diff --git a/policy/modules/apps/telepathy.te b/policy/modules/apps/telepathy.te index 4aea465..779a54b 100644 --- a/policy/modules/apps/telepathy.te +++ b/policy/modules/apps/telepathy.te @@ -78,7 +78,7 @@ libs_exec_ldconfig(telepathy_msn_t) logging_send_syslog_msg(telepathy_msn_t) -miscfiles_read_certs(telepathy_msn_t) +miscfiles_read_all_certs(telepathy_msn_t) sysnet_read_config(telepathy_msn_t) @@ -129,7 +129,7 @@ dev_read_urand(telepathy_gabble_t) files_read_config_files(telepathy_gabble_t) files_read_usr_files(telepathy_gabble_t) -miscfiles_read_certs(telepathy_gabble_t) +miscfiles_read_all_certs(telepathy_gabble_t) sysnet_read_config(telepathy_gabble_t) diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te index fabc1a0..06b7974 100644 --- a/policy/modules/roles/staff.te +++ b/policy/modules/roles/staff.te @@ -77,6 +77,11 @@ optional_policy(` ') optional_policy(` + oident_manage_user_content(staff_t) + oident_relabel_user_content(staff_t) +') + +optional_policy(` postgresql_role(staff_r, staff_t) ') @@ -187,10 +192,6 @@ ifndef(`distro_redhat',` ') optional_policy(` - oident_manage_user_content(staff_t) - oident_relabel_user_content(staff_t) - ') - optional_policy(` pyzor_role(staff_r, staff_t) ') diff --git a/policy/modules/services/boinc.te b/policy/modules/services/boinc.te index 62a48ac..aaf0ba3 100644 --- a/policy/modules/services/boinc.te +++ b/policy/modules/services/boinc.te @@ -99,7 +99,7 @@ fs_getattr_all_fs(boinc_t) term_dontaudit_getattr_ptmx(boinc_t) miscfiles_read_localization(boinc_t) -miscfiles_read_certs(boinc_t) +miscfiles_read_generic_certs(boinc_t) logging_send_syslog_msg(boinc_t) diff --git a/policy/modules/services/kerberos.te b/policy/modules/services/kerberos.te index 6deff48..ca4bea5 100644 --- a/policy/modules/services/kerberos.te +++ b/policy/modules/services/kerberos.te @@ -152,7 +152,7 @@ selinux_validate_context(kadmind_t) logging_send_syslog_msg(kadmind_t) -miscfiles_read_certs(kadmind_t) +miscfiles_read_generic_certs(kadmind_t) miscfiles_read_localization(kadmind_t) seutil_read_file_contexts(kadmind_t) @@ -252,7 +252,7 @@ selinux_validate_context(krb5kdc_t) logging_send_syslog_msg(krb5kdc_t) -miscfiles_read_certs(krb5kdc_t) +miscfiles_read_geniric_certs(krb5kdc_t) miscfiles_read_localization(krb5kdc_t) seutil_read_file_contexts(krb5kdc_t) diff --git a/policy/modules/system/xen.te b/policy/modules/system/xen.te index ff472d0..600d43f 100644 --- a/policy/modules/system/xen.te +++ b/policy/modules/system/xen.te @@ -110,7 +110,7 @@ files_pid_filetrans(evtchnd_t, evtchnd_var_run_t, { file sock_file dir }) # xend local policy # -allow xend_t self:capability { mknod dac_override ipc_lock net_admin setuid sys_nice sys_ptrace sys_tty_config net_raw }; +allow xend_t self:capability { mknod dac_override ipc_lock net_admin setuid sys_admin sys_nice sys_ptrace sys_tty_config net_raw }; dontaudit xend_t self:capability { sys_ptrace }; allow xend_t self:process { signal sigkill }; dontaudit xend_t self:process ptrace; @@ -225,6 +225,7 @@ logging_send_syslog_msg(xend_t) lvm_domtrans(xend_t) miscfiles_read_localization(xend_t) +miscfiles_read_hwdata(xend_t) mount_domtrans(xend_t) @@ -242,6 +243,8 @@ xen_stream_connect_xenstore(xend_t) netutils_domtrans(xend_t) +virt_read_config(xend_t) + optional_policy(` brctl_domtrans(xend_t) ')