rpms/selinux-policy/F-9 policy-20071130.patch,1.159,1.160
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Thu May 29 16:15:10 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4880
Modified Files:
policy-20071130.patch
Log Message:
* Thu May 29 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-58
- Allow policykit_resolve to getattr hal
- Allow pyzor_t manage files user_pyzor_home_t
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.159
retrieving revision 1.160
diff -u -r1.159 -r1.160
--- policy-20071130.patch 29 May 2008 15:03:00 -0000 1.159
+++ policy-20071130.patch 29 May 2008 16:14:18 -0000 1.160
@@ -19046,7 +19046,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.3.1/policy/modules/services/oddjob.if
--- nsaserefpolicy/policy/modules/services/oddjob.if 2008-02-26 08:23:10.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/services/oddjob.if 2008-05-28 09:06:14.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/oddjob.if 2008-05-29 12:10:13.582724000 -0400
@@ -44,6 +44,7 @@
')
@@ -19055,6 +19055,41 @@
')
########################################
+@@ -84,3 +85,34 @@
+
+ domtrans_pattern($1,oddjob_mkhomedir_exec_t,oddjob_mkhomedir_t)
+ ')
++
++########################################
++## <summary>
++## Execute the oddjob_mkhomedir program in the oddjob_mkhomedir domain.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <param name="role">
++## <summary>
++## The role to allow the oddjob_mkhomedir domain.
++## </summary>
++## </param>
++## <param name="terminal">
++## <summary>
++## The type of the terminal allow the oddjob_mkhomedir domain to use.
++## </summary>
++## </param>
++## <rolecap/>
++#
++interface(`oddjob_run_mkhomedir',`
++ gen_require(`
++ type oddjob_mkhomedir_t;
++ ')
++
++ oddjob_domtrans_mkhomedir($1)
++ role $2 types oddjob_mkhomedir_t;
++ dontaudit oddjob_mkhomedir_t $3:chr_file rw_term_perms;
++')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-3.3.1/policy/modules/services/oddjob.te
--- nsaserefpolicy/policy/modules/services/oddjob.te 2008-02-26 08:23:10.000000000 -0500
+++ serefpolicy-3.3.1/policy/modules/services/oddjob.te 2008-05-28 09:06:14.000000000 -0400
@@ -32939,7 +32974,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.3.1/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2008-02-26 08:23:09.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/system/unconfined.te 2008-05-29 10:25:46.295817000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/unconfined.te 2008-05-29 12:13:16.407844000 -0400
@@ -6,35 +6,71 @@
# Declarations
#
@@ -33112,15 +33147,14 @@
')
optional_policy(`
-@@ -134,82 +185,95 @@
+@@ -134,82 +185,91 @@
')
optional_policy(`
- mono_domtrans(unconfined_t)
-+ oddjob_domtrans_mkhomedir(unconfined_t)
- ')
-
- optional_policy(`
+-')
+-
+-optional_policy(`
- mta_per_role_template(unconfined, unconfined_t, unconfined_r)
+ prelink_run(unconfined_t, unconfined_r, { unconfined_devpts_t unconfined_tty_device_t })
')
@@ -33233,7 +33267,7 @@
')
########################################
-@@ -219,14 +283,36 @@
+@@ -219,14 +279,36 @@
allow unconfined_execmem_t self:process { execstack execmem };
unconfined_domain_noaudit(unconfined_execmem_t)
@@ -33290,7 +33324,7 @@
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.3.1/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-02-26 08:23:09.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/system/userdomain.if 2008-05-28 09:06:14.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/userdomain.if 2008-05-29 12:12:15.948655000 -0400
@@ -29,9 +29,14 @@
')
@@ -34153,7 +34187,7 @@
userdom_base_user_template($1)
userdom_manage_home_template($1)
-@@ -923,70 +923,69 @@
+@@ -923,70 +923,73 @@
allow $1_t self:context contains;
@@ -34218,46 +34252,49 @@
# for running TeX programs
- miscfiles_read_tetex_data($1_t)
- miscfiles_exec_tetex_data($1_t)
--
-- seutil_read_config($1_t)
+ miscfiles_read_tetex_data($1_usertype)
+ miscfiles_exec_tetex_data($1_usertype)
+- seutil_read_config($1_t)
+ seutil_read_config($1_usertype)
++ optional_policy(`
++ cups_read_config($1_usertype)
++ cups_stream_connect($1_usertype)
++ cups_stream_connect_ptal($1_usertype)
++ ')
+
optional_policy(`
- cups_read_config($1_t)
- cups_stream_connect($1_t)
- cups_stream_connect_ptal($1_t)
-+ cups_read_config($1_usertype)
-+ cups_stream_connect($1_usertype)
-+ cups_stream_connect_ptal($1_usertype)
++ kerberos_use($1_usertype)
++ kerberos_524_connect($1_usertype)
')
optional_policy(`
- kerberos_use($1_t)
-+ kerberos_use($1_usertype)
-+ kerberos_524_connect($1_usertype)
++ mta_dontaudit_read_spool_symlinks($1_usertype)
')
optional_policy(`
- mta_dontaudit_read_spool_symlinks($1_t)
-+ mta_dontaudit_read_spool_symlinks($1_usertype)
++ quota_dontaudit_getattr_db($1_usertype)
')
optional_policy(`
- quota_dontaudit_getattr_db($1_t)
-+ quota_dontaudit_getattr_db($1_usertype)
++ rpm_read_db($1_usertype)
++ rpm_dontaudit_manage_db($1_usertype)
')
optional_policy(`
- rpm_read_db($1_t)
- rpm_dontaudit_manage_db($1_t)
-+ rpm_read_db($1_usertype)
-+ rpm_dontaudit_manage_db($1_usertype)
++ oddjob_run_mkhomedir($1_t, $1_r, { $1_devpts_t $1_tty_device_t })
')
')
-@@ -1020,9 +1019,6 @@
+@@ -1020,9 +1023,6 @@
domain_interactive_fd($1_t)
typeattribute $1_devpts_t user_ptynode;
@@ -34267,7 +34304,7 @@
typeattribute $1_tty_device_t user_ttynode;
##############################
-@@ -1031,16 +1027,29 @@
+@@ -1031,16 +1031,29 @@
#
# privileged home directory writers
@@ -34304,7 +34341,7 @@
')
#######################################
-@@ -1068,6 +1077,13 @@
+@@ -1068,6 +1081,13 @@
userdom_restricted_user_template($1)
@@ -34318,7 +34355,7 @@
userdom_xwindows_client_template($1)
##############################
-@@ -1076,14 +1092,16 @@
+@@ -1076,14 +1096,16 @@
#
authlogin_per_role_template($1, $1_t, $1_r)
@@ -34340,7 +34377,7 @@
logging_dontaudit_send_audit_msgs($1_t)
# Need to to this just so screensaver will work. Should be moved to screensaver domain
-@@ -1091,32 +1109,29 @@
+@@ -1091,32 +1113,29 @@
selinux_get_enforce_mode($1_t)
optional_policy(`
@@ -34384,7 +34421,7 @@
')
')
-@@ -1127,10 +1142,10 @@
+@@ -1127,10 +1146,10 @@
## </summary>
## <desc>
## <p>
@@ -34399,7 +34436,7 @@
## This template creates a user domain, types, and
## rules for the user's tty, pty, home directories,
## tmp, and tmpfs files.
-@@ -1164,7 +1179,6 @@
+@@ -1164,7 +1183,6 @@
# Need the following rule to allow users to run vpnc
corenet_tcp_bind_xserver_port($1_t)
@@ -34407,7 +34444,7 @@
# cjp: why?
files_read_kernel_symbol_table($1_t)
-@@ -1182,32 +1196,45 @@
+@@ -1182,32 +1200,45 @@
')
')
@@ -34465,7 +34502,7 @@
')
')
-@@ -1284,8 +1311,6 @@
+@@ -1284,8 +1315,6 @@
# Manipulate other users crontab.
allow $1_t self:passwd crontab;
@@ -34474,7 +34511,7 @@
kernel_read_software_raid_state($1_t)
kernel_getattr_core_if($1_t)
kernel_getattr_message_if($1_t)
-@@ -1307,8 +1332,6 @@
+@@ -1307,8 +1336,6 @@
dev_getattr_generic_blk_files($1_t)
dev_getattr_generic_chr_files($1_t)
@@ -34483,7 +34520,7 @@
# Allow MAKEDEV to work
dev_create_all_blk_files($1_t)
dev_create_all_chr_files($1_t)
-@@ -1363,13 +1386,6 @@
+@@ -1363,13 +1390,6 @@
# But presently necessary for installing the file_contexts file.
seutil_manage_bin_policy($1_t)
@@ -34497,7 +34534,7 @@
optional_policy(`
userhelper_exec($1_t)
')
-@@ -1422,6 +1438,7 @@
+@@ -1422,6 +1442,7 @@
dev_relabel_all_dev_nodes($1)
files_create_boot_flag($1)
@@ -34505,7 +34542,7 @@
# Necessary for managing /boot/efi
fs_manage_dos_files($1)
-@@ -1787,10 +1804,14 @@
+@@ -1787,10 +1808,14 @@
template(`userdom_user_home_content',`
gen_require(`
attribute $1_file_type;
@@ -34521,7 +34558,7 @@
')
########################################
-@@ -1886,11 +1907,11 @@
+@@ -1886,11 +1911,11 @@
#
template(`userdom_search_user_home_dirs',`
gen_require(`
@@ -34535,7 +34572,7 @@
')
########################################
-@@ -1920,11 +1941,11 @@
+@@ -1920,11 +1945,11 @@
#
template(`userdom_list_user_home_dirs',`
gen_require(`
@@ -34549,7 +34586,7 @@
')
########################################
-@@ -1968,12 +1989,12 @@
+@@ -1968,12 +1993,12 @@
#
template(`userdom_user_home_domtrans',`
gen_require(`
@@ -34565,7 +34602,7 @@
')
########################################
-@@ -2003,10 +2024,11 @@
+@@ -2003,10 +2028,11 @@
#
template(`userdom_dontaudit_list_user_home_dirs',`
gen_require(`
@@ -34579,7 +34616,7 @@
')
########################################
-@@ -2038,11 +2060,48 @@
+@@ -2038,11 +2064,48 @@
#
template(`userdom_manage_user_home_content_dirs',`
gen_require(`
@@ -34630,7 +34667,7 @@
')
########################################
-@@ -2074,10 +2133,10 @@
+@@ -2074,10 +2137,10 @@
#
template(`userdom_dontaudit_setattr_user_home_content_files',`
gen_require(`
@@ -34643,7 +34680,7 @@
')
########################################
-@@ -2107,11 +2166,11 @@
+@@ -2107,11 +2170,11 @@
#
template(`userdom_read_user_home_content_files',`
gen_require(`
@@ -34657,7 +34694,7 @@
')
########################################
-@@ -2141,11 +2200,11 @@
+@@ -2141,11 +2204,11 @@
#
template(`userdom_dontaudit_read_user_home_content_files',`
gen_require(`
@@ -34672,7 +34709,7 @@
')
########################################
-@@ -2175,10 +2234,14 @@
+@@ -2175,10 +2238,14 @@
#
template(`userdom_dontaudit_write_user_home_content_files',`
gen_require(`
@@ -34689,7 +34726,7 @@
')
########################################
-@@ -2208,11 +2271,11 @@
+@@ -2208,11 +2275,11 @@
#
template(`userdom_read_user_home_content_symlinks',`
gen_require(`
@@ -34703,7 +34740,7 @@
')
########################################
-@@ -2242,11 +2305,11 @@
+@@ -2242,11 +2309,11 @@
#
template(`userdom_exec_user_home_content_files',`
gen_require(`
@@ -34717,7 +34754,7 @@
')
########################################
-@@ -2276,10 +2339,10 @@
+@@ -2276,10 +2343,10 @@
#
template(`userdom_dontaudit_exec_user_home_content_files',`
gen_require(`
@@ -34730,7 +34767,7 @@
')
########################################
-@@ -2311,12 +2374,12 @@
+@@ -2311,12 +2378,12 @@
#
template(`userdom_manage_user_home_content_files',`
gen_require(`
@@ -34746,7 +34783,7 @@
')
########################################
-@@ -2348,10 +2411,10 @@
+@@ -2348,10 +2415,10 @@
#
template(`userdom_dontaudit_manage_user_home_content_dirs',`
gen_require(`
@@ -34759,7 +34796,7 @@
')
########################################
-@@ -2383,12 +2446,12 @@
+@@ -2383,12 +2450,12 @@
#
template(`userdom_manage_user_home_content_symlinks',`
gen_require(`
@@ -34775,7 +34812,7 @@
')
########################################
-@@ -2420,12 +2483,12 @@
+@@ -2420,12 +2487,12 @@
#
template(`userdom_manage_user_home_content_pipes',`
gen_require(`
@@ -34791,7 +34828,7 @@
')
########################################
-@@ -2457,12 +2520,12 @@
+@@ -2457,12 +2524,12 @@
#
template(`userdom_manage_user_home_content_sockets',`
gen_require(`
@@ -34807,7 +34844,7 @@
')
########################################
-@@ -2507,11 +2570,11 @@
+@@ -2507,11 +2574,11 @@
#
template(`userdom_user_home_dir_filetrans',`
gen_require(`
@@ -34821,7 +34858,7 @@
')
########################################
-@@ -2556,11 +2619,11 @@
+@@ -2556,11 +2623,11 @@
#
template(`userdom_user_home_content_filetrans',`
gen_require(`
@@ -34835,7 +34872,7 @@
')
########################################
-@@ -2600,11 +2663,11 @@
+@@ -2600,11 +2667,11 @@
#
template(`userdom_user_home_dir_filetrans_user_home_content',`
gen_require(`
@@ -34849,7 +34886,7 @@
')
########################################
-@@ -2634,11 +2697,11 @@
+@@ -2634,11 +2701,11 @@
#
template(`userdom_write_user_tmp_sockets',`
gen_require(`
@@ -34863,7 +34900,7 @@
')
########################################
-@@ -2668,11 +2731,11 @@
+@@ -2668,11 +2735,11 @@
#
template(`userdom_list_user_tmp',`
gen_require(`
@@ -34877,7 +34914,7 @@
')
########################################
-@@ -2704,10 +2767,10 @@
+@@ -2704,10 +2771,10 @@
#
template(`userdom_dontaudit_list_user_tmp',`
gen_require(`
@@ -34890,7 +34927,7 @@
')
########################################
-@@ -2739,10 +2802,10 @@
+@@ -2739,10 +2806,10 @@
#
template(`userdom_dontaudit_manage_user_tmp_dirs',`
gen_require(`
@@ -34903,7 +34940,7 @@
')
########################################
-@@ -2772,12 +2835,12 @@
+@@ -2772,12 +2839,12 @@
#
template(`userdom_read_user_tmp_files',`
gen_require(`
@@ -34919,7 +34956,7 @@
')
########################################
-@@ -2809,10 +2872,10 @@
+@@ -2809,10 +2876,10 @@
#
template(`userdom_dontaudit_read_user_tmp_files',`
gen_require(`
@@ -34932,7 +34969,7 @@
')
########################################
-@@ -2844,10 +2907,48 @@
+@@ -2844,10 +2911,48 @@
#
template(`userdom_dontaudit_append_user_tmp_files',`
gen_require(`
@@ -34983,7 +35020,7 @@
')
########################################
-@@ -2877,12 +2978,12 @@
+@@ -2877,12 +2982,12 @@
#
template(`userdom_rw_user_tmp_files',`
gen_require(`
@@ -34999,7 +35036,7 @@
')
########################################
-@@ -2914,10 +3015,10 @@
+@@ -2914,10 +3019,10 @@
#
template(`userdom_dontaudit_manage_user_tmp_files',`
gen_require(`
@@ -35012,7 +35049,7 @@
')
########################################
-@@ -2949,12 +3050,12 @@
+@@ -2949,12 +3054,12 @@
#
template(`userdom_read_user_tmp_symlinks',`
gen_require(`
@@ -35028,7 +35065,7 @@
')
########################################
-@@ -2986,11 +3087,11 @@
+@@ -2986,11 +3091,11 @@
#
template(`userdom_manage_user_tmp_dirs',`
gen_require(`
@@ -35042,7 +35079,7 @@
')
########################################
-@@ -3022,11 +3123,11 @@
+@@ -3022,11 +3127,11 @@
#
template(`userdom_manage_user_tmp_files',`
gen_require(`
@@ -35056,7 +35093,7 @@
')
########################################
-@@ -3058,11 +3159,11 @@
+@@ -3058,11 +3163,11 @@
#
template(`userdom_manage_user_tmp_symlinks',`
gen_require(`
@@ -35070,7 +35107,7 @@
')
########################################
-@@ -3094,11 +3195,11 @@
+@@ -3094,11 +3199,11 @@
#
template(`userdom_manage_user_tmp_pipes',`
gen_require(`
@@ -35084,7 +35121,7 @@
')
########################################
-@@ -3130,11 +3231,11 @@
+@@ -3130,11 +3235,11 @@
#
template(`userdom_manage_user_tmp_sockets',`
gen_require(`
@@ -35098,7 +35135,7 @@
')
########################################
-@@ -3179,10 +3280,10 @@
+@@ -3179,10 +3284,10 @@
#
template(`userdom_user_tmp_filetrans',`
gen_require(`
@@ -35111,7 +35148,7 @@
files_search_tmp($2)
')
-@@ -3223,10 +3324,10 @@
+@@ -3223,10 +3328,10 @@
#
template(`userdom_tmp_filetrans_user_tmp',`
gen_require(`
@@ -35124,7 +35161,7 @@
')
########################################
-@@ -3254,24 +3355,24 @@
+@@ -3254,24 +3359,24 @@
## </summary>
## </param>
#
@@ -35153,7 +35190,7 @@
## </p>
## <p>
## This is a templated interface, and should only
-@@ -3290,18 +3391,90 @@
+@@ -3290,17 +3395,89 @@
## </summary>
## </param>
#
@@ -35174,7 +35211,6 @@
########################################
## <summary>
-## Do not audit attempts to list user
--## untrusted directories.
+## Unlink user tmpfs files.
+## </summary>
+## <desc>
@@ -35245,11 +35281,10 @@
+########################################
+## <summary>
+## Do not audit attempts to list user
-+## untrusted directories.
+ ## untrusted directories.
## </summary>
## <desc>
- ## <p>
-@@ -3962,6 +4135,24 @@
+@@ -3962,6 +4139,24 @@
########################################
## <summary>
@@ -35274,7 +35309,7 @@
## Manage unpriviledged user SysV shared
## memory segments.
## </summary>
-@@ -4231,11 +4422,11 @@
+@@ -4231,11 +4426,11 @@
#
interface(`userdom_search_staff_home_dirs',`
gen_require(`
@@ -35288,7 +35323,7 @@
')
########################################
-@@ -4251,10 +4442,10 @@
+@@ -4251,10 +4446,10 @@
#
interface(`userdom_dontaudit_search_staff_home_dirs',`
gen_require(`
@@ -35301,7 +35336,7 @@
')
########################################
-@@ -4270,11 +4461,11 @@
+@@ -4270,11 +4465,11 @@
#
interface(`userdom_manage_staff_home_dirs',`
gen_require(`
@@ -35315,7 +35350,7 @@
')
########################################
-@@ -4289,16 +4480,16 @@
+@@ -4289,16 +4484,16 @@
#
interface(`userdom_relabelto_staff_home_dirs',`
gen_require(`
@@ -35335,7 +35370,7 @@
## users home directory.
## </summary>
## <param name="domain">
-@@ -4307,12 +4498,35 @@
+@@ -4307,12 +4502,35 @@
## </summary>
## </param>
#
@@ -35350,14 +35385,14 @@
+
+ tunable_policy(`use_nfs_home_dirs',`
+ fs_dontaudit_append_nfs_files($1)
- ')
-
-- dontaudit $1 staff_home_t:file append;
++ ')
++
+ tunable_policy(`use_samba_home_dirs',`
+ fs_dontaudit_append_cifs_files($1)
-+ ')
+ ')
+')
-+
+
+- dontaudit $1 staff_home_t:file append;
+########################################
+## <summary>
+## Do not audit attempts to append to the staff
@@ -35374,7 +35409,7 @@
')
########################################
-@@ -4327,13 +4541,13 @@
+@@ -4327,13 +4545,13 @@
#
interface(`userdom_read_staff_home_content_files',`
gen_require(`
@@ -35392,7 +35427,7 @@
')
########################################
-@@ -4531,10 +4745,10 @@
+@@ -4531,10 +4749,10 @@
#
interface(`userdom_getattr_sysadm_home_dirs',`
gen_require(`
@@ -35405,7 +35440,7 @@
')
########################################
-@@ -4551,10 +4765,10 @@
+@@ -4551,10 +4769,10 @@
#
interface(`userdom_dontaudit_getattr_sysadm_home_dirs',`
gen_require(`
@@ -35418,7 +35453,7 @@
')
########################################
-@@ -4569,10 +4783,10 @@
+@@ -4569,10 +4787,10 @@
#
interface(`userdom_search_sysadm_home_dirs',`
gen_require(`
@@ -35431,7 +35466,7 @@
')
########################################
-@@ -4588,10 +4802,10 @@
+@@ -4588,10 +4806,10 @@
#
interface(`userdom_dontaudit_search_sysadm_home_dirs',`
gen_require(`
@@ -35444,7 +35479,7 @@
')
########################################
-@@ -4606,10 +4820,10 @@
+@@ -4606,10 +4824,10 @@
#
interface(`userdom_list_sysadm_home_dirs',`
gen_require(`
@@ -35457,7 +35492,7 @@
')
########################################
-@@ -4625,10 +4839,10 @@
+@@ -4625,10 +4843,10 @@
#
interface(`userdom_dontaudit_list_sysadm_home_dirs',`
gen_require(`
@@ -35470,7 +35505,7 @@
')
########################################
-@@ -4644,12 +4858,11 @@
+@@ -4644,12 +4862,11 @@
#
interface(`userdom_dontaudit_read_sysadm_home_content_files',`
gen_require(`
@@ -35486,7 +35521,7 @@
')
########################################
-@@ -4676,10 +4889,10 @@
+@@ -4676,10 +4893,10 @@
#
interface(`userdom_sysadm_home_dir_filetrans',`
gen_require(`
@@ -35499,7 +35534,7 @@
')
########################################
-@@ -4694,10 +4907,10 @@
+@@ -4694,10 +4911,10 @@
#
interface(`userdom_search_sysadm_home_content_dirs',`
gen_require(`
@@ -35512,7 +35547,7 @@
')
########################################
-@@ -4712,13 +4925,13 @@
+@@ -4712,13 +4929,13 @@
#
interface(`userdom_read_sysadm_home_content_files',`
gen_require(`
@@ -35530,7 +35565,7 @@
')
########################################
-@@ -4754,11 +4967,49 @@
+@@ -4754,11 +4971,49 @@
#
interface(`userdom_search_all_users_home_dirs',`
gen_require(`
@@ -35581,7 +35616,7 @@
')
########################################
-@@ -4778,6 +5029,14 @@
+@@ -4778,6 +5033,14 @@
files_list_home($1)
allow $1 home_dir_type:dir list_dir_perms;
@@ -35596,7 +35631,7 @@
')
########################################
-@@ -4839,6 +5098,26 @@
+@@ -4839,6 +5102,26 @@
########################################
## <summary>
@@ -35623,7 +35658,7 @@
## Create, read, write, and delete all directories
## in all users home directories.
## </summary>
-@@ -4859,6 +5138,25 @@
+@@ -4859,6 +5142,25 @@
########################################
## <summary>
@@ -35649,7 +35684,7 @@
## Create, read, write, and delete all files
## in all users home directories.
## </summary>
-@@ -4879,6 +5177,26 @@
+@@ -4879,6 +5181,26 @@
########################################
## <summary>
@@ -35676,7 +35711,7 @@
## Create, read, write, and delete all symlinks
## in all users home directories.
## </summary>
-@@ -5115,7 +5433,7 @@
+@@ -5115,7 +5437,7 @@
#
interface(`userdom_relabelto_generic_user_home_dirs',`
gen_require(`
@@ -35685,7 +35720,7 @@
')
files_search_home($1)
-@@ -5304,6 +5622,63 @@
+@@ -5304,6 +5626,63 @@
########################################
## <summary>
@@ -35749,7 +35784,7 @@
## Create, read, write, and delete directories in
## unprivileged users home directories.
## </summary>
-@@ -5509,7 +5884,7 @@
+@@ -5509,7 +5888,7 @@
########################################
## <summary>
@@ -35758,7 +35793,7 @@
## </summary>
## <param name="domain">
## <summary>
-@@ -5517,18 +5892,54 @@
+@@ -5517,18 +5896,17 @@
## </summary>
## </param>
#
@@ -35778,13 +35813,14 @@
-## Do not audit attempts to use unprivileged
-## user ttys.
+## Write all unprivileged users lnk_files in /tmp
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain allowed access.
-+## </summary>
-+## </param>
-+#
+ ## </summary>
+ ## <param name="domain">
+ ## <summary>
+@@ -5536,7 +5914,44 @@
+ ## </summary>
+ ## </param>
+ #
+-interface(`userdom_dontaudit_use_unpriv_users_ttys',`
+interface(`userdom_manage_unpriv_users_tmp_symlinks',`
+ gen_require(`
+ type user_tmp_t;
@@ -35815,10 +35851,18 @@
+## <summary>
+## Do not audit attempts to use unprivileged
+## user ttys.
- ## </summary>
- ## <param name="domain">
- ## <summary>
-@@ -5559,7 +5970,7 @@
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`userdom_dontaudit_use_unpriv_users_ttys',`
+ gen_require(`
+ attribute user_ttynode;
+ ')
+@@ -5559,7 +5974,7 @@
attribute userdomain;
')
@@ -35827,7 +35871,7 @@
kernel_search_proc($1)
')
-@@ -5674,6 +6085,42 @@
+@@ -5674,6 +6089,42 @@
########################################
## <summary>
@@ -35870,7 +35914,7 @@
## Send a dbus message to all user domains.
## </summary>
## <param name="domain">
-@@ -5704,3 +6151,408 @@
+@@ -5704,3 +6155,408 @@
interface(`userdom_unconfined',`
refpolicywarn(`$0($*) has been deprecated.')
')
More information about the fedora-extras-commits
mailing list