From e63850762ffc4186921d983c2c086b9191f18325 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sep 11 2007 19:14:45 +0000 Subject: - Allow modprobe to setsched on kernel --- diff --git a/policy-20070501.patch b/policy-20070501.patch index ae136a9..9c51e29 100644 --- a/policy-20070501.patch +++ b/policy-20070501.patch @@ -281,7 +281,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda. + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-2.6.4/policy/modules/admin/amanda.te --- nsaserefpolicy/policy/modules/admin/amanda.te 2007-05-07 14:51:05.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/admin/amanda.te 2007-09-11 09:15:03.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/admin/amanda.te 2007-09-11 15:13:25.000000000 -0400 @@ -1,5 +1,5 @@ -policy_module(amanda,1.5.0) @@ -346,17 +346,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda. kernel_read_system_state(amanda_t) kernel_read_kernel_sysctls(amanda_t) kernel_dontaudit_getattr_unlabeled_files(amanda_t) -@@ -113,7 +117,8 @@ +@@ -113,7 +117,7 @@ # Added for targeted policy term_use_unallocated_ttys(amanda_t) -corenet_non_ipsec_sendrecv(amanda_t) +corenet_all_recvfrom_unlabeled(amanda_t) -+corenet_all_recvfrom_netlabel(amanda_t) corenet_tcp_sendrecv_all_if(amanda_t) corenet_udp_sendrecv_all_if(amanda_t) corenet_raw_sendrecv_all_if(amanda_t) -@@ -150,8 +155,6 @@ +@@ -150,8 +154,6 @@ libs_use_ld_so(amanda_t) libs_use_shared_libs(amanda_t) @@ -365,7 +364,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda. optional_policy(` auth_read_shadow(amanda_t) ') -@@ -160,14 +163,6 @@ +@@ -160,14 +162,6 @@ logging_send_syslog_msg(amanda_t) ') @@ -380,7 +379,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda. ######################################## # # Amanda recover local policy -@@ -197,10 +192,13 @@ +@@ -197,10 +191,12 @@ manage_sock_files_pattern(amanda_recover_t,amanda_tmp_t,amanda_tmp_t) files_tmp_filetrans(amanda_recover_t,amanda_tmp_t,{ dir file lnk_file sock_file fifo_file }) @@ -391,11 +390,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda. -corenet_non_ipsec_sendrecv(amanda_recover_t) +corenet_all_recvfrom_unlabeled(amanda_recover_t) -+corenet_all_recvfrom_netlabel(amanda_recover_t) corenet_tcp_sendrecv_all_if(amanda_recover_t) corenet_udp_sendrecv_all_if(amanda_recover_t) corenet_tcp_sendrecv_all_nodes(amanda_recover_t) -@@ -232,14 +230,4 @@ +@@ -232,14 +228,4 @@ miscfiles_read_localization(amanda_recover_t) @@ -5256,8 +5254,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp. tunable_policy(`ftp_home_dir && use_nfs_home_dirs',` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-2.6.4/policy/modules/services/hal.fc --- nsaserefpolicy/policy/modules/services/hal.fc 2007-05-07 14:51:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/hal.fc 2007-08-07 09:42:35.000000000 -0400 -@@ -2,15 +2,20 @@ ++++ serefpolicy-2.6.4/policy/modules/services/hal.fc 2007-09-11 15:14:23.000000000 -0400 +@@ -2,15 +2,22 @@ /etc/hal/device\.d/printer_remove\.hal -- gen_context(system_u:object_r:hald_exec_t,s0) /etc/hal/capability\.d/printer_update\.hal -- gen_context(system_u:object_r:hald_exec_t,s0) @@ -5283,6 +5281,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal. + +/var/log/pm-suspend.log gen_context(system_u:object_r:hald_log_t,s0) + ++/var/run/pm(/.*)? gen_context(system_u:object_r:hald_var_run_t,s0) ++/var/log/pm(/.*)? gen_context(system_u:object_r:hald_log_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-2.6.4/policy/modules/services/hal.if --- nsaserefpolicy/policy/modules/services/hal.if 2007-05-07 14:51:01.000000000 -0400 +++ serefpolicy-2.6.4/policy/modules/services/hal.if 2007-08-07 09:42:35.000000000 -0400