[selinux-policy: 2310/3172] Corecommands patch from Dan Walsh.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 22:25:06 UTC 2010 

commit 290aa8a020b84641043c55f35eb0ee9e73e21287
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Mon Nov 23 13:47:36 2009 -0500

    Corecommands patch from Dan Walsh.

 policy/modules/kernel/corecommands.fc |   12 ++++++++++--
 policy/modules/kernel/corecommands.if |    2 +-
 policy/modules/kernel/corecommands.te |    2 +-
 3 files changed, 12 insertions(+), 4 deletions(-)
---
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index 6b30d66..f1b1de2 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -54,6 +54,8 @@ ifdef(`distro_redhat',`
 /etc/cron.weekly/.*		--	gen_context(system_u:object_r:bin_t,s0)
 /etc/cron.monthly/.*		--	gen_context(system_u:object_r:bin_t,s0)
 
+/etc/dhcp/dhclient\.d(/.*)?		gen_context(system_u:object_r:bin_t,s0)
+
 /etc/hotplug/.*agent		--	gen_context(system_u:object_r:bin_t,s0)
 /etc/hotplug/.*rc		-- 	gen_context(system_u:object_r:bin_t,s0)
 /etc/hotplug/hotplug\.functions --	gen_context(system_u:object_r:bin_t,s0)
@@ -123,8 +125,9 @@ ifdef(`distro_gentoo',`
 #
 /sbin				-d	gen_context(system_u:object_r:bin_t,s0)
 /sbin/.*				gen_context(system_u:object_r:bin_t,s0)
-/sbin/mkfs\.cramfs		--	gen_context(system_u:object_r:bin_t,s0)
 /sbin/insmod_ksymoops_clean	--	gen_context(system_u:object_r:bin_t,s0)
+/sbin/mkfs\.cramfs		--	gen_context(system_u:object_r:bin_t,s0)
+/sbin/nologin			--	gen_context(system_u:object_r:shell_exec_t,s0)
 
 #
 # /opt
@@ -135,7 +138,6 @@ ifdef(`distro_gentoo',`
 
 /opt/(.*/)?sbin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
 
-/opt/real/RealPlayer/realplay(\.bin)?	gen_context(system_u:object_r:bin_t,s0)
 ifdef(`distro_gentoo',`
 /opt/RealPlayer/realplay(\.bin)?	gen_context(system_u:object_r:bin_t,s0)
 /opt/RealPlayer/postint(/.*)?		gen_context(system_u:object_r:bin_t,s0)
@@ -211,6 +213,8 @@ ifdef(`distro_gentoo',`
 /usr/share/apr-0/build/[^/]+\.sh --	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/apr-0/build/libtool --	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/debconf/.+		--	gen_context(system_u:object_r:bin_t,s0)
+/usr/share/cluster/.*\.sh		gen_context(system_u:object_r:bin_t,s0)
+/usr/share/cluster/svclib_nfslock --	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/gnucash/finance-quote-check -- gen_context(system_u:object_r:bin_t,s0)
 /usr/share/gnucash/finance-quote-helper -- gen_context(system_u:object_r:bin_t,s0)
 /usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
@@ -220,7 +224,10 @@ ifdef(`distro_gentoo',`
 /usr/share/printconf/util/print\.py --	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/PackageKit/pk-upgrade-distro\.sh -- 	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/PackageKit/helpers(/.*)?	gen_context(system_u:object_r:bin_t,s0)
+/usr/share/sandbox/sandboxX.sh	--	gen_context(system_u:object_r:bin_t,s0)
+/usr/share/sectool/.*\.py	--	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/selinux/devel/policygentool -- gen_context(system_u:object_r:bin_t,s0)
+/usr/share/smolt/client(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 /usr/share/shorewall/configpath	--	gen_context(system_u:object_r:bin_t,s0)
 /usr/share/shorewall-perl(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 /usr/share/shorewall-shell(/.*)?	gen_context(system_u:object_r:bin_t,s0)
@@ -263,6 +270,7 @@ ifdef(`distro_redhat', `
 /usr/share/ssl/misc(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 /usr/share/switchdesk/switchdesk-gui\.py -- gen_context(system_u:object_r:bin_t,s0)
 /usr/share/system-config-date/system-config-date\.py -- gen_context(system_u:object_r:bin_t,s0)
+/usr/share/system-config-selinux/polgen\.py -- gen_context(system_u:object_r:bin_t,s0)
 /usr/share/system-config-selinux/system-config-selinux\.py -- gen_context(system_u:object_r:bin_t,s0)
 /usr/share/system-config-display/system-config-display -- gen_context(system_u:object_r:bin_t,s0)
 /usr/share/system-config-httpd/system-config-httpd -- gen_context(system_u:object_r:bin_t,s0)
diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if
index 52bb593..a6e68d7 100644
--- a/policy/modules/kernel/corecommands.if
+++ b/policy/modules/kernel/corecommands.if
@@ -447,7 +447,7 @@ interface(`corecmd_bin_domtrans',`
 		type bin_t;
 	')
 
-	corecmd_bin_spec_domtrans($1,$2)
+	corecmd_bin_spec_domtrans($1, $2)
 	type_transition $1 bin_t:process $2;
 ')
 
diff --git a/policy/modules/kernel/corecommands.te b/policy/modules/kernel/corecommands.te
index 9c152aa..d5cf845 100644
--- a/policy/modules/kernel/corecommands.te
+++ b/policy/modules/kernel/corecommands.te
@@ -1,5 +1,5 @@
 
-policy_module(corecommands, 1.12.0)
+policy_module(corecommands, 1.12.1)
 
 ########################################
 #

More information about the scm-commits mailing list