[selinux-policy: 616/3172] fixes. move rhgb into TODO
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:57:54 UTC 2010
commit aa8995afd6b04d82485f6e3618fdee0265f3a6a7
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Thu Sep 1 13:55:50 2005 +0000
fixes. move rhgb into TODO
docs/macro_conversion_guide | 29 +++++++++++++++++++----------
1 files changed, 19 insertions(+), 10 deletions(-)
---
diff --git a/docs/macro_conversion_guide b/docs/macro_conversion_guide
index d02fa99..fbc069a 100644
--- a/docs/macro_conversion_guide
+++ b/docs/macro_conversion_guide
@@ -533,15 +533,17 @@ ifdef(`targeted_policy',`
term_dontaudit_use_generic_pty($1_t)
files_dontaudit_read_root_file($1_t)
')
-optional_policy(`rhgb.te',`
- rhgb_domain($1_t)
-')
optional_policy(`selinuxutil.te',`
seutil_sigchld_newrole($1_t)
')
optional_policy(`udev.te', `
udev_read_db($1_t)
')
+ifdef(`TODO',`
+optional_policy(`rhgb.te',`
+ rhgb_domain($1_t)
+')
+') dnl end TODO
#
# daemon_domain():
@@ -575,15 +577,17 @@ ifdef(`targeted_policy', `
term_dontaudit_use_generic_pty($1_t)
files_dontaudit_read_root_file($1_t)
')
-optional_policy(`rhgb.te',`
- rhgb_domain($1_t)
-')
optional_policy(`selinuxutil.te',`
seutil_sigchld_newrole($1_t)
')
optional_policy(`udev.te', `
udev_read_db($1_t)
')
+ifdef(`TODO',`
+optional_policy(`rhgb.te',`
+ rhgb_domain($1_t)
+')
+') dnl end TODO
#
# daemon_sub_domain():
@@ -654,7 +658,7 @@ allow $1 self:sem create_sem_perms;
allow $1 self:msgq create_msgq_perms;
allow $1 self:msg { send receive };
fs_search_auto_mountpoints($1)
-userdom_use_unpriv_user_fd($1)
+userdom_use_unpriv_users_fd($1)
optional_policy(`nis.te',`
nis_use_ypbind($1)
')
@@ -702,7 +706,7 @@ optional_policy(`udev.te',`
#
# inetd_child_domain():
#
-type $1_t; #, nscd_client_domain;
+type $1_t;
type $1_exec_t;
inetd_(udp_|tcp_)?service_domain($1_t,$1_exec_t)
role system_r types $1_t;
@@ -719,8 +723,10 @@ allow $1_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
allow $1_t self:capability { setuid setgid };
allow $1_t self:dir search;
allow $1_t self:{ lnk_file file } { getattr read };
-#allow $1_t home_root_t:dir search;
-#can_kerberos($1_t)
+files_search_home($1_t)
+optional_policy(`kerberos.te',`
+ kerberos_use($1_t)
+')
#end for identd
allow $1_t $1_tmp_t:dir create_dir_perms;
allow $1_t $1_tmp_t:file create_file_perms;
@@ -747,6 +753,9 @@ sysnet_read_config($1_t)
optional_policy(`nis.te',`
nis_use_ypbind($1_t)
')
+optional_policy(`nscd.te',`
+ nscd_use_socket($1_t)
+')
#
# legacy_domain(): complete
More information about the scm-commits
mailing list