[selinux-policy/f13/master] - Add vbetool_mmap_zero_ignore boolean
Miroslav Grepl
mgrepl at fedoraproject.org
Fri Sep 24 13:22:45 UTC 2010
commit dbf2d4dab870fa0b816a870c41966d9702462d7f
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Fri Sep 24 15:22:38 2010 +0200
- Add vbetool_mmap_zero_ignore boolean
policy-F13.patch | 27 +++++++++++++++++++++++++--
selinux-policy.spec | 5 ++++-
2 files changed, 29 insertions(+), 3 deletions(-)
---
diff --git a/policy-F13.patch b/policy-F13.patch
index a95636a..a542e38 100644
--- a/policy-F13.patch
+++ b/policy-F13.patch
@@ -2860,8 +2860,22 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-3.7.19/policy/modules/admin/vbetool.te
--- nsaserefpolicy/policy/modules/admin/vbetool.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/vbetool.te 2010-05-28 09:41:59.967610815 +0200
-@@ -25,7 +25,13 @@
++++ serefpolicy-3.7.19/policy/modules/admin/vbetool.te 2010-09-24 15:13:09.516386658 +0200
+@@ -6,6 +6,13 @@
+ # Declarations
+ #
+
++## <desc>
++## <p>
++## Ignore vbetool mmap_zero errors.
++## </p>
++## </desc>
++gen_tunable(vbetool_mmap_zero_ignore, false)
++
+ type vbetool_t;
+ type vbetool_exec_t;
+ init_system_domain(vbetool_t, vbetool_exec_t)
+@@ -25,12 +32,22 @@
dev_rw_xserver_misc(vbetool_t)
dev_rw_mtrr(vbetool_t)
@@ -2875,6 +2889,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool
term_use_unallocated_ttys(vbetool_t)
+ miscfiles_read_localization(vbetool_t)
+
++tunable_policy(`vbetool_mmap_zero_ignore',`
++ dontaudit vbetool_t self:memprotect mmap_zero;
++')
++
+ optional_policy(`
+ hal_rw_pid_files(vbetool_t)
+ hal_write_log(vbetool_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if serefpolicy-3.7.19/policy/modules/admin/vpn.if
--- nsaserefpolicy/policy/modules/admin/vpn.if 2010-04-13 20:44:37.000000000 +0200
+++ serefpolicy-3.7.19/policy/modules/admin/vpn.if 2010-05-28 09:41:59.968610889 +0200
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 96801d2..7dde793 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.7.19
-Release: 61%{?dist}
+Release: 62%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -469,6 +469,9 @@ exit 0
%endif
%changelog
+* Fri Sep 24 2010 Miroslav Grepl <mgrepl at redhat.com> 3.7.19-62
+- Add vbetool_mmap_zero_ignore boolean
+
* Fri Sep 24 2010 Miroslav Grepl <mgrepl at redhat.com> 3.7.19-61
- Move c2s to run in jabber_router_t domain
- Allow domains with different mcs levels to send each other signals as long as they are not identified as mcsconstrainproc
More information about the scm-commits
mailing list