[selinux-policy] Turn on mock_t and thumb_t for unconfined domains

Daniel J Walsh dwalsh at fedoraproject.org
Fri Oct 21 20:44:34 UTC 2011 

commit 1a2b4d14f1d40d060bd6644123d94012c564b420
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Fri Oct 21 16:44:31 2011 -0400

    Turn on mock_t and thumb_t for unconfined domains

 default_trans.patch |   14 ++++++++++++++
 execmem.patch       |   14 ++++++++++++++
 selinux-policy.spec |    1 -
 3 files changed, 28 insertions(+), 1 deletions(-)
---
diff --git a/default_trans.patch b/default_trans.patch
index 617a301..6873d53 100644
--- a/default_trans.patch
+++ b/default_trans.patch
@@ -9,3 +9,17 @@ index ed7a0c1..90d0b1e 100644
  #
  # Define sensitivities 
  #
+diff --git a/policy/modules/admin/bootloader.fc b/policy/modules/admin/bootloader.fc
+index e117271..58b782e 100644
+--- a/policy/modules/admin/bootloader.fc
++++ b/policy/modules/admin/bootloader.fc
+@@ -3,9 +3,7 @@
+ /etc/yaboot\.conf.*	--	gen_context(system_u:object_r:bootloader_etc_t,s0)
+ 
+ /sbin/grub.*	--	gen_context(system_u:object_r:bootloader_exec_t,s0)
+-/sbin/installkernel	--	gen_context(system_u:object_r:bootloader_exec_t,s0)
+ /sbin/lilo.*		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
+-/sbin/new-kernel-pkg	--	gen_context(system_u:object_r:bootloader_exec_t,s0)
+ /sbin/ybin.*		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
+ 
+ /usr/sbin/grub		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
diff --git a/execmem.patch b/execmem.patch
index 21dda3f..5a37a6c 100644
--- a/execmem.patch
+++ b/execmem.patch
@@ -367,3 +367,17 @@ diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.execmem serefpol
  		mount_run_fusermount($1_t, $1_r)
  		mount_read_pid_files($1_t)
  	')
+diff --git a/policy/modules/admin/bootloader.fc b/policy/modules/admin/bootloader.fc
+index e117271..58b782e 100644
+--- a/policy/modules/admin/bootloader.fc
++++ b/policy/modules/admin/bootloader.fc
+@@ -3,9 +3,7 @@
+ /etc/yaboot\.conf.*	--	gen_context(system_u:object_r:bootloader_etc_t,s0)
+ 
+ /sbin/grub.*	--	gen_context(system_u:object_r:bootloader_exec_t,s0)
+-/sbin/installkernel	--	gen_context(system_u:object_r:bootloader_exec_t,s0)
+ /sbin/lilo.*		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
+-/sbin/new-kernel-pkg	--	gen_context(system_u:object_r:bootloader_exec_t,s0)
+ /sbin/ybin.*		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
+ 
+ /usr/sbin/grub		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index db56f78..17f6656 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -29,7 +29,6 @@ patch4: execmem.patch
 patch5: userdomain.patch
 patch6: apache.patch
 patch7: ptrace.patch
-patch8: default_trans.patch
 Source1: modules-targeted.conf
 Source2: booleans-targeted.conf
 Source3: Makefile.devel

More information about the scm-commits mailing list