From cab5dce18dd4369f92384ff24116f451bb85ef4b Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mar 06 2008 21:55:29 +0000 Subject: - Fix initrc_context generation for MLS --- diff --git a/policy-20071130.patch b/policy-20071130.patch index 4de83ea..255f748 100644 --- a/policy-20071130.patch +++ b/policy-20071130.patch @@ -7424,8 +7424,25 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ######################################## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.3.1/policy/modules/kernel/kernel.te --- nsaserefpolicy/policy/modules/kernel/kernel.te 2007-12-19 05:32:07.000000000 -0500 -+++ serefpolicy-3.3.1/policy/modules/kernel/kernel.te 2008-02-26 08:29:22.000000000 -0500 -@@ -259,6 +259,8 @@ ++++ serefpolicy-3.3.1/policy/modules/kernel/kernel.te 2008-03-06 15:50:41.000000000 -0500 +@@ -231,6 +231,8 @@ + # Mount root file system. Used when loading a policy + # from initrd, then mounting the root filesystem + fs_mount_all_fs(kernel_t) ++fs_unmount_all_fs(kernel_t) ++ + + selinux_load_policy(kernel_t) + +@@ -253,12 +255,16 @@ + + mls_process_read_up(kernel_t) + mls_process_write_down(kernel_t) ++mls_file_write_all_levels(kernel_t) ++mls_file_read_all_levels(kernel_t) + + ifdef(`distro_redhat',` + # Bugzilla 222337 fs_rw_tmpfs_chr_files(kernel_t) ') @@ -7434,7 +7451,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel tunable_policy(`read_default_t',` files_list_default(kernel_t) files_read_default_files(kernel_t) -@@ -363,7 +365,7 @@ +@@ -363,7 +369,7 @@ allow kern_unconfined proc_type:{ dir file lnk_file } *; @@ -7443,7 +7460,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel allow kern_unconfined kernel_t:system *; -@@ -374,3 +376,4 @@ +@@ -374,3 +380,4 @@ allow kern_unconfined unlabeled_t:process ~{ transition dyntransition execmem execstack execheap }; kernel_rw_all_sysctls(kern_unconfined) @@ -13651,7 +13668,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-3.3.1/policy/modules/services/fail2ban.te --- nsaserefpolicy/policy/modules/services/fail2ban.te 2007-12-19 05:32:17.000000000 -0500 -+++ serefpolicy-3.3.1/policy/modules/services/fail2ban.te 2008-03-06 13:11:59.000000000 -0500 ++++ serefpolicy-3.3.1/policy/modules/services/fail2ban.te 2008-03-06 16:54:16.000000000 -0500 @@ -18,6 +18,9 @@ type fail2ban_var_run_t; files_pid_file(fail2ban_var_run_t) @@ -13683,7 +13700,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail +fs_list_inotifyfs(fail2ban_t) + +auth_use_nsswitch(fail2ban_t) -+corenet_tcp_connect_dns_port(fail2ban_t) ++corenet_tcp_connect_whois_port(fail2ban_t) libs_use_ld_so(fail2ban_t) libs_use_shared_libs(fail2ban_t)