From 7c5be13cf34b2ed78c4d937ed474535ea415453a Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Apr 24 2013 13:30:03 +0000 Subject: - Add filetrans rules for tw devices - Cleanup bad transition lines --- diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch index 4e0fbde..926bff0 100644 --- a/policy-rawhide-base.patch +++ b/policy-rawhide-base.patch @@ -16759,7 +16759,7 @@ index 54f1827..409df4f 100644 +/usr/lib/udev/devices/loop.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) +/usr/lib/udev/devices/fuse -c gen_context(system_u:object_r:fuse_device_t,s0) diff --git a/policy/modules/kernel/storage.if b/policy/modules/kernel/storage.if -index 1700ef2..6fb69e7 100644 +index 1700ef2..f8f6456 100644 --- a/policy/modules/kernel/storage.if +++ b/policy/modules/kernel/storage.if @@ -22,6 +22,26 @@ interface(`storage_getattr_fixed_disk_dev',` @@ -16880,7 +16880,7 @@ index 1700ef2..6fb69e7 100644 ######################################## ## ## Allow the caller to directly read -@@ -808,3 +891,369 @@ interface(`storage_unconfined',` +@@ -808,3 +891,400 @@ interface(`storage_unconfined',` typeattribute $1 storage_unconfined_type; ') @@ -17249,6 +17249,37 @@ index 1700ef2..6fb69e7 100644 + dev_filetrans($1, fixed_disk_device_t, chr_file, "raw8") + dev_filetrans($1, fixed_disk_device_t, chr_file, "raw9") + dev_filetrans($1, removable_device_t, chr_file, "rio500") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "tw0") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "tw1") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "tw2") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "tw3") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "tw4") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "tw5") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "tw6") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "tw7") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "tw8") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "tw9") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "twa0") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "twa1") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "twa2") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "twa3") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "twa4") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "twa5") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "twa6") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "twa7") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "twa8") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "twa9") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "twa10") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "twa11") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "twa12") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "twa13") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "twa14") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "twa15") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "twa16") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "twa17") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "twa18") ++ dev_filetrans($1, fixed_disk_device_t, chr_file, "twa19") ++ +') diff --git a/policy/modules/kernel/terminal.fc b/policy/modules/kernel/terminal.fc index 7d45d15..22c9cfe 100644 diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch index cc76d7e..8043880 100644 --- a/policy-rawhide-contrib.patch +++ b/policy-rawhide-contrib.patch @@ -16253,7 +16253,7 @@ index 06da9a0..ca832e1 100644 + ps_process_pattern($1, cupsd_t) ') diff --git a/cups.te b/cups.te -index 9f34c2e..fb69e2c 100644 +index 9f34c2e..6264572 100644 --- a/cups.te +++ b/cups.te @@ -5,19 +5,24 @@ policy_module(cups, 1.15.9) @@ -16710,7 +16710,7 @@ index 9f34c2e..fb69e2c 100644 allow cups_pdf_t self:unix_stream_socket create_stream_socket_perms; append_files_pattern(cups_pdf_t, cupsd_log_t, cupsd_log_t) -@@ -562,17 +569,8 @@ fs_search_auto_mountpoints(cups_pdf_t) +@@ -562,148 +569,23 @@ fs_search_auto_mountpoints(cups_pdf_t) kernel_read_system_state(cups_pdf_t) @@ -16727,8 +16727,11 @@ index 9f34c2e..fb69e2c 100644 - userdom_manage_user_home_content_dirs(cups_pdf_t) userdom_manage_user_home_content_files(cups_pdf_t) - userdom_home_filetrans_user_home_dir(cups_pdf_t) -@@ -582,128 +580,12 @@ tunable_policy(`use_nfs_home_dirs',` +-userdom_home_filetrans_user_home_dir(cups_pdf_t) ++userdom_filetrans_home_content(cups_pdf_t) + + tunable_policy(`use_nfs_home_dirs',` + fs_manage_nfs_dirs(cups_pdf_t) fs_manage_nfs_files(cups_pdf_t) ') @@ -55124,7 +55127,7 @@ index 2e23946..589bbf2 100644 + postfix_config_filetrans($1, postfix_prng_t, file, "prng_exch") ') diff --git a/postfix.te b/postfix.te -index 191a66f..7bb7d5b 100644 +index 191a66f..fa32037 100644 --- a/postfix.te +++ b/postfix.te @@ -1,4 +1,4 @@ @@ -55933,7 +55936,7 @@ index 191a66f..7bb7d5b 100644 ') optional_policy(` -@@ -764,31 +707,100 @@ optional_policy(` +@@ -764,31 +707,99 @@ optional_policy(` sasl_connect(postfix_smtpd_t) ') @@ -55969,9 +55972,9 @@ index 191a66f..7bb7d5b 100644 userdom_manage_user_home_dirs(postfix_virtual_t) -userdom_manage_user_home_content_dirs(postfix_virtual_t) -userdom_manage_user_home_content_files(postfix_virtual_t) -+userdom_manage_user_home_content(postfix_virtual_t) - userdom_home_filetrans_user_home_dir(postfix_virtual_t) +-userdom_home_filetrans_user_home_dir(postfix_virtual_t) -userdom_user_home_dir_filetrans_user_home_content(postfix_virtual_t, { file dir }) ++userdom_manage_user_home_content(postfix_virtual_t) +userdom_filetrans_home_content(postfix_virtual_t) + +######################################## diff --git a/selinux-policy.spec b/selinux-policy.spec index e7cdbae..ef221a2 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -19,7 +19,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.12.1 -Release: 35%{?dist} +Release: 36%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -530,6 +530,10 @@ SELinux Reference policy mls base module. %endif %changelog +* Wed Apr 24 2013 Miroslav Grepl 3.12.1-36 +- Add filetrans rules for tw devices +- Cleanup bad transition lines + * Tue Apr 23 2013 Miroslav Grepl 3.12.1-35 - Fix lockdev_manage_files() - Allow setroubleshootd to read var_lib_t to make email_alert working