rpms/selinux-policy/devel policy-20071130.patch,1.111,1.112
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Fri Mar 28 22:07:55 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32105
Modified Files:
policy-20071130.patch
Log Message:
* Thu Mar 27 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-25
- Additional access for nsplugin
- Allow xdm setcap/getcap until pulseaudio is fixed
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20071130.patch,v
retrieving revision 1.111
retrieving revision 1.112
diff -u -r1.111 -r1.112
--- policy-20071130.patch 28 Mar 2008 21:09:45 -0000 1.111
+++ policy-20071130.patch 28 Mar 2008 22:07:45 -0000 1.112
@@ -25383,7 +25383,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.3.1/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2007-12-19 11:32:17.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/xserver.te 2008-03-28 22:07:37.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/xserver.te 2008-03-28 23:04:06.000000000 +0100
@@ -8,6 +8,14 @@
## <desc>
@@ -25545,11 +25545,11 @@
-allow xdm_t self:capability { setgid setuid sys_resource kill sys_tty_config mknod chown dac_override dac_read_search fowner fsetid ipc_owner sys_nice sys_rawio net_bind_service };
-allow xdm_t self:process { setexec setpgid getsched setsched setrlimit signal_perms setkeycreate };
+allow xdm_t self:capability { setgid setuid sys_ptrace sys_resource kill sys_tty_config mknod chown dac_override dac_read_search fowner fsetid ipc_owner sys_nice sys_rawio net_bind_service };
-+allow xdm_t self:capability { getcap setcap };
+
+dontaudit xdm_t self:capability sys_admin;
+
+allow xdm_t self:process { getattr setexec setpgid getsched ptrace setsched setrlimit signal_perms };
++allow xdm_t self:process { getcap setcap };
+
allow xdm_t self:fifo_file rw_fifo_file_perms;
allow xdm_t self:shm create_shm_perms;
More information about the fedora-extras-commits
mailing list