From 4c2f298bf26838fa4c34c602f934d43b970bd8e9 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sep 22 2009 12:49:53 +0000 Subject: - Fix all kernel_request_load_module domains --- diff --git a/policy-F12.patch b/policy-F12.patch index ccdcb3c..e531109 100644 --- a/policy-F12.patch +++ b/policy-F12.patch @@ -12795,7 +12795,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol + diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.6.32/policy/modules/services/networkmanager.te --- nsaserefpolicy/policy/modules/services/networkmanager.te 2009-08-14 13:14:31.000000000 -0700 -+++ serefpolicy-3.6.32/policy/modules/services/networkmanager.te 2009-09-21 05:23:47.000000000 -0700 ++++ serefpolicy-3.6.32/policy/modules/services/networkmanager.te 2009-09-21 19:37:35.000000000 -0700 @@ -19,6 +19,9 @@ type NetworkManager_tmp_t; files_tmp_file(NetworkManager_tmp_t) @@ -12837,12 +12837,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol manage_dirs_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t) manage_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t) -@@ -62,7 +69,9 @@ - kernel_read_system_state(NetworkManager_t) +@@ -63,6 +70,8 @@ kernel_read_network_state(NetworkManager_t) kernel_read_kernel_sysctls(NetworkManager_t) --kernel_load_module(NetworkManager_t) -+kernel_request_load_module(NetworkManager_t) + kernel_load_module(NetworkManager_t) +kernel_read_debugfs(NetworkManager_t) +kernel_rw_net_sysctls(NetworkManager_t) @@ -14859,6 +14857,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol userdom_dontaudit_search_user_home_dirs(pyzor_t) optional_policy(` +diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.te serefpolicy-3.6.32/policy/modules/services/radvd.te +--- nsaserefpolicy/policy/modules/services/radvd.te 2009-08-14 13:14:31.000000000 -0700 ++++ serefpolicy-3.6.32/policy/modules/services/radvd.te 2009-09-21 19:37:52.000000000 -0700 +@@ -41,6 +41,7 @@ + kernel_rw_net_sysctls(radvd_t) + kernel_read_network_state(radvd_t) + kernel_read_system_state(radvd_t) ++kernel_request_load_module(radvd_t) + + corenet_all_recvfrom_unlabeled(radvd_t) + corenet_all_recvfrom_netlabel(radvd_t) diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.fc serefpolicy-3.6.32/policy/modules/services/razor.fc --- nsaserefpolicy/policy/modules/services/razor.fc 2009-07-14 11:19:57.000000000 -0700 +++ serefpolicy-3.6.32/policy/modules/services/razor.fc 2009-09-16 07:03:09.000000000 -0700 diff --git a/selinux-policy.spec b/selinux-policy.spec index 53ac7f8..e028818 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -20,7 +20,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.6.32 -Release: 8%{?dist} +Release: 9%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -447,9 +447,11 @@ exit 0 %endif %changelog -* Mon Sep 21 2009 Dan Walsh 3.6.32-8 +* Mon Sep 21 2009 Dan Walsh 3.6.32-9 - Fix all kernel_request_load_module domains +* Mon Sep 21 2009 Dan Walsh 3.6.32-8 +- Fix all kernel_request_load_module domains * Sun Sep 20 2009 Dan Walsh 3.6.32-7 - Remove allow_exec* booleans for confined users. Only available for unconfined_t