From 429f592d51f7a84699d40e33c3ab27b702e480b3 Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Mar 10 2010 15:41:50 +0000 Subject: - Allow nsplugin to manage pulseaudio homedir content --- diff --git a/policy-20100106.patch b/policy-20100106.patch index d84936c..00464c4 100644 --- a/policy-20100106.patch +++ b/policy-20100106.patch @@ -1375,8 +1375,19 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol +') diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.6.32/policy/modules/apps/nsplugin.te --- nsaserefpolicy/policy/modules/apps/nsplugin.te 2010-01-18 18:24:22.628540083 +0100 -+++ serefpolicy-3.6.32/policy/modules/apps/nsplugin.te 2010-03-03 10:39:47.592612032 +0100 -@@ -190,13 +190,13 @@ ++++ serefpolicy-3.6.32/policy/modules/apps/nsplugin.te 2010-03-10 15:58:15.169618442 +0100 +@@ -182,6 +182,10 @@ + ') + + optional_policy(` ++ pulseaudio_manage_home(nsplugin_t) ++') ++ ++optional_policy(` + unconfined_execmem_signull(nsplugin_t) + ') + +@@ -190,13 +194,13 @@ type user_tmpfs_t; ') xserver_user_x_domain_template(nsplugin, nsplugin_t, user_tmpfs_t) @@ -1392,7 +1403,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ') ######################################## -@@ -273,7 +273,7 @@ +@@ -273,7 +277,7 @@ domtrans_pattern(nsplugin_config_t, nsplugin_exec_t, nsplugin_t) optional_policy(` @@ -1984,7 +1995,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ## Read VMWare system configuration files. diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.te serefpolicy-3.6.32/policy/modules/apps/vmware.te --- nsaserefpolicy/policy/modules/apps/vmware.te 2010-01-18 18:24:22.655542539 +0100 -+++ serefpolicy-3.6.32/policy/modules/apps/vmware.te 2010-03-03 10:39:47.596621872 +0100 ++++ serefpolicy-3.6.32/policy/modules/apps/vmware.te 2010-03-10 16:02:37.539868524 +0100 @@ -32,6 +32,10 @@ type vmware_host_pid_t alias vmware_var_run_t; files_pid_file(vmware_host_pid_t) @@ -1996,7 +2007,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol type vmware_log_t; typealias vmware_log_t alias { user_vmware_log_t staff_vmware_log_t sysadm_vmware_log_t }; typealias vmware_log_t alias { auditadm_vmware_log_t secadm_vmware_log_t }; -@@ -87,6 +91,11 @@ +@@ -78,6 +82,7 @@ + allow vmware_host_t self:tcp_socket create_socket_perms; + + # cjp: the ro and rw files should be split up ++manage_lnk_files_pattern(vmware_host_t, vmware_sys_conf_t, vmware_sys_conf_t) + manage_files_pattern(vmware_host_t, vmware_sys_conf_t, vmware_sys_conf_t) + + manage_files_pattern(vmware_host_t, vmware_var_run_t, vmware_var_run_t) +@@ -87,6 +92,11 @@ manage_files_pattern(vmware_host_t, vmware_log_t, vmware_log_t) logging_log_filetrans(vmware_host_t, vmware_log_t, { file dir }) @@ -2008,7 +2027,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol kernel_read_kernel_sysctls(vmware_host_t) kernel_read_system_state(vmware_host_t) -@@ -157,7 +166,6 @@ +@@ -157,7 +167,6 @@ optional_policy(` xserver_read_tmp_files(vmware_host_t) xserver_read_xdm_pid(vmware_host_t) @@ -4179,7 +4198,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ###################################### diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.6.32/policy/modules/services/abrt.te --- nsaserefpolicy/policy/modules/services/abrt.te 2010-01-18 18:24:22.727540243 +0100 -+++ serefpolicy-3.6.32/policy/modules/services/abrt.te 2010-03-09 09:52:05.533515863 +0100 ++++ serefpolicy-3.6.32/policy/modules/services/abrt.te 2010-03-10 16:27:19.514618496 +0100 @@ -96,16 +96,19 @@ corenet_tcp_connect_ftp_port(abrt_t) corenet_tcp_connect_all_ports(abrt_t) @@ -10487,6 +10506,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol logging_send_syslog_msg(tgtd_t) +diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.fc serefpolicy-3.6.32/policy/modules/services/tor.fc +--- nsaserefpolicy/policy/modules/services/tor.fc 2009-09-16 16:01:19.000000000 +0200 ++++ serefpolicy-3.6.32/policy/modules/services/tor.fc 2010-03-10 16:38:05.232617583 +0100 +@@ -5,5 +5,6 @@ + /usr/sbin/tor -- gen_context(system_u:object_r:tor_exec_t,s0) + + /var/lib/tor(/.*)? gen_context(system_u:object_r:tor_var_lib_t,s0) ++/var/lib/tor-data(/.*)? gen_context(system_u:object_r:tor_var_lib_t,s0) + /var/log/tor(/.*)? gen_context(system_u:object_r:tor_var_log_t,s0) + /var/run/tor(/.*)? gen_context(system_u:object_r:tor_var_run_t,s0) diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tuned.fc serefpolicy-3.6.32/policy/modules/services/tuned.fc --- nsaserefpolicy/policy/modules/services/tuned.fc 2010-01-18 18:24:22.907534364 +0100 +++ serefpolicy-3.6.32/policy/modules/services/tuned.fc 2010-02-03 17:28:43.165143461 +0100 diff --git a/selinux-policy.spec b/selinux-policy.spec index 85e372a..378418a 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -20,7 +20,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.6.32 -Release: 100%{?dist} +Release: 101%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -469,6 +469,9 @@ exit 0 %endif %changelog +* Wed Mar 10 2010 Miroslav Grepl 3.6.32-101 +- Allow nsplugin to manage pulseaudio homedir content + * Tue Mar 9 2010 Miroslav Grepl 3.6.32-100 - Allow pulseaudio sys_tty_config capability - Add label for cman_tool