From abc89340c42ebfa295e48e92f14a9b4a3dc1a482 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Sep 06 2007 19:29:54 +0000 Subject: trunk: two tiny patches from Stefan Schulze Frielinghaus --- diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if index 4406a42..b702156 100644 --- a/policy/modules/kernel/terminal.if +++ b/policy/modules/kernel/terminal.if @@ -694,6 +694,25 @@ interface(`term_relabelto_all_user_ptys',` ######################################## ## +## Write to all user ptys. +## +## +## +## Domain allowed access. +## +## +# +interface(`term_write_all_user_ptys',` + gen_require(` + attribute ptynode; + ') + + dev_list_all_dev_nodes($1) + allow $1 ptynode:chr_file write_chr_file_perms; +') + +######################################## +## ## Read and write all user ptys. ## ## diff --git a/policy/modules/kernel/terminal.te b/policy/modules/kernel/terminal.te index 695ad34..3717b9f 100644 --- a/policy/modules/kernel/terminal.te +++ b/policy/modules/kernel/terminal.te @@ -1,5 +1,5 @@ -policy_module(terminal,1.5.0) +policy_module(terminal,1.5.1) ######################################## # diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te index 28f757d..da70bde 100644 --- a/policy/modules/system/selinuxutil.te +++ b/policy/modules/system/selinuxutil.te @@ -1,5 +1,5 @@ -policy_module(selinuxutil,1.6.2) +policy_module(selinuxutil,1.6.3) ifdef(`strict_policy',` gen_require(` @@ -477,6 +477,7 @@ mls_file_read_all_levels(semanage_t) selinux_validate_context(semanage_t) selinux_get_enforce_mode(semanage_t) +selinux_getattr_fs(semanage_t) # for setsebool: selinux_set_boolean(semanage_t) @@ -510,6 +511,11 @@ seutil_manage_default_contexts(semanage_t) userdom_search_sysadm_home_dirs(semanage_t) +ifdef(`distro_debian',` + files_read_var_lib_files(semanage_t) + files_read_var_lib_symlinks(semanage_t) +') + # cjp: need a more general way to handle this: ifdef(`enable_mls',` # read secadm tmp files