[selinux-policy: 1671/3172] patches for file contexts in networkmanager, miscfiles, corecommands, devices, and java from Dan Wal

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 21:29:29 UTC 2010 

commit ecc98e19e3a415358584dae9e6498871ab46bb09
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Thu Mar 1 15:43:39 2007 +0000

    patches for file contexts in networkmanager, miscfiles, corecommands, devices, and java from Dan Walsh.

 Changelog                                 |    3 ++-
 policy/modules/apps/java.fc               |    4 ++++
 policy/modules/apps/java.te               |    2 +-
 policy/modules/kernel/corecommands.fc     |    4 +++-
 policy/modules/kernel/corecommands.te     |    2 +-
 policy/modules/kernel/devices.fc          |    3 +++
 policy/modules/kernel/devices.te          |    2 +-
 policy/modules/services/networkmanager.fc |    2 +-
 policy/modules/services/networkmanager.te |    2 +-
 policy/modules/system/libraries.fc        |   10 +++++++---
 policy/modules/system/libraries.te        |    2 +-
 policy/modules/system/miscfiles.fc        |    5 +++++
 policy/modules/system/miscfiles.te        |    2 +-
 13 files changed, 31 insertions(+), 12 deletions(-)
---
diff --git a/Changelog b/Changelog
index cf6533e..90fed4b 100644
--- a/Changelog
+++ b/Changelog
@@ -1,7 +1,8 @@
 - Patch for kerberized telnet fixes from Dan Walsh.
 - Patch for kerberized ftp and other ftp fixes from Dan Walsh.
 - Patch for an additional wine executable from Dan Walsh.
-- Patch for additional games file contexts from Dan Walsh.
+- Eight patches for file contexts in games, wine, networkmanager, miscfiles,
+  corecommands, devices, and java from Dan Walsh.
 - Add support for libselinux 2.0.5 init_selinuxmnt() changes.
 - Patch for misc fixes to bluetooth from Dan Walsh.
 - Patch for misc fixes to kerberos from Dan Walsh.
diff --git a/policy/modules/apps/java.fc b/policy/modules/apps/java.fc
index d866fed..22b1a6e 100644
--- a/policy/modules/apps/java.fc
+++ b/policy/modules/apps/java.fc
@@ -3,6 +3,8 @@
 #
 /opt/(.*/)?bin/java[^/]* --	gen_context(system_u:object_r:java_exec_t,s0)
 /opt/ibm/java2-ppc64-50/jre/(bin|javaws)(/.*)? -- gen_context(system_u:object_r:java_exec_t,s0)
+/opt/local/matlab/bin/(.*/)?MATLAB. -- gen_context(system_u:object_r:java_exec_t,s0)
+/opt/matlab/bin/(.*/)?MATLAB. -- gen_context(system_u:object_r:java_exec_t,s0)
 
 #
 # /usr
@@ -18,3 +20,5 @@
 /usr/bin/grmic  	--	gen_context(system_u:object_r:java_exec_t,s0)
 /usr/bin/grmiregistry  	--	gen_context(system_u:object_r:java_exec_t,s0)
 /usr/bin/jv-convert  	--	gen_context(system_u:object_r:java_exec_t,s0)
+/usr/local/matlab/bin/(.*/)?MATLAB. -- gen_context(system_u:object_r:java_exec_t,s0)
+/usr/matlab/bin/(.*/)?MATLAB. -- gen_context(system_u:object_r:java_exec_t,s0)
diff --git a/policy/modules/apps/java.te b/policy/modules/apps/java.te
index 51eb769..bb18d37 100644
--- a/policy/modules/apps/java.te
+++ b/policy/modules/apps/java.te
@@ -1,5 +1,5 @@
 
-policy_module(java,1.3.2)
+policy_module(java,1.3.3)
 
 ########################################
 #
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index 74234f1..e112a5d 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -53,6 +53,8 @@ ifdef(`distro_redhat',`
 
 /etc/rc\.d/init\.d/functions	--	gen_context(system_u:object_r:bin_t,s0)
 
+/etc/security/namespace.init    --      gen_context(system_u:object_r:bin_t,s0)
+
 /etc/sysconfig/network-scripts/ifup-.*	-- gen_context(system_u:object_r:bin_t,s0)
 /etc/sysconfig/network-scripts/ifup-.*	-l gen_context(system_u:object_r:bin_t,s0)
 /etc/sysconfig/network-scripts/ifdown-.* -- gen_context(system_u:object_r:bin_t,s0)
@@ -73,7 +75,6 @@ ifdef(`distro_debian',`
 
 ifdef(`targeted_policy',`
 /etc/X11/prefdm			--	gen_context(system_u:object_r:bin_t,s0)
-/usr/games/nethack-3.4.3/nethack --	gen_context(system_u:object_r:bin_t,s0)
 ')
 
 #
@@ -188,6 +189,7 @@ ifdef(`distro_gentoo', `
 
 ifdef(`distro_redhat', `
 /usr/lib/.*/program(/.*)?		gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/bluetooth(/.*)?	--      gen_context(system_u:object_r:bin_t,s0)
 /usr/share/authconfig/authconfig-gtk\.py -- gen_context(system_u:object_r:bin_t,s0)
 /usr/share/authconfig/authconfig-tui\.py -- gen_context(system_u:object_r:bin_t,s0)
 /usr/share/authconfig/authconfig.py --	gen_context(system_u:object_r:bin_t,s0)
diff --git a/policy/modules/kernel/corecommands.te b/policy/modules/kernel/corecommands.te
index 007d955..1c797f4 100644
--- a/policy/modules/kernel/corecommands.te
+++ b/policy/modules/kernel/corecommands.te
@@ -1,5 +1,5 @@
 
-policy_module(corecommands,1.5.1)
+policy_module(corecommands,1.5.2)
 
 ########################################
 #
diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc
index 428331c..e0ef469 100644
--- a/policy/modules/kernel/devices.fc
+++ b/policy/modules/kernel/devices.fc
@@ -30,6 +30,7 @@
 /dev/kmsg		-c	gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh)
 /dev/logibm		-c	gen_context(system_u:object_r:mouse_device_t,s0)
 /dev/lp.*		-c	gen_context(system_u:object_r:printer_device_t,s0)
+/dev/mcelog		-c	gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh)
 /dev/mem		-c	gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
 /dev/mice		-c	gen_context(system_u:object_r:mouse_device_t,s0)
 /dev/microcode		-c	gen_context(system_u:object_r:cpu_device_t,s0)
@@ -40,6 +41,7 @@
 /dev/null		-c	gen_context(system_u:object_r:null_device_t,s0)
 /dev/nvidia.*		-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
 /dev/nvram		-c	gen_context(system_u:object_r:nvram_device_t,mls_systemhigh)
+/dev/oldmem		-c	gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
 /dev/par.*		-c	gen_context(system_u:object_r:printer_device_t,s0)
 /dev/patmgr[01]		-c	gen_context(system_u:object_r:sound_device_t,s0)
 /dev/pmu		-c	gen_context(system_u:object_r:power_device_t,s0)
@@ -58,6 +60,7 @@
 /dev/srnd[0-7]		-c	gen_context(system_u:object_r:sound_device_t,s0)
 /dev/snapshot		-c	gen_context(system_u:object_r:apm_bios_t,s0)
 /dev/sndstat		-c	gen_context(system_u:object_r:sound_device_t,s0)
+/dev/sonypi		-c	gen_context(system_u:object_r:v4l_device_t,s0)
 /dev/tlk[0-3]		-c	gen_context(system_u:object_r:v4l_device_t,s0)
 /dev/urandom		-c	gen_context(system_u:object_r:urandom_device_t,s0)
 /dev/usbdev.*		-c	gen_context(system_u:object_r:usb_device_t,s0)
diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
index 4f16958..ff6b4ce 100644
--- a/policy/modules/kernel/devices.te
+++ b/policy/modules/kernel/devices.te
@@ -1,5 +1,5 @@
 
-policy_module(devices,1.3.0)
+policy_module(devices,1.3.1)
 
 ########################################
 #
diff --git a/policy/modules/services/networkmanager.fc b/policy/modules/services/networkmanager.fc
index a1b3e62..12e9bf2 100644
--- a/policy/modules/services/networkmanager.fc
+++ b/policy/modules/services/networkmanager.fc
@@ -3,4 +3,4 @@
 /var/run/NetworkManager\.pid	--	gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
 /var/run/NetworkManager(/.*)?		gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
 /var/run/wpa_supplicant(/.*)?		gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-/var/run/wpa_supplicant-global	--	gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
+/var/run/wpa_supplicant-global	-s	gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
diff --git a/policy/modules/services/networkmanager.te b/policy/modules/services/networkmanager.te
index 7722bc2..78f407a 100644
--- a/policy/modules/services/networkmanager.te
+++ b/policy/modules/services/networkmanager.te
@@ -1,5 +1,5 @@
 
-policy_module(networkmanager,1.5.1)
+policy_module(networkmanager,1.5.2)
 
 ########################################
 #
diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc
index f7e2c00..ed4e2f0 100644
--- a/policy/modules/system/libraries.fc
+++ b/policy/modules/system/libraries.fc
@@ -74,11 +74,12 @@ ifdef(`distro_gentoo',`
 /opt/(.*/)?lib64(/.*)?				gen_context(system_u:object_r:lib_t,s0)
 /opt/(.*/)?lib64/.+\.so			--	gen_context(system_u:object_r:shlib_t,s0)
 /opt/(.*/)?lib64/.+\.so\.[^/]*		--	gen_context(system_u:object_r:shlib_t,s0)
+/opt/(.*/)?java/.+\.jar			--	gen_context(system_u:object_r:shlib_t,s0)
 /opt/(.*/)?jre.*/.+\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+/opt/(.*/)?jre/.+\.jar			--	gen_context(system_u:object_r:shlib_t,s0)
 /opt/cisco-vpnclient/lib/libvpnapi\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /opt/netbeans(.*/)?jdk.*/linux/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/opt/(.*/)?java/.+\.jar			--	gen_context(system_u:object_r:shlib_t,s0)
-/opt/(.*/)?jre/.+\.jar			--	gen_context(system_u:object_r:shlib_t,s0)
+/opt/cxoffice/lib/wine/.+\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /opt/ibm/java2-ppc64-50/jre/bin/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
 
 ifdef(`distro_gentoo',`
@@ -276,7 +277,10 @@ HOME_DIR/.*/plugins/nprhapengine\.so.* --	gen_context(system_u:object_r:textrel_
 /usr/(local/)?acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/(local/)?Adobe/.*\.api		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/(local/)?lib/xchat/plugins/systray.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/local/matlab.*/bin/glnx86/libmwlapack\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/(local/)?matlab.*/bin/glnx86/libmwlapack\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/(local/)?matlab.*/bin/glnx86/(libmw(lapack|mathutil|services)|lapack|libmkl).so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/(local/)?matlab.*/sys/os/glnx86/libtermcap.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+
 /usr/(.*/)?intellinux/SPPlugins/ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0)
 
 /usr/lib/acroread/(.*/)?sidecars/*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
diff --git a/policy/modules/system/libraries.te b/policy/modules/system/libraries.te
index 3d763c7..1ce3bba 100644
--- a/policy/modules/system/libraries.te
+++ b/policy/modules/system/libraries.te
@@ -1,5 +1,5 @@
 
-policy_module(libraries,1.5.1)
+policy_module(libraries,1.5.2)
 
 ########################################
 #
diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
index 91e6fc8..0c142e4 100644
--- a/policy/modules/system/miscfiles.fc
+++ b/policy/modules/system/miscfiles.fc
@@ -74,3 +74,8 @@ ifdef(`distro_debian',`
 /var/lib/msttcorefonts(/.*)?	gen_context(system_u:object_r:fonts_t,s0)
 /var/lib/usbutils(/.*)?		gen_context(system_u:object_r:hwdata_t,s0)
 ')
+
+ifdef(`distro_redhat',`
+/var/empty/sshd/etc/localtime -- gen_context(system_u:object_r:locale_t,s0)
+/var/spool/postfix/etc/localtime -- gen_context(system_u:object_r:locale_t,s0)
+')
diff --git a/policy/modules/system/miscfiles.te b/policy/modules/system/miscfiles.te
index afd7d9a..dccfd09 100644
--- a/policy/modules/system/miscfiles.te
+++ b/policy/modules/system/miscfiles.te
@@ -1,5 +1,5 @@
 
-policy_module(miscfiles,1.2.1)
+policy_module(miscfiles,1.2.2)
 
 ########################################
 #

More information about the scm-commits mailing list