trunk: 8 patches from dan.

2025-02-20 14:16:55 +00:00 · 2007-11-15 16:54:18 +00:00 · 2007-11-15 16:54:18 +00:00 · 6c91189762
commit 6c91189762
parent 2999cea1f2
9 changed files with 50 additions and 9 deletions
--- a/policy/modules/admin/vbetool.te
+++ b/policy/modules/admin/vbetool.te
@ -1,5 +1,5 @@

-policy_module(vbetool,1.2.0)
+policy_module(vbetool,1.2.1)

 ########################################
 #
@ -33,4 +33,5 @@ miscfiles_read_localization(vbetool_t)
 optional_policy(`
 	hal_rw_pid_files(vbetool_t)
 	hal_write_log(vbetool_t)
+	hal_dontaudit_append_lib_files(vbetool_t)
 ')
--- a/policy/modules/services/asterisk.te
+++ b/policy/modules/services/asterisk.te
@ -1,5 +1,5 @@

-policy_module(asterisk,1.3.1)
+policy_module(asterisk,1.3.2)

 ########################################
 #
@ -98,6 +98,7 @@ corenet_sendrecv_asterisk_server_packets(asterisk_t)
 # for VOIP voice channels.
 corenet_tcp_bind_generic_port(asterisk_t)
 corenet_udp_bind_generic_port(asterisk_t)
+corenet_dontaudit_udp_bind_all_ports(asterisk_t)
 corenet_sendrecv_generic_server_packets(asterisk_t)

 dev_read_sysfs(asterisk_t)
--- a/policy/modules/services/cpucontrol.te
+++ b/policy/modules/services/cpucontrol.te
@ -1,5 +1,5 @@

-policy_module(cpucontrol,1.2.1)
+policy_module(cpucontrol,1.2.2)

 ########################################
 #
@ -62,6 +62,10 @@ optional_policy(`
 	nscd_socket_use(cpucontrol_t)
 ')

+optional_policy(`
+	rhgb_use_ptys(cpucontrol_t)
+')
+
 optional_policy(`
 	seutil_sigchld_newrole(cpucontrol_t)
 ')
--- a/policy/modules/services/cvs.te
+++ b/policy/modules/services/cvs.te
@ -1,5 +1,5 @@

-policy_module(cvs,1.5.0)
+policy_module(cvs,1.5.1)

 ########################################
 #
@ -16,6 +16,7 @@ gen_tunable(allow_cvs_read_shadow,false)
 type cvs_t;
 type cvs_exec_t;
 inetd_tcp_service_domain(cvs_t,cvs_exec_t)
+application_executable_file(cvs_exec_t)
 role system_r types cvs_t;

 type cvs_data_t; # customizable
@ -81,6 +82,7 @@ libs_use_ld_so(cvs_t)
 libs_use_shared_libs(cvs_t)

 logging_send_syslog_msg(cvs_t)
+logging_send_audit_msgs(cvs_t)

 miscfiles_read_localization(cvs_t)

--- a/policy/modules/services/fetchmail.te
+++ b/policy/modules/services/fetchmail.te
@ -1,5 +1,5 @@

-policy_module(fetchmail,1.4.1)
+policy_module(fetchmail,1.4.2)

 ########################################
 #
@ -85,6 +85,10 @@ sysnet_read_config(fetchmail_t)
 userdom_dontaudit_use_unpriv_user_fds(fetchmail_t)
 userdom_dontaudit_search_sysadm_home_dirs(fetchmail_t)

+optional_policy(`
+	procmail_domtrans(fetchmail_t)
+')
+
 optional_policy(`
 	seutil_sigchld_newrole(fetchmail_t)
 ')
--- a/policy/modules/services/munin.if
+++ b/policy/modules/services/munin.if
@ -61,3 +61,22 @@ interface(`munin_search_lib',`
 	allow $1 munin_var_lib_t:dir search_dir_perms;
 	files_search_var_lib($1)
 ')
+
+#######################################
+## <summary>
+##	Do not audit attempts to search
+##	munin library directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`munin_dontaudit_search_lib',`
+	gen_require(`
+		type munin_var_lib_t;
+	')
+
+	dontaudit $1 munin_var_lib_t:dir search_dir_perms;
+')
--- a/policy/modules/services/munin.te
+++ b/policy/modules/services/munin.te
@ -1,5 +1,5 @@

-policy_module(munin,1.3.1)
+policy_module(munin,1.3.2)

 ########################################
 #
--- a/policy/modules/services/portmap.te
+++ b/policy/modules/services/portmap.te
@ -1,5 +1,5 @@

-policy_module(portmap,1.5.1)
+policy_module(portmap,1.5.2)

 ########################################
 #
@ -66,7 +66,7 @@ corenet_udp_bind_generic_port(portmap_t)
 corenet_tcp_bind_reserved_port(portmap_t)
 corenet_udp_bind_reserved_port(portmap_t)
 corenet_dontaudit_tcp_bind_all_reserved_ports(portmap_t)
-corenet_dontaudit_udp_bind_all_reserved_ports(portmap_t)
+corenet_dontaudit_udp_bind_all_ports(portmap_t)

 dev_read_sysfs(portmap_t)

--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@ -1,5 +1,5 @@

-policy_module(udev,1.8.1)
+policy_module(udev,1.8.2)

 ########################################
 #
@ -132,6 +132,7 @@ auth_use_nsswitch(udev_t)

 init_read_utmp(udev_t)
 init_dontaudit_write_utmp(udev_t)
+init_getattr_initctl(udev_t)

 libs_use_ld_so(udev_t)
 libs_use_shared_libs(udev_t)
@ -183,6 +184,11 @@ ifdef(`distro_redhat',`
 	netutils_domtrans(udev_t)
 ')

+optional_policy(`
+	alsa_domtrans(udev_t)
+	alsa_read_rw_config(udev_t)
+')
+
 optional_policy(`
 	brctl_domtrans(udev_t)
 ')
@ -219,6 +225,10 @@ optional_policy(`
 	pcscd_domtrans(udev_t)
 ')

+optional_policy(`
+	raid_domtrans_mdadm(udev_t)
+')
+
 optional_policy(`
 	kernel_write_xen_state(udev_t)
 	kernel_read_xen_state(udev_t)