[selinux-policy] Update user_tmp patches

Miroslav Grepl mgrepl at fedoraproject.org
Tue Apr 8 06:50:21 UTC 2014 

commit 2e9a8db5771a34c5a8af3a6c4dd69822998e2164
Author: Miroslav Grepl <mgrepl at redhat.com>
Date:   Tue Apr 8 08:49:42 2014 +0200

    Update user_tmp patches

 policy-rawhide-base-user_tmp.patch |   38 ++++++++++++++++++-----------------
 1 files changed, 20 insertions(+), 18 deletions(-)
---
diff --git a/policy-rawhide-base-user_tmp.patch b/policy-rawhide-base-user_tmp.patch
index a7f20f6..477a847 100644
--- a/policy-rawhide-base-user_tmp.patch
+++ b/policy-rawhide-base-user_tmp.patch
@@ -12,7 +12,7 @@ index 32514ee..91a6a37 100644
  userdom_dontaudit_search_user_home_dirs(bootloader_t)
  
 diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
-index ae94e80..4d3b6b0 100644
+index 337a00e..87c6145 100644
 --- a/policy/modules/kernel/files.if
 +++ b/policy/modules/kernel/files.if
 @@ -5199,6 +5199,7 @@ interface(`files_search_tmp',`
@@ -357,7 +357,7 @@ index bf98136..2469c27 100644
  
  ########################################
 diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
-index 2a244f6..2f471b4 100644
+index f0e5cc0..e3f28af 100644
 --- a/policy/modules/services/xserver.te
 +++ b/policy/modules/services/xserver.te
 @@ -231,12 +231,6 @@ files_type(xserver_var_lib_t)
@@ -408,7 +408,7 @@ index 2a244f6..2f471b4 100644
  
  #userdom_home_manager(xdm_t)
  tunable_policy(`xdm_write_home',`
-@@ -1347,9 +1335,8 @@ dontaudit xserver_t xdm_var_lib_t:dir search_dir_perms;
+@@ -1349,9 +1337,8 @@ dontaudit xserver_t xdm_var_lib_t:dir search_dir_perms;
  read_files_pattern(xserver_t, xdm_var_run_t, xdm_var_run_t)
  
  # Label pid and temporary files with derived types.
@@ -420,7 +420,7 @@ index 2a244f6..2f471b4 100644
  
  # Run xkbcomp.
  allow xserver_t xkb_var_lib_t:lnk_file read_lnk_file_perms;
-@@ -1589,7 +1576,6 @@ manage_files_pattern(x_userdomain, user_fonts_cache_t, user_fonts_cache_t)
+@@ -1591,7 +1578,6 @@ manage_files_pattern(x_userdomain, user_fonts_cache_t, user_fonts_cache_t)
  
  stream_connect_pattern(x_userdomain, xserver_tmp_t, xserver_tmp_t, xserver_t)
  allow x_userdomain xserver_tmp_t:sock_file delete_sock_file_perms;
@@ -428,7 +428,7 @@ index 2a244f6..2f471b4 100644
  files_search_tmp(x_userdomain)
  
  # Communicate via System V shared memory.
-@@ -1616,10 +1602,9 @@ allow x_userdomain xauth_home_t:file read_file_perms;
+@@ -1618,10 +1604,9 @@ allow x_userdomain xauth_home_t:file read_file_perms;
  # for when /tmp/.X11-unix is created by the system
  allow x_userdomain xdm_t:fd use;
  allow x_userdomain xdm_t:fifo_file rw_inherited_fifo_file_perms;
@@ -442,10 +442,10 @@ index 2a244f6..2f471b4 100644
  allow x_userdomain xdm_t:dbus send_msg;
  allow xdm_t  x_userdomain:dbus send_msg;
 diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
-index cdc1c76..b446ca4 100644
+index 1259fbd..5e66714 100644
 --- a/policy/modules/system/logging.te
 +++ b/policy/modules/system/logging.te
-@@ -552,7 +552,7 @@ logging_manage_all_logs(syslogd_t)
+@@ -553,7 +553,7 @@ logging_manage_all_logs(syslogd_t)
  
  userdom_dontaudit_use_unpriv_user_fds(syslogd_t)
  userdom_search_user_home_dirs(syslogd_t)
@@ -468,10 +468,10 @@ index 00b82b3..9933cad 100644
  domain_use_interactive_fds(mount_ecryptfs_t)
  
 diff --git a/policy/modules/system/userdomain.fc b/policy/modules/system/userdomain.fc
-index e4eb903..7ef6be3 100644
+index 4ca3a28..8f5380f 100644
 --- a/policy/modules/system/userdomain.fc
 +++ b/policy/modules/system/userdomain.fc
-@@ -21,4 +21,10 @@ HOME_DIR/\.texlive2012(/.*)?		gen_context(system_u:object_r:texlive_home_t,s0)
+@@ -21,6 +21,12 @@ HOME_DIR/\.texlive2012(/.*)?		gen_context(system_u:object_r:texlive_home_t,s0)
  HOME_DIR/\.texlive2013(/.*)?		gen_context(system_u:object_r:texlive_home_t,s0)
  HOME_DIR/\.texlive2014(/.*)?		gen_context(system_u:object_r:texlive_home_t,s0)
  
@@ -482,8 +482,10 @@ index e4eb903..7ef6be3 100644
 +
 +
  /var/run/user(/.*)?	gen_context(system_u:object_r:user_tmp_t,s0)
+ 
+ /tmp/hsperfdata_root        gen_context(system_u:object_r:user_tmp_t,s0)
 diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
-index b921b57..38df377 100644
+index 102478f..4f42aa5 100644
 --- a/policy/modules/system/userdomain.if
 +++ b/policy/modules/system/userdomain.if
 @@ -420,6 +420,7 @@ interface(`userdom_manage_tmp_role',`
@@ -713,7 +715,7 @@ index b921b57..38df377 100644
  
  ########################################
  ## <summary>
-@@ -3352,12 +3440,8 @@ interface(`userdom_tmp_filetrans_user_tmp',`
+@@ -3372,12 +3460,8 @@ interface(`userdom_tmp_filetrans_user_tmp',`
  ## </param>
  #
  interface(`userdom_getattr_user_tmpfs_files',`
@@ -728,7 +730,7 @@ index b921b57..38df377 100644
  ')
  
  ########################################
-@@ -3371,14 +3455,8 @@ interface(`userdom_getattr_user_tmpfs_files',`
+@@ -3391,14 +3475,8 @@ interface(`userdom_getattr_user_tmpfs_files',`
  ## </param>
  #
  interface(`userdom_read_user_tmpfs_files',`
@@ -745,7 +747,7 @@ index b921b57..38df377 100644
  ')
  
  ########################################
-@@ -3392,14 +3470,8 @@ interface(`userdom_read_user_tmpfs_files',`
+@@ -3412,14 +3490,8 @@ interface(`userdom_read_user_tmpfs_files',`
  ## </param>
  #
  interface(`userdom_rw_user_tmpfs_files',`
@@ -762,7 +764,7 @@ index b921b57..38df377 100644
  ')
  
  ########################################
-@@ -3413,11 +3485,8 @@ interface(`userdom_rw_user_tmpfs_files',`
+@@ -3433,11 +3505,8 @@ interface(`userdom_rw_user_tmpfs_files',`
  ## </param>
  #
  interface(`userdom_rw_inherited_user_tmpfs_files',`
@@ -776,7 +778,7 @@ index b921b57..38df377 100644
  ')
  
  ########################################
-@@ -3431,11 +3500,26 @@ interface(`userdom_rw_inherited_user_tmpfs_files',`
+@@ -3451,11 +3520,26 @@ interface(`userdom_rw_inherited_user_tmpfs_files',`
  ## </param>
  #
  interface(`userdom_execute_user_tmpfs_files',`
@@ -805,7 +807,7 @@ index b921b57..38df377 100644
  ')
  
  ########################################
-@@ -5188,16 +5272,8 @@ interface(`userdom_list_all_user_tmp_content',`
+@@ -5208,16 +5292,8 @@ interface(`userdom_list_all_user_tmp_content',`
  ## </param>
  #
  interface(`userdom_manage_all_user_tmpfs_content',`
@@ -824,7 +826,7 @@ index b921b57..38df377 100644
  ')
  
  ########################################
-@@ -5411,11 +5487,8 @@ interface(`userdom_dontaudit_setattr_user_tmp',`
+@@ -5431,11 +5507,8 @@ interface(`userdom_dontaudit_setattr_user_tmp',`
  ## </param>
  #
  interface(`userdom_dontaudit_setattr_user_tmpfs',`
@@ -838,7 +840,7 @@ index b921b57..38df377 100644
  ')
  
  ########################################
-@@ -5519,11 +5592,8 @@ interface(`userdom_delete_user_tmp_files',`
+@@ -5539,11 +5612,8 @@ interface(`userdom_delete_user_tmp_files',`
  ## </param>
  #
  interface(`userdom_delete_user_tmpfs_files',`

More information about the scm-commits mailing list