From 750cd4d707756ee58c4d47ba77765bb67c71b826 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Dec 18 2008 21:00:56 +0000 Subject: - Allow staff_t to execute at jobs --- diff --git a/policy-20080710.patch b/policy-20080710.patch index ce3e305..2f3e88e 100644 --- a/policy-20080710.patch +++ b/policy-20080710.patch @@ -13314,7 +13314,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol +/var/log/rpmpkgs.* -- gen_context(system_u:object_r:cron_log_t,s0) diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.5.13/policy/modules/services/cron.if --- nsaserefpolicy/policy/modules/services/cron.if 2008-10-17 08:49:11.000000000 -0400 -+++ serefpolicy-3.5.13/policy/modules/services/cron.if 2008-12-10 10:11:34.000000000 -0500 ++++ serefpolicy-3.5.13/policy/modules/services/cron.if 2008-12-18 15:54:11.000000000 -0500 @@ -35,39 +35,25 @@ # template(`cron_per_role_template',` @@ -13490,7 +13490,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol # dac_override is to create the file in the directory under /tmp allow $1_crontab_t self:capability { fowner setuid setgid chown dac_override }; - allow $1_crontab_t self:process signal_perms; -+ allow $1_cronjob_t self:process { signal_perms setsched }; ++ allow $1_crontab_t self:process { signal_perms setsched }; + allow $1_crontab_t self:fifo_file rw_fifo_file_perms; + allow $1_crontab_t crond_t:process signal; @@ -25917,7 +25917,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol /etc/ssh/ssh_host_key -- gen_context(system_u:object_r:sshd_key_t,s0) diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.5.13/policy/modules/services/ssh.if --- nsaserefpolicy/policy/modules/services/ssh.if 2008-10-17 08:49:11.000000000 -0400 -+++ serefpolicy-3.5.13/policy/modules/services/ssh.if 2008-12-18 10:02:59.000000000 -0500 ++++ serefpolicy-3.5.13/policy/modules/services/ssh.if 2008-12-18 15:57:42.000000000 -0500 @@ -36,6 +36,7 @@ gen_require(` attribute ssh_server; @@ -26048,7 +26048,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol userdom_dontaudit_list_user_home_dirs($1,$1_ssh_t) userdom_search_user_home_dirs($1,$1_ssh_t) + userdom_write_user_tmp_sockets(user,$1_ssh_t) -+ userdom_read_user_home_content_symlinks($1_ssh_t) ++ userdom_read_user_home_content_symlinks(user, $1_ssh_t) + # Write to the user domain tty. userdom_use_user_terminals($1,$1_ssh_t)