From fd99b78bbb6bffa1a07c59d7ab2c09a0fe06a72b Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Nov 27 2007 02:49:56 +0000 Subject: - Allow xend to create xend_var_log_t directories - dontaudit setfiles relabel of /proc /sys caused by named-chroot - Add rules for pam_keyinit (setkeycreate, ipc_lock) - Allow mount to read unlabeled directorys for reiserfs --- diff --git a/policy-20070703.patch b/policy-20070703.patch index ea32887..e9c40e7 100644 --- a/policy-20070703.patch +++ b/policy-20070703.patch @@ -14510,7 +14510,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo +/var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.0.8/policy/modules/system/authlogin.if --- nsaserefpolicy/policy/modules/system/authlogin.if 2007-10-22 13:21:39.000000000 -0400 -+++ serefpolicy-3.0.8/policy/modules/system/authlogin.if 2007-11-26 13:41:19.000000000 -0500 ++++ serefpolicy-3.0.8/policy/modules/system/authlogin.if 2007-11-26 16:38:01.000000000 -0500 @@ -26,7 +26,8 @@ type $1_chkpwd_t, can_read_shadow_passwords; application_domain($1_chkpwd_t,chkpwd_exec_t) @@ -14605,7 +14605,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo + userdom_set_rlimitnh($1) + userdom_unlink_unpriv_users_tmp_files($1) -+ userdom_write_unpriv_users_tmp_sockets($1) ++ userdom_unpriv_users_stream_connect($1) + + optional_policy(` + mount_domtrans($1) @@ -17931,7 +17931,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf +/usr/bin/sbcl -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.0.8/policy/modules/system/unconfined.if --- nsaserefpolicy/policy/modules/system/unconfined.if 2007-10-22 13:21:40.000000000 -0400 -+++ serefpolicy-3.0.8/policy/modules/system/unconfined.if 2007-11-16 17:33:54.000000000 -0500 ++++ serefpolicy-3.0.8/policy/modules/system/unconfined.if 2007-11-26 21:45:36.000000000 -0500 @@ -12,14 +12,13 @@ # interface(`unconfined_domain_noaudit',`