From af4fa8266c14bceb8fcf346e5b77b4535f5b3457 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Jul 31 2009 11:02:24 +0000 Subject: - Allod hald_dccm_t to create sock_files in /tmp --- diff --git a/policy-F12.patch b/policy-F12.patch index 317966e..89c469a 100644 --- a/policy-F12.patch +++ b/policy-F12.patch @@ -10579,7 +10579,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol +') diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.26/policy/modules/services/hal.te --- nsaserefpolicy/policy/modules/services/hal.te 2009-07-28 13:28:33.000000000 -0400 -+++ serefpolicy-3.6.26/policy/modules/services/hal.te 2009-07-30 17:31:42.000000000 -0400 ++++ serefpolicy-3.6.26/policy/modules/services/hal.te 2009-07-31 06:43:31.000000000 -0400 @@ -55,6 +55,9 @@ type hald_var_lib_t; files_type(hald_var_lib_t) @@ -10664,8 +10664,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol allow hald_dccm_t self:process getsched; allow hald_dccm_t self:tcp_socket create_stream_socket_perms; allow hald_dccm_t self:udp_socket create_socket_perms; -@@ -471,8 +491,12 @@ +@@ -469,10 +489,17 @@ + manage_files_pattern(hald_dccm_t, hald_var_lib_t, hald_var_lib_t) + files_search_var_lib(hald_dccm_t) ++manage_sock_files_pattern(hald_dccm_t, hald_tmp_t, hald_tmp_t) ++files_tmp_filetrans(hald_dccm_t, hald_tmp_t, sock_file) ++ write_files_pattern(hald_dccm_t, hald_log_t, hald_log_t) +dev_read_urand(hald_dccm_t) @@ -10677,7 +10682,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol corenet_all_recvfrom_unlabeled(hald_dccm_t) corenet_all_recvfrom_netlabel(hald_dccm_t) corenet_tcp_sendrecv_generic_if(hald_dccm_t) -@@ -484,6 +508,7 @@ +@@ -484,6 +511,7 @@ corenet_tcp_bind_generic_node(hald_dccm_t) corenet_udp_bind_generic_node(hald_dccm_t) corenet_udp_bind_dhcpc_port(hald_dccm_t) @@ -10685,7 +10690,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol corenet_tcp_bind_dccm_port(hald_dccm_t) logging_send_syslog_msg(hald_dccm_t) -@@ -491,3 +516,9 @@ +@@ -491,3 +519,9 @@ files_read_usr_files(hald_dccm_t) miscfiles_read_localization(hald_dccm_t) @@ -11899,8 +11904,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ## diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.6.26/policy/modules/services/nscd.te --- nsaserefpolicy/policy/modules/services/nscd.te 2009-07-14 14:19:57.000000000 -0400 -+++ serefpolicy-3.6.26/policy/modules/services/nscd.te 2009-07-30 15:33:09.000000000 -0400 -@@ -90,6 +90,7 @@ ++++ serefpolicy-3.6.26/policy/modules/services/nscd.te 2009-07-31 07:01:44.000000000 -0400 +@@ -65,6 +65,7 @@ + + fs_getattr_all_fs(nscd_t) + fs_search_auto_mountpoints(nscd_t) ++fs_list_inotifyfs(nscd_t) + + # for when /etc/passwd has just been updated and has the wrong type + auth_getattr_shadow(nscd_t) +@@ -90,6 +91,7 @@ selinux_compute_relabel_context(nscd_t) selinux_compute_user_contexts(nscd_t) domain_use_interactive_fds(nscd_t) @@ -11908,7 +11921,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol files_read_etc_files(nscd_t) files_read_generic_tmp_symlinks(nscd_t) -@@ -127,3 +128,12 @@ +@@ -127,3 +129,12 @@ xen_dontaudit_rw_unix_stream_sockets(nscd_t) xen_append_log(nscd_t) ') @@ -12381,13 +12394,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol +') diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.fc serefpolicy-3.6.26/policy/modules/services/policykit.fc --- nsaserefpolicy/policy/modules/services/policykit.fc 2009-07-23 14:11:04.000000000 -0400 -+++ serefpolicy-3.6.26/policy/modules/services/policykit.fc 2009-07-30 15:33:09.000000000 -0400 -@@ -1,7 +1,7 @@ ++++ serefpolicy-3.6.26/policy/modules/services/policykit.fc 2009-07-31 06:55:00.000000000 -0400 +@@ -1,7 +1,9 @@ /usr/libexec/polkit-read-auth-helper -- gen_context(system_u:object_r:policykit_auth_exec_t,s0) ++/usr/libexec/polkit-gnome-authentication-agent-1 -- gen_context(system_u:object_r:policykit_auth_exec_t,s0) /usr/libexec/polkit-grant-helper.* -- gen_context(system_u:object_r:policykit_grant_exec_t,s0) /usr/libexec/polkit-resolve-exe-helper.* -- gen_context(system_u:object_r:policykit_resolve_exec_t,s0) -/usr/libexec/polkitd -- gen_context(system_u:object_r:policykit_exec_t,s0) -+/usr/libexec/polkit.* gen_context(system_u:object_r:policykit_exec_t,s0) ++/usr/libexec/polkitd.* -- gen_context(system_u:object_r:policykit_exec_t,s0) ++/usr/libexec/polkit-1/polkitd.* -- gen_context(system_u:object_r:policykit_exec_t,s0) /var/lib/misc/PolicyKit.reload gen_context(system_u:object_r:policykit_reload_t,s0) /var/lib/PolicyKit(/.*)? gen_context(system_u:object_r:policykit_var_lib_t,s0) diff --git a/selinux-policy.spec b/selinux-policy.spec index ad700de..0a16a43 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -20,7 +20,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.6.26 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -475,7 +475,10 @@ exit 0 %endif %changelog -* Thu Jul 28 2009 Dan Walsh 3.6.26-1 +* Fri Jul 31 2009 Dan Walsh 3.6.26-2 +- Allod hald_dccm_t to create sock_files in /tmp + +* Thu Jul 30 2009 Dan Walsh 3.6.26-1 - More fixes from upstream * Tue Jul 28 2009 Dan Walsh 3.6.25-1