rpms/selinux-policy/devel policy-20071130.patch,1.103,1.104

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Fri Mar 14 15:59:16 UTC 2008


Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14242

Modified Files:
	policy-20071130.patch 
Log Message:
* Fri Mar 14 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-19
- Allow nsplugin to run acroread


policy-20071130.patch:

Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.103
retrieving revision 1.104
diff -u -r1.103 -r1.104
--- policy-20071130.patch	14 Mar 2008 15:17:23 -0000	1.103
+++ policy-20071130.patch	14 Mar 2008 15:59:07 -0000	1.104
@@ -5433,8 +5433,8 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.3.1/policy/modules/apps/nsplugin.te
 --- nsaserefpolicy/policy/modules/apps/nsplugin.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.te	2008-03-14 10:51:39.000000000 -0400
-@@ -0,0 +1,170 @@
++++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.te	2008-03-14 11:50:19.000000000 -0400
+@@ -0,0 +1,176 @@
 +
 +policy_module(nsplugin,1.0.0)
 +
@@ -5475,10 +5475,12 @@
 +# nsplugin local policy
 +#
 +allow nsplugin_t self:fifo_file rw_file_perms;
-+allow nsplugin_t self:process { ptrace getsched signal_perms };
++allow nsplugin_t self:process { ptrace getsched setsched signal_perms };
++
 +allow nsplugin_t self:sem create_sem_perms;
 +allow nsplugin_t self:shm create_shm_perms;
 +allow nsplugin_t self:msgq create_msgq_perms;
++allow nsplugin_t self:unix_stream_socket { connectto create_stream_socket_perms };
 +
 +tunable_policy(`allow_nsplugin_execmem',`
 +        allow nsplugin_t self:process { execstack execmem };
@@ -5529,10 +5531,17 @@
 +miscfiles_read_fonts(nsplugin_t)
 +miscfiles_manage_home_fonts(nsplugin_t)
 +
-+manage_dirs_pattern(nsplugin_t, nsplugin_tmp_t, nsplugin_tmp_t)
-+manage_files_pattern(nsplugin_t, nsplugin_tmp_t, nsplugin_tmp_t)
-+manage_sock_files_pattern(nsplugin_t, nsplugin_tmp_t, nsplugin_tmp_t)
-+files_tmp_filetrans(nsplugin_t, nsplugin_tmp_t, { file dir sock_file })
++#manage_dirs_pattern(nsplugin_t, nsplugin_tmp_t, nsplugin_tmp_t)
++#manage_files_pattern(nsplugin_t, nsplugin_tmp_t, nsplugin_tmp_t)
++#manage_sock_files_pattern(nsplugin_t, nsplugin_tmp_t, nsplugin_tmp_t)
++#files_tmp_filetrans(nsplugin_t, nsplugin_tmp_t, { file dir sock_file })
++#userdom_user_tmp_filetrans(user, nsplugin_t, nsplugin_tmp_t, { file dir sock_file })
++
++userdom_manage_user_tmp_dirs(user,nsplugin_t)
++userdom_manage_user_tmp_files(user,nsplugin_t)
++userdom_manage_user_tmp_sockets(user,nsplugin_t)
++userdom_tmp_filetrans_user_tmp(user,nsplugin_t, { file dir sock_file })
++userdom_read_user_tmpfs_files(user,nsplugin_t)
 +
 +userdom_read_user_home_content_files(user, nsplugin_t)
 +userdom_read_user_tmp_files(user, nsplugin_t)
@@ -5571,7 +5580,7 @@
 +allow nsplugin_config_t self:fifo_file rw_file_perms;
 +allow nsplugin_config_t self:unix_stream_socket create_stream_socket_perms;
 +
-+fs_list_inotifyfs(nsplugin_t)
++fs_list_inotifyfs(nsplugin_config_t)
 +
 +can_exec(nsplugin_config_t, nsplugin_rw_t)
 +manage_dirs_pattern(nsplugin_config_t, nsplugin_rw_t, nsplugin_rw_t)
@@ -5602,9 +5611,6 @@
 +userdom_search_all_users_home_content(nsplugin_config_t)
 +
 +nsplugin_domtrans(nsplugin_config_t)
-+
-+allow nsplugin_t user_home_t:dir { write read };
-+allow nsplugin_t user_home_t:file write;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.fc serefpolicy-3.3.1/policy/modules/apps/openoffice.fc
 --- nsaserefpolicy/policy/modules/apps/openoffice.fc	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-3.3.1/policy/modules/apps/openoffice.fc	2008-03-13 18:18:07.000000000 -0400




More information about the fedora-extras-commits mailing list