nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3,180 Commits 1 Branch 0 Tags 16 MiB
2e6db061ce
Commit Graph

320 Commits

Author SHA1 Message Date
Chris PeBenito
2983a08467 Module version bump and changelog for Portage updates from Sven Vermeulen. 2011-05-02 12:46:28 -04:00
Sven Vermeulen
f13b563891 setfscreate privilege is needed to be able to install java-config package 
During the installation of for instance java-config, Portage wants to set
its default file creation context to root:object_r:portage_tmp_t which isn't
allowed:

creating /var/tmp/portage/dev-java/java-config-2.1.11-r3/temp/images/3.1/etc/revdep-rebuild
copying src/revdep-rebuild/60-java -> /var/tmp/portage/dev-java/java-config-2.1.11-r3/temp/images/3.1/etc/revdep-rebuild/
running install_egg_info
Writing /var/tmp/portage/dev-java/java-config-2.1.11-r3/temp/images/3.1/usr/lib64/python3.1/site-packages/java_config-2.1.11-py3.1.egg-info
cp: failed to set default file creation context to `root:object_r:portage_tmp_t': Permission denied
cp: failed to set default file creation context to `root:object_r:portage_tmp_t': Permission denied
cp: failed to set default file creation context to `root:object_r:portage_tmp_t': Permission denied
cp: failed to set default file creation context to `root:object_r:portage_tmp_t': Permission denied
...
ERROR: dev-java/java-config-2.1.11-r3 failed:
   Merging of intermediate installation image for Python ABI '2.6 into installation image failed

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2011-05-02 11:41:17 -04:00
Sven Vermeulen
fd9ec1f728 Allow portage_sandbox_t ptrace capabilities 
During installation of system packages like python, ustr, ... the
portage_sandbox_t domain requires ptrace capabilities.

If not allowed, the following error is returned:

/sbin/ldconfig -n /var/tmp/portage/dev-libs/ustr-1.0.4-r1/image//usr/lib64
ISE:_do_ptrace ^[[0mptrace(PTRACE_TRACEME, ..., 0x0000000000000000, 0x0000000000000000): Permission denied
/usr/lib/libsandbox.so(+0x3812)[0x7535af0ca812]
/usr/lib/libsandbox.so(+0x38a3)[0x7535af0ca8a3]
/usr/lib/libsandbox.so(+0x5595)[0x7535af0cc595]
/usr/lib/libsandbox.so(+0x5a87)[0x7535af0cca87]
/usr/lib/libsandbox.so(+0x68de)[0x7535af0cd8de]
/usr/lib/libsandbox.so(execvp+0x6c)[0x7535af0ceb3c]
make(+0x1159e)[0x337b918159e]
make(+0x11eec)[0x337b9181eec]
make(+0x12b34)[0x337b9182b34]
make(+0x1e759)[0x337b918e759]
/proc/5977/cmdline: make -j4 install
DESTDIR=/var/tmp/portage/dev-libs/ustr-1.0.4-r1/image/ HIDE=
libdir=/usr/lib64 mandir=/usr/share/man SHRDIR=/usr/share/doc/ustr-1.0.4-r1
DOCSHRDIR=/usr/share/doc/ustr-1.0.4-r1

This seems to be during a standard "make install" of the package but part of
Portage' sandbox usage (above error for ustr, but packages like python exhibit
the same problem.)

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2011-05-02 11:31:46 -04:00
Sven Vermeulen
4061b06a4a Allow portage to set file capabilities, needed for installations like for wireshark 
The installation of the wireshark package (and perhaps others) requires
portage setting file capabilities (through the setcap binary).

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2011-05-02 11:30:36 -04:00
Chris PeBenito
1b35a7c3be Module version bump for alsactl location patch from Sven Vermeulen. 2011-03-22 08:33:47 -04:00
Chris PeBenito
649d2d077a Move /usr/sbin/alsactl fc line. 2011-03-22 08:32:06 -04:00
Sven Vermeulen
98f0504476 Support /usr/sbin/alsactl location too (fex. Gentoo, Slackware, Arch) 
The alsactl binary is often installed in /usr/sbin instead of /sbin (not a
necessity to start up the system). Used in distributions such as Gentoo,
Slackware and Arch.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
 2011-03-22 08:30:26 -04:00
Chris PeBenito
1ca577db8c Shorewall patch from Miroslav Grepl. 2011-03-21 09:42:12 -04:00
Chris PeBenito
ec9d676454 Certwatch reads all certs, from Miroslav Grepl. 2011-03-08 10:35:04 -05:00
Chris PeBenito
4202ab7bf8 Alsa update from Miroslav Grepl 
* alsa creates tmp files
* add alsa_run() interface
* fix interface calling for alsa config files
 2011-03-01 08:40:55 -05:00
Chris PeBenito
4f591873d4 Module version bump and changelog for sudo timestamp file location update from Sven Vermeulen. 2011-02-14 10:56:59 -05:00
Chris PeBenito
826d014241 Bump module versions for release. 2010-12-13 09:12:22 -05:00
Chris PeBenito
06dbd3bad1 Move sosreport to admin layer. 2010-10-26 15:23:20 -04:00
Chris PeBenito
00de01dab2 Move kdump to admin layer. 2010-10-21 10:45:20 -04:00
Dominick Grift
69e900a7f4 Two insignificant fixes that i stumbled on when merging dev_getattr_fs() 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-11 10:30:45 -04:00
Chris PeBenito
735d72d52f Module version bump for Dominick's su cleanup. 2010-10-11 09:36:56 -04:00
Chris PeBenito
8d387b3228 Rename init_search_script_key() to init_search_script_keys(). 2010-10-11 09:36:31 -04:00
Dominick Grift
b21846594d su: wants to read inits script keyring. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-11 09:30:54 -04:00
Dominick Grift
a576078738 su: redundant, init_dontaudit_use_script_ptys($1_su_t) 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-11 09:30:48 -04:00
Chris PeBenito
befc7ec99f Module version bump for Dominick's consoletype cleanup. 2010-10-11 09:27:27 -04:00
Dominick Grift
bfd28e1a89 consoletype: redundant. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-11 09:13:47 -04:00
Dominick Grift
6ea380d622 consoletype: needs to use system dbus file descriptors. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-11 09:13:47 -04:00
Chris PeBenito
c7908d1ee7 Module version bump for Dominick's sudo cleanup. 2010-10-08 14:33:04 -04:00
Dominick Grift
5e70e017a3 sudo: wants to get attributes of device_t filesystems. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-08 14:26:55 -04:00
Dominick Grift
e737d5d723 sudo: wants to get attributes of generic pts filesystems. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-08 09:26:14 -04:00
Chris PeBenito
6e293ffd2c Revert su default_t rule. 2010-10-08 09:15:17 -04:00
Chris PeBenito
89173d538f Module version bump for Dominick's su cleanup. 2010-10-08 08:54:01 -04:00
Dominick Grift
bd7d571195 su: search parent. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-08 08:47:03 -04:00
Dominick Grift
00a1438d82 su: wants to search callers keyring. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-08 08:47:03 -04:00
Dominick Grift
6a05763d51 su: do not audit attempts to search /root. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-08 08:47:02 -04:00
Chris PeBenito
bd51fa387c Module version bump for Dominick's shutdown cleanup. 2010-10-07 13:07:07 -04:00
Dominick Grift
a39e274f10 shutdown: search generic log directories. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-07 12:38:07 -04:00
Dominick Grift
5718c0a59a shutdown: needs to connect to init with a unix stream socket. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-07 12:38:07 -04:00
Dominick Grift
a9acfbd613 shutdown: for sudo. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-07 12:38:07 -04:00
Dominick Grift
c56123dc72 shutdown: search parent. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-07 12:38:07 -04:00
Dominick Grift
e4efefc4fe shutdown: permission sets. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-07 12:38:07 -04:00
Dominick Grift
08f1a0326d shutdown: search parent. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-07 12:38:07 -04:00
Dominick Grift
051f74edc0 shutdown: Fedora change. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-07 12:38:07 -04:00
Chris PeBenito
3de55ab053 Module version bump for Dominick's rpm cleanup. 2010-10-06 09:04:31 -04:00
Dominick Grift
b9df0a9727 rpm: various changes both from fedora and myself. rpm: ntp post install scrript want to restart ntpd. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-06 09:03:32 -04:00
Dominick Grift
b7c851c66b rpm: redundant. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-06 08:53:24 -04:00
Dominick Grift
dcba9161a6 rpm: search parent. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-06 08:53:24 -04:00
Dominick Grift
34959a2210 rpm: (brace) expansion. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-06 08:53:24 -04:00
Dominick Grift
d60649d9a1 rpm: redundant. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-06 08:53:24 -04:00
Chris PeBenito
29b1bff0e1 Module version bump for Dominick's console cleanup. Also fix rule ordering. 2010-10-06 08:42:23 -04:00
Dominick Grift
5ec14d95fb consoletype: in fedora13 /dev/console is not labeled properly early in the boot process. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-06 08:38:40 -04:00
Dominick Grift
019ffc7d1d consoletype: redundant. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-06 08:38:39 -04:00
Chris PeBenito
c1af955d07 Module version bump for Dominick's quota cleanup. 2010-10-06 08:35:25 -04:00
Dominick Grift
5f716ead5c quota: permission sets. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-06 08:28:31 -04:00
Dominick Grift
0b217af214 quota: search parent. 
Signed-off-by: Dominick Grift <domg472@gmail.com>
 2010-10-06 08:28:30 -04:00