rpms/selinux-policy/devel policy-20081111.patch,1.12,1.13
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Dec 10 14:48:32 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30968
Modified Files:
policy-20081111.patch
Log Message:
* Tue Dec 9 2008 Dan Walsh <dwalsh at redhat.com> 3.6.1-9
- Add cron_role back to user domains
policy-20081111.patch:
Index: policy-20081111.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20081111.patch,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- policy-20081111.patch 9 Dec 2008 21:04:28 -0000 1.12
+++ policy-20081111.patch 10 Dec 2008 14:48:31 -0000 1.13
@@ -2962,7 +2962,7 @@
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.6.1/policy/modules/apps/podsleuth.te
--- nsaserefpolicy/policy/modules/apps/podsleuth.te 2008-11-11 16:13:42.000000000 -0500
-+++ serefpolicy-3.6.1/policy/modules/apps/podsleuth.te 2008-12-09 14:43:32.000000000 -0500
++++ serefpolicy-3.6.1/policy/modules/apps/podsleuth.te 2008-12-10 08:55:47.000000000 -0500
@@ -11,21 +11,58 @@
application_domain(podsleuth_t, podsleuth_exec_t)
role system_r types podsleuth_t;
@@ -3002,9 +3002,9 @@
+fs_read_dos_files(podsleuth_t)
+fs_search_dos(podsleuth_t)
+
-+fs_mount_nfs_fs(podsleuth_t)
-+fs_unmount_nfs_fs(podsleuth_t)
-+fs_getattr_nfs_fs(podsleuth_t)
++fs_mount_nfs(podsleuth_t)
++fs_unmount_nfs(podsleuth_t)
++fs_getattr_nfs(podsleuth_t)
+fs_read_nfs_files(podsleuth_t)
+fs_search_nfs(podsleuth_t)
+
@@ -11931,7 +11931,7 @@
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.1/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.1/policy/modules/services/hal.te 2008-11-25 09:45:43.000000000 -0500
++++ serefpolicy-3.6.1/policy/modules/services/hal.te 2008-12-10 09:03:53.000000000 -0500
@@ -49,6 +49,9 @@
type hald_var_lib_t;
files_type(hald_var_lib_t)
@@ -11981,7 +11981,7 @@
allow hald_acl_t self:process { getattr signal };
allow hald_acl_t self:fifo_file rw_fifo_file_perms;
-@@ -346,6 +360,11 @@
+@@ -346,12 +360,17 @@
miscfiles_read_localization(hald_acl_t)
@@ -11993,6 +11993,13 @@
########################################
#
# Local hald mac policy
+ #
+
+-allow hald_mac_t self:capability { setgid setuid };
++allow hald_mac_t self:capability { setgid setuid sys_admin };
+
+ domtrans_pattern(hald_t, hald_mac_exec_t, hald_mac_t)
+ allow hald_t hald_mac_t:process signal;
@@ -418,3 +437,7 @@
files_read_usr_files(hald_keymap_t)
More information about the fedora-extras-commits
mailing list