From 1a2b4d14f1d40d060bd6644123d94012c564b420 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Oct 21 2011 20:44:31 +0000 Subject: Turn on mock_t and thumb_t for unconfined domains --- diff --git a/default_trans.patch b/default_trans.patch index 617a301..6873d53 100644 --- a/default_trans.patch +++ b/default_trans.patch @@ -9,3 +9,17 @@ index ed7a0c1..90d0b1e 100644 # # Define sensitivities # +diff --git a/policy/modules/admin/bootloader.fc b/policy/modules/admin/bootloader.fc +index e117271..58b782e 100644 +--- a/policy/modules/admin/bootloader.fc ++++ b/policy/modules/admin/bootloader.fc +@@ -3,9 +3,7 @@ + /etc/yaboot\.conf.* -- gen_context(system_u:object_r:bootloader_etc_t,s0) + + /sbin/grub.* -- gen_context(system_u:object_r:bootloader_exec_t,s0) +-/sbin/installkernel -- gen_context(system_u:object_r:bootloader_exec_t,s0) + /sbin/lilo.* -- gen_context(system_u:object_r:bootloader_exec_t,s0) +-/sbin/new-kernel-pkg -- gen_context(system_u:object_r:bootloader_exec_t,s0) + /sbin/ybin.* -- gen_context(system_u:object_r:bootloader_exec_t,s0) + + /usr/sbin/grub -- gen_context(system_u:object_r:bootloader_exec_t,s0) diff --git a/execmem.patch b/execmem.patch index 21dda3f..5a37a6c 100644 --- a/execmem.patch +++ b/execmem.patch @@ -367,3 +367,17 @@ diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.execmem serefpol mount_run_fusermount($1_t, $1_r) mount_read_pid_files($1_t) ') +diff --git a/policy/modules/admin/bootloader.fc b/policy/modules/admin/bootloader.fc +index e117271..58b782e 100644 +--- a/policy/modules/admin/bootloader.fc ++++ b/policy/modules/admin/bootloader.fc +@@ -3,9 +3,7 @@ + /etc/yaboot\.conf.* -- gen_context(system_u:object_r:bootloader_etc_t,s0) + + /sbin/grub.* -- gen_context(system_u:object_r:bootloader_exec_t,s0) +-/sbin/installkernel -- gen_context(system_u:object_r:bootloader_exec_t,s0) + /sbin/lilo.* -- gen_context(system_u:object_r:bootloader_exec_t,s0) +-/sbin/new-kernel-pkg -- gen_context(system_u:object_r:bootloader_exec_t,s0) + /sbin/ybin.* -- gen_context(system_u:object_r:bootloader_exec_t,s0) + + /usr/sbin/grub -- gen_context(system_u:object_r:bootloader_exec_t,s0) diff --git a/selinux-policy.spec b/selinux-policy.spec index db56f78..17f6656 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -29,7 +29,6 @@ patch4: execmem.patch patch5: userdomain.patch patch6: apache.patch patch7: ptrace.patch -patch8: default_trans.patch Source1: modules-targeted.conf Source2: booleans-targeted.conf Source3: Makefile.devel