[selinux-policy/f20] * Wed Nov 20 2013 Miroslav Grepl <mgrepl at redhat.com> 3.12.1-103 - More sosreport fixes to make ABRT

Miroslav Grepl mgrepl at fedoraproject.org
Wed Nov 20 14:22:23 UTC 2013 

commit 9c7b625ff982c74816e6babb5d4a284359caa82d
Author: Miroslav Grepl <mgrepl at redhat.com>
Date:   Wed Nov 20 15:22:37 2013 +0100

    * Wed Nov 20 2013 Miroslav Grepl <mgrepl at redhat.com> 3.12.1-103
    - More sosreport fixes to make ABRT working

 policy-f20-base.patch    |    6 ++++--
 policy-f20-contrib.patch |   43 ++++++++++++++++++++++++++++++++-----------
 selinux-policy.spec      |    5 ++++-
 3 files changed, 40 insertions(+), 14 deletions(-)
---
diff --git a/policy-f20-base.patch b/policy-f20-base.patch
index 68ba07b..0722c5a 100644
--- a/policy-f20-base.patch
+++ b/policy-f20-base.patch
@@ -767,7 +767,7 @@ index 3a45f23..f4754f0 100644
  # fork
  # setexec
 diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
-index 28802c5..1afd77b 100644
+index 28802c5..33cd946 100644
 --- a/policy/flask/access_vectors
 +++ b/policy/flask/access_vectors
 @@ -329,6 +329,7 @@ class process
@@ -825,7 +825,7 @@ index 28802c5..1afd77b 100644
  
  class x_pointer
  inherits x_device
-@@ -862,3 +877,18 @@ inherits database
+@@ -862,3 +877,20 @@ inherits database
  	implement
  	execute
  }
@@ -836,6 +836,8 @@ index 28802c5..1afd77b 100644
 +	stop
 +	status
 +	reload
++    kill
++    load
 +	enable
 +	disable
 +}
diff --git a/policy-f20-contrib.patch b/policy-f20-contrib.patch
index dd591e7..f874adf 100644
--- a/policy-f20-contrib.patch
+++ b/policy-f20-contrib.patch
@@ -84518,7 +84518,7 @@ index 634c6b4..e1edfd9 100644
  
  ########################################
 diff --git a/sosreport.te b/sosreport.te
-index 703efa3..9610be1 100644
+index 703efa3..499d7e9 100644
 --- a/sosreport.te
 +++ b/sosreport.te
 @@ -19,6 +19,9 @@ files_tmp_file(sosreport_tmp_t)
@@ -84531,12 +84531,15 @@ index 703efa3..9610be1 100644
  optional_policy(`
  	pulseaudio_tmpfs_content(sosreport_tmpfs_t)
  ')
-@@ -29,10 +32,13 @@ optional_policy(`
+@@ -28,11 +31,14 @@ optional_policy(`
+ # Local policy
  #
  
- allow sosreport_t self:capability { kill net_admin net_raw setuid sys_admin sys_nice dac_override };
-+dontaudit sosreport_t self:capability { sys_ptrace };
- allow sosreport_t self:process { setsched signull };
+-allow sosreport_t self:capability { kill net_admin net_raw setuid sys_admin sys_nice dac_override };
+-allow sosreport_t self:process { setsched signull };
++allow sosreport_t self:capability { kill net_admin net_raw setuid sys_admin sys_nice dac_override chown };
++dontaudit sosreport_t self:capability sys_ptrace;
++allow sosreport_t self:process { setpgid setsched signull };
  allow sosreport_t self:fifo_file rw_fifo_file_perms;
  allow sosreport_t self:tcp_socket { accept listen };
  allow sosreport_t self:unix_stream_socket { accept listen };
@@ -84558,7 +84561,25 @@ index 703efa3..9610be1 100644
  manage_files_pattern(sosreport_t, sosreport_tmpfs_t, sosreport_tmpfs_t)
  fs_tmpfs_filetrans(sosreport_t, sosreport_tmpfs_t, file)
  
-@@ -58,6 +70,9 @@ dev_read_rand(sosreport_t)
+@@ -49,6 +61,17 @@ kernel_read_software_raid_state(sosreport_t)
+ kernel_search_debugfs(sosreport_t)
+ kernel_read_messages(sosreport_t)
+ 
++corenet_all_recvfrom_netlabel(sosreport_t)
++corenet_tcp_sendrecv_generic_if(sosreport_t)
++corenet_tcp_sendrecv_generic_node(sosreport_t)
++corenet_tcp_sendrecv_generic_port(sosreport_t)
++corenet_tcp_bind_generic_node(sosreport_t)
++corenet_tcp_bind_all_rpc_ports(sosreport_t)
++corenet_udp_bind_all_rpc_ports(sosreport_t)
++corenet_tcp_connect_http_port(sosreport_t)
++corenet_tcp_connect_all_ports(sosreport_t)
++corenet_sendrecv_http_client_packets(sosreport_t)
++
+ corecmd_exec_all_executables(sosreport_t)
+ 
+ dev_getattr_all_chr_files(sosreport_t)
+@@ -58,6 +81,9 @@ dev_read_rand(sosreport_t)
  dev_read_urand(sosreport_t)
  dev_read_raw_memory(sosreport_t)
  dev_read_sysfs(sosreport_t)
@@ -84568,7 +84589,7 @@ index 703efa3..9610be1 100644
  
  domain_getattr_all_domains(sosreport_t)
  domain_read_all_domains_state(sosreport_t)
-@@ -65,12 +80,13 @@ domain_getattr_all_sockets(sosreport_t)
+@@ -65,12 +91,13 @@ domain_getattr_all_sockets(sosreport_t)
  domain_getattr_all_pipes(sosreport_t)
  
  files_getattr_all_sockets(sosreport_t)
@@ -84583,7 +84604,7 @@ index 703efa3..9610be1 100644
  files_read_var_lib_files(sosreport_t)
  files_read_var_symlinks(sosreport_t)
  files_read_kernel_modules(sosreport_t)
-@@ -79,27 +95,42 @@ files_manage_etc_runtime_files(sosreport_t)
+@@ -79,27 +106,41 @@ files_manage_etc_runtime_files(sosreport_t)
  files_etc_filetrans_etc_runtime(sosreport_t, file)
  
  fs_getattr_all_fs(sosreport_t)
@@ -84613,9 +84634,9 @@ index 703efa3..9610be1 100644
  logging_send_syslog_msg(sosreport_t)
  
 -miscfiles_read_localization(sosreport_t)
-+sysnet_read_config(sosreport_t)
- 
+-
 -modutils_read_module_deps(sosreport_t)
++sysnet_read_config(sosreport_t)
  
  optional_policy(`
  	abrt_manage_pid_files(sosreport_t)
@@ -84628,7 +84649,7 @@ index 703efa3..9610be1 100644
  ')
  
  optional_policy(`
-@@ -111,6 +142,11 @@ optional_policy(`
+@@ -111,6 +152,11 @@ optional_policy(`
  ')
  
  optional_policy(`
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 33e2b5f..a3b7087 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.12.1
-Release: 102%{?dist}
+Release: 103%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -573,6 +573,9 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Wed Nov 20 2013 Miroslav Grepl <mgrepl at redhat.com> 3.12.1-103
+- More sosreport fixes to make ABRT working
+
 * Fri Nov 15 2013 Miroslav Grepl <mgrepl at redhat.com> 3.12.1-102
 - Fix files_dontaudit_unmount_all_mountpoints()
 - Add support for 2608-2609 tcp/udp ports

More information about the scm-commits mailing list