diff --git a/policy-20080710.patch b/policy-20080710.patch index e4e87bc..b1074da 100644 --- a/policy-20080710.patch +++ b/policy-20080710.patch @@ -378,6 +378,29 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol + xserver_unconfined(firstboot_t) ') -') dnl end TODO +diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.5.5/policy/modules/admin/kismet.te +--- nsaserefpolicy/policy/modules/admin/kismet.te 2008-08-07 11:15:13.000000000 -0400 ++++ serefpolicy-3.5.5/policy/modules/admin/kismet.te 2008-08-29 16:38:04.000000000 -0400 +@@ -26,7 +26,10 @@ + # + + allow kismet_t self:capability { net_admin net_raw setuid setgid }; ++allow kismet_t self:fifo_file rw_file_perms; + allow kismet_t self:packet_socket create_socket_perms; ++allow kismet_t self:unix_dgram_socket create_socket_perms; ++allow kismet_t self:unix_stream_socket create_stream_socket_perms; + + manage_files_pattern(kismet_t, kismet_log_t, kismet_log_t) + allow kismet_t kismet_log_t:dir setattr; +@@ -42,6 +45,8 @@ + + corecmd_exec_bin(kismet_t) + ++kernel_search_debugfs(kismet_t) ++ + auth_use_nsswitch(kismet_t) + + files_read_etc_files(kismet_t) diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-3.5.5/policy/modules/admin/kudzu.te --- nsaserefpolicy/policy/modules/admin/kudzu.te 2008-08-14 13:08:27.000000000 -0400 +++ serefpolicy-3.5.5/policy/modules/admin/kudzu.te 2008-08-25 10:50:15.000000000 -0400 @@ -20593,7 +20616,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ## diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.5.5/policy/modules/services/postfix.te --- nsaserefpolicy/policy/modules/services/postfix.te 2008-08-07 11:15:11.000000000 -0400 -+++ serefpolicy-3.5.5/policy/modules/services/postfix.te 2008-08-29 15:43:57.000000000 -0400 ++++ serefpolicy-3.5.5/policy/modules/services/postfix.te 2008-08-29 16:32:25.000000000 -0400 @@ -6,6 +6,14 @@ # Declarations # @@ -30027,13 +30050,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol +/etc/rc\.d/init\.d/auditd -- gen_context(system_u:object_r:auditd_script_exec_t,s0) diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.5.5/policy/modules/system/logging.if --- nsaserefpolicy/policy/modules/system/logging.if 2008-08-25 09:12:31.000000000 -0400 -+++ serefpolicy-3.5.5/policy/modules/system/logging.if 2008-08-29 16:22:26.000000000 -0400 ++++ serefpolicy-3.5.5/policy/modules/system/logging.if 2008-08-29 16:48:08.000000000 -0400 @@ -281,7 +281,7 @@ role system_r types $1; domtrans_pattern(audisp_t, $2, $1) - allow $1 audisp_t:process signal; -+ allow audisp_t $1:process { sigkill sigstop signull signal } ++ allow audisp_t $1:process { sigkill sigstop signull signal }; allow audisp_t $2:file getattr; allow $1 audisp_t:unix_stream_socket rw_socket_perms; diff --git a/selinux-policy.spec b/selinux-policy.spec index 58c87d9..adac314 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.5.5 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -380,6 +380,9 @@ exit 0 %endif %changelog +* Fri Aug 29 2008 Dan Walsh 3.5.5-3 +- Allow audit dispatcher to kill his children + * Tue Aug 26 2008 Dan Walsh 3.5.5-2 - Update to upstream - Fix crontab use by unconfined user