[selinux-policy: 1576/3172] more strict testing fixes
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:21:26 UTC 2010
commit 98de871cee02223ff6fcf88280d9f75abbfd867d
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed Aug 23 19:36:04 2006 +0000
more strict testing fixes
policy/modules/system/authlogin.if | 2 +-
policy/modules/system/authlogin.te | 2 +-
policy/modules/system/init.fc | 6 +++++-
policy/modules/system/init.te | 13 +++++++++----
policy/modules/system/selinuxutil.te | 4 +++-
policy/modules/system/sysnetwork.fc | 6 +++++-
policy/modules/system/sysnetwork.te | 2 +-
7 files changed, 25 insertions(+), 10 deletions(-)
---
diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
index 51428d5..b947f0a 100644
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -654,7 +654,7 @@ interface(`auth_rw_lastlog',`
')
logging_search_logs($1)
- allow $1 lastlog_t:file { getattr read write setattr };
+ allow $1 lastlog_t:file { getattr read write lock setattr };
')
########################################
diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
index e1d1da5..1006dc4 100644
--- a/policy/modules/system/authlogin.te
+++ b/policy/modules/system/authlogin.te
@@ -1,5 +1,5 @@
-policy_module(authlogin,1.3.11)
+policy_module(authlogin,1.3.12)
########################################
#
diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
index 46ef80a..0c0dfda 100644
--- a/policy/modules/system/init.fc
+++ b/policy/modules/system/init.fc
@@ -9,7 +9,11 @@
/etc/rc\.d/init\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
-ifdef(`targeted_policy', `', `
+ifdef(`distro_gentoo',`
+/etc/vmware/init\.d/vmware -- gen_context(system_u:object_r:initrc_exec_t,s0)
+')
+
+ifdef(`strict_policy',`
/etc/X11/prefdm -- gen_context(system_u:object_r:initrc_exec_t,s0)
')
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 07e4469..ab9d4b3 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -1,5 +1,5 @@
-policy_module(init,1.3.21)
+policy_module(init,1.3.22)
gen_require(`
class passwd rootok;
@@ -221,9 +221,10 @@ term_create_pty(initrc_t,initrc_devpts_t)
can_exec(initrc_t,initrc_exec_t)
-allow initrc_t initrc_state_t:dir create_dir_perms;
-allow initrc_t initrc_state_t:file create_file_perms;
-allow initrc_t initrc_state_t:lnk_file { create read getattr setattr unlink rename };
+allow initrc_t initrc_state_t:dir manage_dir_perms;
+allow initrc_t initrc_state_t:file manage_file_perms;
+allow initrc_t initrc_state_t:fifo_file manage_file_perms;
+allow initrc_t initrc_state_t:lnk_file create_lnk_perms;
allow initrc_t initrc_var_run_t:file create_file_perms;
files_pid_filetrans(initrc_t,initrc_var_run_t,file)
@@ -466,6 +467,10 @@ ifdef(`distro_redhat',`
miscfiles_read_fonts(initrc_t)
miscfiles_read_hwdata(initrc_t)
+ # for integrated run_init to read run_init_type.
+ # happens during boot (/sbin/rc execs init scripts)
+ seutil_read_default_contexts(initrc_t)
+
optional_policy(`
bind_manage_config_dirs(initrc_t)
bind_write_config(initrc_t)
diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
index ec991b1..2e89f2b 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -1,5 +1,5 @@
-policy_module(selinuxutil,1.2.11)
+policy_module(selinuxutil,1.2.12)
ifdef(`strict_policy',`
gen_require(`
@@ -565,6 +565,8 @@ corecmd_exec_sbin(semanage_t)
dev_read_urand(semanage_t)
+domain_use_interactive_fds(semanage_t)
+
files_read_etc_files(semanage_t)
files_read_usr_files(semanage_t)
files_list_pids(semanage_t)
diff --git a/policy/modules/system/sysnetwork.fc b/policy/modules/system/sysnetwork.fc
index f58df4f..eb2e4df 100644
--- a/policy/modules/system/sysnetwork.fc
+++ b/policy/modules/system/sysnetwork.fc
@@ -50,7 +50,11 @@ ifdef(`distro_redhat',`
/var/lib/dhcp3? -d gen_context(system_u:object_r:dhcp_state_t,s0)
/var/lib/dhcp3?/dhclient.* gen_context(system_u:object_r:dhcpc_state_t,s0)
/var/lib/dhcpcd(/.*)? gen_context(system_u:object_r:dhcpc_state_t,s0)
-
/var/lib/dhclient(/.*)? gen_context(system_u:object_r:dhcpc_state_t,s0)
+
/var/run/dhclient.*\.pid -- gen_context(system_u:object_r:dhcpc_var_run_t,s0)
/var/run/dhclient.*\.leases -- gen_context(system_u:object_r:dhcpc_var_run_t,s0)
+
+ifdef(`distro_gentoo',`
+/var/lib/dhcpc(/.*)? gen_context(system_u:object_r:dhcpc_state_t,s0)
+')
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
index fb01981..e19103a 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -1,5 +1,5 @@
-policy_module(sysnetwork,1.1.9)
+policy_module(sysnetwork,1.1.10)
########################################
#
More information about the scm-commits
mailing list