[selinux-policy/f18] - tuned wants to getattr on all filesystems - tuned needs also setsched. The build is needed for tes
Miroslav Grepl
mgrepl at fedoraproject.org
Wed Oct 10 12:21:52 UTC 2012
commit 000366f005610f288045c7377d46813c6dab7bce
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Wed Oct 10 14:21:35 2012 +0200
- tuned wants to getattr on all filesystems
- tuned needs also setsched. The build is needed for test day
policy_contrib-rawhide.patch | 11 ++++++-----
selinux-policy.spec | 6 +++++-
2 files changed, 11 insertions(+), 6 deletions(-)
---
diff --git a/policy_contrib-rawhide.patch b/policy_contrib-rawhide.patch
index 0efbdda..0bc8f5f 100644
--- a/policy_contrib-rawhide.patch
+++ b/policy_contrib-rawhide.patch
@@ -64607,7 +64607,7 @@ index 54b8605..a04f013 100644
admin_pattern($1, tuned_var_run_t)
')
diff --git a/tuned.te b/tuned.te
-index db9d2a5..3a15a1c 100644
+index db9d2a5..805473b 100644
--- a/tuned.te
+++ b/tuned.te
@@ -12,6 +12,12 @@ init_daemon_domain(tuned_t, tuned_exec_t)
@@ -64623,14 +64623,14 @@ index db9d2a5..3a15a1c 100644
type tuned_log_t;
logging_log_file(tuned_log_t)
-@@ -22,34 +28,51 @@ files_pid_file(tuned_var_run_t)
+@@ -22,34 +28,52 @@ files_pid_file(tuned_var_run_t)
#
# tuned local policy
#
-
+allow tuned_t self:capability { sys_admin sys_nice };
dontaudit tuned_t self:capability { dac_override sys_tty_config };
-+allow tuned_t self:process signal;
++allow tuned_t self:process { setsched signal };
+allow tuned_t self:fifo_file rw_fifo_file_perms;
+allow tuned_t self:udp_socket create_socket_perms;
+
@@ -64672,9 +64672,10 @@ index db9d2a5..3a15a1c 100644
-files_read_etc_files(tuned_t)
files_read_usr_files(tuned_t)
files_dontaudit_search_home(tuned_t)
++files_list_tmp(tuned_t)
-logging_send_syslog_msg(tuned_t)
-+fs_getattr_xattr_fs(tuned_t)
++fs_getattr_all_fs(tuned_t)
-miscfiles_read_localization(tuned_t)
+auth_use_nsswitch(tuned_t)
@@ -64683,7 +64684,7 @@ index db9d2a5..3a15a1c 100644
userdom_dontaudit_search_user_home_dirs(tuned_t)
-@@ -58,6 +81,14 @@ optional_policy(`
+@@ -58,6 +82,14 @@ optional_policy(`
fstools_domtrans(tuned_t)
')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index a90b733..0f94bcb 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.11.1
-Release: 34%{?dist}
+Release: 35%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -521,6 +521,10 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Wed Oct 10 2012 Miroslav Grepl <mgrepl at redhat.com> 3.11.1-35
+- tuned wants to getattr on all filesystems
+- tuned needs also setsched. The build is needed for test day
+
* Wed Oct 10 2012 Miroslav Grepl <mgrepl at redhat.com> 3.11.1-34
- Add policy for qemu-qa
- Allow razor to write own config files
More information about the scm-commits
mailing list