diff --git a/policy-20080710.patch b/policy-20080710.patch index d2d58fe..c19efdc 100644 --- a/policy-20080710.patch +++ b/policy-20080710.patch @@ -7200,7 +7200,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene network_port(xfs, tcp,7100,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.5.13/policy/modules/kernel/devices.fc --- nsaserefpolicy/policy/modules/kernel/devices.fc 2008-10-17 14:49:14.000000000 +0200 -+++ serefpolicy-3.5.13/policy/modules/kernel/devices.fc 2009-03-25 13:47:42.000000000 +0100 ++++ serefpolicy-3.5.13/policy/modules/kernel/devices.fc 2009-04-03 15:22:46.000000000 +0200 @@ -1,8 +1,9 @@ /dev -d gen_context(system_u:object_r:device_t,s0) @@ -7342,7 +7342,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device /dev/usb/mdc800.* -c gen_context(system_u:object_r:scanner_device_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.5.13/policy/modules/kernel/devices.if --- nsaserefpolicy/policy/modules/kernel/devices.if 2008-10-17 14:49:13.000000000 +0200 -+++ serefpolicy-3.5.13/policy/modules/kernel/devices.if 2009-03-25 14:08:22.000000000 +0100 ++++ serefpolicy-3.5.13/policy/modules/kernel/devices.if 2009-04-03 10:50:33.000000000 +0200 @@ -65,7 +65,7 @@ relabelfrom_dirs_pattern($1, device_t, device_node) @@ -7930,7 +7930,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.5.13/policy/modules/kernel/devices.te --- nsaserefpolicy/policy/modules/kernel/devices.te 2008-10-17 14:49:13.000000000 +0200 -+++ serefpolicy-3.5.13/policy/modules/kernel/devices.te 2009-03-25 13:47:42.000000000 +0100 ++++ serefpolicy-3.5.13/policy/modules/kernel/devices.te 2009-04-03 10:51:23.000000000 +0200 @@ -1,5 +1,5 @@ -policy_module(devices, 1.7.0) @@ -18406,7 +18406,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lirc + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.5.13/policy/modules/services/lircd.te --- nsaserefpolicy/policy/modules/services/lircd.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.5.13/policy/modules/services/lircd.te 2009-03-27 14:56:59.000000000 +0100 ++++ serefpolicy-3.5.13/policy/modules/services/lircd.te 2009-04-03 15:23:05.000000000 +0200 @@ -0,0 +1,60 @@ +policy_module(lircd,1.0.0) + @@ -26581,7 +26581,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.5.13/policy/modules/services/samba.te --- nsaserefpolicy/policy/modules/services/samba.te 2008-10-17 14:49:13.000000000 +0200 -+++ serefpolicy-3.5.13/policy/modules/services/samba.te 2009-02-26 15:44:58.000000000 +0100 ++++ serefpolicy-3.5.13/policy/modules/services/samba.te 2009-04-03 11:57:58.000000000 +0200 @@ -66,6 +66,13 @@ ## gen_tunable(samba_share_nfs, false) @@ -26902,7 +26902,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb allow swat_t self:udp_socket create_socket_perms; +allow swat_t self:unix_stream_socket connectto; -+can_exec(swat_t, smbd_exec_t) ++samba_domtrans_smb(swat_t) +allow swat_t smbd_port_t:tcp_socket name_bind; +allow swat_t smbd_t:process { signal signull }; +allow swat_t smbd_var_run_t:file { lock unlink }; @@ -33306,7 +33306,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi. allow iscsid_t iscsi_tmp_t:dir manage_dir_perms; diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.5.13/policy/modules/system/libraries.fc --- nsaserefpolicy/policy/modules/system/libraries.fc 2008-10-17 14:49:13.000000000 +0200 -+++ serefpolicy-3.5.13/policy/modules/system/libraries.fc 2009-03-30 17:17:31.000000000 +0200 ++++ serefpolicy-3.5.13/policy/modules/system/libraries.fc 2009-04-03 10:47:07.000000000 +0200 @@ -60,12 +60,15 @@ # # /opt @@ -33405,7 +33405,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar /usr/lib(64)?/libstdc\+\+\.so\.2\.7\.2\.8 -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/libg\+\+\.so\.2\.7\.2\.8 -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/libglide3\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -@@ -187,6 +205,7 @@ +@@ -187,12 +205,14 @@ /usr/lib(64)?/libdv\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/helix/plugins/[^/]*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/helix/codecs/[^/]*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -33413,7 +33413,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar /usr/lib(64)?/libSDL-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/xorg/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/X11R6/lib/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) -@@ -208,6 +227,9 @@ + /usr/lib(64)?/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) + /usr/X11R6/lib/libOSMesa\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) + /usr/X11R6/lib/libfglrx_gamma\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) ++/usr/lib/libOSMesa\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) + /usr/lib(64)?/libHermes\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) + /usr/lib(64)?/valgrind/hp2ps -- gen_context(system_u:object_r:textrel_shlib_t,s0) + /usr/lib(64)?/valgrind/stage2 -- gen_context(system_u:object_r:textrel_shlib_t,s0) +@@ -208,6 +228,9 @@ /usr/lib(64)?/.*/program/libsoffice\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/(.*/)?pcsc/drivers(/.*)?/lib(cm2020|cm4000|SCR24x)\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -33423,7 +33430,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar # Fedora Extras packages: ladspa, imlib2, ocaml /usr/lib(64)?/ladspa/analogue_osc_1416\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/ladspa/bandpass_a_iir_1893\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) -@@ -233,7 +255,7 @@ +@@ -233,7 +256,7 @@ /usr/lib(64)?/php/modules/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) # Livna.org packages: xmms-mp3, ffmpeg, xvidcore, xine-lib, gsm, lame @@ -33432,7 +33439,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar /usr/lib(64)?/codecs/drv[1-9c]\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/libpostproc\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/libavformat.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -@@ -246,13 +268,16 @@ +@@ -246,13 +269,16 @@ # Flash plugin, Macromedia HOME_DIR/\.mozilla(/.*)?/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -33451,7 +33458,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar # Jai, Sun Microsystems (Jpackage SPRM) /usr/lib(64)?/libmlib_jai\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/libdivxdecore\.so\.0 -- gen_context(system_u:object_r:textrel_shlib_t,s0) -@@ -267,6 +292,9 @@ +@@ -267,6 +293,9 @@ /usr/lib(64)?/vmware/lib(/.*)?/HConfig\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/vmware/(.*/)?VmPerl\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -33461,7 +33468,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar # Java, Sun Microsystems (JPackage SRPM) /usr/(.*/)?jre.*/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/local/(.*/)?jre.*/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -@@ -291,6 +319,8 @@ +@@ -291,6 +320,8 @@ /usr/lib/acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/acroread/.+\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/acroread/(.*/)?ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -33470,7 +33477,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar ') dnl end distro_redhat # -@@ -307,6 +337,36 @@ +@@ -307,6 +338,36 @@ /var/lib/samba/bin/.+\.so(\.[^/]*)* -l gen_context(system_u:object_r:lib_t,s0) ')