diff --git a/policy-20080710.patch b/policy-20080710.patch index 5a890af..2a865cc 100644 --- a/policy-20080710.patch +++ b/policy-20080710.patch @@ -21322,8 +21322,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol files_manage_etc_files(ricci_modstorage_t) diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.te serefpolicy-3.5.13/policy/modules/services/rlogin.te --- nsaserefpolicy/policy/modules/services/rlogin.te 2008-08-07 11:15:11.000000000 -0400 -+++ serefpolicy-3.5.13/policy/modules/services/rlogin.te 2008-10-28 10:56:19.000000000 -0400 -@@ -94,8 +94,8 @@ ++++ serefpolicy-3.5.13/policy/modules/services/rlogin.te 2008-11-05 16:47:28.000000000 -0500 +@@ -94,10 +94,22 @@ remotelogin_signal(rlogind_t) optional_policy(` @@ -21334,6 +21334,20 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ') optional_policy(` + tcpd_wrapped_domain(rlogind_t, rlogind_exec_t) + ') ++ ++tunable_policy(`use_nfs_home_dirs',` ++ fs_list_nfs_dirs(rlogind_t) ++ fs_read_nfs_files(rlogind_t) ++ fs_read_nfs_symlinks(rlogind_t) ++') ++ ++tunable_policy(`use_samba_home_dirs',` ++ fs_list_cifs_dirs(rlogind_t) ++ fs_read_cifs_files(rlogind_t) ++ fs_read_cifs_symlinks(rlogind_t) ++') diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/roundup.fc serefpolicy-3.5.13/policy/modules/services/roundup.fc --- nsaserefpolicy/policy/modules/services/roundup.fc 2008-08-07 11:15:11.000000000 -0400 +++ serefpolicy-3.5.13/policy/modules/services/roundup.fc 2008-10-28 10:56:19.000000000 -0400 @@ -28492,7 +28506,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol +/var/run/dmevent.* gen_context(system_u:object_r:lvm_var_run_t,s0) diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.5.13/policy/modules/system/lvm.te --- nsaserefpolicy/policy/modules/system/lvm.te 2008-08-07 11:15:12.000000000 -0400 -+++ serefpolicy-3.5.13/policy/modules/system/lvm.te 2008-10-28 10:56:19.000000000 -0400 ++++ serefpolicy-3.5.13/policy/modules/system/lvm.te 2008-11-05 16:20:42.000000000 -0500 @@ -10,6 +10,9 @@ type clvmd_exec_t; init_daemon_domain(clvmd_t,clvmd_exec_t) @@ -28575,7 +28589,22 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol sysadm_dontaudit_search_home_dirs(clvmd_t) lvm_domtrans(clvmd_t) -@@ -137,6 +152,14 @@ +@@ -128,6 +143,14 @@ + ') + + optional_policy(` ++ dbus_system_bus_client_template(lvm,lvm_t) ++ ++ optional_policy(` ++ hal_dbus_chat(lvm_t) ++ ') ++') ++ ++optional_policy(` + gpm_dontaudit_getattr_gpmctl(clvmd_t) + ') + +@@ -137,6 +160,14 @@ ') optional_policy(` @@ -28590,7 +28619,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol udev_read_db(clvmd_t) ') -@@ -147,17 +170,19 @@ +@@ -147,17 +178,19 @@ # DAC overrides and mknod for modifying /dev entries (vgmknodes) # rawio needed for dmraid @@ -28613,7 +28642,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol manage_dirs_pattern(lvm_t,lvm_tmp_t,lvm_tmp_t) manage_files_pattern(lvm_t,lvm_tmp_t,lvm_tmp_t) -@@ -189,6 +214,7 @@ +@@ -189,6 +222,7 @@ manage_files_pattern(lvm_t,lvm_metadata_t,lvm_metadata_t) filetrans_pattern(lvm_t,lvm_etc_t,lvm_metadata_t,file) files_etc_filetrans(lvm_t,lvm_metadata_t,file) @@ -28621,7 +28650,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol kernel_read_system_state(lvm_t) kernel_read_kernel_sysctls(lvm_t) -@@ -225,6 +251,7 @@ +@@ -225,6 +259,7 @@ dev_dontaudit_getattr_generic_blk_files(lvm_t) dev_dontaudit_getattr_generic_pipes(lvm_t) dev_create_generic_dirs(lvm_t) @@ -28629,7 +28658,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol fs_getattr_xattr_fs(lvm_t) fs_search_auto_mountpoints(lvm_t) -@@ -243,6 +270,7 @@ +@@ -243,6 +278,7 @@ storage_dev_filetrans_fixed_disk(lvm_t) # Access raw devices and old /dev/lvm (c 109,0). Is this needed? storage_manage_fixed_disk(lvm_t) @@ -28637,7 +28666,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol term_getattr_all_user_ttys(lvm_t) term_list_ptys(lvm_t) -@@ -252,6 +280,7 @@ +@@ -252,6 +288,7 @@ domain_use_interactive_fds(lvm_t) @@ -28645,7 +28674,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol files_read_etc_files(lvm_t) files_read_etc_runtime_files(lvm_t) # for when /usr is not mounted: -@@ -273,6 +302,8 @@ +@@ -273,6 +310,8 @@ seutil_search_default_contexts(lvm_t) seutil_sigchld_newrole(lvm_t) @@ -28654,7 +28683,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ifdef(`distro_redhat',` # this is from the initrd: files_rw_isid_type_dirs(lvm_t) -@@ -291,5 +322,18 @@ +@@ -291,5 +330,18 @@ ') optional_policy(`