rpms / selinux-policy

Clone
Source Code
GIT

Blame thumb.patch

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   4dd322f25862d3c1872bf2798ab3e5a53b460863
  2.   thumb.patch
Blob History Raw
Dan Walsh ad10ef 
diff -up serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.thumb serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te
Dan Walsh ad10ef 
--- serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.thumb	2011-12-13 16:04:19.597732170 -0500
Dan Walsh ad10ef 
+++ serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te	2011-12-13 16:04:42.718741218 -0500
Dan Walsh ad10ef 
@@ -160,6 +160,11 @@ optional_policy(`
Dan Walsh ad10ef 
 		rtkit_scheduled(unconfined_t)
Dan Walsh e15ae4 
 	')
Dan Walsh e15ae4
Dan Walsh f1bc73 
+	# Might remove later if this proves to be problematic, but would like to gather AVCs
Dan Walsh e15ae4 
+	optional_policy(`
Dan Walsh ad10ef 
+		thumb_role(unconfined_r, unconfined_t)
Dan Walsh e15ae4 
+	')
Dan Walsh e15ae4 
+
Dan Walsh e15ae4 
 	optional_policy(`
Dan Walsh ad10ef 
 		setroubleshoot_dbus_chat(unconfined_t)
Dan Walsh e15ae4 
 		setroubleshoot_dbus_chat_fixit(unconfined_t)
Dan Walsh ad10ef 
diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc
Dan Walsh ad10ef 
index 26c13f2..2354089 100644
Dan Walsh ad10ef 
--- a/policy/modules/kernel/devices.fc
Dan Walsh ad10ef 
+++ b/policy/modules/kernel/devices.fc
Dan Walsh ad10ef 
@@ -205,6 +205,7 @@ ifdef(`distro_redhat',`
Dan Walsh ad10ef 
 # /sys
Dan Walsh ad10ef 
 #
Dan Walsh ad10ef 
 /sys(/.*)?			gen_context(system_u:object_r:sysfs_t,s0)
Dan Walsh ad10ef 
+/sys/devices/system/cpu/online	gen_context(system_u:object_r:cpu_online_t,s0)
Dan Walsh ad10ef
Dan Walsh ad10ef 
 /usr/lib/udev/devices(/.*)?		gen_context(system_u:object_r:device_t,s0)
Dan Walsh ad10ef 
 /usr/lib/udev/devices/lp.*	-c	gen_context(system_u:object_r:printer_device_t,s0)
Dan Walsh ad10ef 
diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
Dan Walsh ad10ef 
index 112bebb..8f727be 100644
Dan Walsh ad10ef 
--- a/policy/modules/kernel/devices.te
Dan Walsh ad10ef 
+++ b/policy/modules/kernel/devices.te
Dan Walsh ad10ef 
@@ -226,8 +226,8 @@ fs_type(sysfs_t)
Dan Walsh ad10ef 
 genfscon sysfs / gen_context(system_u:object_r:sysfs_t,s0)
Dan Walsh ad10ef
Dan Walsh ad10ef 
 type cpu_online_t;
Dan Walsh ad10ef 
-allow cpu_online_t sysfs_t:filesystem associate;
Dan Walsh ad10ef 
-genfscon sysfs /devices/system/cpu/online gen_context(system_u:object_r:cpu_online_t,s0)
Dan Walsh ad10ef 
+files_type(cpu_online_t)
Dan Walsh ad10ef 
+dev_associate_sysfs(cpu_online_t)
Dan Walsh ad10ef
Dan Walsh ad10ef 
 #
Dan Walsh ad10ef 
 # Type for /dev/tpm
Dan Walsh ad10ef 
diff --git a/policy/modules/kernel/kernel.fc b/policy/modules/kernel/kernel.fc
Dan Walsh ad10ef 
index 7be4ddf..f7021a0 100644
Dan Walsh ad10ef 
--- a/policy/modules/kernel/kernel.fc
Dan Walsh ad10ef 
+++ b/policy/modules/kernel/kernel.fc
Dan Walsh ad10ef 
@@ -1 +1,2 @@
Dan Walsh ad10ef 
-# This module currently does not have any file contexts.
Dan Walsh ad10ef 
+
Dan Walsh ad10ef 
+/sys/class/net/ib.* 		gen_context(system_u:object_r:sysctl_net_t,s0)

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation