[selinux-policy: 158/3172] reorg and a fix
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:18:41 UTC 2010
commit fd9deeb8ee9d40325d1003aee60e09b20ea30524
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Thu May 12 20:49:39 2005 +0000
reorg and a fix
refpolicy/policy/modules/admin/netutils.te | 20 +++++++-------------
1 files changed, 7 insertions(+), 13 deletions(-)
---
diff --git a/refpolicy/policy/modules/admin/netutils.te b/refpolicy/policy/modules/admin/netutils.te
index 8445136..92ca0bd 100644
--- a/refpolicy/policy/modules/admin/netutils.te
+++ b/refpolicy/policy/modules/admin/netutils.te
@@ -121,6 +121,7 @@ filesystem_ignore_get_persistent_filesystem_attributes(ping_t)
domain_use_widely_inheritable_file_descriptors(ping_t)
files_read_general_system_config(ping_t)
+files_ignore_search_system_state_data_directory(ping_t)
libraries_use_dynamic_loader(ping_t)
libraries_read_shared_libraries(ping_t)
@@ -135,25 +136,18 @@ if (user_ping) {
}
ifdef(`TODO',`
+can_ypbind(ping_t)
+
+domain_auto_trans(sysadm_t, ping_exec_t, ping_t)
role sysadm_r types ping_t;
-in_user_role(ping_t)
+allow ping_t admin_tty_type:chr_file rw_file_perms;
+ifdef(`gnome-pty-helper.te', `allow ping_t sysadm_gph_t:fd use;')
+in_user_role(ping_t)
if (user_ping) {
domain_auto_trans(unpriv_userdomain, ping_exec_t, ping_t)
ifdef(`gnome-pty-helper.te', `allow ping_t gphdomain:fd use;')
}
-
-# Transition into this domain when you run this program.
-domain_auto_trans(sysadm_t, ping_exec_t, ping_t)
-
-can_ypbind(ping_t)
-
-# Access the terminal.
-allow ping_t admin_tty_type:chr_file rw_file_perms;
-ifdef(`gnome-pty-helper.te', `allow ping_t sysadm_gph_t:fd use;')
-
-# it tries to access /var/run
-dontaudit ping_t var_t:dir search;
') dnl end TODO
########################################
More information about the scm-commits
mailing list