diff --git a/policy-20070703.patch b/policy-20070703.patch index 18957a6..7a0d243 100644 --- a/policy-20070703.patch +++ b/policy-20070703.patch @@ -4769,7 +4769,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups +/usr/local/Brother/inf(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.0.8/policy/modules/services/cups.te --- nsaserefpolicy/policy/modules/services/cups.te 2007-09-12 10:34:50.000000000 -0400 -+++ serefpolicy-3.0.8/policy/modules/services/cups.te 2007-09-17 16:20:18.000000000 -0400 ++++ serefpolicy-3.0.8/policy/modules/services/cups.te 2007-09-18 10:43:40.000000000 -0400 @@ -81,12 +81,11 @@ # /usr/lib/cups/backend/serial needs sys_admin(?!) allow cupsd_t self:capability { sys_admin dac_override dac_read_search kill setgid setuid fsetid net_bind_service fowner chown dac_override sys_resource sys_tty_config }; @@ -4847,7 +4847,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups files_list_world_readable(cupsd_t) files_read_world_readable_files(cupsd_t) files_read_world_readable_symlinks(cupsd_t) -@@ -221,17 +228,37 @@ +@@ -202,6 +209,7 @@ + files_dontaudit_getattr_all_tmp_files(cupsd_t) + + selinux_compute_access_vector(cupsd_t) ++selinux_validate_context(cupsd_t) + + init_exec_script_files(cupsd_t) + +@@ -221,17 +229,37 @@ sysnet_read_config(cupsd_t) @@ -4885,7 +4893,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups apm_domtrans_client(cupsd_t) ') -@@ -263,16 +290,16 @@ +@@ -263,16 +291,16 @@ ') optional_policy(` @@ -4906,7 +4914,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups seutil_sigchld_newrole(cupsd_t) ') -@@ -377,6 +404,14 @@ +@@ -377,6 +405,14 @@ ') optional_policy(` @@ -4921,7 +4929,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups cron_system_entry(cupsd_config_t, cupsd_config_exec_t) ') -@@ -560,7 +595,7 @@ +@@ -560,7 +596,7 @@ dev_read_urand(hplip_t) dev_read_rand(hplip_t) dev_rw_generic_usb_dev(hplip_t) @@ -4930,7 +4938,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups fs_getattr_all_fs(hplip_t) fs_search_auto_mountpoints(hplip_t) -@@ -587,8 +622,6 @@ +@@ -587,8 +623,6 @@ userdom_dontaudit_search_sysadm_home_dirs(hplip_t) userdom_dontaudit_search_all_users_home_content(hplip_t)