From c3dee952a16be56ed3f06fc93abcd638ac788ee2 Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Feb 11 2010 20:51:36 +0000 Subject: - Allow rpcd to read files with default file type --- diff --git a/policy-20100106.patch b/policy-20100106.patch index 54a9dfc..2d62bd0 100644 --- a/policy-20100106.patch +++ b/policy-20100106.patch @@ -1271,7 +1271,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.6.32/policy/modules/kernel/files.if --- nsaserefpolicy/policy/modules/kernel/files.if 2010-01-18 18:24:22.691530426 +0100 -+++ serefpolicy-3.6.32/policy/modules/kernel/files.if 2010-01-29 10:02:38.893864113 +0100 ++++ serefpolicy-3.6.32/policy/modules/kernel/files.if 2010-02-11 21:31:15.568440872 +0100 @@ -5537,3 +5537,23 @@ dontaudit $1 non_security_file_type:file_class_set rw_inherited_file_perms; @@ -4143,6 +4143,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol netutils_domtrans_ping(qdiskd_t) ') +diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.6.32/policy/modules/services/rpc.te +--- nsaserefpolicy/policy/modules/services/rpc.te 2010-01-18 18:24:22.880531210 +0100 ++++ serefpolicy-3.6.32/policy/modules/services/rpc.te 2010-02-11 21:29:42.257440026 +0100 +@@ -82,6 +82,8 @@ + + files_manage_mounttab(rpcd_t) + files_getattr_all_dirs(rpcd_t) ++files_read_isid_type_files(rpcd_t) ++files_read_default_files(rpcd_t) + + fs_list_rpc(rpcd_t) + fs_read_rpc_files(rpcd_t) diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.6.32/policy/modules/services/samba.te --- nsaserefpolicy/policy/modules/services/samba.te 2010-01-18 18:24:22.886540773 +0100 +++ serefpolicy-3.6.32/policy/modules/services/samba.te 2010-02-09 10:52:45.543866160 +0100 @@ -5926,7 +5938,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol kernel_setsched(insmod_t) diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.6.32/policy/modules/system/mount.te --- nsaserefpolicy/policy/modules/system/mount.te 2010-01-18 18:24:22.961540534 +0100 -+++ serefpolicy-3.6.32/policy/modules/system/mount.te 2010-02-08 11:03:56.385336831 +0100 ++++ serefpolicy-3.6.32/policy/modules/system/mount.te 2010-02-11 21:24:42.750703041 +0100 @@ -155,6 +155,8 @@ seutil_read_config(mount_t) @@ -5963,6 +5975,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ######################################## # # Unconfined mount local policy +@@ -268,6 +283,7 @@ + optional_policy(` + files_etc_filetrans_etc_runtime(unconfined_mount_t, file) + unconfined_domain_noaudit(unconfined_mount_t) ++ userdom_unpriv_usertype(unconfined, unconfined_mount_t) + + rpc_domtrans_rpcd(unconfined_mount_t) + devicekit_dbus_chat_disk(unconfined_mount_t) diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.6.32/policy/modules/system/selinuxutil.te --- nsaserefpolicy/policy/modules/system/selinuxutil.te 2010-01-18 18:24:22.967540599 +0100 +++ serefpolicy-3.6.32/policy/modules/system/selinuxutil.te 2010-01-18 18:27:02.789530951 +0100 diff --git a/selinux-policy.spec b/selinux-policy.spec index 061fd60..3d46d43 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -20,7 +20,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.6.32 -Release: 88%{?dist} +Release: 89%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -469,6 +469,9 @@ exit 0 %endif %changelog +* Thu Feb 11 2010 Miroslav Grepl 3.6.32-89 +- Allow rpcd to read files with default file type + * Thu Feb 11 2010 Miroslav Grepl 3.6.32-88 - Fixes for sandbox - Allow quota to set priority of kernel threads