From 659e96fa65b7081c1eebd28d8e555f3e48763cb2 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Feb 04 2009 16:24:43 +0000 Subject: - More fixes for devicekit --- diff --git a/policy-20090105.patch b/policy-20090105.patch index 652e55c..c23ad78 100644 --- a/policy-20090105.patch +++ b/policy-20090105.patch @@ -23477,7 +23477,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol + diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.6.4/policy/modules/services/xserver.te --- nsaserefpolicy/policy/modules/services/xserver.te 2009-01-19 11:06:49.000000000 -0500 -+++ serefpolicy-3.6.4/policy/modules/services/xserver.te 2009-02-04 10:49:48.000000000 -0500 ++++ serefpolicy-3.6.4/policy/modules/services/xserver.te 2009-02-04 11:20:11.000000000 -0500 @@ -34,6 +34,13 @@ ## @@ -24112,7 +24112,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol # X Colormaps # can use the default colormap allow x_domain rootwindow_t:x_colormap { read use add_color }; -@@ -972,13 +1129,35 @@ +@@ -972,17 +1129,51 @@ allow xserver_unconfined_type { x_domain xserver_t }:x_resource *; allow xserver_unconfined_type xevent_type:{ x_event x_synthetic_event } *; @@ -24152,13 +24152,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol + +tunable_policy(`allow_xserver_execmem',` + allow xserver_t self:process { execheap execmem execstack }; - ') - - # -@@ -986,3 +1165,21 @@ - # - allow xdm_t user_home_type:file unlink; - ') dnl end TODO ++') + +# Hack to handle the problem of using the nvidia blobs +tunable_policy(`allow_execmem',` @@ -24175,8 +24169,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol + +tunable_policy(`use_samba_home_dirs',` + fs_append_cifs_files(xdmhomewriter) -+') -+ + ') + +-# +-# Wants to delete .xsession-errors file +-# +-allow xdm_t user_home_type:file unlink; +-') dnl end TODO diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosremote.fc serefpolicy-3.6.4/policy/modules/services/zosremote.fc --- nsaserefpolicy/policy/modules/services/zosremote.fc 1969-12-31 19:00:00.000000000 -0500 +++ serefpolicy-3.6.4/policy/modules/services/zosremote.fc 2009-02-03 22:57:29.000000000 -0500 diff --git a/selinux-policy.spec b/selinux-policy.spec index 7add797..2e8b0b9 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -20,7 +20,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.6.4 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -444,6 +444,9 @@ exit 0 %endif %changelog +* Wed Feb 4 2009 Dan Walsh 3.6.4-2 +- More fixes for devicekit + * Tue Feb 3 2009 Dan Walsh 3.6.4-1 - Upgrade to latest upstream