rpm/selinux-policy
SHA256
1
0
Fork 0
forked from pool/selinux-policy
Code Pull Requests Activity
7a2750f7a0
selinux-policy/fix_corecommand.patch
Johannes Segitz cf699a6f0f Accepting request 785956 from home:jsegitz:branches:security:SELinux 
- New patches:
  * fix_accountsd.patch
  * fix_automount.patch
  * fix_colord.patch
  * fix_mcelog.patch
  * fix_sslh.patch
  * fix_nagios.patch
  * fix_openvpn.patch
  * fix_cron.patch
  * fix_usermanage.patch
  * fix_smartmon.patch
  * fix_geoclue.patch
  * suse_specific.patch
  Default systems should now work without selinuxuser_execmod
- Removed xdm_entrypoint_pam.patch, necessary change is in
  fix_unconfineduser.patch
- Enable SUSE specific settings again

OBS-URL: https://build.opensuse.org/request/show/785956
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=75
2020-03-17 14:46:20 +00:00

56 lines
3.2 KiB
Diff
Raw Blame History

Index: fedora-policy/policy/modules/kernel/corecommands.fc
===================================================================
--- fedora-policy.orig/policy/modules/kernel/corecommands.fc
+++ fedora-policy/policy/modules/kernel/corecommands.fc
@@ -86,7 +86,10 @@ ifdef(`distro_redhat',`
/etc/mail/make -- gen_context(system_u:object_r:bin_t,s0)
-/etc/mcelog/.*-error-trigger -- gen_context(system_u:object_r:bin_t,s0)
+
+/etc/netconfig.d/.* -- gen_context(system_u:object_r:bin_t,s0)
+
+/etc/mcelog/.*-error.*-trigger -- gen_context(system_u:object_r:bin_t,s0)
/etc/mcelog/.*\.local -- gen_context(system_u:object_r:bin_t,s0)
/etc/mcelog/.*\.setup -- gen_context(system_u:object_r:bin_t,s0)
@@ -251,6 +254,21 @@ ifdef(`distro_gentoo',`
/usr/lib/emacsen-common/.* gen_context(system_u:object_r:bin_t,s0)
/usr/lib/gimp/.*/plug-ins(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/gnome-settings-daemon/.* -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/gnome-settings-daemon-3.0/.* -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/gnome-calculator-search-provider -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/gnome-control-center-search-provider -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/gnome-photos-thumbnailer -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/gnome-rr-debug -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/gnome-session-binary -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/gnome-session-check-accelerated -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/gnome-session-check-accelerated-gles-helper -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/gnome-session-check-accelerated-gl-helper -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/gnome-session-failed -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/gnome-software-cmd -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/gnome-software-restarter -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/gnome-terminal-migration -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/gnome-terminal-server -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/gnome-tweak-tool-lid-inhibitor -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/gvfs/.* -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/ipsec/.* -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/kde4/libexec/.* -- gen_context(system_u:object_r:bin_t,s0)
@@ -313,6 +331,8 @@ ifdef(`distro_gentoo',`
/usr/lib/xen/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/libexec(/.*)? gen_context(system_u:object_r:bin_t,s0)
+# also covers /usr/lib64/libexec due to equivalency rule '/usr/lib64 /usr/lib'
+/usr/lib/libexec(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/libexec/git-core/git-shell -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/libexec/cockpit-agent -- gen_context(system_u:object_r:shell_exec_t,s0)
@@ -391,6 +411,7 @@ ifdef(`distro_debian',`
/usr/lib/gdm3/.* -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/udisks/.* -- gen_context(system_u:object_r:bin_t,s0)
')
+/usr/lib/gdm/.* -- gen_context(system_u:object_r:bin_t,s0)
ifdef(`distro_gentoo', `
/usr/.*-.*-linux-gnu/gcc-bin/.*(/.*)? gen_context(system_u:object_r:bin_t,s0)
View Git Blame Copy Permalink