From 51155560dcd21d4433703d578b76195b1da0810d Mon Sep 17 00:00:00 2001 From: Miroslav Date: Oct 21 2011 13:53:41 +0000 Subject: - Policy update should not modify local contexts --- diff --git a/policy-F16.patch b/policy-F16.patch index 1d7ce0d..f5e1655 100644 --- a/policy-F16.patch +++ b/policy-F16.patch @@ -322,18 +322,10 @@ index 63ef90e..a535b31 100644 ') diff --git a/policy/modules/admin/alsa.if b/policy/modules/admin/alsa.if -index 1392679..e75873a 100644 +index 1392679..7793407 100644 --- a/policy/modules/admin/alsa.if +++ b/policy/modules/admin/alsa.if -@@ -148,6 +148,7 @@ interface(`alsa_manage_home_files',` - - userdom_search_user_home_dirs($1) - allow $1 alsa_home_t:file manage_file_perms; -+ alsa_filetrans_home_content(unpriv_userdomain) - ') - - ######################################## -@@ -206,3 +207,47 @@ interface(`alsa_read_lib',` +@@ -206,3 +206,47 @@ interface(`alsa_read_lib',` files_search_var_lib($1) read_files_pattern($1, alsa_var_lib_t, alsa_var_lib_t) ') @@ -20678,10 +20670,10 @@ index be4de58..7e8b6ec 100644 init_exec(secadm_t) diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te -index 2be17d2..2c588ca 100644 +index 2be17d2..a1913e8 100644 --- a/policy/modules/roles/staff.te +++ b/policy/modules/roles/staff.te -@@ -8,12 +8,55 @@ policy_module(staff, 2.2.0) +@@ -8,12 +8,59 @@ policy_module(staff, 2.2.0) role staff_r; userdom_unpriv_user_template(staff) @@ -20734,10 +20726,14 @@ index 2be17d2..2c588ca 100644 + abrt_read_cache(staff_t) +') + ++optional_policy(` ++ alsa_filetrans_home_content(staff_t) ++') ++ optional_policy(` apache_role(staff_r, staff_t) ') -@@ -27,19 +70,113 @@ optional_policy(` +@@ -27,19 +74,113 @@ optional_policy(` ') optional_policy(` @@ -20853,7 +20849,7 @@ index 2be17d2..2c588ca 100644 ') optional_policy(` -@@ -48,10 +185,48 @@ optional_policy(` +@@ -48,10 +189,48 @@ optional_policy(` ') optional_policy(` @@ -20902,7 +20898,7 @@ index 2be17d2..2c588ca 100644 xserver_role(staff_r, staff_t) ') -@@ -89,18 +264,10 @@ ifndef(`distro_redhat',` +@@ -89,18 +268,10 @@ ifndef(`distro_redhat',` ') optional_policy(` @@ -20921,7 +20917,7 @@ index 2be17d2..2c588ca 100644 java_role(staff_r, staff_t) ') -@@ -121,10 +288,6 @@ ifndef(`distro_redhat',` +@@ -121,10 +292,6 @@ ifndef(`distro_redhat',` ') optional_policy(` @@ -20932,7 +20928,7 @@ index 2be17d2..2c588ca 100644 pyzor_role(staff_r, staff_t) ') -@@ -137,10 +300,6 @@ ifndef(`distro_redhat',` +@@ -137,10 +304,6 @@ ifndef(`distro_redhat',` ') optional_policy(` @@ -20943,7 +20939,7 @@ index 2be17d2..2c588ca 100644 spamassassin_role(staff_r, staff_t) ') -@@ -172,3 +331,7 @@ ifndef(`distro_redhat',` +@@ -172,3 +335,7 @@ ifndef(`distro_redhat',` wireshark_role(staff_r, staff_t) ') ') @@ -22632,10 +22628,10 @@ index 0000000..50c38f9 +gen_user(unconfined_u, user, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats) + diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te -index e5bfdd4..50e49e6 100644 +index e5bfdd4..59f013e 100644 --- a/policy/modules/roles/unprivuser.te +++ b/policy/modules/roles/unprivuser.te -@@ -12,15 +12,93 @@ role user_r; +@@ -12,15 +12,97 @@ role user_r; userdom_unpriv_user_template(user) @@ -22653,6 +22649,10 @@ index e5bfdd4..50e49e6 100644 + abrt_read_cache(user_t) +') + ++optional_policy(` ++ alsa_filetrans_home_content(user_t) ++') ++ optional_policy(` apache_role(user_r, user_t) ') @@ -22729,7 +22729,7 @@ index e5bfdd4..50e49e6 100644 vlock_run(user_t, user_r) ') -@@ -62,19 +140,11 @@ ifndef(`distro_redhat',` +@@ -62,19 +144,11 @@ ifndef(`distro_redhat',` ') optional_policy(` @@ -22750,7 +22750,7 @@ index e5bfdd4..50e49e6 100644 ') optional_policy(` -@@ -98,10 +168,6 @@ ifndef(`distro_redhat',` +@@ -98,10 +172,6 @@ ifndef(`distro_redhat',` ') optional_policy(` @@ -22761,7 +22761,7 @@ index e5bfdd4..50e49e6 100644 postgresql_role(user_r, user_t) ') -@@ -118,11 +184,7 @@ ifndef(`distro_redhat',` +@@ -118,11 +188,7 @@ ifndef(`distro_redhat',` ') optional_policy(` @@ -22774,7 +22774,7 @@ index e5bfdd4..50e49e6 100644 ') optional_policy(` -@@ -157,3 +219,4 @@ ifndef(`distro_redhat',` +@@ -157,3 +223,4 @@ ifndef(`distro_redhat',` wireshark_role(user_r, user_t) ') ')