[selinux-policy/f20] - Add back setpgid/setsched for sosreport_t

Miroslav Grepl mgrepl at fedoraproject.org
Mon Dec 2 16:39:23 UTC 2013 

commit ed626fb644b87917d8be6c7a1a31b9a9f6afb9ae
Author: Miroslav Grepl <mgrepl at redhat.com>
Date:   Mon Dec 2 17:39:04 2013 +0100

    - Add back setpgid/setsched for sosreport_t

 policy-f20-contrib.patch |   34 +++++++++-------------------------
 selinux-policy.spec      |    7 +++++--
 2 files changed, 14 insertions(+), 27 deletions(-)
---
diff --git a/policy-f20-contrib.patch b/policy-f20-contrib.patch
index 8283f84..ab6be86 100644
--- a/policy-f20-contrib.patch
+++ b/policy-f20-contrib.patch
@@ -12114,10 +12114,10 @@ index 0000000..8ac848b
 +')
 diff --git a/cloudform.te b/cloudform.te
 new file mode 100644
-index 0000000..4e41e84
+index 0000000..786d623
 --- /dev/null
 +++ b/cloudform.te
-@@ -0,0 +1,298 @@
+@@ -0,0 +1,299 @@
 +policy_module(cloudform, 1.0)
 +########################################
 +#
@@ -12281,6 +12281,7 @@ index 0000000..4e41e84
 +
 +optional_policy(`
 +    rpm_domtrans(cloud_init_t)
++    rpm_transition_script(cloud_init_t)
 +    unconfined_domain(cloud_init_t)
 +')
 +
@@ -39607,10 +39608,10 @@ index 0000000..9e2bf1b
 +')
 diff --git a/mip6d.te b/mip6d.te
 new file mode 100644
-index 0000000..86d2351
+index 0000000..1d34063
 --- /dev/null
 +++ b/mip6d.te
-@@ -0,0 +1,32 @@
+@@ -0,0 +1,33 @@
 +policy_module(mip6d, 1.0.0)
 +
 +########################################
@@ -39629,7 +39630,7 @@ index 0000000..86d2351
 +#
 +# mip6d local policy
 +#
-+#allow mip6d_t self:capability { net_admin net_raw };
++allow mip6d_t self:capability { net_admin net_raw };
 +allow mip6d_t self:process { fork signal };
 +allow mip6d_t self:netlink_route_socket create_netlink_socket_perms;
 +allow mip6d_t self:netlink_xfrm_socket create_netlink_socket_perms;
@@ -39640,6 +39641,7 @@ index 0000000..86d2351
 +
 +kernel_rw_net_sysctls(mip6d_t)
 +kernel_read_network_state(mip6d_t)
++kernel_request_load_module(mip6d_t)
 +
 +logging_send_syslog_msg(mip6d_t)
 +
@@ -85651,7 +85653,7 @@ index 634c6b4..e1edfd9 100644
  
  ########################################
 diff --git a/sosreport.te b/sosreport.te
-index 703efa3..a1b4abd 100644
+index 703efa3..0cce7d0 100644
 --- a/sosreport.te
 +++ b/sosreport.te
 @@ -19,6 +19,9 @@ files_tmp_file(sosreport_tmp_t)
@@ -85672,7 +85674,7 @@ index 703efa3..a1b4abd 100644
 -allow sosreport_t self:process { setsched signull };
 +allow sosreport_t self:capability { kill net_admin net_raw setuid sys_admin sys_nice dac_override chown };
 +dontaudit sosreport_t self:capability sys_ptrace;
-+allow sosreport_t self:process signal_perms;
++allow sosreport_t self:process { setpgid setsched signal_perms };
  allow sosreport_t self:fifo_file rw_fifo_file_perms;
  allow sosreport_t self:tcp_socket { accept listen };
  allow sosreport_t self:unix_stream_socket { accept listen };
@@ -102114,21 +102116,3 @@ index 9ba9f81..983b6c8 100644
 -miscfiles_read_localization(zos_remote_t)
 -
  logging_send_syslog_msg(zos_remote_t)
-commit a3007fcf054427b3e4f2c06c77ad783551aae67f
-Author: Dan Walsh <dwalsh at redhat.com>
-Date:   Mon Dec 2 09:11:05 2013 -0500
-
-    Allow cloud_init to transition to rpm_script_t
-
-diff --git a/cloudform.te b/cloudform.te
-index 4e41e84..786d623 100644
---- a/cloudform.te
-+++ b/cloudform.te
-@@ -161,6 +161,7 @@ optional_policy(`
- 
- optional_policy(`
-     rpm_domtrans(cloud_init_t)
-+    rpm_transition_script(cloud_init_t)
-     unconfined_domain(cloud_init_t)
- ')
- 
diff --git a/selinux-policy.spec b/selinux-policy.spec
index c4ddf6e..4e5069b 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.12.1
-Release: 106%{?dist}
+Release: 107%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -573,7 +573,10 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
-* Mon Dec 1 2013 Dan Walsh <dwalsh at redhat.com> 3.12.1-106
+* Mon Dec 2 2013 Miroslav Grepl <mgrepl at redhat.com> 3.12.1-107
+- Add back setpgid/setsched for sosreport_t
+
+* Mon Dec 2 2013 Dan Walsh <dwalsh at redhat.com> 3.12.1-106
 - Added fix for clout_init to transition to rpm_script_t (dwalsh at redhat.com)
 
 * Tue Nov 26 2013 Miroslav Grepl <mgrepl at redhat.com> 3.12.1-105

More information about the scm-commits mailing list