From 66ec626d238cde09eed6d482b84057f8db8db9a8 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Aug 23 2010 21:33:55 +0000 Subject: - Allow clamscan to read proc_t - Allow mount_t to write to debufs_t dir - Dontaudit mount_t trying to write to security_t dir --- diff --git a/policy-F14.patch b/policy-F14.patch index 1357638..a8e99be 100644 --- a/policy-F14.patch +++ b/policy-F14.patch @@ -2569,6 +2569,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdow +optional_policy(` xserver_dontaudit_write_log(shutdown_t) ') +diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/smoltclient.te serefpolicy-3.8.8/policy/modules/admin/smoltclient.te +--- nsaserefpolicy/policy/modules/admin/smoltclient.te 2010-07-27 16:06:04.000000000 -0400 ++++ serefpolicy-3.8.8/policy/modules/admin/smoltclient.te 2010-08-23 17:32:41.000000000 -0400 +@@ -42,6 +42,7 @@ + + fs_getattr_all_fs(smoltclient_t) + fs_getattr_all_dirs(smoltclient_t) ++fs_list_auto_mountpoints(smoltclient_t) + + files_getattr_generic_locks(smoltclient_t) + files_read_etc_files(smoltclient_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.8.8/policy/modules/admin/sudo.if --- nsaserefpolicy/policy/modules/admin/sudo.if 2010-07-27 16:06:04.000000000 -0400 +++ serefpolicy-3.8.8/policy/modules/admin/sudo.if 2010-07-30 14:06:53.000000000 -0400 @@ -9419,7 +9430,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy +/cgroup(/.*)? gen_context(system_u:object_r:cgroup_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.8.8/policy/modules/kernel/filesystem.if --- nsaserefpolicy/policy/modules/kernel/filesystem.if 2010-07-27 16:06:05.000000000 -0400 -+++ serefpolicy-3.8.8/policy/modules/kernel/filesystem.if 2010-08-13 10:09:00.000000000 -0400 ++++ serefpolicy-3.8.8/policy/modules/kernel/filesystem.if 2010-08-23 17:32:34.000000000 -0400 @@ -1233,7 +1233,7 @@ type cifs_t; ')