mozilla_exec_t, unconfined_execmem_t)
-+ #nsplugin_exec_domtrans(unconfined_t, unconfined_execmem_t)
+ #domtrans_pattern(unconfined_t, mozilla_exec_t, unconfined_execmem_t)
domtrans_pattern(unconfined_t, nsplugin_exec_t, unconfined_execmem_t)
')
@@ -4691,7 +4690,7 @@ diff -b -B --ignore-all-space --exclude-
######################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.6.32/policy/modules/services/abrt.te
--- nsaserefpolicy/policy/modules/services/abrt.te 2010-01-18 18:24:22.727540243 +0100
-+++ serefpolicy-3.6.32/policy/modules/services/abrt.te 2010-03-15 11:24:00.710614337 +0100
++++ serefpolicy-3.6.32/policy/modules/services/abrt.te 2010-03-15 22:25:29.436449382 +0100
@@ -96,16 +96,19 @@
corenet_tcp_connect_ftp_port(abrt_t)
corenet_tcp_connect_all_ports(abrt_t)
@@ -4721,7 +4720,14 @@ diff -b -B --ignore-all-space --exclude-
fs_search_all(abrt_t)
sysnet_read_config(abrt_t)
-@@ -176,6 +180,16 @@
+@@ -173,9 +177,23 @@
+ ')
+
+ optional_policy(`
++ sosreport_domtrans(abrt_t)
++')
++
++optional_policy(`
sssd_stream_connect(abrt_t)
')
@@ -4738,7 +4744,7 @@ diff -b -B --ignore-all-space --exclude-
permissive abrt_t;
########################################
-@@ -200,10 +214,16 @@
+@@ -200,10 +218,16 @@
files_read_etc_files(abrt_helper_t)
files_dontaudit_all_non_security_leaks(abrt_helper_t)
@@ -13748,7 +13754,7 @@ diff -b -B --ignore-all-space --exclude-
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.6.32/policy/modules/system/init.if
--- nsaserefpolicy/policy/modules/system/init.if 2010-01-18 18:24:22.933540325 +0100
-+++ serefpolicy-3.6.32/policy/modules/system/init.if 2010-03-15 17:17:02.854604441 +0100
++++ serefpolicy-3.6.32/policy/modules/system/init.if 2010-03-15 17:34:09.965647341 +0100
@@ -165,6 +165,7 @@
type init_t;
role system_r;
@@ -13801,18 +13807,7 @@ diff -b -B --ignore-all-space --exclude-
')
########################################
-@@ -701,6 +707,10 @@
- ifdef(`enable_mls',`
- range_transition $1 init_script_file_type:process s0 - mls_systemhigh;
- ')
-+
-+ ifdef(`hide_broken_symptoms', `
-+ dontaudit init_script_file_type $1:fifo_file rw_inherited_fifo_file_perms;
-+ ')
- ')
-
- ########################################
-@@ -775,8 +785,10 @@
+@@ -775,8 +781,10 @@
interface(`init_labeled_script_domtrans',`
gen_require(`
type initrc_t;
@@ -13823,7 +13818,7 @@ diff -b -B --ignore-all-space --exclude-
domtrans_pattern($1, $2, initrc_t)
files_search_etc($1)
')
-@@ -1686,3 +1698,26 @@
+@@ -1686,3 +1694,26 @@
allow $1 initrc_t:sem rw_sem_perms;
')
@@ -14758,6 +14753,223 @@ diff -b -B --ignore-all-space --exclude-
miscfiles_read_localization(load_policy_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosreport.fc serefpolicy-3.6.32/policy/modules/system/sosreport.fc
+--- nsaserefpolicy/policy/modules/system/sosreport.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.6.32/policy/modules/system/sosreport.fc 2010-03-15 22:24:08.238477345 +0100
+@@ -0,0 +1,2 @@
++
++/usr/sbin/sosreport -- gen_context(system_u:object_r:sosreport_exec_t,s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosreport.if serefpolicy-3.6.32/policy/modules/system/sosreport.if
+--- nsaserefpolicy/policy/modules/system/sosreport.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.6.32/policy/modules/system/sosreport.if 2010-03-15 22:24:08.248663221 +0100
+@@ -0,0 +1,74 @@
++
++## <summary>policy for sosreport</summary>
++
++########################################
++## <summary>
++## Execute a domain transition to run sosreport.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed to transition.
++## </summary>
++## </param>
++#
++interface(`sosreport_domtrans',`
++ gen_require(`
++ type sosreport_t, sosreport_exec_t;
++ ')
++
++ domtrans_pattern($1, sosreport_exec_t, sosreport_t)
++')
++
++
++########################################
++## <summary>
++## Execute sosreport in the sosreport domain, and
++## allow the specified role the sosreport domain.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access
++## </summary>
++## </param>
++## <param name="role">
++## <summary>
++## The role to be allowed the sosreport domain.
++## </summary>
++## </param>
++#
++interface(`sosreport_run',`
++ gen_require(`
++ type sosreport_t;
++ ')
++
++ sosreport_domtrans($1)
++ role $2 types sosreport_t;
++')
++
++########################################
++## <summary>
++## Role access for sosreport
++## </summary>
++## <param name="role">
++## <summary>
++## Role allowed access
++## </summary>
++## </param>
++## <param name="domain">
++## <summary>
++## User domain for the role
++## </summary>
++## </param>
++#
++interface(`sosreport_role',`
++ gen_require(`
++ type sosreport_t;
++ ')
++
++ role $1 types sosreport_t;
++
++ sosreport_domtrans($2)
++
++ ps_process_pattern($2, sosreport_t)
++ allow $2 sosreport_t:process signal;
++')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosreport.te serefpolicy-3.6.32/policy/modules/system/sosreport.te
+--- nsaserefpolicy/policy/modules/system/sosreport.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.6.32/policy/modules/system/sosreport.te 2010-03-15 22:24:08.281168472 +0100
+@@ -0,0 +1,129 @@
++
++policy_module(sosreport,1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++type sosreport_t;
++type sosreport_exec_t;
++application_domain(sosreport_t, sosreport_exec_t)
++role system_r types sosreport_t;
++
++type sosreport_tmp_t;
++files_tmp_file(sosreport_tmp_t)
++
++type sosreport_tmpfs_t;
++files_tmpfs_file(sosreport_tmpfs_t)
++
++########################################
++#
++# sosreport local policy
++#
++
++allow sosreport_t self:capability { kill net_admin net_raw setuid sys_nice sys_ptrace dac_override };
++allow sosreport_t self:process { setsched signull };
++
++allow sosreport_t self:fifo_file rw_fifo_file_perms;
++allow sosreport_t self:tcp_socket create_stream_socket_perms;
++allow sosreport_t self:udp_socket create_socket_perms;
++allow sosreport_t self:unix_dgram_socket create_socket_perms;
++allow sosreport_t self:netlink_route_socket r_netlink_socket_perms;
++allow sosreport_t self:unix_stream_socket create_stream_socket_perms;
++
++# sosreport tmp files
++manage_dirs_pattern(sosreport_t, sosreport_tmp_t, sosreport_tmp_t)
++manage_files_pattern(sosreport_t, sosreport_tmp_t, sosreport_tmp_t)
++manage_lnk_files_pattern(sosreport_t, sosreport_tmp_t, sosreport_tmp_t)
++files_tmp_filetrans(sosreport_t, sosreport_tmp_t, { file dir })
++
++manage_files_pattern(sosreport_t, sosreport_tmpfs_t, sosreport_tmpfs_t)
++fs_tmpfs_filetrans(sosreport_t, sosreport_tmpfs_t,file)
++
++kernel_read_device_sysctls(sosreport_t)
++kernel_read_hotplug_sysctls(sosreport_t)
++kernel_read_kernel_sysctls(sosreport_t)
++kernel_read_modprobe_sysctls(sosreport_t)
++kernel_read_net_sysctls(sosreport_t)
++kernel_read_network_state(sosreport_t)
++kernel_read_rpc_sysctls(sosreport_t)
++kernel_read_software_raid_state(sosreport_t)
++kernel_read_unix_sysctls(sosreport_t)
++kernel_read_vm_sysctls(sosreport_t)
++kernel_search_debugfs(sosreport_t)
++
++corecmd_exec_all_executables(sosreport_t)
++
++dev_getattr_all_chr_files(sosreport_t)
++dev_getattr_all_blk_files(sosreport_t)
++
++dev_read_rand(sosreport_t)
++dev_read_urand(sosreport_t)
++dev_read_raw_memory(sosreport_t)
++dev_read_sysfs(sosreport_t)
++
++domain_getattr_all_domains(sosreport_t)
++domain_read_all_domains_state(sosreport_t)
++
++# for blkid.tab
++files_manage_etc_runtime_files(sosreport_t)
++files_etc_filetrans_etc_runtime(sosreport_t, file)
++
++files_exec_etc_files(sosreport_t)
++files_list_all(sosreport_t)
++files_read_config_files(sosreport_t)
++files_read_etc_files(sosreport_t)
++files_read_generic_tmp_files(sosreport_t)
++files_read_usr_files(sosreport_t)
++files_read_var_lib_files(sosreport_t)
++files_read_var_symlinks(sosreport_t)
++files_read_kernel_modules(sosreport_t)
++
++fs_getattr_all_fs(sosreport_t)
++
++# cjp: some config files do not have configfile attribute
++# sosreport needs to read various files on system
++auth_read_all_files_except_shadow(sosreport_t)
++auth_use_nsswitch(sosreport_t)
++
++init_domtrans_script(sosreport_t)
++
++libs_domtrans_ldconfig(sosreport_t)
++
++logging_read_all_logs(sosreport_t)
++logging_send_syslog_msg(sosreport_t)
++
++miscfiles_read_localization(sosreport_t)
++
++# needed by modinfo
++modutils_read_module_deps(sosreport_t)
++
++sysnet_read_config(sosreport_t)
++
++optional_policy(`
++ cups_stream_connect(sosreport_t)
++')
++
++optional_policy(`
++ lvm_domtrans(sosreport_t)
++')
++
++optional_policy(`
++ pulseaudio_stream_connect(sosreport_t)
++')
++
++optional_policy(`
++ rpm_exec(sosreport_t)
++ rpm_dontaudit_manage_db(sosreport_t)
++ rpm_read_db(sosreport_t)
++')
++
++optional_policy(`
++ xserver_stream_connect(sosreport_t)
++')
++
++optional_policy(`
++ unconfined_domain_noaudit(sosreport_t)
++')
++
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.6.32/policy/modules/system/sysnetwork.fc
--- nsaserefpolicy/policy/modules/system/sysnetwork.fc 2010-01-18 18:24:22.968540028 +0100
+++ serefpolicy-3.6.32/policy/modules/system/sysnetwork.fc 2010-03-01 16:01:07.867490672 +0100
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/pkgs/rpms/selinux-policy/F-12/selinux-policy.spec,v
retrieving revision 1.1035
retrieving revision 1.1036
diff -u -p -r1.1035 -r1.1036
--- selinux-policy.spec 15 Mar 2010 17:11:27 -0000 1.1035
+++ selinux-policy.spec 15 Mar 2010 21:50:35 -0000 1.1036
@@ -469,6 +469,9 @@ exit 0
%endif
%changelog
+* Mon Mar 15 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.32-103
+- Add sosreport policy
+
* Mon Mar 15 2010 Miroslav Grepl <mgrepl at redhat.com> 3.6.32-102
- Allow bluetooth sys_admin capability
- Fix label for libADM libraries
More information about the scm-commits
mailing list