diff --git a/policy/modules/apps/mozilla.if b/policy/modules/apps/mozilla.if index 5056fb1..207db69 100644 --- a/policy/modules/apps/mozilla.if +++ b/policy/modules/apps/mozilla.if @@ -150,6 +150,7 @@ template(`mozilla_per_role_template',` corenet_dontaudit_tcp_bind_generic_port($1_mozilla_t) dev_read_urand($1_mozilla_t) + dev_read_rand($1_mozilla_t) dev_write_sound($1_mozilla_t) dev_read_sound($1_mozilla_t) dev_dontaudit_rw_dri($1_mozilla_t) diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te index 069ded0..305c1cc 100644 --- a/policy/modules/apps/mozilla.te +++ b/policy/modules/apps/mozilla.te @@ -1,5 +1,5 @@ -policy_module(mozilla,1.2.0) +policy_module(mozilla,1.2.1) ######################################## # diff --git a/policy/modules/services/oddjob.te b/policy/modules/services/oddjob.te index 63563b1..44b655b 100644 --- a/policy/modules/services/oddjob.te +++ b/policy/modules/services/oddjob.te @@ -1,5 +1,5 @@ -policy_module(oddjob,1.2.0) +policy_module(oddjob,1.2.1) ######################################## # @@ -27,7 +27,7 @@ files_pid_file(oddjob_var_run_t) # oddjob local policy # -allow oddjob_t self:capability { audit_write setgid } ; +allow oddjob_t self:capability setgid; allow oddjob_t self:process { setexec signal }; allow oddjob_t self:fifo_file { read write }; allow oddjob_t self:unix_stream_socket create_stream_socket_perms; diff --git a/policy/modules/services/openvpn.fc b/policy/modules/services/openvpn.fc index 046d5d7..bbcd6c6 100644 --- a/policy/modules/services/openvpn.fc +++ b/policy/modules/services/openvpn.fc @@ -11,5 +11,5 @@ # # /var # -/var/log/openvpn.* -- gen_context(system_u:object_r:openvpn_var_log_t,s0) -/var/run/openvpn.* -- gen_context(system_u:object_r:openvpn_var_run_t,s0) +/var/log/openvpn(/.*)? gen_context(system_u:object_r:openvpn_var_log_t,s0) +/var/run/openvpn(/.*)? gen_context(system_u:object_r:openvpn_var_run_t,s0) diff --git a/policy/modules/services/openvpn.te b/policy/modules/services/openvpn.te index 47abf8f..28b6f76 100644 --- a/policy/modules/services/openvpn.te +++ b/policy/modules/services/openvpn.te @@ -1,5 +1,5 @@ -policy_module(openvpn,1.2.0) +policy_module(openvpn,1.2.1) ######################################## # diff --git a/policy/modules/services/ppp.te b/policy/modules/services/ppp.te index b8c25d8..005af7b 100644 --- a/policy/modules/services/ppp.te +++ b/policy/modules/services/ppp.te @@ -1,5 +1,5 @@ -policy_module(ppp,1.4.0) +policy_module(ppp,1.4.1) ######################################## # @@ -155,7 +155,6 @@ domain_use_interactive_fds(pppd_t) files_exec_etc_files(pppd_t) files_manage_etc_runtime_files(pppd_t) -files_etc_filetrans_etc_runtime(pppd_t, { dir file }) files_dontaudit_write_etc_files(pppd_t) # for scripts @@ -171,9 +170,9 @@ logging_send_syslog_msg(pppd_t) miscfiles_read_localization(pppd_t) -sysnet_read_config(pppd_t) sysnet_exec_ifconfig(pppd_t) sysnet_manage_config(pppd_t) +sysnet_etc_filetrans_config(pppd_t) userdom_dontaudit_use_unpriv_user_fds(pppd_t) userdom_dontaudit_search_sysadm_home_dirs(pppd_t) diff --git a/policy/modules/services/setroubleshoot.te b/policy/modules/services/setroubleshoot.te index 5efbe41..99090db 100644 --- a/policy/modules/services/setroubleshoot.te +++ b/policy/modules/services/setroubleshoot.te @@ -1,5 +1,5 @@ -policy_module(setroubleshoot,1.3.0) +policy_module(setroubleshoot,1.3.1) ######################################## # @@ -28,7 +28,7 @@ files_pid_file(setroubleshoot_var_run_t) # allow setroubleshootd_t self:capability { dac_override sys_tty_config }; -allow setroubleshootd_t self:process { signal getattr getsched }; +allow setroubleshootd_t self:process { signull signal getattr getsched }; allow setroubleshootd_t self:fifo_file rw_fifo_file_perms; allow setroubleshootd_t self:tcp_socket create_stream_socket_perms; allow setroubleshootd_t self:unix_stream_socket { create_stream_socket_perms connectto }; diff --git a/policy/modules/services/tftp.te b/policy/modules/services/tftp.te index afcd774..7e57399 100644 --- a/policy/modules/services/tftp.te +++ b/policy/modules/services/tftp.te @@ -1,5 +1,5 @@ -policy_module(tftp,1.4.0) +policy_module(tftp,1.4.1) ######################################## # @@ -69,6 +69,7 @@ libs_use_shared_libs(tftpd_t) logging_send_syslog_msg(tftpd_t) miscfiles_read_localization(tftpd_t) +miscfiles_read_public_files(tftpd_t) sysnet_read_config(tftpd_t) sysnet_use_ldap(tftpd_t)