rpms/selinux-policy/devel policy-20080710.patch,1.34,1.35
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Sep 17 12:17:31 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7790
Modified Files:
policy-20080710.patch
Log Message:
* Thu Sep 11 2008 Dan Walsh <dwalsh at redhat.com> 3.5.8-1
- Merge upstream changes
- Add Xavier Toth patches
policy-20080710.patch:
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080710.patch,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- policy-20080710.patch 16 Sep 2008 17:38:25 -0000 1.34
+++ policy-20080710.patch 17 Sep 2008 12:17:30 -0000 1.35
@@ -3571,7 +3571,7 @@
+/usr/lib64/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.5.8/policy/modules/apps/mozilla.if
--- nsaserefpolicy/policy/modules/apps/mozilla.if 2008-08-07 11:15:02.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/apps/mozilla.if 2008-09-12 10:59:28.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/apps/mozilla.if 2008-09-17 07:36:14.000000000 -0400
@@ -35,7 +35,10 @@
template(`mozilla_per_role_template',`
gen_require(`
@@ -3583,7 +3583,7 @@
########################################
#
-@@ -45,20 +48,24 @@
+@@ -45,36 +48,44 @@
application_domain($1_mozilla_t, mozilla_exec_t)
role $3 types $1_mozilla_t;
@@ -3609,15 +3609,16 @@
allow $1_mozilla_t self:capability { sys_nice setgid setuid };
- allow $1_mozilla_t self:process { sigkill signal setsched getsched setrlimit };
-+ allow $1_mozilla_t self:process { ptrace sigkill signal setsched getsched setrlimit };
++ allow $1_mozilla_t self:process { ptrace sigkill signal signull setsched getsched setrlimit };
allow $1_mozilla_t self:fifo_file rw_fifo_file_perms;
allow $1_mozilla_t self:shm { unix_read unix_write read write destroy create };
allow $1_mozilla_t self:sem create_sem_perms;
-@@ -66,15 +73,19 @@
+ allow $1_mozilla_t self:socket create_socket_perms;
allow $1_mozilla_t self:unix_stream_socket { listen accept };
# Browse the web, connect to printer
- allow $1_mozilla_t self:tcp_socket create_socket_perms;
+- allow $1_mozilla_t self:tcp_socket create_socket_perms;
- allow $1_mozilla_t self:netlink_route_socket r_netlink_socket_perms;
++ allow $1_mozilla_t self:tcp_socket create_stream_socket_perms;
# for bash - old mozilla binary
can_exec($1_mozilla_t, mozilla_exec_t)
@@ -3720,15 +3721,18 @@
# Browse the web, connect to printer
corenet_all_recvfrom_unlabeled($1_mozilla_t)
-@@ -139,7 +178,6 @@
+@@ -137,9 +176,9 @@
+ corenet_tcp_sendrecv_ipp_port($1_mozilla_t)
+ corenet_tcp_connect_http_port($1_mozilla_t)
corenet_tcp_connect_http_cache_port($1_mozilla_t)
++ corenet_tcp_connect_flash_port($1_mozilla_t)
corenet_tcp_connect_ftp_port($1_mozilla_t)
corenet_tcp_connect_ipp_port($1_mozilla_t)
- corenet_tcp_connect_generic_port($1_mozilla_t)
corenet_sendrecv_http_client_packets($1_mozilla_t)
corenet_sendrecv_http_cache_client_packets($1_mozilla_t)
corenet_sendrecv_ftp_client_packets($1_mozilla_t)
-@@ -165,13 +203,28 @@
+@@ -165,13 +204,28 @@
files_read_var_files($1_mozilla_t)
files_read_var_symlinks($1_mozilla_t)
files_dontaudit_getattr_boot_dirs($1_mozilla_t)
@@ -3757,7 +3761,7 @@
libs_use_ld_so($1_mozilla_t)
libs_use_shared_libs($1_mozilla_t)
-@@ -180,16 +233,8 @@
+@@ -180,17 +234,10 @@
miscfiles_read_fonts($1_mozilla_t)
miscfiles_read_localization($1_mozilla_t)
@@ -3774,9 +3778,11 @@
+ userdom_dontaudit_read_user_tmp_files($1, $1_mozilla_t)
+ userdom_dontaudit_use_user_terminals($1, $1_mozilla_t)
++ xserver_read_xdm_pid($1_mozilla_t)
xserver_user_x_domain_template($1, $1_mozilla, $1_mozilla_t, $1_mozilla_tmpfs_t)
xserver_dontaudit_read_xdm_tmp_files($1_mozilla_t)
-@@ -211,131 +256,8 @@
+ xserver_dontaudit_getattr_xdm_tmp_sockets($1_mozilla_t)
+@@ -211,131 +258,8 @@
fs_manage_cifs_symlinks($1_mozilla_t)
')
@@ -3910,7 +3916,7 @@
')
optional_policy(`
-@@ -350,57 +272,48 @@
+@@ -350,57 +274,48 @@
optional_policy(`
cups_read_rw_config($1_mozilla_t)
cups_dbus_chat($1_mozilla_t)
@@ -3984,7 +3990,7 @@
')
########################################
-@@ -430,11 +343,11 @@
+@@ -430,11 +345,11 @@
#
template(`mozilla_read_user_home_files',`
gen_require(`
@@ -3999,7 +4005,7 @@
')
########################################
-@@ -464,11 +377,10 @@
+@@ -464,11 +379,10 @@
#
template(`mozilla_write_user_home_files',`
gen_require(`
@@ -4013,7 +4019,7 @@
')
########################################
-@@ -573,3 +485,27 @@
+@@ -573,3 +487,27 @@
allow $2 $1_mozilla_t:tcp_socket rw_socket_perms;
')
@@ -4074,8 +4080,17 @@
+typealias mozilla_tmp_t alias user_mozilla_tmp_t;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.fc serefpolicy-3.5.8/policy/modules/apps/mplayer.fc
--- nsaserefpolicy/policy/modules/apps/mplayer.fc 2008-08-07 11:15:03.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/apps/mplayer.fc 2008-09-12 10:59:28.000000000 -0400
-@@ -10,4 +10,4 @@
++++ serefpolicy-3.5.8/policy/modules/apps/mplayer.fc 2008-09-17 07:30:05.000000000 -0400
+@@ -1,13 +1,8 @@
+ #
+-# /etc
+-#
+-/etc/mplayer(/.*)? gen_context(system_u:object_r:mplayer_etc_t,s0)
+-
+-#
+ # /usr
+ #
+ /usr/bin/mplayer -- gen_context(system_u:object_r:mplayer_exec_t,s0)
/usr/bin/mencoder -- gen_context(system_u:object_r:mencoder_exec_t,s0)
/usr/bin/xine -- gen_context(system_u:object_r:mplayer_exec_t,s0)
@@ -4786,8 +4801,8 @@
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.if serefpolicy-3.5.8/policy/modules/apps/openoffice.if
--- nsaserefpolicy/policy/modules/apps/openoffice.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.8/policy/modules/apps/openoffice.if 2008-09-12 10:59:28.000000000 -0400
-@@ -0,0 +1,102 @@
++++ serefpolicy-3.5.8/policy/modules/apps/openoffice.if 2008-09-17 07:25:52.000000000 -0400
+@@ -0,0 +1,103 @@
+## <summary>Openoffice</summary>
+
+#######################################
@@ -4834,6 +4849,7 @@
+ #
+
+ domtrans_pattern($2, openoffice_exec_t, $1_openoffice_t)
++ allow $2 $1_openoffice_t:process { signal sigkill };
+')
+
+#######################################
@@ -8413,8 +8429,8 @@
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.te serefpolicy-3.5.8/policy/modules/roles/guest.te
--- nsaserefpolicy/policy/modules/roles/guest.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.8/policy/modules/roles/guest.te 2008-09-12 10:59:28.000000000 -0400
-@@ -0,0 +1,44 @@
++++ serefpolicy-3.5.8/policy/modules/roles/guest.te 2008-09-17 07:32:27.000000000 -0400
+@@ -0,0 +1,46 @@
+
+policy_module(guest, 1.0.0)
+
@@ -8458,6 +8474,8 @@
+ ')
+
+ domtrans_pattern(xguest_mozilla_t, openoffice_exec_t, xguest_openoffice_t)
++ allow xguest_mozilla_t xguest_openoffice_t:process { signal sigkill };
++ allow xguest_openoffice_t xguest_mozilla_t:unix_sream_socket connectto;
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/logadm.fc serefpolicy-3.5.8/policy/modules/roles/logadm.fc
--- nsaserefpolicy/policy/modules/roles/logadm.fc 1969-12-31 19:00:00.000000000 -0500
@@ -9966,7 +9984,7 @@
read_files_pattern(amavis_t, amavis_etc_t, amavis_etc_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.5.8/policy/modules/services/apache.fc
--- nsaserefpolicy/policy/modules/services/apache.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/services/apache.fc 2008-09-12 10:59:28.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/services/apache.fc 2008-09-16 15:29:22.000000000 -0400
@@ -1,10 +1,10 @@
-HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_ROLE_content_t,s0)
+HOME_DIR/((www)|(web)|(public_html)|(public_git))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
@@ -13058,7 +13076,7 @@
+/var/lib/misc(/.*)? gen_context(system_u:object_r:system_crond_var_lib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.5.8/policy/modules/services/cron.if
--- nsaserefpolicy/policy/modules/services/cron.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/services/cron.if 2008-09-12 16:29:28.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/services/cron.if 2008-09-16 14:09:27.000000000 -0400
@@ -35,39 +35,24 @@
#
template(`cron_per_role_template',`
@@ -13362,7 +13380,7 @@
')
########################################
-@@ -584,3 +500,44 @@
+@@ -584,3 +500,45 @@
dontaudit $1 system_crond_tmp_t:file append;
')
@@ -13382,6 +13400,7 @@
+interface(`cron_dontaudit_write_system_job_tmp_files',`
+ gen_require(`
+ type system_crond_tmp_t;
++ type cron_var_run_t;
+ type system_crond_var_run_t;
+ ')
+
@@ -20379,8 +20398,8 @@
+/var/lib/PolicyKit-public(/.*)? gen_context(system_u:object_r:polkit_var_lib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.if serefpolicy-3.5.8/policy/modules/services/polkit.if
--- nsaserefpolicy/policy/modules/services/polkit.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.8/policy/modules/services/polkit.if 2008-09-12 10:59:28.000000000 -0400
-@@ -0,0 +1,212 @@
++++ serefpolicy-3.5.8/policy/modules/services/polkit.if 2008-09-16 15:04:25.000000000 -0400
+@@ -0,0 +1,213 @@
+
+## <summary>policy for polkit_auth</summary>
+
@@ -20484,6 +20503,7 @@
+ allow polkit_resolve_t $1:dir list_dir_perms;
+ read_files_pattern(polkit_resolve_t, $1, $1)
+ read_lnk_files_pattern(polkit_resolve_t, $1, $1)
++ allow polkit_resolve_t $1:process getattr;
+')
+
+########################################
@@ -27459,7 +27479,7 @@
/var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.5.8/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/services/xserver.if 2008-09-12 10:59:29.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/services/xserver.if 2008-09-17 07:35:23.000000000 -0400
@@ -16,6 +16,7 @@
gen_require(`
type xkb_var_lib_t, xserver_exec_t, xserver_log_t;
@@ -33260,7 +33280,7 @@
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.5.8/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-08-07 11:15:12.000000000 -0400
-+++ serefpolicy-3.5.8/policy/modules/system/userdomain.if 2008-09-16 09:56:01.000000000 -0400
++++ serefpolicy-3.5.8/policy/modules/system/userdomain.if 2008-09-17 07:27:44.000000000 -0400
@@ -28,10 +28,14 @@
class context contains;
')
@@ -34287,7 +34307,7 @@
typeattribute $1_tty_device_t user_ttynode;
##############################
-@@ -1042,12 +1029,24 @@
+@@ -1042,12 +1029,25 @@
#
# privileged home directory writers
@@ -34313,12 +34333,13 @@
+ ')
+ optional_policy(`
+ cups_dbus_chat($1_usertype)
++ cups_dbus_chat_config($1_usertype)
+ ')
+ ')
optional_policy(`
loadkeys_run($1_t,$1_r,$1_tty_device_t)
-@@ -1087,14 +1086,16 @@
+@@ -1087,14 +1087,16 @@
#
authlogin_per_role_template($1, $1_t, $1_r)
@@ -34340,7 +34361,7 @@
logging_dontaudit_send_audit_msgs($1_t)
# Need to to this just so screensaver will work. Should be moved to screensaver domain
-@@ -1102,28 +1103,23 @@
+@@ -1102,28 +1104,23 @@
selinux_get_enforce_mode($1_t)
optional_policy(`
@@ -34374,7 +34395,7 @@
')
')
-@@ -1134,8 +1130,7 @@
+@@ -1134,8 +1131,7 @@
## </summary>
## <desc>
## <p>
@@ -34384,7 +34405,7 @@
## </p>
## <p>
## This template creates a user domain, types, and
-@@ -1167,11 +1162,10 @@
+@@ -1167,11 +1163,10 @@
#
# port access is audited even if dac would not have allowed it, so dontaudit it here
@@ -34397,7 +34418,7 @@
# cjp: why?
files_read_kernel_symbol_table($1_t)
-@@ -1189,36 +1183,49 @@
+@@ -1189,36 +1184,49 @@
')
')
@@ -34460,7 +34481,7 @@
')
')
-@@ -1295,8 +1302,6 @@
+@@ -1295,8 +1303,6 @@
# Manipulate other users crontab.
allow $1_t self:passwd crontab;
@@ -34469,7 +34490,7 @@
kernel_read_software_raid_state($1_t)
kernel_getattr_core_if($1_t)
kernel_getattr_message_if($1_t)
-@@ -1318,8 +1323,6 @@
+@@ -1318,8 +1324,6 @@
dev_getattr_generic_blk_files($1_t)
dev_getattr_generic_chr_files($1_t)
@@ -34478,7 +34499,7 @@
# Allow MAKEDEV to work
dev_create_all_blk_files($1_t)
dev_create_all_chr_files($1_t)
-@@ -1374,13 +1377,6 @@
+@@ -1374,13 +1378,6 @@
# But presently necessary for installing the file_contexts file.
seutil_manage_bin_policy($1_t)
@@ -34492,7 +34513,7 @@
optional_policy(`
postgresql_unconfined($1_t)
')
-@@ -1432,6 +1428,7 @@
+@@ -1432,6 +1429,7 @@
dev_relabel_all_dev_nodes($1)
files_create_boot_flag($1)
@@ -34500,7 +34521,7 @@
# Necessary for managing /boot/efi
fs_manage_dos_files($1)
-@@ -1461,10 +1458,6 @@
+@@ -1461,10 +1459,6 @@
seutil_run_semanage($1,$2,$3)
seutil_run_setfiles($1, $2, $3)
@@ -34511,7 +34532,7 @@
optional_policy(`
aide_run($1,$2, $3)
')
-@@ -1484,6 +1477,14 @@
+@@ -1484,6 +1478,14 @@
optional_policy(`
netlabel_run_mgmt($1,$2, $3)
')
@@ -34526,7 +34547,7 @@
')
########################################
-@@ -1741,11 +1742,15 @@
+@@ -1741,11 +1743,15 @@
#
template(`userdom_user_home_content',`
gen_require(`
@@ -34545,7 +34566,7 @@
')
########################################
-@@ -1841,11 +1846,11 @@
+@@ -1841,11 +1847,11 @@
#
template(`userdom_search_user_home_dirs',`
gen_require(`
@@ -34559,7 +34580,7 @@
')
########################################
-@@ -1875,11 +1880,11 @@
+@@ -1875,11 +1881,11 @@
#
template(`userdom_list_user_home_dirs',`
gen_require(`
@@ -34573,7 +34594,7 @@
')
########################################
-@@ -1923,12 +1928,12 @@
+@@ -1923,12 +1929,12 @@
#
template(`userdom_user_home_domtrans',`
gen_require(`
@@ -34589,7 +34610,7 @@
')
########################################
-@@ -1958,10 +1963,11 @@
+@@ -1958,10 +1964,11 @@
#
template(`userdom_dontaudit_list_user_home_dirs',`
gen_require(`
@@ -34603,7 +34624,7 @@
')
########################################
-@@ -1993,11 +1999,47 @@
+@@ -1993,11 +2000,47 @@
#
template(`userdom_manage_user_home_content_dirs',`
gen_require(`
@@ -34653,7 +34674,7 @@
')
########################################
-@@ -2029,10 +2071,10 @@
+@@ -2029,10 +2072,10 @@
#
template(`userdom_dontaudit_setattr_user_home_content_files',`
gen_require(`
@@ -34666,7 +34687,7 @@
')
########################################
-@@ -2062,11 +2104,11 @@
+@@ -2062,11 +2105,11 @@
#
template(`userdom_read_user_home_content_files',`
gen_require(`
@@ -34680,7 +34701,7 @@
')
########################################
-@@ -2096,11 +2138,11 @@
+@@ -2096,11 +2139,11 @@
#
template(`userdom_dontaudit_read_user_home_content_files',`
gen_require(`
@@ -34695,7 +34716,7 @@
')
########################################
-@@ -2130,10 +2172,14 @@
+@@ -2130,10 +2173,14 @@
#
template(`userdom_dontaudit_write_user_home_content_files',`
gen_require(`
@@ -34712,7 +34733,7 @@
')
########################################
-@@ -2163,11 +2209,11 @@
+@@ -2163,11 +2210,11 @@
#
template(`userdom_read_user_home_content_symlinks',`
gen_require(`
@@ -34726,7 +34747,7 @@
')
########################################
-@@ -2197,11 +2243,11 @@
+@@ -2197,11 +2244,11 @@
#
template(`userdom_exec_user_home_content_files',`
gen_require(`
@@ -34740,7 +34761,7 @@
')
########################################
-@@ -2231,10 +2277,10 @@
+@@ -2231,10 +2278,10 @@
#
template(`userdom_dontaudit_exec_user_home_content_files',`
gen_require(`
@@ -34753,7 +34774,7 @@
')
########################################
-@@ -2266,12 +2312,12 @@
+@@ -2266,12 +2313,12 @@
#
template(`userdom_manage_user_home_content_files',`
gen_require(`
@@ -34769,7 +34790,7 @@
')
########################################
-@@ -2303,10 +2349,10 @@
+@@ -2303,10 +2350,10 @@
#
template(`userdom_dontaudit_manage_user_home_content_dirs',`
gen_require(`
@@ -34782,7 +34803,7 @@
')
########################################
-@@ -2338,12 +2384,12 @@
+@@ -2338,12 +2385,12 @@
#
template(`userdom_manage_user_home_content_symlinks',`
gen_require(`
@@ -34798,7 +34819,7 @@
')
########################################
-@@ -2375,12 +2421,12 @@
+@@ -2375,12 +2422,12 @@
#
template(`userdom_manage_user_home_content_pipes',`
gen_require(`
@@ -34814,7 +34835,7 @@
')
########################################
-@@ -2412,12 +2458,12 @@
+@@ -2412,12 +2459,12 @@
#
template(`userdom_manage_user_home_content_sockets',`
gen_require(`
@@ -34830,7 +34851,7 @@
')
########################################
-@@ -2462,11 +2508,11 @@
+@@ -2462,11 +2509,11 @@
#
template(`userdom_user_home_dir_filetrans',`
gen_require(`
@@ -34844,7 +34865,7 @@
')
########################################
-@@ -2511,11 +2557,11 @@
+@@ -2511,11 +2558,11 @@
#
template(`userdom_user_home_content_filetrans',`
gen_require(`
@@ -34858,7 +34879,7 @@
')
########################################
-@@ -2555,11 +2601,11 @@
+@@ -2555,11 +2602,11 @@
#
template(`userdom_user_home_dir_filetrans_user_home_content',`
gen_require(`
@@ -34872,7 +34893,7 @@
')
########################################
-@@ -2589,11 +2635,11 @@
+@@ -2589,11 +2636,11 @@
#
template(`userdom_write_user_tmp_sockets',`
gen_require(`
@@ -34886,7 +34907,7 @@
')
########################################
-@@ -2623,11 +2669,11 @@
+@@ -2623,11 +2670,11 @@
#
template(`userdom_list_user_tmp',`
gen_require(`
@@ -34900,7 +34921,7 @@
')
########################################
-@@ -2659,10 +2705,10 @@
+@@ -2659,10 +2706,10 @@
#
template(`userdom_dontaudit_list_user_tmp',`
gen_require(`
@@ -34913,7 +34934,7 @@
')
########################################
-@@ -2694,10 +2740,10 @@
+@@ -2694,10 +2741,10 @@
#
template(`userdom_dontaudit_manage_user_tmp_dirs',`
gen_require(`
@@ -34926,7 +34947,7 @@
')
########################################
-@@ -2727,12 +2773,12 @@
+@@ -2727,12 +2774,12 @@
#
template(`userdom_read_user_tmp_files',`
gen_require(`
@@ -34942,7 +34963,7 @@
')
########################################
-@@ -2764,10 +2810,10 @@
+@@ -2764,10 +2811,10 @@
#
template(`userdom_dontaudit_read_user_tmp_files',`
gen_require(`
@@ -34955,7 +34976,7 @@
')
########################################
-@@ -2799,10 +2845,10 @@
+@@ -2799,10 +2846,10 @@
#
template(`userdom_dontaudit_append_user_tmp_files',`
gen_require(`
@@ -34968,7 +34989,7 @@
')
########################################
-@@ -2832,12 +2878,12 @@
+@@ -2832,12 +2879,12 @@
#
template(`userdom_rw_user_tmp_files',`
gen_require(`
@@ -34984,7 +35005,7 @@
')
########################################
-@@ -2869,10 +2915,10 @@
+@@ -2869,10 +2916,10 @@
#
template(`userdom_dontaudit_manage_user_tmp_files',`
gen_require(`
@@ -34997,7 +35018,7 @@
')
########################################
-@@ -2904,12 +2950,12 @@
+@@ -2904,12 +2951,12 @@
#
template(`userdom_read_user_tmp_symlinks',`
gen_require(`
@@ -35013,7 +35034,7 @@
')
########################################
-@@ -2941,11 +2987,11 @@
+@@ -2941,11 +2988,11 @@
#
template(`userdom_manage_user_tmp_dirs',`
gen_require(`
@@ -35027,7 +35048,7 @@
')
########################################
-@@ -2977,11 +3023,11 @@
+@@ -2977,11 +3024,11 @@
#
template(`userdom_manage_user_tmp_files',`
gen_require(`
@@ -35041,7 +35062,7 @@
')
########################################
-@@ -3013,11 +3059,11 @@
+@@ -3013,11 +3060,11 @@
#
template(`userdom_manage_user_tmp_symlinks',`
gen_require(`
@@ -35055,7 +35076,7 @@
')
########################################
-@@ -3049,11 +3095,11 @@
+@@ -3049,11 +3096,11 @@
#
template(`userdom_manage_user_tmp_pipes',`
gen_require(`
@@ -35069,7 +35090,7 @@
')
########################################
-@@ -3085,11 +3131,11 @@
+@@ -3085,11 +3132,11 @@
#
template(`userdom_manage_user_tmp_sockets',`
gen_require(`
@@ -35083,7 +35104,7 @@
')
########################################
-@@ -3134,10 +3180,10 @@
+@@ -3134,10 +3181,10 @@
#
template(`userdom_user_tmp_filetrans',`
gen_require(`
@@ -35096,7 +35117,7 @@
files_search_tmp($2)
')
-@@ -3178,19 +3224,19 @@
+@@ -3178,19 +3225,19 @@
#
template(`userdom_tmp_filetrans_user_tmp',`
gen_require(`
@@ -35120,7 +35141,7 @@
## </p>
## <p>
## This is a templated interface, and should only
-@@ -4616,11 +4662,11 @@
+@@ -4616,11 +4663,11 @@
#
interface(`userdom_search_all_users_home_dirs',`
gen_require(`
@@ -35134,7 +35155,7 @@
')
########################################
-@@ -4640,6 +4686,14 @@
+@@ -4640,6 +4687,14 @@
files_list_home($1)
allow $1 home_dir_type:dir list_dir_perms;
@@ -35149,7 +35170,7 @@
')
########################################
-@@ -4677,6 +4731,8 @@
+@@ -4677,6 +4732,8 @@
')
dontaudit $1 { home_dir_type home_type }:dir search_dir_perms;
@@ -35158,7 +35179,7 @@
')
########################################
-@@ -4721,6 +4777,25 @@
+@@ -4721,6 +4778,25 @@
########################################
## <summary>
@@ -35184,7 +35205,7 @@
## Create, read, write, and delete all files
## in all users home directories.
## </summary>
-@@ -4946,7 +5021,7 @@
+@@ -4946,7 +5022,7 @@
########################################
## <summary>
@@ -35193,7 +35214,7 @@
## </summary>
## <param name="domain">
## <summary>
-@@ -5318,7 +5393,7 @@
+@@ -5318,7 +5394,7 @@
########################################
## <summary>
@@ -35202,7 +35223,7 @@
## </summary>
## <param name="domain">
## <summary>
-@@ -5326,18 +5401,17 @@
+@@ -5326,18 +5402,17 @@
## </summary>
## </param>
#
@@ -35225,7 +35246,7 @@
## </summary>
## <param name="domain">
## <summary>
-@@ -5345,17 +5419,17 @@
+@@ -5345,17 +5420,17 @@
## </summary>
## </param>
#
@@ -35247,7 +35268,7 @@
## </summary>
## <param name="domain">
## <summary>
-@@ -5363,18 +5437,18 @@
+@@ -5363,18 +5438,18 @@
## </summary>
## </param>
#
@@ -35271,7 +35292,7 @@
## </summary>
## <param name="domain">
## <summary>
-@@ -5382,17 +5456,54 @@
+@@ -5382,17 +5457,54 @@
## </summary>
## </param>
#
@@ -35330,7 +35351,7 @@
## </summary>
## <param name="domain">
## <summary>
-@@ -5483,6 +5594,42 @@
+@@ -5483,6 +5595,42 @@
########################################
## <summary>
@@ -35373,7 +35394,7 @@
## Send a dbus message to all user domains.
## </summary>
## <param name="domain">
-@@ -5513,3 +5660,524 @@
+@@ -5513,3 +5661,524 @@
interface(`userdom_unconfined',`
refpolicywarn(`$0($*) has been deprecated.')
')
More information about the fedora-extras-commits
mailing list