[selinux-policy/f14/master] - Merge upstream fix of mmap_zero - Allow mount to write files in debugfs_t - Allow corosync to comm
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Sep 2 20:08:01 UTC 2010
commit ea9a1a1ddbf7a77e65ec621a4045cf1568dd9e3f
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Sep 2 16:08:02 2010 -0400
- Merge upstream fix of mmap_zero
- Allow mount to write files in debugfs_t
- Allow corosync to communicate with clvmd via tmpfs
- Allow certmaster to read usr_t files
- Allow dbus system services to search cgroup_t
- Define rlogind_t as a login pgm
policy-F14.patch | 28 ++--------------------------
1 files changed, 2 insertions(+), 26 deletions(-)
---
diff --git a/policy-F14.patch b/policy-F14.patch
index c5cf0dc..d722157 100644
--- a/policy-F14.patch
+++ b/policy-F14.patch
@@ -6767,34 +6767,10 @@ index 0440b4c..e10101a 100644
+ allow $1 wine_t:shm rw_shm_perms;
+')
diff --git a/policy/modules/apps/wine.te b/policy/modules/apps/wine.te
-index f9a123a..40cbebb 100644
+index f9a123a..277543a 100644
--- a/policy/modules/apps/wine.te
+++ b/policy/modules/apps/wine.te
-@@ -1,5 +1,13 @@
- policy_module(wine, 1.7.2)
-
-+## <desc>
-+## <p>
-+## Ignore wine mmap_zero errors
-+## </p>
-+## </desc>
-+#
-+gen_tunable(wine_mmap_zero_ignore, false)
-+
- ########################################
- #
- # Declarations
-@@ -37,6 +45,9 @@ manage_files_pattern(wine_t, wine_tmp_t, wine_tmp_t)
- files_tmp_filetrans(wine_t, wine_tmp_t, { file dir })
-
- domain_mmap_low(wine_t)
-+tunable_policy(`wine_mmap_zero_ignore',`
-+ dontaudit wine_t self:memprotect mmap_zero;
-+')
-
- files_execmod_all_files(wine_t)
-
-@@ -51,7 +62,11 @@ optional_policy(`
+@@ -51,7 +51,11 @@ optional_policy(`
')
optional_policy(`
More information about the scm-commits
mailing list