rpms/selinux-policy/F-7 policy-20070501.patch,1.64,1.65
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Tue Oct 9 21:10:17 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18848
Modified Files:
policy-20070501.patch
Log Message:
* Mon Oct 8 2007 Dan Walsh <dwalsh at redhat.com> 2.6.4-48
- Allow rsync to backup all files on a system via a boolean
policy-20070501.patch:
Index: policy-20070501.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-7/policy-20070501.patch,v
retrieving revision 1.64
retrieving revision 1.65
diff -u -r1.64 -r1.65
--- policy-20070501.patch 9 Oct 2007 20:56:30 -0000 1.64
+++ policy-20070501.patch 9 Oct 2007 21:09:45 -0000 1.65
@@ -13040,7 +13040,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.6.4/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/unconfined.if 2007-08-07 09:42:35.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/unconfined.if 2007-10-09 17:07:01.000000000 -0400
@@ -18,7 +18,7 @@
')
@@ -13084,7 +13084,7 @@
nscd_unconfined($1)
')
-@@ -556,3 +559,39 @@
+@@ -556,3 +559,57 @@
allow $1 unconfined_t:dbus acquire_svc;
')
@@ -13124,6 +13124,24 @@
+
+ allow $1 unconfined_tmp_t:file { getattr write append };
+')
++
++########################################
++## <summary>
++## Allow apps to set rlimits on userdomain
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`unconfined_set_rlimitnh',`
++ gen_require(`
++ type unconfined_t;
++ ')
++
++ allow $1 unconfined_t:process rlimitinh;
++')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.6.4/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2007-05-07 14:51:02.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/system/unconfined.te 2007-10-01 16:12:39.000000000 -0400
@@ -13229,7 +13247,7 @@
init_dbus_chat_script(unconfined_execmem_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.6.4/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/userdomain.if 2007-08-07 09:42:35.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/userdomain.if 2007-10-09 17:05:07.000000000 -0400
@@ -114,6 +114,22 @@
# Allow making the stack executable via mprotect.
allow $1_t self:process execstack;
@@ -13675,7 +13693,7 @@
')
########################################
-@@ -5721,3 +5717,112 @@
+@@ -5721,3 +5717,129 @@
allow $1 user_home_dir_t:dir manage_dir_perms;
files_home_filetrans($1,user_home_dir_t,dir)
')
@@ -13788,6 +13806,23 @@
+ allow $1 userdomain:process ptrace;
+')
+
++########################################
++## <summary>
++## Allow apps to set rlimits on userdomain
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`userdom_set_rlimitnh',`
++ gen_require(`
++ attribute userdomain;
++ ')
++ allow $1 userdomain:process rlimitinh;
++')
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.6.4/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2007-05-07 14:51:01.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/system/userdomain.te 2007-08-07 09:42:35.000000000 -0400
More information about the fedora-extras-commits
mailing list