From bcb1922de78ae087c40f6422bb0369df7d611ae4 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Dec 03 2008 23:40:18 +0000 Subject: - Cleanup policy --- diff --git a/policy-20081111.patch b/policy-20081111.patch index 149a3dd..2e2d770 100644 --- a/policy-20081111.patch +++ b/policy-20081111.patch @@ -9705,7 +9705,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol +') diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.6.1/policy/modules/services/cron.te --- nsaserefpolicy/policy/modules/services/cron.te 2008-11-11 16:13:46.000000000 -0500 -+++ serefpolicy-3.6.1/policy/modules/services/cron.te 2008-12-03 14:11:06.000000000 -0500 ++++ serefpolicy-3.6.1/policy/modules/services/cron.te 2008-12-03 18:26:44.000000000 -0500 @@ -38,6 +38,10 @@ type cron_var_lib_t; files_type(cron_var_lib_t) @@ -9726,6 +9726,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol type crond_var_run_t; files_pid_file(crond_var_run_t) +@@ -70,7 +76,7 @@ + typealias admin_crontab_tmp_t alias sysadm_crontab_tmp_t; + + cron_common_crontab_template(crontab) +-typealias crontab_t alias { user_crontab_t staff_crontab_t }; ++typealias crontab_t alias { user_crontab_t staff_crontab_t unconfined_crontab_t }; + typealias crontab_t alias { auditadm_crontab_t secadm_crontab_t }; + typealias crontab_tmp_t alias { user_crontab_tmp_t staff_crontab_tmp_t }; + typealias crontab_tmp_t alias { auditadm_crontab_tmp_t secadm_crontab_tmp_t }; @@ -103,6 +109,13 @@ files_type(user_cron_spool_t) ubac_constrained(user_cron_spool_t) @@ -20859,7 +20868,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol + diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.6.1/policy/modules/services/xserver.te --- nsaserefpolicy/policy/modules/services/xserver.te 2008-11-18 18:57:20.000000000 -0500 -+++ serefpolicy-3.6.1/policy/modules/services/xserver.te 2008-12-03 16:48:20.000000000 -0500 ++++ serefpolicy-3.6.1/policy/modules/services/xserver.te 2008-12-03 18:27:33.000000000 -0500 @@ -34,6 +34,13 @@ ## @@ -20969,6 +20978,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol # type for /var/lib/xkb type xkb_var_lib_t; files_type(xkb_var_lib_t) +@@ -189,7 +208,7 @@ + type xserver_t; + type xserver_exec_t; + typealias xserver_t alias { user_xserver_t staff_xserver_t sysadm_xserver_t }; +-typealias xserver_t alias { auditadm_xserver_t secadm_xserver_t }; ++typealias xserver_t alias { auditadm_xserver_t secadm_xserver_t xdm_xserver_t }; + xserver_object_types_template(xdm) + xserver_common_x_domain_template(xdm,xdm_t) + init_system_domain(xserver_t, xserver_exec_t) @@ -197,12 +216,12 @@ type xserver_tmp_t; @@ -20980,7 +20998,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol type xserver_tmpfs_t; -typealias xserver_tmpfs_t alias { user_xserver_tmpfs_t staff_xserver_tmpfs_t sysadm_xserver_tmpfs_t }; -+typealias xserver_tmpfs_t alias { user_xserver_tmpfs_t staff_xserver_tmpfs_t sysadm_xserver_tmpfs_t xguest_xserver_tmpfs_t unconfined_xserver_tmpfs_t }; ++typealias xserver_tmpfs_t alias { user_xserver_tmpfs_t staff_xserver_tmpfs_t sysadm_xserver_tmpfs_t xguest_xserver_tmpfs_t unconfined_xserver_tmpfs_t xdm_xserver_tmpfs_t }; typealias xserver_tmpfs_t alias { auditadm_xserver_tmpfs_t secadm_xserver_tmpfs_t }; files_tmpfs_file(xserver_tmpfs_t) ubac_constrained(xserver_tmpfs_t) @@ -21768,7 +21786,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol + diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.6.1/policy/modules/system/authlogin.te --- nsaserefpolicy/policy/modules/system/authlogin.te 2008-11-11 16:13:48.000000000 -0500 -+++ serefpolicy-3.6.1/policy/modules/system/authlogin.te 2008-11-25 09:45:43.000000000 -0500 ++++ serefpolicy-3.6.1/policy/modules/system/authlogin.te 2008-12-03 18:25:28.000000000 -0500 +@@ -12,7 +12,7 @@ + + type chkpwd_t, can_read_shadow_passwords; + type chkpwd_exec_t; +-typealias chkpwd_t alias { user_chkpwd_t staff_chkpwd_t sysadm_chkpwd_t }; ++typealias chkpwd_t alias { user_chkpwd_t staff_chkpwd_t sysadm_chkpwd_t system_chkpwd_t }; + typealias chkpwd_t alias { auditadm_chkpwd_t secadm_chkpwd_t }; + application_domain(chkpwd_t, chkpwd_exec_t) + role system_r types chkpwd_t; @@ -63,6 +63,9 @@ type utempter_exec_t; application_domain(utempter_t,utempter_exec_t) diff --git a/selinux-policy.spec b/selinux-policy.spec index 10b1803..c3a2432 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -20,7 +20,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.6.1 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -446,7 +446,7 @@ exit 0 %endif %changelog -* Wed Dec 3 2008 Dan Walsh 3.6.1-3 +* Wed Dec 3 2008 Dan Walsh 3.6.1-4 - Cleanup policy * Mon Dec 01 2008 Ignacio Vazquez-Abrams - 3.6.1-2