[selinux-policy: 2128/3172] trunk: Misc fixes for unix_update from Brandon Whalen.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:08:49 UTC 2010
commit df28a0c44482c5654973504a3ce48f9912be4827
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Thu Jun 18 13:36:40 2009 +0000
trunk: Misc fixes for unix_update from Brandon Whalen.
Changelog | 1 +
policy/modules/system/authlogin.te | 6 +++++-
2 files changed, 6 insertions(+), 1 deletions(-)
---
diff --git a/Changelog b/Changelog
index 4413bd1..440eb51 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Misc fixes for unix_update from Brandon Whalen.
- Add x_device permissions for XI2 functions, from Eamon Walsh.
- MLS constraints for the x_selection class, from Eamon Walsh.
- Postgresql updates from KaiGai Kohei.
diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
index 2f71040..7542302 100644
--- a/policy/modules/system/authlogin.te
+++ b/policy/modules/system/authlogin.te
@@ -1,5 +1,5 @@
-policy_module(authlogin, 2.0.1)
+policy_module(authlogin, 2.0.2)
########################################
#
@@ -60,6 +60,7 @@ type updpwd_t;
type updpwd_exec_t;
domain_type(updpwd_t)
domain_entry_file(updpwd_t,updpwd_exec_t)
+domain_obj_id_change_exemption(updpwd_t)
role system_r types updpwd_t;
type utempter_t;
@@ -309,6 +310,7 @@ optional_policy(`
# updpwd local policy
#
+allow updpwd_t self:capability { chown dac_override };
allow updpwd_t self:process setfscreate;
allow updpwd_t self:fifo_file rw_fifo_file_perms;
allow updpwd_t self:unix_stream_socket create_stream_socket_perms;
@@ -316,6 +318,8 @@ allow updpwd_t self:unix_dgram_socket create_socket_perms;
kernel_read_system_state(updpwd_t)
+dev_read_urand(updpwd_t)
+
files_manage_etc_files(updpwd_t)
term_dontaudit_use_console(updpwd_t)
More information about the scm-commits
mailing list