diff --git a/policy-20071130.patch b/policy-20071130.patch index 415f8b8..8ddaf28 100644 --- a/policy-20071130.patch +++ b/policy-20071130.patch @@ -19641,8 +19641,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polk + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.te serefpolicy-3.3.1/policy/modules/services/polkit.te --- nsaserefpolicy/policy/modules/services/polkit.te 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-3.3.1/policy/modules/services/polkit.te 2008-05-28 09:06:14.000000000 -0400 -@@ -0,0 +1,196 @@ ++++ serefpolicy-3.3.1/policy/modules/services/polkit.te 2008-05-29 09:05:13.738516000 -0400 +@@ -0,0 +1,201 @@ +policy_module(polkit_auth,1.0.0) + +######################################## @@ -19839,6 +19839,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polk +miscfiles_read_localization(polkit_resolve_t) + +logging_send_syslog_msg(polkit_resolve_t) ++ ++optional_policy(` ++ dbus_system_bus_client_template(polkit_resolve, polkit_resolve_t) ++') ++ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portslave.te serefpolicy-3.3.1/policy/modules/services/portslave.te --- nsaserefpolicy/policy/modules/services/portslave.te 2008-02-26 08:23:10.000000000 -0500 +++ serefpolicy-3.3.1/policy/modules/services/portslave.te 2008-05-28 09:06:14.000000000 -0400 @@ -25974,7 +25979,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser /var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.3.1/policy/modules/services/xserver.if --- nsaserefpolicy/policy/modules/services/xserver.if 2008-02-26 08:23:10.000000000 -0500 -+++ serefpolicy-3.3.1/policy/modules/services/xserver.if 2008-05-29 08:59:50.470472000 -0400 ++++ serefpolicy-3.3.1/policy/modules/services/xserver.if 2008-05-29 09:03:53.792808000 -0400 @@ -12,9 +12,15 @@ ## ## @@ -27387,7 +27392,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.3.1/policy/modules/services/xserver.te --- nsaserefpolicy/policy/modules/services/xserver.te 2008-02-26 08:23:10.000000000 -0500 -+++ serefpolicy-3.3.1/policy/modules/services/xserver.te 2008-05-29 08:55:11.197506000 -0400 ++++ serefpolicy-3.3.1/policy/modules/services/xserver.te 2008-05-29 09:08:39.452233000 -0400 @@ -8,6 +8,14 @@ ## @@ -27820,7 +27825,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser +manage_files_pattern(xdm_xserver_t,xserver_var_lib_t,xserver_var_lib_t) +files_var_lib_filetrans(xdm_xserver_t,xserver_var_lib_t,dir) + -+manage_dirs_pattern(xdm_xserver_t,xserver_var_run_tO,xserver_var_run_t) ++manage_dirs_pattern(xdm_xserver_t,xserver_var_run_t,xserver_var_run_t) +manage_files_pattern(xdm_xserver_t,xserver_var_run_t,xserver_var_run_t) +manage_sock_files_pattern(xdm_xserver_t,xdm_var_run_t,xdm_var_run_t) +files_pid_filetrans(xdm_xserver_t,xserver_var_run_t,{ dir file }) diff --git a/selinux-policy.spec b/selinux-policy.spec index 6ca6d9a..c32b709 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -388,6 +388,7 @@ exit 0 * Wed May 21 2008 Dan Walsh 3.3.1-57 - Allow dhcpc sys_nice - Allow handling of /var/run/video.rom +- Allow policykit_resolve to use dbus * Wed May 21 2008 Dan Walsh 3.3.1-56 - Fix vncserver transition to work properly in unconfined environment.