From 01e90f94b87815975af42bcae9685eb032c45a78 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Nov 04 2011 17:36:24 +0000 Subject: MCS fixes quota fixes --- diff --git a/consoletype.patch b/consoletype.patch new file mode 100644 index 0000000..5229a96 --- /dev/null +++ b/consoletype.patch @@ -0,0 +1,140 @@ +diff --git a/policy/modules/admin/consoletype.te b/policy/modules/admin/consoletype.te +index 50e9ee4..72417f5 100644 +--- a/policy/modules/admin/consoletype.te ++++ b/policy/modules/admin/consoletype.te +@@ -7,8 +7,8 @@ policy_module(consoletype, 1.10.0) + + type consoletype_t; + type consoletype_exec_t; +-init_domain(consoletype_t, consoletype_exec_t) +-init_system_domain(consoletype_t, consoletype_exec_t) ++application_domain(consoletype_t, consoletype_exec_t) ++role system_r types consoletype_t; + + ######################################## + # +diff --git a/policy/modules/admin/firstboot.te b/policy/modules/admin/firstboot.te +index f808287..bd59f2e 100644 +--- a/policy/modules/admin/firstboot.te ++++ b/policy/modules/admin/firstboot.te +@@ -97,10 +97,6 @@ userdom_home_filetrans_user_home_dir(firstboot_t) + userdom_user_home_dir_filetrans_user_home_content(firstboot_t, { dir file lnk_file fifo_file sock_file }) + + optional_policy(` +- consoletype_domtrans(firstboot_t) +-') +- +-optional_policy(` + dbus_system_bus_client(firstboot_t) + + optional_policy(` +diff --git a/policy/modules/apps/usernetctl.if b/policy/modules/apps/usernetctl.if +index ba9b9d6..09ae47c 100644 +--- a/policy/modules/apps/usernetctl.if ++++ b/policy/modules/apps/usernetctl.if +@@ -47,10 +47,6 @@ interface(`usernetctl_run',` + sysnet_run_dhcpc(usernetctl_t, $2) + + optional_policy(` +- consoletype_run(usernetctl_t, $2) +- ') +- +- optional_policy(` + iptables_run(usernetctl_t, $2) + ') + +diff --git a/policy/modules/apps/usernetctl.te b/policy/modules/apps/usernetctl.te +index f938024..93edd6b 100644 +--- a/policy/modules/apps/usernetctl.te ++++ b/policy/modules/apps/usernetctl.te +@@ -61,6 +61,10 @@ sysnet_read_config(usernetctl_t) + userdom_use_inherited_user_terminals(usernetctl_t) + + optional_policy(` ++ consoletype_exec(usernetctl_t) ++') ++ ++optional_policy(` + hostname_exec(usernetctl_t) + ') + +diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te +index c6aa0bc..9cfa342 100644 +--- a/policy/modules/roles/sysadm.te ++++ b/policy/modules/roles/sysadm.te +@@ -151,7 +151,7 @@ optional_policy(` + ') + + optional_policy(` +- consoletype_run(sysadm_t, sysadm_r) ++ consoletype_exec(sysadm_t) + ') + + optional_policy(` +diff --git a/policy/modules/services/networkmanager.te b/policy/modules/services/networkmanager.te +index c985b07..0931220 100644 +--- a/policy/modules/services/networkmanager.te ++++ b/policy/modules/services/networkmanager.te +@@ -205,7 +205,7 @@ optional_policy(` + ') + + optional_policy(` +- consoletype_domtrans(NetworkManager_t) ++ consoletype_exec(NetworkManager_t) + ') + + optional_policy(` +diff --git a/policy/modules/services/puppet.te b/policy/modules/services/puppet.te +index 5f6e7b8..6a68d33 100644 +--- a/policy/modules/services/puppet.te ++++ b/policy/modules/services/puppet.te +@@ -148,7 +148,7 @@ tunable_policy(`puppet_manage_all_files',` + ') + + optional_policy(` +- consoletype_domtrans(puppet_t) ++ consoletype_exec(puppet_t) + ') + + optional_policy(` +diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if +index be800df..22c9f0d 100644 +--- a/policy/modules/system/sysnetwork.if ++++ b/policy/modules/system/sysnetwork.if +@@ -49,10 +49,6 @@ interface(`sysnet_run_dhcpc',` + sysnet_run_ifconfig(dhcpc_t, $2) + + optional_policy(` +- consoletype_run(dhcpc_t, $2) +- ') +- +- optional_policy(` + hostname_run(dhcpc_t, $2) + ') + +diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te +index 767ccbd..b9b4dd9 100644 +--- a/policy/modules/system/sysnetwork.te ++++ b/policy/modules/system/sysnetwork.te +@@ -170,7 +170,7 @@ ifdef(`distro_ubuntu',` + ') + + optional_policy(` +- consoletype_domtrans(dhcpc_t) ++ consoletype_exec(dhcpc_t) + ') + + optional_policy(` +diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te +index c31aeb2..8febc7a 100644 +--- a/policy/modules/system/udev.te ++++ b/policy/modules/system/udev.te +@@ -240,7 +240,7 @@ optional_policy(` + ') + + optional_policy(` +- consoletype_domtrans(udev_t) ++ consoletype_exec(udev_t) + ') + + optional_policy(` diff --git a/selinux-policy.spec b/selinux-policy.spec index 425e12f..fd06d08 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -485,7 +485,6 @@ SELinux Reference policy mls base module. %endif %changelog -<<<<<<< HEAD * Fri Nov 4 2011 Miroslav Grepl 3.10.0-54 - MCS fixes - quota fixes @@ -493,13 +492,6 @@ SELinux Reference policy mls base module. * Thu Nov 4 2011 Dan Walsh 3.10.0-53.1 - Remove transitions to consoletype -||||||| merged common ancestors -======= -* Fri Nov 4 2011 Miroslav Grepl 3.10.0-54 -- MCS fixes -- quota fixes - ->>>>>>> 76b2f513a3b64cbd70fb9183587a6e2e5e56dbaa * Tue Nov 1 2011 Miroslav Grepl 3.10.0-53 - Make nvidia* to be labeled correctly - Fix abrt_manage_cache() interface