diff --git a/policy-F16.patch b/policy-F16.patch index 00ec27c..804f9ff 100644 --- a/policy-F16.patch +++ b/policy-F16.patch @@ -2137,7 +2137,7 @@ index 0000000..bd83148 +## No Interfaces diff --git a/policy/modules/admin/permissivedomains.te b/policy/modules/admin/permissivedomains.te new file mode 100644 -index 0000000..a6bd793 +index 0000000..6fff5ef --- /dev/null +++ b/policy/modules/admin/permissivedomains.te @@ -0,0 +1,27 @@ @@ -2166,7 +2166,7 @@ index 0000000..a6bd793 + type selinux_munin_plugin_t; + ') + -+ permssive selinux_munin_plugin_t; ++ permissive selinux_munin_plugin_t; +') diff --git a/policy/modules/admin/portage.fc b/policy/modules/admin/portage.fc index db46387..b665b08 100644 @@ -55690,7 +55690,7 @@ index 4f94229..f3b89e4 100644 /var/lib/qpidd(/.*)? gen_context(system_u:object_r:qpidd_var_lib_t,s0) diff --git a/policy/modules/services/qpid.if b/policy/modules/services/qpid.if -index 5a9630c..aaaef40 100644 +index 5a9630c..bedca3a 100644 --- a/policy/modules/services/qpid.if +++ b/policy/modules/services/qpid.if @@ -1,4 +1,4 @@ @@ -55881,13 +55881,14 @@ index 5a9630c..aaaef40 100644 # Allow qpidd_t to restart the apache service qpidd_initrc_domtrans($1) -@@ -180,7 +189,45 @@ interface(`qpidd_admin',` +@@ -180,7 +189,46 @@ interface(`qpidd_admin',` role_transition $2 qpidd_initrc_exec_t system_r; allow $2 system_r; - admin_pattern($1, qpidd_var_lib_t) + qpidd_manage_var_run($1) -+ + +- admin_pattern($1, qpidd_var_run_t) + qpidd_manage_var_lib($1) +') + @@ -55921,11 +55922,11 @@ index 5a9630c..aaaef40 100644 +# +interface(`qpidd_rw_shm',` + gen_require(` ++ type qpidd_t; + type qpidd_tmpfs_t; + ') - -- admin_pattern($1, qpidd_var_run_t) -+ qpidd_rw_shm($1) ++ ++ allow $1 qpidd_t:shm rw_shm_perms; + fs_search_tmpfs($1) + manage_files_pattern($1, qpidd_tmpfs_t, qpidd_tmpfs_t) ') @@ -80363,7 +80364,7 @@ index 025348a..c15e57c 100644 +') + diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te -index d88f7c3..b79d72f 100644 +index d88f7c3..a22db33 100644 --- a/policy/modules/system/udev.te +++ b/policy/modules/system/udev.te @@ -17,14 +17,12 @@ init_daemon_domain(udev_t, udev_exec_t) @@ -80497,7 +80498,7 @@ index d88f7c3..b79d72f 100644 # read modules.inputmap: modutils_read_module_deps(udev_t) +modutils_list_module_config(udev_t) -+modutils_read_module_conf(udev_t) ++modutils_read_module_config(udev_t) seutil_read_config(udev_t) seutil_read_default_contexts(udev_t)