[selinux-policy] Turn on mock_t and thumb_t for unconfined domains
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Oct 21 20:44:34 UTC 2011
commit 1a2b4d14f1d40d060bd6644123d94012c564b420
Author: Dan Walsh <dwalsh at redhat.com>
Date: Fri Oct 21 16:44:31 2011 -0400
Turn on mock_t and thumb_t for unconfined domains
default_trans.patch | 14 ++++++++++++++
execmem.patch | 14 ++++++++++++++
selinux-policy.spec | 1 -
3 files changed, 28 insertions(+), 1 deletions(-)
---
diff --git a/default_trans.patch b/default_trans.patch
index 617a301..6873d53 100644
--- a/default_trans.patch
+++ b/default_trans.patch
@@ -9,3 +9,17 @@ index ed7a0c1..90d0b1e 100644
#
# Define sensitivities
#
+diff --git a/policy/modules/admin/bootloader.fc b/policy/modules/admin/bootloader.fc
+index e117271..58b782e 100644
+--- a/policy/modules/admin/bootloader.fc
++++ b/policy/modules/admin/bootloader.fc
+@@ -3,9 +3,7 @@
+ /etc/yaboot\.conf.* -- gen_context(system_u:object_r:bootloader_etc_t,s0)
+
+ /sbin/grub.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
+-/sbin/installkernel -- gen_context(system_u:object_r:bootloader_exec_t,s0)
+ /sbin/lilo.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
+-/sbin/new-kernel-pkg -- gen_context(system_u:object_r:bootloader_exec_t,s0)
+ /sbin/ybin.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
+
+ /usr/sbin/grub -- gen_context(system_u:object_r:bootloader_exec_t,s0)
diff --git a/execmem.patch b/execmem.patch
index 21dda3f..5a37a6c 100644
--- a/execmem.patch
+++ b/execmem.patch
@@ -367,3 +367,17 @@ diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.execmem serefpol
mount_run_fusermount($1_t, $1_r)
mount_read_pid_files($1_t)
')
+diff --git a/policy/modules/admin/bootloader.fc b/policy/modules/admin/bootloader.fc
+index e117271..58b782e 100644
+--- a/policy/modules/admin/bootloader.fc
++++ b/policy/modules/admin/bootloader.fc
+@@ -3,9 +3,7 @@
+ /etc/yaboot\.conf.* -- gen_context(system_u:object_r:bootloader_etc_t,s0)
+
+ /sbin/grub.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
+-/sbin/installkernel -- gen_context(system_u:object_r:bootloader_exec_t,s0)
+ /sbin/lilo.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
+-/sbin/new-kernel-pkg -- gen_context(system_u:object_r:bootloader_exec_t,s0)
+ /sbin/ybin.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
+
+ /usr/sbin/grub -- gen_context(system_u:object_r:bootloader_exec_t,s0)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index db56f78..17f6656 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -29,7 +29,6 @@ patch4: execmem.patch
patch5: userdomain.patch
patch6: apache.patch
patch7: ptrace.patch
-patch8: default_trans.patch
Source1: modules-targeted.conf
Source2: booleans-targeted.conf
Source3: Makefile.devel
More information about the scm-commits
mailing list