From 9c90ba7e8eea4880f00335802c90998cffc65627 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Dec 16 2009 13:30:38 +0000 Subject: - Add tgtd policy --- diff --git a/modules-minimum.conf b/modules-minimum.conf index 94c79ba..fecf674 100644 --- a/modules-minimum.conf +++ b/modules-minimum.conf @@ -1576,6 +1576,13 @@ tgtd = module # udev = base +# Layer: services +# Module: udisks +# +# Policy for udisk +# +udisks = base + # Layer: system # Module: userdomain # diff --git a/modules-mls.conf b/modules-mls.conf index 9eaf94a..4883f2c 100644 --- a/modules-mls.conf +++ b/modules-mls.conf @@ -1386,6 +1386,13 @@ tgtd = module # udev = base +# Layer: services +# Module: udisks +# +# Policy for udisk +# +udisks = base + # Layer: system # Module: userdomain # diff --git a/modules-targeted.conf b/modules-targeted.conf index 94c79ba..fecf674 100644 --- a/modules-targeted.conf +++ b/modules-targeted.conf @@ -1576,6 +1576,13 @@ tgtd = module # udev = base +# Layer: services +# Module: udisks +# +# Policy for udisk +# +udisks = base + # Layer: system # Module: userdomain # diff --git a/policy-F13.patch b/policy-F13.patch index ff9516d..9850836 100644 --- a/policy-F13.patch +++ b/policy-F13.patch @@ -16719,7 +16719,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ') diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.7.4/policy/modules/services/nagios.te --- nsaserefpolicy/policy/modules/services/nagios.te 2009-08-14 16:14:31.000000000 -0400 -+++ serefpolicy-3.7.4/policy/modules/services/nagios.te 2009-12-15 15:35:42.000000000 -0500 ++++ serefpolicy-3.7.4/policy/modules/services/nagios.te 2009-12-16 08:29:49.000000000 -0500 @@ -6,17 +6,23 @@ # Declarations # @@ -16758,7 +16758,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol type nrpe_t; type nrpe_exec_t; init_daemon_domain(nrpe_t, nrpe_exec_t) -@@ -33,6 +42,31 @@ +@@ -33,6 +42,33 @@ type nrpe_etc_t; files_config_file(nrpe_etc_t) @@ -16781,7 +16781,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol +files_tmp_file(nagios_system_plugin_tmp_t) + +nagios_plugin_template(unconfined) -+unconfined_domain(nagios_unconfined_plugin_t) ++optional_policy(` ++ unconfined_domain(nagios_unconfined_plugin_t) ++') + +permissive nagios_checkdisk_plugin_t; +permissive nagios_services_plugin_t; @@ -16790,7 +16792,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ######################################## # # Nagios local policy -@@ -45,6 +79,9 @@ +@@ -45,6 +81,9 @@ allow nagios_t self:tcp_socket create_stream_socket_perms; allow nagios_t self:udp_socket create_socket_perms; @@ -16800,7 +16802,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol read_files_pattern(nagios_t, nagios_etc_t, nagios_etc_t) read_lnk_files_pattern(nagios_t, nagios_etc_t, nagios_etc_t) allow nagios_t nagios_etc_t:dir list_dir_perms; -@@ -60,6 +97,8 @@ +@@ -60,6 +99,8 @@ manage_files_pattern(nagios_t, nagios_var_run_t, nagios_var_run_t) files_pid_filetrans(nagios_t, nagios_var_run_t, file) @@ -16809,7 +16811,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol kernel_read_system_state(nagios_t) kernel_read_kernel_sysctls(nagios_t) -@@ -86,6 +125,7 @@ +@@ -86,6 +127,7 @@ files_read_etc_files(nagios_t) files_read_etc_runtime_files(nagios_t) files_read_kernel_symbol_table(nagios_t) @@ -16817,7 +16819,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol fs_getattr_all_fs(nagios_t) fs_search_auto_mountpoints(nagios_t) -@@ -127,52 +167,59 @@ +@@ -127,52 +169,59 @@ # # Nagios CGI local policy # @@ -16902,7 +16904,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol kernel_read_system_state(nrpe_t) kernel_read_kernel_sysctls(nrpe_t) -@@ -183,15 +230,19 @@ +@@ -183,15 +232,19 @@ dev_read_urand(nrpe_t) domain_use_interactive_fds(nrpe_t) @@ -16922,7 +16924,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol userdom_dontaudit_use_unpriv_user_fds(nrpe_t) optional_policy(` -@@ -209,3 +260,84 @@ +@@ -209,3 +262,84 @@ optional_policy(` udev_read_db(nrpe_t) ') diff --git a/selinux-policy.spec b/selinux-policy.spec index af9578e..88cf8c3 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -15,7 +15,7 @@ %endif %define POLICYVER 24 %define libsepolver 2.0.41-1 -%define POLICYCOREUTILSVER 2.0.78-3 +%define POLICYCOREUTILSVER 2.0.78-1 %define CHECKPOLICYVER 2.0.21-1 Summary: SELinux policy configuration Name: selinux-policy