rpm/selinux-policy
SHA256
1
0
Fork 0
forked from pool/selinux-policy
Code Pull Requests Activity
0ae8014c7e
selinux-policy/fix_java.patch
Johannes Segitz cbd186764a Accepting request 734854 from home:jsegitz:branches:security:SELinux 
- Moved back to fedora policy (20190802)
- Removed spec file conditionals for old SELinux userland
- Removed config.tgz
- Removed patches:
  * label_sysconfig.selinux.patch
  * label_var_run_rsyslog.patch
  * suse_additions_obs.patch
  * suse_additions_sslh.patch
  * suse_modifications_apache.patch
  * suse_modifications_cron.patch
  * suse_modifications_getty.patch
  * suse_modifications_logging.patch
  * suse_modifications_ntp.patch
  * suse_modifications_usermanage.patch
  * suse_modifications_virt.patch
  * suse_modifications_xserver.patch
  * sysconfig_network_scripts.patch
  * segenxml_interpreter.patch
- Added patches:
  * fix_djbdns.patch
  * fix_dbus.patch
  * fix_gift.patch
  * fix_java.patch
  * fix_hadoop.patch
  * fix_thunderbird.patch
  * postfix_paths.patch
  * fix_nscd.patch
  * fix_sysnetwork.patch
  * fix_logging.patch
  * fix_xserver.patch

OBS-URL: https://build.opensuse.org/request/show/734854
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=73
2019-10-04 02:15:03 +00:00

42 lines
1.5 KiB
Diff
Raw Blame History

Index: fedora-policy/policy/modules/contrib/java.te
===================================================================
--- fedora-policy.orig/policy/modules/contrib/java.te 2019-08-05 13:50:32.925673660 +0200
+++ fedora-policy/policy/modules/contrib/java.te 2019-08-05 14:06:51.896425229 +0200
@@ -21,6 +21,7 @@ roleattribute system_r java_roles;
attribute_role unconfined_java_roles;
type java_t, java_domain;
+typealias java_t alias java_domain_t;
type java_exec_t;
userdom_user_application_domain(java_t, java_exec_t)
typealias java_t alias { staff_javaplugin_t user_javaplugin_t sysadm_javaplugin_t };
@@ -71,19 +72,9 @@ can_exec(java_domain, { java_exec_t java
kernel_read_all_sysctls(java_domain)
kernel_search_vm_sysctl(java_domain)
kernel_read_network_state(java_domain)
-kernel_read_system_state(java_domain)
corecmd_search_bin(java_domain)
-corenet_all_recvfrom_unlabeled(java_domain)
-corenet_all_recvfrom_netlabel(java_domain)
-corenet_tcp_sendrecv_generic_if(java_domain)
-corenet_tcp_sendrecv_generic_node(java_domain)
-
-corenet_sendrecv_all_client_packets(java_domain)
-corenet_tcp_connect_all_ports(java_domain)
-corenet_tcp_sendrecv_all_ports(java_domain)
-
dev_read_sound(java_domain)
dev_write_sound(java_domain)
dev_read_urand(java_domain)
@@ -95,8 +86,6 @@ files_read_etc_runtime_files(java_domain
fs_getattr_all_fs(java_domain)
fs_dontaudit_rw_tmpfs_files(java_domain)
-logging_send_syslog_msg(java_domain)
-
miscfiles_read_localization(java_domain)
miscfiles_read_fonts(java_domain)
View Git Blame Copy Permalink