From 3348eaa82ba17c481d7d04fdebd09c5fac84cc2d Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Thu, 3 May 2012 19:34:17 -0400 Subject: [PATCH] add some definition to the standard types available for sandboxes --- policycoreutils-rhat.patch | 24 ++++++++++++++++++++++++ policycoreutils.spec | 5 ++++- 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index b81ba45..bbcb29d 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -245660,6 +245660,30 @@ index 9db766c..92034be 100644 /* * Do not execvp the command directly from run_init; since it would run * under with a pty under sysadm_devpts_t. Instead, we call open_init_tty, +diff --git a/policycoreutils/sandbox/sandbox.8 b/policycoreutils/sandbox/sandbox.8 +index 3f05c79..00d9b37 100644 +--- a/policycoreutils/sandbox/sandbox.8 ++++ b/policycoreutils/sandbox/sandbox.8 +@@ -41,6 +41,19 @@ Create a Sandbox with temporary files for $HOME and /tmp. + .TP + \fB\-t type\fR + Use alternate sandbox type, defaults to sandbox_t or sandbox_x_t for -X. ++ ++\fBExamples:\fR ++.br ++sandbox_t - No X, No Network Access, No Open, read/write on passed in file descriptors. ++.br ++sandbox_min_t - No Network Access ++.br ++sandbox_x_t - Printer Ports ++.br ++sandbox_web_t - Ports required for web browsing ++.br ++sandbox_net_t - All network ports ++ + .TP + \fB\-T\ tmpdir + Use alternate tempory directory to mount on /tmp. Defaults to tmpfs. Requires -X or -M. diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles index 9f6a949..779a6a1 100755 --- a/policycoreutils/scripts/fixfiles diff --git a/policycoreutils.spec b/policycoreutils.spec index c8eaef3..6e2c217 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.1.11 -Release: 10%{?dist} +Release: 11%{?dist} License: GPLv2 Group: System Environment/Base # Based on git repository with tag 20101221 @@ -340,6 +340,9 @@ fi %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || : %changelog +* Thu May 3 2012 Dan Walsh - 2.1.11-11 +- add some definition to the standard types available for sandboxes + * Mon May 1 2012 Dan Walsh - 2.1.11-10 - Remove lockdown wizard