From c7976d398b784c7fee69543352e8e35f81a99317 Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Aug 21 2009 08:33:48 +0000 Subject: - Allow gpsd fsetid capability --- diff --git a/policy-20080710.patch b/policy-20080710.patch index 1f9f40e..bba5918 100644 --- a/policy-20080710.patch +++ b/policy-20080710.patch @@ -5437,8 +5437,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ptchown. + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ptchown.te serefpolicy-3.5.13/policy/modules/apps/ptchown.te --- nsaserefpolicy/policy/modules/apps/ptchown.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.5.13/policy/modules/apps/ptchown.te 2009-08-14 14:13:12.000000000 +0200 -@@ -0,0 +1,38 @@ ++++ serefpolicy-3.5.13/policy/modules/apps/ptchown.te 2009-08-21 09:47:20.000000000 +0200 +@@ -0,0 +1,39 @@ +policy_module(ptchown,1.0.0) + +######################################## @@ -5458,7 +5458,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ptchown. +# ptchown local policy +# + -+allow ptchown_t self:capability { fowner chown setuid }; ++allow ptchown_t self:capability { chown fowner fsetid setuid }; +allow ptchown_t self:process { getcap setcap }; + +# Init script handling @@ -5475,6 +5475,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ptchown. +term_use_generic_ptys(ptchown_t) +term_setattr_generic_ptys(ptchown_t) +term_setattr_all_user_ptys(ptchown_t) ++term_use_ptmx(ptchown_t) + +miscfiles_read_localization(ptchown_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.5.13/policy/modules/apps/qemu.fc @@ -18100,7 +18101,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.te serefpolicy-3.5.13/policy/modules/services/gpsd.te --- nsaserefpolicy/policy/modules/services/gpsd.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.5.13/policy/modules/services/gpsd.te 2009-03-10 13:22:11.000000000 +0100 ++++ serefpolicy-3.5.13/policy/modules/services/gpsd.te 2009-08-21 09:52:33.000000000 +0200 @@ -0,0 +1,55 @@ +policy_module(gpsd,1.0.0) + @@ -18122,7 +18123,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd +# gpsd local policy +# + -+allow gpsd_t self:capability { setuid sys_nice setgid fowner }; ++allow gpsd_t self:capability { setuid sys_nice setgid fowner fsetid}; +allow gpsd_t self:process setsched; +allow gpsd_t self:shm create_shm_perms; +allow gpsd_t self:unix_dgram_socket { create_socket_perms sendto }; @@ -21409,6 +21410,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp. firstboot_dontaudit_use_fds(ntpd_t) firstboot_dontaudit_rw_pipes(ntpd_t) firstboot_dontaudit_rw_stream_sockets(ntpd_t) +diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.fc serefpolicy-3.5.13/policy/modules/services/nx.fc +--- nsaserefpolicy/policy/modules/services/nx.fc 2008-10-17 14:49:13.000000000 +0200 ++++ serefpolicy-3.5.13/policy/modules/services/nx.fc 2009-08-21 10:05:00.000000000 +0200 +@@ -5,3 +5,7 @@ + /opt/NX/var(/.*)? gen_context(system_u:object_r:nx_server_var_run_t,s0) + + /usr/libexec/nx/nxserver -- gen_context(system_u:object_r:nx_server_exec_t,s0) ++ ++/var/lib/nxserver/home/.ssh(/.*)? gen_context(system_u:object_r:nx_server_home_ssh_t,s0) ++ ++ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-3.5.13/policy/modules/services/oddjob.fc --- nsaserefpolicy/policy/modules/services/oddjob.fc 2008-10-17 14:49:11.000000000 +0200 +++ serefpolicy-3.5.13/policy/modules/services/oddjob.fc 2009-02-10 15:07:15.000000000 +0100 diff --git a/selinux-policy.spec b/selinux-policy.spec index bddd661..f601795 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -20,7 +20,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.5.13 -Release: 69%{?dist} +Release: 70%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -462,6 +462,9 @@ exit 0 %endif %changelog +* Fri Aug 21 2009 Miroslav Grepl 3.5.13-70 +- Allow gpsd fsetid capability + * Fri Aug 14 2009 Miroslav Grepl 3.5.13-69 - Add ptchown policy from Dan Walsh