[selinux-policy: 3149/3172] Allow firewallgui to sys_rawio which seems to be required to setup masqerading Allow all domains to

[Daniel J Walsh]

commit fb52482a1f30f03973f6275b4ce22540d5d57a29
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Sat Sep 25 06:23:04 2010 -0400

    Allow firewallgui to sys_rawio which seems to be required to setup masqerading
    Allow all domains to search through default_t directories, in order to find differnet labels.  For example people serring up /foo/bar to be share via samba.
    Add label for /var/log/slim.log

 policy/modules/apps/firewallgui.te |    3 +--
 policy/modules/kernel/domain.te    |    3 +++
 policy/modules/services/xserver.fc |    1 +
 3 files changed, 5 insertions(+), 2 deletions(-)
---
diff --git a/policy/modules/apps/firewallgui.te b/policy/modules/apps/firewallgui.te
index 4da3d86..910a3f4 100644
--- a/policy/modules/apps/firewallgui.te
+++ b/policy/modules/apps/firewallgui.te
@@ -17,8 +17,7 @@ files_tmp_file(firewallgui_tmp_t)
 # firewallgui local policy
 #
 
-allow firewallgui_t self:capability net_admin;
-
+allow firewallgui_t self:capability { net_admin sys_rawio } ;
 allow firewallgui_t self:fifo_file rw_fifo_file_perms;
 
 manage_files_pattern(firewallgui_t,firewallgui_tmp_t,firewallgui_tmp_t)
diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te
index d58ef64..5843cad 100644
--- a/policy/modules/kernel/domain.te
+++ b/policy/modules/kernel/domain.te
@@ -121,6 +121,9 @@ term_use_controlling_term(domain)
 
 # list the root directory
 files_list_root(domain)
+# allow all domains to search through default_t directory, since users sometimes
+# place labels within these directories.  (samba_share_t) for example.
+files_search_default(domain)
 
 # All executables should be able to search the directory they are in
 corecmd_search_bin(domain)
diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc
index 39c2bb3..6a160b2 100644
--- a/policy/modules/services/xserver.fc
+++ b/policy/modules/services/xserver.fc
@@ -106,6 +106,7 @@ ifdef(`distro_debian', `
 /var/cache/gdm(/.*)?		gen_context(system_u:object_r:xdm_var_lib_t,s0)
 
 /var/log/gdm(/.*)?		gen_context(system_u:object_r:xdm_log_t,s0)
+/var/log/slim\.log.*	--	gen_context(system_u:object_r:xdm_log_t,s0)
 /var/log/lxdm\.log.*	--	gen_context(system_u:object_r:xdm_log_t,s0)
 /var/log/[kw]dm\.log.*	--	gen_context(system_u:object_r:xserver_log_t,s0)
 /var/log/XFree86.*	--	gen_context(system_u:object_r:xserver_log_t,s0)