[selinux-policy/f20] * Wed Nov 20 2013 Miroslav Grepl <mgrepl at redhat.com> 3.12.1-103 - More sosreport fixes to make ABRT
Miroslav Grepl
mgrepl at fedoraproject.org
Wed Nov 20 14:22:23 UTC 2013
commit 9c7b625ff982c74816e6babb5d4a284359caa82d
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Wed Nov 20 15:22:37 2013 +0100
* Wed Nov 20 2013 Miroslav Grepl <mgrepl at redhat.com> 3.12.1-103
- More sosreport fixes to make ABRT working
policy-f20-base.patch | 6 ++++--
policy-f20-contrib.patch | 43 ++++++++++++++++++++++++++++++++-----------
selinux-policy.spec | 5 ++++-
3 files changed, 40 insertions(+), 14 deletions(-)
---
diff --git a/policy-f20-base.patch b/policy-f20-base.patch
index 68ba07b..0722c5a 100644
--- a/policy-f20-base.patch
+++ b/policy-f20-base.patch
@@ -767,7 +767,7 @@ index 3a45f23..f4754f0 100644
# fork
# setexec
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
-index 28802c5..1afd77b 100644
+index 28802c5..33cd946 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -329,6 +329,7 @@ class process
@@ -825,7 +825,7 @@ index 28802c5..1afd77b 100644
class x_pointer
inherits x_device
-@@ -862,3 +877,18 @@ inherits database
+@@ -862,3 +877,20 @@ inherits database
implement
execute
}
@@ -836,6 +836,8 @@ index 28802c5..1afd77b 100644
+ stop
+ status
+ reload
++ kill
++ load
+ enable
+ disable
+}
diff --git a/policy-f20-contrib.patch b/policy-f20-contrib.patch
index dd591e7..f874adf 100644
--- a/policy-f20-contrib.patch
+++ b/policy-f20-contrib.patch
@@ -84518,7 +84518,7 @@ index 634c6b4..e1edfd9 100644
########################################
diff --git a/sosreport.te b/sosreport.te
-index 703efa3..9610be1 100644
+index 703efa3..499d7e9 100644
--- a/sosreport.te
+++ b/sosreport.te
@@ -19,6 +19,9 @@ files_tmp_file(sosreport_tmp_t)
@@ -84531,12 +84531,15 @@ index 703efa3..9610be1 100644
optional_policy(`
pulseaudio_tmpfs_content(sosreport_tmpfs_t)
')
-@@ -29,10 +32,13 @@ optional_policy(`
+@@ -28,11 +31,14 @@ optional_policy(`
+ # Local policy
#
- allow sosreport_t self:capability { kill net_admin net_raw setuid sys_admin sys_nice dac_override };
-+dontaudit sosreport_t self:capability { sys_ptrace };
- allow sosreport_t self:process { setsched signull };
+-allow sosreport_t self:capability { kill net_admin net_raw setuid sys_admin sys_nice dac_override };
+-allow sosreport_t self:process { setsched signull };
++allow sosreport_t self:capability { kill net_admin net_raw setuid sys_admin sys_nice dac_override chown };
++dontaudit sosreport_t self:capability sys_ptrace;
++allow sosreport_t self:process { setpgid setsched signull };
allow sosreport_t self:fifo_file rw_fifo_file_perms;
allow sosreport_t self:tcp_socket { accept listen };
allow sosreport_t self:unix_stream_socket { accept listen };
@@ -84558,7 +84561,25 @@ index 703efa3..9610be1 100644
manage_files_pattern(sosreport_t, sosreport_tmpfs_t, sosreport_tmpfs_t)
fs_tmpfs_filetrans(sosreport_t, sosreport_tmpfs_t, file)
-@@ -58,6 +70,9 @@ dev_read_rand(sosreport_t)
+@@ -49,6 +61,17 @@ kernel_read_software_raid_state(sosreport_t)
+ kernel_search_debugfs(sosreport_t)
+ kernel_read_messages(sosreport_t)
+
++corenet_all_recvfrom_netlabel(sosreport_t)
++corenet_tcp_sendrecv_generic_if(sosreport_t)
++corenet_tcp_sendrecv_generic_node(sosreport_t)
++corenet_tcp_sendrecv_generic_port(sosreport_t)
++corenet_tcp_bind_generic_node(sosreport_t)
++corenet_tcp_bind_all_rpc_ports(sosreport_t)
++corenet_udp_bind_all_rpc_ports(sosreport_t)
++corenet_tcp_connect_http_port(sosreport_t)
++corenet_tcp_connect_all_ports(sosreport_t)
++corenet_sendrecv_http_client_packets(sosreport_t)
++
+ corecmd_exec_all_executables(sosreport_t)
+
+ dev_getattr_all_chr_files(sosreport_t)
+@@ -58,6 +81,9 @@ dev_read_rand(sosreport_t)
dev_read_urand(sosreport_t)
dev_read_raw_memory(sosreport_t)
dev_read_sysfs(sosreport_t)
@@ -84568,7 +84589,7 @@ index 703efa3..9610be1 100644
domain_getattr_all_domains(sosreport_t)
domain_read_all_domains_state(sosreport_t)
-@@ -65,12 +80,13 @@ domain_getattr_all_sockets(sosreport_t)
+@@ -65,12 +91,13 @@ domain_getattr_all_sockets(sosreport_t)
domain_getattr_all_pipes(sosreport_t)
files_getattr_all_sockets(sosreport_t)
@@ -84583,7 +84604,7 @@ index 703efa3..9610be1 100644
files_read_var_lib_files(sosreport_t)
files_read_var_symlinks(sosreport_t)
files_read_kernel_modules(sosreport_t)
-@@ -79,27 +95,42 @@ files_manage_etc_runtime_files(sosreport_t)
+@@ -79,27 +106,41 @@ files_manage_etc_runtime_files(sosreport_t)
files_etc_filetrans_etc_runtime(sosreport_t, file)
fs_getattr_all_fs(sosreport_t)
@@ -84613,9 +84634,9 @@ index 703efa3..9610be1 100644
logging_send_syslog_msg(sosreport_t)
-miscfiles_read_localization(sosreport_t)
-+sysnet_read_config(sosreport_t)
-
+-
-modutils_read_module_deps(sosreport_t)
++sysnet_read_config(sosreport_t)
optional_policy(`
abrt_manage_pid_files(sosreport_t)
@@ -84628,7 +84649,7 @@ index 703efa3..9610be1 100644
')
optional_policy(`
-@@ -111,6 +142,11 @@ optional_policy(`
+@@ -111,6 +152,11 @@ optional_policy(`
')
optional_policy(`
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 33e2b5f..a3b7087 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.12.1
-Release: 102%{?dist}
+Release: 103%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -573,6 +573,9 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Wed Nov 20 2013 Miroslav Grepl <mgrepl at redhat.com> 3.12.1-103
+- More sosreport fixes to make ABRT working
+
* Fri Nov 15 2013 Miroslav Grepl <mgrepl at redhat.com> 3.12.1-102
- Fix files_dontaudit_unmount_all_mountpoints()
- Add support for 2608-2609 tcp/udp ports
More information about the scm-commits
mailing list