From eb7e6dca5e701aa0f96078d0a9a22b9f0c72ecc6 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Aug 13 2008 19:24:36 +0000 Subject: - Allow ifconfig_t to read dhcpc_state_t --- diff --git a/policy-20080710.patch b/policy-20080710.patch index 0da3334..4d8264b 100644 --- a/policy-20080710.patch +++ b/policy-20080710.patch @@ -12353,7 +12353,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol + diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.5.4/policy/modules/services/clamav.te --- nsaserefpolicy/policy/modules/services/clamav.te 2008-08-07 11:15:11.000000000 -0400 -+++ serefpolicy-3.5.4/policy/modules/services/clamav.te 2008-08-11 16:39:48.000000000 -0400 ++++ serefpolicy-3.5.4/policy/modules/services/clamav.te 2008-08-13 15:22:54.000000000 -0400 @@ -13,7 +13,7 @@ # configuration files @@ -12383,7 +12383,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol corenet_all_recvfrom_unlabeled(clamd_t) corenet_all_recvfrom_netlabel(clamd_t) -@@ -120,6 +126,9 @@ +@@ -97,6 +103,8 @@ + corenet_tcp_bind_all_nodes(clamd_t) + corenet_tcp_bind_clamd_port(clamd_t) + corenet_sendrecv_clamd_server_packets(clamd_t) ++corenet_tcp_bind_generic_port(clamd_t) ++corenet_tcp_connect_generic_port(clamd_t) + + dev_read_rand(clamd_t) + dev_read_urand(clamd_t) +@@ -120,6 +128,9 @@ cron_use_system_job_fds(clamd_t) cron_rw_pipes(clamd_t) @@ -12393,7 +12402,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol optional_policy(` amavis_read_lib_files(clamd_t) amavis_read_spool_files(clamd_t) -@@ -127,6 +136,10 @@ +@@ -127,6 +138,10 @@ amavis_create_pid_files(clamd_t) ') @@ -12404,7 +12413,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ######################################## # # Freshclam local policy -@@ -197,7 +210,7 @@ +@@ -197,7 +212,7 @@ allow clamscan_t self:fifo_file rw_file_perms; allow clamscan_t self:unix_stream_socket create_stream_socket_perms; allow clamscan_t self:unix_dgram_socket create_socket_perms; @@ -12413,7 +12422,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol # configuration files allow clamscan_t clamd_etc_t:dir list_dir_perms; -@@ -213,6 +226,14 @@ +@@ -213,6 +228,14 @@ manage_files_pattern(clamscan_t, clamd_var_lib_t, clamd_var_lib_t) allow clamscan_t clamd_var_lib_t:dir list_dir_perms; @@ -12428,7 +12437,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol kernel_read_kernel_sysctls(clamscan_t) files_read_etc_files(clamscan_t) -@@ -230,6 +251,12 @@ +@@ -230,6 +253,12 @@ clamav_stream_connect(clamscan_t) @@ -14316,7 +14325,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol /var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0) diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.5.4/policy/modules/services/dbus.if --- nsaserefpolicy/policy/modules/services/dbus.if 2008-08-07 11:15:11.000000000 -0400 -+++ serefpolicy-3.5.4/policy/modules/services/dbus.if 2008-08-13 14:33:26.000000000 -0400 ++++ serefpolicy-3.5.4/policy/modules/services/dbus.if 2008-08-13 15:01:27.000000000 -0400 @@ -53,6 +53,7 @@ gen_require(` type system_dbusd_exec_t, system_dbusd_t, dbusd_etc_t; @@ -14426,7 +14435,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol xserver_use_xdm_fds($1_dbusd_t) xserver_rw_xdm_pipes($1_dbusd_t) + xserver_dontaudit_xdm_lib_search($1_dbusd_t) -+ xserver_rw_xdm_home_files',` ++ xserver_rw_xdm_home_files($1_dbusd_t) ') ') @@ -16365,7 +16374,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol +') diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.5.4/policy/modules/services/ftp.te --- nsaserefpolicy/policy/modules/services/ftp.te 2008-08-07 11:15:11.000000000 -0400 -+++ serefpolicy-3.5.4/policy/modules/services/ftp.te 2008-08-11 16:39:48.000000000 -0400 ++++ serefpolicy-3.5.4/policy/modules/services/ftp.te 2008-08-13 14:54:18.000000000 -0400 @@ -75,6 +75,9 @@ type xferlog_t; logging_log_file(xferlog_t) diff --git a/selinux-policy.spec b/selinux-policy.spec index 1fc6428..a82610c 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.5.4 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -380,6 +380,9 @@ exit 0 %endif %changelog +* Tue Aug 12 2008 Dan Walsh 3.5.4-2 +- Allow ifconfig_t to read dhcpc_state_t + * Mon Aug 11 2008 Dan Walsh 3.5.4-1 - Update to upstream