From ecc98e19e3a415358584dae9e6498871ab46bb09 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Mar 01 2007 15:43:39 +0000 Subject: patches for file contexts in networkmanager, miscfiles, corecommands, devices, and java from Dan Walsh. --- diff --git a/Changelog b/Changelog index cf6533e..90fed4b 100644 --- a/Changelog +++ b/Changelog @@ -1,7 +1,8 @@ - Patch for kerberized telnet fixes from Dan Walsh. - Patch for kerberized ftp and other ftp fixes from Dan Walsh. - Patch for an additional wine executable from Dan Walsh. -- Patch for additional games file contexts from Dan Walsh. +- Eight patches for file contexts in games, wine, networkmanager, miscfiles, + corecommands, devices, and java from Dan Walsh. - Add support for libselinux 2.0.5 init_selinuxmnt() changes. - Patch for misc fixes to bluetooth from Dan Walsh. - Patch for misc fixes to kerberos from Dan Walsh. diff --git a/policy/modules/apps/java.fc b/policy/modules/apps/java.fc index d866fed..22b1a6e 100644 --- a/policy/modules/apps/java.fc +++ b/policy/modules/apps/java.fc @@ -3,6 +3,8 @@ # /opt/(.*/)?bin/java[^/]* -- gen_context(system_u:object_r:java_exec_t,s0) /opt/ibm/java2-ppc64-50/jre/(bin|javaws)(/.*)? -- gen_context(system_u:object_r:java_exec_t,s0) +/opt/local/matlab/bin/(.*/)?MATLAB. -- gen_context(system_u:object_r:java_exec_t,s0) +/opt/matlab/bin/(.*/)?MATLAB. -- gen_context(system_u:object_r:java_exec_t,s0) # # /usr @@ -18,3 +20,5 @@ /usr/bin/grmic -- gen_context(system_u:object_r:java_exec_t,s0) /usr/bin/grmiregistry -- gen_context(system_u:object_r:java_exec_t,s0) /usr/bin/jv-convert -- gen_context(system_u:object_r:java_exec_t,s0) +/usr/local/matlab/bin/(.*/)?MATLAB. -- gen_context(system_u:object_r:java_exec_t,s0) +/usr/matlab/bin/(.*/)?MATLAB. -- gen_context(system_u:object_r:java_exec_t,s0) diff --git a/policy/modules/apps/java.te b/policy/modules/apps/java.te index 51eb769..bb18d37 100644 --- a/policy/modules/apps/java.te +++ b/policy/modules/apps/java.te @@ -1,5 +1,5 @@ -policy_module(java,1.3.2) +policy_module(java,1.3.3) ######################################## # diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc index 74234f1..e112a5d 100644 --- a/policy/modules/kernel/corecommands.fc +++ b/policy/modules/kernel/corecommands.fc @@ -53,6 +53,8 @@ ifdef(`distro_redhat',` /etc/rc\.d/init\.d/functions -- gen_context(system_u:object_r:bin_t,s0) +/etc/security/namespace.init -- gen_context(system_u:object_r:bin_t,s0) + /etc/sysconfig/network-scripts/ifup-.* -- gen_context(system_u:object_r:bin_t,s0) /etc/sysconfig/network-scripts/ifup-.* -l gen_context(system_u:object_r:bin_t,s0) /etc/sysconfig/network-scripts/ifdown-.* -- gen_context(system_u:object_r:bin_t,s0) @@ -73,7 +75,6 @@ ifdef(`distro_debian',` ifdef(`targeted_policy',` /etc/X11/prefdm -- gen_context(system_u:object_r:bin_t,s0) -/usr/games/nethack-3.4.3/nethack -- gen_context(system_u:object_r:bin_t,s0) ') # @@ -188,6 +189,7 @@ ifdef(`distro_gentoo', ` ifdef(`distro_redhat', ` /usr/lib/.*/program(/.*)? gen_context(system_u:object_r:bin_t,s0) +/usr/lib/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0) /usr/share/authconfig/authconfig-gtk\.py -- gen_context(system_u:object_r:bin_t,s0) /usr/share/authconfig/authconfig-tui\.py -- gen_context(system_u:object_r:bin_t,s0) /usr/share/authconfig/authconfig.py -- gen_context(system_u:object_r:bin_t,s0) diff --git a/policy/modules/kernel/corecommands.te b/policy/modules/kernel/corecommands.te index 007d955..1c797f4 100644 --- a/policy/modules/kernel/corecommands.te +++ b/policy/modules/kernel/corecommands.te @@ -1,5 +1,5 @@ -policy_module(corecommands,1.5.1) +policy_module(corecommands,1.5.2) ######################################## # diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc index 428331c..e0ef469 100644 --- a/policy/modules/kernel/devices.fc +++ b/policy/modules/kernel/devices.fc @@ -30,6 +30,7 @@ /dev/kmsg -c gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh) /dev/logibm -c gen_context(system_u:object_r:mouse_device_t,s0) /dev/lp.* -c gen_context(system_u:object_r:printer_device_t,s0) +/dev/mcelog -c gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh) /dev/mem -c gen_context(system_u:object_r:memory_device_t,mls_systemhigh) /dev/mice -c gen_context(system_u:object_r:mouse_device_t,s0) /dev/microcode -c gen_context(system_u:object_r:cpu_device_t,s0) @@ -40,6 +41,7 @@ /dev/null -c gen_context(system_u:object_r:null_device_t,s0) /dev/nvidia.* -c gen_context(system_u:object_r:xserver_misc_device_t,s0) /dev/nvram -c gen_context(system_u:object_r:nvram_device_t,mls_systemhigh) +/dev/oldmem -c gen_context(system_u:object_r:memory_device_t,mls_systemhigh) /dev/par.* -c gen_context(system_u:object_r:printer_device_t,s0) /dev/patmgr[01] -c gen_context(system_u:object_r:sound_device_t,s0) /dev/pmu -c gen_context(system_u:object_r:power_device_t,s0) @@ -58,6 +60,7 @@ /dev/srnd[0-7] -c gen_context(system_u:object_r:sound_device_t,s0) /dev/snapshot -c gen_context(system_u:object_r:apm_bios_t,s0) /dev/sndstat -c gen_context(system_u:object_r:sound_device_t,s0) +/dev/sonypi -c gen_context(system_u:object_r:v4l_device_t,s0) /dev/tlk[0-3] -c gen_context(system_u:object_r:v4l_device_t,s0) /dev/urandom -c gen_context(system_u:object_r:urandom_device_t,s0) /dev/usbdev.* -c gen_context(system_u:object_r:usb_device_t,s0) diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te index 4f16958..ff6b4ce 100644 --- a/policy/modules/kernel/devices.te +++ b/policy/modules/kernel/devices.te @@ -1,5 +1,5 @@ -policy_module(devices,1.3.0) +policy_module(devices,1.3.1) ######################################## # diff --git a/policy/modules/services/networkmanager.fc b/policy/modules/services/networkmanager.fc index a1b3e62..12e9bf2 100644 --- a/policy/modules/services/networkmanager.fc +++ b/policy/modules/services/networkmanager.fc @@ -3,4 +3,4 @@ /var/run/NetworkManager\.pid -- gen_context(system_u:object_r:NetworkManager_var_run_t,s0) /var/run/NetworkManager(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0) /var/run/wpa_supplicant(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0) -/var/run/wpa_supplicant-global -- gen_context(system_u:object_r:NetworkManager_var_run_t,s0) +/var/run/wpa_supplicant-global -s gen_context(system_u:object_r:NetworkManager_var_run_t,s0) diff --git a/policy/modules/services/networkmanager.te b/policy/modules/services/networkmanager.te index 7722bc2..78f407a 100644 --- a/policy/modules/services/networkmanager.te +++ b/policy/modules/services/networkmanager.te @@ -1,5 +1,5 @@ -policy_module(networkmanager,1.5.1) +policy_module(networkmanager,1.5.2) ######################################## # diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc index f7e2c00..ed4e2f0 100644 --- a/policy/modules/system/libraries.fc +++ b/policy/modules/system/libraries.fc @@ -74,11 +74,12 @@ ifdef(`distro_gentoo',` /opt/(.*/)?lib64(/.*)? gen_context(system_u:object_r:lib_t,s0) /opt/(.*/)?lib64/.+\.so -- gen_context(system_u:object_r:shlib_t,s0) /opt/(.*/)?lib64/.+\.so\.[^/]* -- gen_context(system_u:object_r:shlib_t,s0) +/opt/(.*/)?java/.+\.jar -- gen_context(system_u:object_r:shlib_t,s0) /opt/(.*/)?jre.*/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/opt/(.*/)?jre/.+\.jar -- gen_context(system_u:object_r:shlib_t,s0) /opt/cisco-vpnclient/lib/libvpnapi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /opt/netbeans(.*/)?jdk.*/linux/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/opt/(.*/)?java/.+\.jar -- gen_context(system_u:object_r:shlib_t,s0) -/opt/(.*/)?jre/.+\.jar -- gen_context(system_u:object_r:shlib_t,s0) +/opt/cxoffice/lib/wine/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /opt/ibm/java2-ppc64-50/jre/bin/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) ifdef(`distro_gentoo',` @@ -276,7 +277,10 @@ HOME_DIR/.*/plugins/nprhapengine\.so.* -- gen_context(system_u:object_r:textrel_ /usr/(local/)?acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/(local/)?Adobe/.*\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/(local/)?lib/xchat/plugins/systray.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/usr/local/matlab.*/bin/glnx86/libmwlapack\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/(local/)?matlab.*/bin/glnx86/libmwlapack\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/(local/)?matlab.*/bin/glnx86/(libmw(lapack|mathutil|services)|lapack|libmkl).so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/(local/)?matlab.*/sys/os/glnx86/libtermcap.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) + /usr/(.*/)?intellinux/SPPlugins/ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/acroread/(.*/)?sidecars/* -- gen_context(system_u:object_r:textrel_shlib_t,s0) diff --git a/policy/modules/system/libraries.te b/policy/modules/system/libraries.te index 3d763c7..1ce3bba 100644 --- a/policy/modules/system/libraries.te +++ b/policy/modules/system/libraries.te @@ -1,5 +1,5 @@ -policy_module(libraries,1.5.1) +policy_module(libraries,1.5.2) ######################################## # diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc index 91e6fc8..0c142e4 100644 --- a/policy/modules/system/miscfiles.fc +++ b/policy/modules/system/miscfiles.fc @@ -74,3 +74,8 @@ ifdef(`distro_debian',` /var/lib/msttcorefonts(/.*)? gen_context(system_u:object_r:fonts_t,s0) /var/lib/usbutils(/.*)? gen_context(system_u:object_r:hwdata_t,s0) ') + +ifdef(`distro_redhat',` +/var/empty/sshd/etc/localtime -- gen_context(system_u:object_r:locale_t,s0) +/var/spool/postfix/etc/localtime -- gen_context(system_u:object_r:locale_t,s0) +') diff --git a/policy/modules/system/miscfiles.te b/policy/modules/system/miscfiles.te index afd7d9a..dccfd09 100644 --- a/policy/modules/system/miscfiles.te +++ b/policy/modules/system/miscfiles.te @@ -1,5 +1,5 @@ -policy_module(miscfiles,1.2.1) +policy_module(miscfiles,1.2.2) ######################################## #