Allow mozilla_plugin to run mplayer

Allow ftp to manage /var/run/user/*
Allow ssh_keygen_t to create /root/.ssh directory

diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
index 05dd44a3f8e76162e9875d9f5cde6af1c4d8c038..4a9ea84856abdf0601da427ce9e98c6cfbb9b969 100644 (file)
--- a/policy/modules/apps/mozilla.te
+++ b/policy/modules/apps/mozilla.te
@@ -404,6 +404,11 @@ optional_policy(`
        java_exec(mozilla_plugin_t)
 ')
 
+optional_policy(`
+       mplayer_exec(mozilla_plugin_t)
+       mplayer_read_user_home_files(mozilla_plugin_t)
+')
+
 optional_policy(`
        nsplugin_domtrans(mozilla_plugin_t)
        nsplugin_rw_exec(mozilla_plugin_t)

diff --git a/policy/modules/services/ftp.te b/policy/modules/services/ftp.te
index b2ca277cf60a2c14e423f7478fce0e3813525897..eca06f7d5c3d8e01543375265f6d5743cfa7b3c7 100644 (file)
--- a/policy/modules/services/ftp.te
+++ b/policy/modules/services/ftp.te
@@ -237,6 +237,7 @@ auth_append_login_records(ftpd_t)
 #kerberized ftp requires the following
 auth_write_login_records(ftpd_t)
 auth_rw_faillog(ftpd_t)
+auth_manage_var_auth(ftpd_t)
 
 init_rw_utmp(ftpd_t)
 

diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te
index 57a8f21ecff4d0bcfd8085971395d45dc1c4f46e..4877b5a6fa7da530fdb5e48bf2bf9dd3dbfe9a5e 100644 (file)
--- a/policy/modules/services/ssh.te
+++ b/policy/modules/services/ssh.te
@@ -220,6 +220,7 @@ files_etc_filetrans(ssh_keygen_t, sshd_key_t, file)
 
 manage_dirs_pattern(ssh_keygen_t, ssh_home_t, ssh_home_t)
 manage_files_pattern(ssh_keygen_t, ssh_home_t, ssh_home_t)
+userdom_admin_home_dir_filetrans(ssh_keygen_t, ssh_home_t, dir)
 
 kernel_read_kernel_sysctls(ssh_keygen_t)