From 9386d6f55f8b06c661d4e20bfd8b92635a5faaac Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Jun 18 2009 20:01:47 +0000 Subject: - Fix mcs rules to include chr_file and blk_file --- diff --git a/policy-F12.patch b/policy-F12.patch index 73035bb..f6e7faf 100644 --- a/policy-F12.patch +++ b/policy-F12.patch @@ -300,12 +300,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol + diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-3.6.16/policy/mcs --- nsaserefpolicy/policy/mcs 2009-05-21 08:43:08.000000000 -0400 -+++ serefpolicy-3.6.16/policy/mcs 2009-06-12 15:59:08.000000000 -0400 -@@ -67,7 +67,7 @@ ++++ serefpolicy-3.6.16/policy/mcs 2009-06-18 12:58:31.000000000 -0400 +@@ -66,8 +66,8 @@ + # # Note that getattr on files is always permitted. # - mlsconstrain file { write setattr append unlink link rename ioctl lock execute relabelfrom } +-mlsconstrain file { write setattr append unlink link rename ioctl lock execute relabelfrom } - ( h1 dom h2 ); ++mlsconstrain { file chr_file blk_file sock_file lnk_file fifo_file } { write setattr append unlink link rename ioctl lock execute relabelfrom } + (( h1 dom h2 ) or ( t1 == mlsfilewrite )); mlsconstrain dir { create getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl } diff --git a/selinux-policy.spec b/selinux-policy.spec index 3a19d54..5a20e0b 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -20,7 +20,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.6.16 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -473,6 +473,9 @@ exit 0 %endif %changelog +* Thu Jun 18 2009 Dan Walsh 3.6.16-4 +- Fix mcs rules to include chr_file and blk_file + * Tue Jun 16 2009 Dan Walsh 3.6.16-3 - Add label for udev-acl