diff --git a/policy-20080509.patch b/policy-20080509.patch index 1eb06dc..d34651d 100644 --- a/policy-20080509.patch +++ b/policy-20080509.patch @@ -11797,7 +11797,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/blue + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.4.2/policy/modules/services/bluetooth.te --- nsaserefpolicy/policy/modules/services/bluetooth.te 2008-06-12 23:25:05.000000000 -0400 -+++ serefpolicy-3.4.2/policy/modules/services/bluetooth.te 2008-07-02 08:47:04.000000000 -0400 ++++ serefpolicy-3.4.2/policy/modules/services/bluetooth.te 2008-07-09 15:25:46.000000000 -0400 @@ -32,19 +32,22 @@ type bluetooth_var_run_t; files_pid_file(bluetooth_var_run_t) @@ -11840,12 +11840,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/blue libs_use_ld_so(bluetooth_t) libs_use_shared_libs(bluetooth_t) -@@ -118,20 +124,18 @@ +@@ -117,21 +123,20 @@ + miscfiles_read_localization(bluetooth_t) miscfiles_read_fonts(bluetooth_t) - --sysnet_read_config(bluetooth_t) - +-sysnet_read_config(bluetooth_t) ++miscfiles_read_hwdata(bluetooth_t) + userdom_dontaudit_use_unpriv_user_fds(bluetooth_t) - sysadm_dontaudit_use_ptys(bluetooth_t) diff --git a/selinux-policy.spec b/selinux-policy.spec index 6648fc8..a9f2b96 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -278,7 +278,7 @@ SELinux Reference policy targeted base module. %post targeted if [ $1 -eq 1 ]; then %loadpolicy targeted -bnsemanage user -a -S targeted -P user -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u +semanage user -a -S targeted -P user -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u semanage login -m -S targeted -s "unconfined_u" -r s0-s0:c0.c1023 __default__ semanage login -m -S targeted -s "unconfined_u" -r s0-s0:c0.c1023 root semanage user -a -S targeted -P user -R guest_r guest_u @@ -296,11 +296,11 @@ exit 0 . /etc/selinux/config [ "${SELINUXTYPE}" != "targeted" ] && exit 0 setsebool -P use_nfs_home_dirs=1 -semanage user -l | grep -s unconfined_u +semanage user -l | grep -s unconfined_u > /dev/null if [ $? -eq 0 ]; then - semanage user -m -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u 2> /dev/null + semanage user -m -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u else - semanage user -a -P user -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u 2> /dev/null + semanage user -a -P user -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u fi seuser=`semanage login -l | grep __default__ | awk '{ print $2 }'` [ "$seuser" != "unconfined_u" ] && semanage login -m -s "unconfined_u" -r s0-s0:c0.c1023 __default__