-##
-## Allow corosync to read and write generic tmpfs files.
-##
-##
-gen_tunable(allow_corosync_rw_tmpfs, false)
-
type corosync_t;
type corosync_exec_t;
init_daemon_domain(corosync_t, corosync_exec_t)
@@ -98,8 +91,13 @@ miscfiles_read_localization(corosync_t)
userdom_delete_user_tmpfs_files(corosync_t)
userdom_rw_user_tmpfs_files(corosync_t)
-tunable_policy(`allow_corosync_rw_tmpfs',`
- fs_rw_tmpfs_files(corosync_t)
+optional_policy(`
+ gen_require(`
+ attribute unconfined_services;
+ ')
+
+ fs_manage_tmpfs_files(corosync_t)
+ init_manage_script_status_files(corosync_t)
')
optional_policy(`
diff --git a/policy/modules/services/gnomeclock.fc b/policy/modules/services/gnomeclock.fc
index 462de63..a8ce02e 100644
--- a/policy/modules/services/gnomeclock.fc
+++ b/policy/modules/services/gnomeclock.fc
@@ -1,2 +1,4 @@
/usr/libexec/gnome-clock-applet-mechanism -- gen_context(system_u:object_r:gnomeclock_exec_t,s0)
+/usr/libexec/gsd-datetime-mechanism -- gen_context(system_u:object_r:gnomeclock_exec_t,s0)
+
diff --git a/policy/modules/services/passenger.if b/policy/modules/services/passenger.if
index e738452..7ca90f6 100644
--- a/policy/modules/services/passenger.if
+++ b/policy/modules/services/passenger.if
@@ -13,6 +13,7 @@
interface(`passenger_domtrans',`
gen_require(`
type passenger_t;
+ type passenger_exec_t;
')
allow $1 self:capability { fowner fsetid };
@@ -26,7 +27,7 @@ interface(`passenger_domtrans',`
######################################
##