From 2e9a8db5771a34c5a8af3a6c4dd69822998e2164 Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Apr 08 2014 06:49:42 +0000 Subject: Update user_tmp patches --- diff --git a/policy-rawhide-base-user_tmp.patch b/policy-rawhide-base-user_tmp.patch index a7f20f6..477a847 100644 --- a/policy-rawhide-base-user_tmp.patch +++ b/policy-rawhide-base-user_tmp.patch @@ -12,7 +12,7 @@ index 32514ee..91a6a37 100644 userdom_dontaudit_search_user_home_dirs(bootloader_t) diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if -index ae94e80..4d3b6b0 100644 +index 337a00e..87c6145 100644 --- a/policy/modules/kernel/files.if +++ b/policy/modules/kernel/files.if @@ -5199,6 +5199,7 @@ interface(`files_search_tmp',` @@ -357,7 +357,7 @@ index bf98136..2469c27 100644 ######################################## diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te -index 2a244f6..2f471b4 100644 +index f0e5cc0..e3f28af 100644 --- a/policy/modules/services/xserver.te +++ b/policy/modules/services/xserver.te @@ -231,12 +231,6 @@ files_type(xserver_var_lib_t) @@ -408,7 +408,7 @@ index 2a244f6..2f471b4 100644 #userdom_home_manager(xdm_t) tunable_policy(`xdm_write_home',` -@@ -1347,9 +1335,8 @@ dontaudit xserver_t xdm_var_lib_t:dir search_dir_perms; +@@ -1349,9 +1337,8 @@ dontaudit xserver_t xdm_var_lib_t:dir search_dir_perms; read_files_pattern(xserver_t, xdm_var_run_t, xdm_var_run_t) # Label pid and temporary files with derived types. @@ -420,7 +420,7 @@ index 2a244f6..2f471b4 100644 # Run xkbcomp. allow xserver_t xkb_var_lib_t:lnk_file read_lnk_file_perms; -@@ -1589,7 +1576,6 @@ manage_files_pattern(x_userdomain, user_fonts_cache_t, user_fonts_cache_t) +@@ -1591,7 +1578,6 @@ manage_files_pattern(x_userdomain, user_fonts_cache_t, user_fonts_cache_t) stream_connect_pattern(x_userdomain, xserver_tmp_t, xserver_tmp_t, xserver_t) allow x_userdomain xserver_tmp_t:sock_file delete_sock_file_perms; @@ -428,7 +428,7 @@ index 2a244f6..2f471b4 100644 files_search_tmp(x_userdomain) # Communicate via System V shared memory. -@@ -1616,10 +1602,9 @@ allow x_userdomain xauth_home_t:file read_file_perms; +@@ -1618,10 +1604,9 @@ allow x_userdomain xauth_home_t:file read_file_perms; # for when /tmp/.X11-unix is created by the system allow x_userdomain xdm_t:fd use; allow x_userdomain xdm_t:fifo_file rw_inherited_fifo_file_perms; @@ -442,10 +442,10 @@ index 2a244f6..2f471b4 100644 allow x_userdomain xdm_t:dbus send_msg; allow xdm_t x_userdomain:dbus send_msg; diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te -index cdc1c76..b446ca4 100644 +index 1259fbd..5e66714 100644 --- a/policy/modules/system/logging.te +++ b/policy/modules/system/logging.te -@@ -552,7 +552,7 @@ logging_manage_all_logs(syslogd_t) +@@ -553,7 +553,7 @@ logging_manage_all_logs(syslogd_t) userdom_dontaudit_use_unpriv_user_fds(syslogd_t) userdom_search_user_home_dirs(syslogd_t) @@ -468,10 +468,10 @@ index 00b82b3..9933cad 100644 domain_use_interactive_fds(mount_ecryptfs_t) diff --git a/policy/modules/system/userdomain.fc b/policy/modules/system/userdomain.fc -index e4eb903..7ef6be3 100644 +index 4ca3a28..8f5380f 100644 --- a/policy/modules/system/userdomain.fc +++ b/policy/modules/system/userdomain.fc -@@ -21,4 +21,10 @@ HOME_DIR/\.texlive2012(/.*)? gen_context(system_u:object_r:texlive_home_t,s0) +@@ -21,6 +21,12 @@ HOME_DIR/\.texlive2012(/.*)? gen_context(system_u:object_r:texlive_home_t,s0) HOME_DIR/\.texlive2013(/.*)? gen_context(system_u:object_r:texlive_home_t,s0) HOME_DIR/\.texlive2014(/.*)? gen_context(system_u:object_r:texlive_home_t,s0) @@ -482,8 +482,10 @@ index e4eb903..7ef6be3 100644 + + /var/run/user(/.*)? gen_context(system_u:object_r:user_tmp_t,s0) + + /tmp/hsperfdata_root gen_context(system_u:object_r:user_tmp_t,s0) diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if -index b921b57..38df377 100644 +index 102478f..4f42aa5 100644 --- a/policy/modules/system/userdomain.if +++ b/policy/modules/system/userdomain.if @@ -420,6 +420,7 @@ interface(`userdom_manage_tmp_role',` @@ -713,7 +715,7 @@ index b921b57..38df377 100644 ######################################## ## -@@ -3352,12 +3440,8 @@ interface(`userdom_tmp_filetrans_user_tmp',` +@@ -3372,12 +3460,8 @@ interface(`userdom_tmp_filetrans_user_tmp',` ## # interface(`userdom_getattr_user_tmpfs_files',` @@ -728,7 +730,7 @@ index b921b57..38df377 100644 ') ######################################## -@@ -3371,14 +3455,8 @@ interface(`userdom_getattr_user_tmpfs_files',` +@@ -3391,14 +3475,8 @@ interface(`userdom_getattr_user_tmpfs_files',` ## # interface(`userdom_read_user_tmpfs_files',` @@ -745,7 +747,7 @@ index b921b57..38df377 100644 ') ######################################## -@@ -3392,14 +3470,8 @@ interface(`userdom_read_user_tmpfs_files',` +@@ -3412,14 +3490,8 @@ interface(`userdom_read_user_tmpfs_files',` ## # interface(`userdom_rw_user_tmpfs_files',` @@ -762,7 +764,7 @@ index b921b57..38df377 100644 ') ######################################## -@@ -3413,11 +3485,8 @@ interface(`userdom_rw_user_tmpfs_files',` +@@ -3433,11 +3505,8 @@ interface(`userdom_rw_user_tmpfs_files',` ## # interface(`userdom_rw_inherited_user_tmpfs_files',` @@ -776,7 +778,7 @@ index b921b57..38df377 100644 ') ######################################## -@@ -3431,11 +3500,26 @@ interface(`userdom_rw_inherited_user_tmpfs_files',` +@@ -3451,11 +3520,26 @@ interface(`userdom_rw_inherited_user_tmpfs_files',` ## # interface(`userdom_execute_user_tmpfs_files',` @@ -805,7 +807,7 @@ index b921b57..38df377 100644 ') ######################################## -@@ -5188,16 +5272,8 @@ interface(`userdom_list_all_user_tmp_content',` +@@ -5208,16 +5292,8 @@ interface(`userdom_list_all_user_tmp_content',` ## # interface(`userdom_manage_all_user_tmpfs_content',` @@ -824,7 +826,7 @@ index b921b57..38df377 100644 ') ######################################## -@@ -5411,11 +5487,8 @@ interface(`userdom_dontaudit_setattr_user_tmp',` +@@ -5431,11 +5507,8 @@ interface(`userdom_dontaudit_setattr_user_tmp',` ## # interface(`userdom_dontaudit_setattr_user_tmpfs',` @@ -838,7 +840,7 @@ index b921b57..38df377 100644 ') ######################################## -@@ -5519,11 +5592,8 @@ interface(`userdom_delete_user_tmp_files',` +@@ -5539,11 +5612,8 @@ interface(`userdom_delete_user_tmp_files',` ## # interface(`userdom_delete_user_tmpfs_files',`