From ae5733a49e6b577280534adecff4fb6cee15d9d0 Mon Sep 17 00:00:00 2001 From: Lukas Vrabec Date: Feb 05 2015 11:12:00 +0000 Subject: * Thu Feb 05 2015 Lukas Vrabec 3.13.1-110 - Allow cockpit_session_t to create tmp files - apmd needs sys_resource when shutting down the machine - Fix path label to resolv.conf under NetworkManager --- diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch index 94d6196..d332224 100644 --- a/policy-rawhide-contrib.patch +++ b/policy-rawhide-contrib.patch @@ -7799,10 +7799,10 @@ index 1a7a97e..2c7252a 100644 domain_system_change_exemption($1) role_transition $2 apmd_initrc_exec_t system_r; diff --git a/apm.te b/apm.te -index 7fd431b..e05b2d4 100644 +index 7fd431b..5ce1846 100644 --- a/apm.te +++ b/apm.te -@@ -35,6 +35,9 @@ files_type(apmd_var_lib_t) +@@ -35,12 +35,15 @@ files_type(apmd_var_lib_t) type apmd_var_run_t; files_pid_file(apmd_var_run_t) @@ -7812,6 +7812,13 @@ index 7fd431b..e05b2d4 100644 ######################################## # # Client local policy + # + +-allow apm_t self:capability { dac_override sys_admin }; ++allow apm_t self:capability { dac_override sys_admin sys_resource }; + + kernel_read_system_state(apm_t) + @@ -48,7 +51,7 @@ dev_rw_apm_bios(apm_t) fs_getattr_xattr_fs(apm_t) @@ -14201,10 +14208,10 @@ index 0000000..a8a678a +') diff --git a/cockpit.te b/cockpit.te new file mode 100644 -index 0000000..4d89495 +index 0000000..4ae76c5 --- /dev/null +++ b/cockpit.te -@@ -0,0 +1,98 @@ +@@ -0,0 +1,102 @@ +policy_module(cockpit, 1.0.0) + +######################################## @@ -14289,6 +14296,10 @@ index 0000000..4d89495 +allow cockpit_session_t self:capability { sys_admin dac_override setuid setgid }; +allow cockpit_session_t self:process { setexec setsched signal_perms }; + ++manage_dirs_pattern(cockpit_session_t, cockpit_tmp_t, cockpit_tmp_t) ++manage_files_pattern(cockpit_session_t, cockpit_tmp_t, cockpit_tmp_t) ++files_tmp_filetrans(cockpit_session_t, cockpit_tmp_t, { dir file }) ++ +# cockpit-session runs a full pam stack, including pam_selinux.so +auth_login_pgm_domain(cockpit_session_t) +auth_write_login_records(cockpit_session_t) diff --git a/selinux-policy.spec b/selinux-policy.spec index fa8c807..dcb4d60 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -19,7 +19,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.13.1 -Release: 109%{?dist} +Release: 110%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -605,6 +605,11 @@ SELinux Reference policy mls base module. %endif %changelog +* Thu Feb 05 2015 Lukas Vrabec 3.13.1-110 +- Allow cockpit_session_t to create tmp files +- apmd needs sys_resource when shutting down the machine +- Fix path label to resolv.conf under NetworkManager + * Wed Feb 04 2015 Lukas Vrabec 3.13.1-109 - Allow search all pid dirs when managing net_conf_t files.