From 9ffb88eba340fb65dd680e6c53eb772e697ba971 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: May 17 2007 17:16:26 +0000 Subject: - allow alsactl to read kernel state --- diff --git a/policy-20070501.patch b/policy-20070501.patch index 4a4e13b..123f5cd 100644 --- a/policy-20070501.patch +++ b/policy-20070501.patch @@ -166,7 +166,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te logging_log_file(acct_data_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc serefpolicy-2.6.4/policy/modules/admin/alsa.fc --- nsaserefpolicy/policy/modules/admin/alsa.fc 2006-11-16 17:15:26.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/admin/alsa.fc 2007-05-16 17:44:09.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/admin/alsa.fc 2007-05-17 12:16:25.000000000 -0400 @@ -1,4 +1,7 @@ /etc/alsa/pcm(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0) @@ -177,8 +177,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc +/sbin/alsactl -- gen_context(system_u:object_r:alsa_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-2.6.4/policy/modules/admin/alsa.te --- nsaserefpolicy/policy/modules/admin/alsa.te 2007-01-02 12:57:51.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/admin/alsa.te 2007-05-16 17:47:00.000000000 -0400 -@@ -20,16 +20,20 @@ ++++ serefpolicy-2.6.4/policy/modules/admin/alsa.te 2007-05-17 11:22:07.000000000 -0400 +@@ -20,20 +20,23 @@ # Local policy # @@ -199,12 +199,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te +files_search_home(alsa_t) files_read_etc_files(alsa_t) - term_use_generic_ptys(alsa_t) -@@ -44,7 +48,14 @@ +-term_use_generic_ptys(alsa_t) +-term_dontaudit_use_unallocated_ttys(alsa_t) ++kernel_read_system_state(alsa_t) + + libs_use_ld_so(alsa_t) + libs_use_shared_libs(alsa_t) +@@ -44,7 +47,17 @@ userdom_manage_unpriv_user_semaphores(alsa_t) userdom_manage_unpriv_user_shared_mem(alsa_t) +userdom_search_generic_user_home_dirs(alsa_t) ++ ++term_use_generic_ptys(alsa_t) ++term_dontaudit_use_unallocated_ttys(alsa_t) optional_policy(` nscd_socket_use(alsa_t) @@ -3371,8 +3379,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-2.6.4/policy/modules/services/ftp.te --- nsaserefpolicy/policy/modules/services/ftp.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/ftp.te 2007-05-08 09:59:33.000000000 -0400 -@@ -223,10 +223,15 @@ ++++ serefpolicy-2.6.4/policy/modules/services/ftp.te 2007-05-17 13:03:23.000000000 -0400 +@@ -168,6 +168,7 @@ + libs_use_shared_libs(ftpd_t) + + logging_send_syslog_msg(ftpd_t) ++logging_send_audit_msg(ftpd_t) + + miscfiles_read_localization(ftpd_t) + miscfiles_read_public_files(ftpd_t) +@@ -223,10 +224,15 @@ userdom_manage_all_users_home_content_dirs(ftpd_t) userdom_manage_all_users_home_content_files(ftpd_t) userdom_manage_all_users_home_content_symlinks(ftpd_t) @@ -4406,7 +4422,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp. # for scripts diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.6.4/policy/modules/services/procmail.te --- nsaserefpolicy/policy/modules/services/procmail.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/procmail.te 2007-05-08 09:59:33.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/procmail.te 2007-05-17 12:20:51.000000000 -0400 @@ -10,6 +10,7 @@ type procmail_exec_t; domain_type(procmail_t) @@ -4426,7 +4442,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc # for a bug in the postfix local program postfix_dontaudit_rw_local_tcp_sockets(procmail_t) postfix_dontaudit_use_fds(procmail_t) -@@ -124,3 +129,5 @@ +@@ -119,8 +124,11 @@ + + optional_policy(` + corenet_udp_bind_generic_port(procmail_t) ++ corenet_dontaudit_udp_bind_all_ports(procmail_t) + + spamassassin_exec(procmail_t) spamassassin_exec_client(procmail_t) spamassassin_read_lib_files(procmail_t) ') @@ -4848,7 +4870,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-2.6.4/policy/modules/services/samba.if --- nsaserefpolicy/policy/modules/services/samba.if 2007-01-02 12:57:43.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/services/samba.if 2007-05-08 10:02:45.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/samba.if 2007-05-17 13:05:00.000000000 -0400 @@ -177,6 +177,27 @@ ######################################## @@ -4996,7 +5018,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.6.4/policy/modules/services/samba.te --- nsaserefpolicy/policy/modules/services/samba.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/samba.te 2007-05-08 10:04:12.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/samba.te 2007-05-17 13:03:49.000000000 -0400 @@ -28,6 +28,35 @@ ## gen_tunable(samba_share_nfs,false) diff --git a/selinux-policy.spec b/selinux-policy.spec index 37f2e58..e0b3c92 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 2.6.4 -Release: 5%{?dist} +Release: 6%{?dist} License: GPL Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -359,6 +359,9 @@ semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init %endif %changelog +* Thu May 17 2007 Dan Walsh 2.6.4-6 +- allow alsactl to read kernel state + * Wed May 16 2007 Dan Walsh 2.6.4-5 - More fixes for alsactl - Transition from hal and modutils