[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

policy patches

app.diff changes the application_domain() macro to work on the targeted 
policy.  This is needed for running the Postfix "postmap" program on the 
targeted policy among other things.

games.diff adds correct labelling for FreeCiv on Red Hat, adds an ifdef to 
reduce redundant rules, and removes an unnecessary lib64 reference.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


--- macros/global_macros.te.orig	2005-09-19 14:24:32.000000000 +1000
+++ macros/global_macros.te	2005-09-19 14:25:03.000000000 +1000
@@ -518,6 +518,9 @@
 type $1_t, domain, privlog $2;
 type $1_exec_t, file_type, sysadmfile, exec_type;
 role sysadm_r types $1_t;
+ifdef(`targeted_policy', `
+role system_r types $1_t;
+')
 domain_auto_trans(sysadm_t, $1_exec_t, $1_t)
 uses_shlib($1_t)
 ')

--- file_contexts/program/games.fc.orig	2005-09-17 01:59:39.000000000 +1000
+++ file_contexts/program/games.fc	2005-09-19 15:04:30.000000000 +1000
@@ -1,8 +1,10 @@
 #  games
-/usr/lib(64)?/games/.* 	--	system_u:object_r:games_exec_t:s0
-/var/games(/.*)?		system_u:object_r:games_data_t:s0
-/usr/games/.*		--	system_u:object_r:games_exec_t:s0
+/usr/lib/games/.* 	--	system_u:object_r:games_exec_t:s0
 /var/lib/games(/.*)? 		system_u:object_r:games_data_t:s0
+ifdef(`distro_debian', `
+/usr/games/.*		--	system_u:object_r:games_exec_t:s0
+/var/games(/.*)?		system_u:object_r:games_data_t:s0
+', `
 /usr/bin/micq		--	system_u:object_r:games_exec_t:s0
 /usr/bin/blackjack	--	system_u:object_r:games_exec_t:s0
 /usr/bin/gataxx		--	system_u:object_r:games_exec_t:s0
@@ -53,4 +55,6 @@
 /usr/bin/lskat		--	system_u:object_r:games_exec_t:s0
 /usr/bin/lskatproc	--	system_u:object_r:games_exec_t:s0
 /usr/bin/Maelstrom	--	system_u:object_r:games_exec_t:s0
-
+/usr/bin/civclient.*	--	system_u:object_r:games_exec_t:s0
+/usr/bin/civserver.*	--	system_u:object_r:games_exec_t:s0
+')dnl end non-Debian section
This mailing list archive is a service of Copilot Consulting.