diff --git a/Changelog b/Changelog index 6ab7f07..c4d42c8 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,4 @@ +- Fixes for RHEL4 from the CLIP project. - Replace the old lrrd fc entries with munin ones. - Move program admin template usage out of userdom_admin_user_template() to sysadm policy in userdomain.te to fix usage of the template for third diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if index 4b05a15..86f393b 100644 --- a/policy/modules/services/ssh.if +++ b/policy/modules/services/ssh.if @@ -380,11 +380,12 @@ template(`ssh_per_role_template',` nis_use_ypbind($1_ssh_agent_t) ') - ifdef(`TODO',` - ifdef(`xdm.te',` - can_pipe_xdm($1_ssh_agent_t) + optional_policy(` + xserver_use_xdm_fds($1_ssh_agent_t) + xserver_rw_xdm_pipes($1_ssh_agent_t) ') + ifdef(`TODO',` dontaudit $1_ssh_agent_t proc_t:{ lnk_file file } { getattr read }; ') dnl endif TODO diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te index dfd94db..5fff856 100644 --- a/policy/modules/services/ssh.te +++ b/policy/modules/services/ssh.te @@ -1,5 +1,5 @@ -policy_module(ssh,1.6.0) +policy_module(ssh,1.6.1) ######################################## # diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te index be0217a..3a26997 100644 --- a/policy/modules/system/authlogin.te +++ b/policy/modules/system/authlogin.te @@ -1,5 +1,5 @@ -policy_module(authlogin,1.6.0) +policy_module(authlogin,1.6.1) ######################################## # @@ -244,6 +244,7 @@ optional_policy(` optional_policy(` xserver_read_xdm_pid(pam_console_t) + xserver_use_xdm_fds(pam_t) ') ######################################## diff --git a/policy/modules/system/hotplug.te b/policy/modules/system/hotplug.te index 40535ed..9ab1d39 100644 --- a/policy/modules/system/hotplug.te +++ b/policy/modules/system/hotplug.te @@ -1,5 +1,5 @@ -policy_module(hotplug,1.5.0) +policy_module(hotplug,1.5.1) ######################################## # @@ -127,10 +127,10 @@ ifdef(`distro_redhat', ` ifdef(`targeted_policy', ` term_dontaudit_use_unallocated_ttys(hotplug_t) term_dontaudit_use_generic_ptys(hotplug_t) +') - optional_policy(` - consoletype_exec(hotplug_t) - ') +optional_policy(` + consoletype_exec(hotplug_t) ') optional_policy(` diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if index af854cb..333cf8f 100644 --- a/policy/modules/system/init.if +++ b/policy/modules/system/init.if @@ -1088,7 +1088,7 @@ interface(`init_rw_script_tmp_files',` ') files_search_tmp($1) - allow $1 initrc_tmp_t:file rw_file_perms; + rw_files_pattern($1,initrc_tmp_t,initrc_tmp_t) ') ######################################## diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te index 2ac1eb3..c0c0b99 100644 --- a/policy/modules/system/init.te +++ b/policy/modules/system/init.te @@ -1,5 +1,5 @@ -policy_module(init,1.6.0) +policy_module(init,1.6.1) gen_require(` class passwd rootok;