From 7f2ac12f13d46a6d17ef4882470051025d440e1d Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sep 29 2009 20:51:16 +0000 Subject: - Update rhcs policy --- diff --git a/policy-F12.patch b/policy-F12.patch index 51bcbc2..e4704c8 100644 --- a/policy-F12.patch +++ b/policy-F12.patch @@ -388,7 +388,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol /usr/bin/online_update -- gen_context(system_u:object_r:rpm_exec_t,s0) diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.6.32/policy/modules/admin/rpm.if --- nsaserefpolicy/policy/modules/admin/rpm.if 2009-07-14 14:19:57.000000000 -0400 -+++ serefpolicy-3.6.32/policy/modules/admin/rpm.if 2009-09-29 10:11:37.000000000 -0400 ++++ serefpolicy-3.6.32/policy/modules/admin/rpm.if 2009-09-29 16:46:01.000000000 -0400 @@ -13,11 +13,34 @@ interface(`rpm_domtrans',` gen_require(` @@ -2593,8 +2593,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol +/usr/lib(64)?/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:nsplugin_rw_t,s0) diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.6.32/policy/modules/apps/nsplugin.if --- nsaserefpolicy/policy/modules/apps/nsplugin.if 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-3.6.32/policy/modules/apps/nsplugin.if 2009-09-29 15:46:41.000000000 -0400 -@@ -0,0 +1,322 @@ ++++ serefpolicy-3.6.32/policy/modules/apps/nsplugin.if 2009-09-29 16:37:24.000000000 -0400 +@@ -0,0 +1,323 @@ + +## policy for nsplugin + @@ -2680,6 +2680,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol + type nsplugin_config_t; + class x_drawable all_x_drawable_perms; + class x_resource all_x_resource_perms; ++ class dbus send_msg; + ') + + role $1 types nsplugin_t; @@ -8398,7 +8399,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ## All of the rules required to administrate diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.6.32/policy/modules/services/abrt.te --- nsaserefpolicy/policy/modules/services/abrt.te 2009-09-16 09:09:20.000000000 -0400 -+++ serefpolicy-3.6.32/policy/modules/services/abrt.te 2009-09-24 11:54:43.000000000 -0400 ++++ serefpolicy-3.6.32/policy/modules/services/abrt.te 2009-09-29 16:46:09.000000000 -0400 @@ -75,6 +75,7 @@ corecmd_exec_bin(abrt_t) @@ -8407,7 +8408,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol corenet_tcp_connect_http_port(abrt_t) -@@ -105,13 +106,20 @@ +@@ -105,13 +106,22 @@ dbus_system_bus_client(abrt_t) ') @@ -8420,6 +8421,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol - rpm_manage_db(abrt_t) - rpm_domtrans(abrt_t) + rpm_manage_cache(abrt_t) ++ rpm_read_db(abrt_t) ++ rpm_dontaudit_manage_db(abrt_t) + rpm_domtrans_debuginfo(abrt_t) + rpm_signull(abrt_t) ') @@ -12124,7 +12127,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.6.32/policy/modules/services/dovecot.te --- nsaserefpolicy/policy/modules/services/dovecot.te 2009-08-14 16:14:31.000000000 -0400 -+++ serefpolicy-3.6.32/policy/modules/services/dovecot.te 2009-09-16 10:03:09.000000000 -0400 ++++ serefpolicy-3.6.32/policy/modules/services/dovecot.te 2009-09-29 16:39:40.000000000 -0400 @@ -103,6 +103,7 @@ dev_read_urand(dovecot_t) @@ -12133,6 +12136,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol fs_search_auto_mountpoints(dovecot_t) fs_list_inotifyfs(dovecot_t) +@@ -159,7 +160,7 @@ + # + + allow dovecot_auth_t self:capability { chown dac_override setgid setuid }; +-allow dovecot_auth_t self:process signal_perms; ++allow dovecot_auth_t self:process { signal_perms getcap setcap }; + allow dovecot_auth_t self:fifo_file rw_fifo_file_perms; + allow dovecot_auth_t self:unix_dgram_socket create_socket_perms; + allow dovecot_auth_t self:unix_stream_socket create_stream_socket_perms; @@ -220,9 +221,15 @@ ')