[selinux-policy: 2331/3172] Seunshare patch from Dan Walsh.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:26:59 UTC 2010
commit 46b03739acbb8595a579780956fccf8614a6cccc
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Dec 1 10:31:28 2009 -0500
Seunshare patch from Dan Walsh.
policy/modules/apps/seunshare.if | 8 ++++++++
policy/modules/apps/seunshare.te | 14 ++++++++++++--
2 files changed, 20 insertions(+), 2 deletions(-)
---
diff --git a/policy/modules/apps/seunshare.if b/policy/modules/apps/seunshare.if
index dbdf448..7f47897 100644
--- a/policy/modules/apps/seunshare.if
+++ b/policy/modules/apps/seunshare.if
@@ -41,6 +41,14 @@ interface(`seunshare_run',`
seunshare_domtrans($1)
role $2 types seunshare_t;
+
+ allow $1 seunshare_t:process signal_perms;
+
+ ifdef(`hide_broken_symptoms', `
+ dontaudit seunshare_t $1:tcp_socket rw_socket_perms;
+ dontaudit seunshare_t $1:udp_socket rw_socket_perms;
+ dontaudit seunshare_t $1:unix_stream_socket rw_socket_perms;
+ ')
')
########################################
diff --git a/policy/modules/apps/seunshare.te b/policy/modules/apps/seunshare.te
index dcec4bf..5e810f2 100644
--- a/policy/modules/apps/seunshare.te
+++ b/policy/modules/apps/seunshare.te
@@ -1,5 +1,5 @@
-policy_module(seunshare, 1.0.0)
+policy_module(seunshare, 1.0.1)
########################################
#
@@ -16,7 +16,7 @@ role system_r types seunshare_t;
# seunshare local policy
#
-allow seunshare_t self:capability setpcap;
+allow seunshare_t self:capability { setuid dac_override setpcap sys_admin };
allow seunshare_t self:process { setexec signal getcap setcap };
allow seunshare_t self:fifo_file rw_file_perms;
@@ -30,6 +30,16 @@ files_mounton_all_poly_members(seunshare_t)
auth_use_nsswitch(seunshare_t)
+logging_send_syslog_msg(seunshare_t)
+
miscfiles_read_localization(seunshare_t)
userdom_use_user_terminals(seunshare_t)
+
+ifdef(`hide_broken_symptoms', `
+ fs_dontaudit_rw_anon_inodefs_files(seunshare_t)
+
+ optional_policy(`
+ mozilla_dontaudit_manage_user_home_files(seunshare_t)
+ ')
+')
More information about the scm-commits
mailing list