diff --git a/booleans.subs_dist b/booleans.subs_dist new file mode 100644 index 0000000..314ef25 --- /dev/null +++ b/booleans.subs_dist @@ -0,0 +1,44 @@ +allow_auditadm_exec_content auditadm_exec_content +allow_console_login login_console_enabled +allow_cvs_read_shadow cvs_read_shadow +allow_daemons_dump_core daemons_dump_core +allow_daemons_use_tcp_wrapper daemons_use_tcp_wrapper +allow_daemons_use_tty daemons_use_tty +allow_domain_fd_use domain_fd_use +allow_execheap selinuxuser_execheap +allow_execmod selinuxuser_execmod +allow_execstack selinuxuser_execstack +allow_ftpd_anon_write ftpd_anon_write +allow_ftpd_full_access ftpd_full_access +allow_ftpd_use_cifs ftpd_use_cifs +allow_ftpd_use_nfs ftpd_use_nfs +allow_gssd_read_tmp gssd_read_tmp +allow_guest_exec_content guest_exec_content +allow_httpd_anon_write httpd_anon_write +allow_httpd_mod_auth_ntlm_winbind httpd_mod_auth_ntlm_winbind +allow_httpd_mod_auth_pam httpd_mod_auth_pam +allow_httpd_sys_script_anon_write httpd_sys_script_anon_write +allow_kerberos kerberos_enabled +allow_mplayer_execstack mplayer_execstack +allow_mount_anyfile mount_anyfile +allow_nfsd_anon_write nfsd_anon_write +allow_polyinstantiation polyinstantiation_enabled +allow_postfix_local_write_mail_spool postfix_local_write_mail_spool +allow_rsync_anon_write rsync_anon_write +allow_saslauthd_read_shadow saslauthd_read_shadow +allow_secadm_exec_content secadm_exec_content +allow_smbd_anon_write smbd_anon_write +allow_ssh_keysign ssh_keysign +allow_staff_exec_content staff_exec_content +allow_sysadm_exec_content sysadm_exec_content +allow_user_exec_content user_exec_content +allow_user_mysql_connect selinuxuser_mysql_connect_enabled +allow_user_postgresql_connect selinuxuser_postgresql_connect_enabled +allow_write_xshm xserver_clients_write_xshm +allow_xguest_exec_content xguest_exec_content +allow_xserver_execmem xserver_execmem +allow_ypbind nis_enabled +allow_zebra_write_config zebra_write_config +user_direct_dri selinuxuser_direct_dri_enabled +user_ping selinuxuser_ping +user_share_music selinuxuser_share_music diff --git a/selinux-policy.spec b/selinux-policy.spec index 3c105d0..ab22ad1 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -49,6 +49,7 @@ Source26: file_contexts.subs_dist Source27: selinux-policy.conf Source28: permissivedomains.pp Source29: serefpolicy-contrib-%{version}.tgz +Source30: booleans.subs_dist Url: http://oss.tresys.com/repos/refpolicy/ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -133,6 +134,7 @@ touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/file_contexts.local \ touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/nodes.local \ touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/users_extra.local \ touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/users.local \ +cp %{SOURCE30} %{buildroot}%{_sysconfdir}/selinux/%1 \ bzip2 -c %{buildroot}/%{_usr}/share/selinux/%1/base.pp > %{buildroot}/%{_sysconfdir}/selinux/%1/modules/active/base.pp \ rm -f %{buildroot}/%{_usr}/share/selinux/%1/base.pp \ for i in %{buildroot}/%{_usr}/share/selinux/%1/*.pp; do bzip2 -c $i > %{buildroot}/%{_sysconfdir}/selinux/%1/modules/active/modules/`basename $i`; done \ @@ -191,7 +193,8 @@ rm -f %{buildroot}/%{_sysconfigdir}/selinux/%1/modules/active/policy.kern %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/contexts/files/file_contexts.homedirs \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/files/file_contexts.local \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/files/file_contexts.subs \ -%verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/contexts/files/file_contexts.subs_dist \ +%{_sysconfdir}/selinux/%1/contexts/files/file_contexts.subs_dist \ +%{_sysconfdir}/selinux/%1/booleans.subs_dist \ %config %{_sysconfdir}/selinux/%1/contexts/files/media \ %dir %{_sysconfdir}/selinux/%1/contexts/users \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/root \