[selinux-policy: 651/3172] fixes for module compiling

Thu Oct 7 20:01:10 UTC 2010

commit 71fe0fa4c5aff4b168a5b25f58369012d494f915
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Wed Sep 14 00:30:10 2005 +0000

    fixes for module compiling

 refpolicy/Rules.modular                        |    7 +++++++
 refpolicy/policy/modules/admin/logrotate.if    |    2 +-
 refpolicy/policy/modules/admin/su.if           |    4 ++++
 refpolicy/policy/modules/admin/sudo.if         |    4 ++++
 refpolicy/policy/modules/kernel/bootloader.te  |    4 ++--
 refpolicy/policy/modules/kernel/storage.if     |    2 ++
 refpolicy/policy/modules/services/mysql.if     |    2 +-
 refpolicy/policy/modules/services/ntp.te       |    4 ++--
 refpolicy/policy/modules/system/files.if       |    6 +++---
 refpolicy/policy/modules/system/modutils.if    |    2 +-
 refpolicy/policy/modules/system/modutils.te    |    6 +++---
 refpolicy/policy/modules/system/selinuxutil.if |    2 +-
 refpolicy/policy/modules/system/udev.te        |    6 +++---
 13 files changed, 34 insertions(+), 17 deletions(-)
---

diff --git a/refpolicy/Rules.modular b/refpolicy/Rules.modular
index 6c70f1f..067ee01 100644
--- a/refpolicy/Rules.modular
+++ b/refpolicy/Rules.modular
@@ -76,6 +76,13 @@ tmp/generated_definitions.conf: $(ALL_LAYERS) $(BASE_TE_FILES)
 	@test -d tmp || mkdir -p tmp
 # define all available object classes
 	$(QUIET) $(GENPERM) $(AVS) $(SECCLASS) > $@
+# per-userdomain templates
+	$(QUIET) echo "define(\`per_userdomain_templates',\`" >> $@
+	$(QUIET) for i in $(patsubst %.te,%,$(notdir $(ALL_MODULES))); do \
+		echo "ifdef(\`""$$i""_per_userdomain_template',\`""$$i""_per_userdomain_template("'$$*'")')" \
+			>> $@ ;\
+	done
+	$(QUIET) echo "')" >> $@
 # define foo.te
 	$(QUIET) for i in $(notdir $(BASE_TE_FILES)); do \
 		echo "define(\`$$i')" >> $@ ;\
diff --git a/refpolicy/policy/modules/admin/logrotate.if b/refpolicy/policy/modules/admin/logrotate.if
index cff68d4..57aa956 100644
--- a/refpolicy/policy/modules/admin/logrotate.if
+++ b/refpolicy/policy/modules/admin/logrotate.if
@@ -77,7 +77,7 @@ interface(`logrotate_exec',`
 interface(`logrotate_dontaudit_use_fd',`
 	gen_require(`
 		type logrotate_t;
-		class fd;
+		class fd use;
 	')
 
 	dontaudit $1 logrotate_t:fd use;
diff --git a/refpolicy/policy/modules/admin/su.if b/refpolicy/policy/modules/admin/su.if
index 3cdd2d3..1fb0855 100644
--- a/refpolicy/policy/modules/admin/su.if
+++ b/refpolicy/policy/modules/admin/su.if
@@ -29,6 +29,10 @@
 #
 template(`su_per_userdomain_template',`
 
+	gen_require(`
+		type su_exec_t;
+	')
+
 	type $1_su_t;
 	domain_entry_file($1_su_t,su_exec_t)
 	domain_type($1_su_t)
diff --git a/refpolicy/policy/modules/admin/sudo.if b/refpolicy/policy/modules/admin/sudo.if
index 5a83ccd..e61e8d5 100644
--- a/refpolicy/policy/modules/admin/sudo.if
+++ b/refpolicy/policy/modules/admin/sudo.if
@@ -29,6 +29,10 @@
 #
 template(`sudo_per_userdomain_template',`
 
+	gen_require(`
+		type sudo_exec_t;
+	')
+
 	##############################
 	#
 	# Declarations
diff --git a/refpolicy/policy/modules/kernel/bootloader.te b/refpolicy/policy/modules/kernel/bootloader.te
index 5b96691..dfc6cde 100644
--- a/refpolicy/policy/modules/kernel/bootloader.te
+++ b/refpolicy/policy/modules/kernel/bootloader.te
@@ -186,8 +186,8 @@ ifdef(`distro_redhat',`
 	mount_domtrans(bootloader_t)
 ')
 
-optional_policy(`filesystemtools.te',`
-	filesystemtools_execute(bootloader_t)
+optional_policy(`fstools.te',`
+	fstools_exec(bootloader_t)
 ')
 
 optional_policy(`lvm.te',`
diff --git a/refpolicy/policy/modules/kernel/storage.if b/refpolicy/policy/modules/kernel/storage.if
index 4a80395..def3a2f 100644
--- a/refpolicy/policy/modules/kernel/storage.if
+++ b/refpolicy/policy/modules/kernel/storage.if
@@ -593,6 +593,8 @@ interface(`storage_unconfined',`
 	gen_require(`
 		type fixed_disk_device_t, removable_device_t;
 		type lvm_vg_t, scsi_generic_device_t, tape_device_t;
+		attribute fixed_disk_raw_read, fixed_disk_raw_write;
+		attribute scsi_generic_read, scsi_generic_write;
 	')
 
 	allow $1 { fixed_disk_device_t removable_device_t }:blk_file *;
diff --git a/refpolicy/policy/modules/services/mysql.if b/refpolicy/policy/modules/services/mysql.if
index 98b2251..fd6e75d 100644
--- a/refpolicy/policy/modules/services/mysql.if
+++ b/refpolicy/policy/modules/services/mysql.if
@@ -27,7 +27,7 @@ interface(`mysql_signal',`
 #
 interface(`mysql_stream_connect',`
 	gen_require(`
-		type mysqld_t;
+		type mysqld_t, mysqld_var_run_t;
 		class unix_stream_socket connectto;
 		class dir search;
 		class sock_file write;
diff --git a/refpolicy/policy/modules/services/ntp.te b/refpolicy/policy/modules/services/ntp.te
index 0460f88..7ff072a 100644
--- a/refpolicy/policy/modules/services/ntp.te
+++ b/refpolicy/policy/modules/services/ntp.te
@@ -118,10 +118,10 @@ ifdef(`targeted_policy', `
 	files_dontaudit_read_root_file(ntpd_t)
 ')
 
-optional_policy(`crond.te',`
+optional_policy(`cron.te',`
 	# for cron jobs
 	# system_crond_t is not right, cron is not doing what it should
-	cron_system_entry(ntpdate_t,ntpd_exec_t)
+	cron_system_entry(ntpd_t,ntpd_exec_t)
 ')
 
 optional_policy(`firstboot.te',`
diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index 2aa0a18..13d3883 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -463,7 +463,7 @@ interface(`files_dontaudit_search_all_dirs',`
 interface(`files_relabelto_all_file_type_fs',`
 	gen_require(`
 		attribute file_type;
-		filesystem relabelto;
+		class filesystem relabelto;
 	')
 
 	allow $1 file_type:filesystem relabelto;
@@ -476,7 +476,7 @@ interface(`files_relabelto_all_file_type_fs',`
 interface(`files_mount_all_file_type_fs',`
 	gen_require(`
 		attribute file_type;
-		filesystem mount;
+		class filesystem mount;
 	')
 
 	allow $1 file_type:filesystem mount;
@@ -489,7 +489,7 @@ interface(`files_mount_all_file_type_fs',`
 interface(`files_unmount_all_file_type_fs',`
 	gen_require(`
 		attribute file_type;
-		filesystem unmount;
+		class filesystem unmount;
 	')
 
 	allow $1 file_type:filesystem unmount;
diff --git a/refpolicy/policy/modules/system/modutils.if b/refpolicy/policy/modules/system/modutils.if
index fbe4514..999312c 100644
--- a/refpolicy/policy/modules/system/modutils.if
+++ b/refpolicy/policy/modules/system/modutils.if
@@ -100,7 +100,7 @@ interface(`modutils_run_insmod',`
 #
 interface(`modutils_exec_insmod',`
 	gen_require(`
-		type insmod_t;
+		type insmod_exec_t;
 	')
 
 	corecmd_search_sbin($1)
diff --git a/refpolicy/policy/modules/system/modutils.te b/refpolicy/policy/modules/system/modutils.te
index 1196611..731cb7d 100644
--- a/refpolicy/policy/modules/system/modutils.te
+++ b/refpolicy/policy/modules/system/modutils.te
@@ -119,9 +119,9 @@ optional_policy(`rpm.te',`
 	rpm_rw_pipe(insmod_t)
 ')
 
-optional_policy(`xserver.te',`
-	xserver_getattr_log(insmod_t)
-')
+#optional_policy(`xserver.te',`
+#	xserver_getattr_log(insmod_t)
+#')
 
 ########################################
 #
diff --git a/refpolicy/policy/modules/system/selinuxutil.if b/refpolicy/policy/modules/system/selinuxutil.if
index 3039425..280bf4f 100644
--- a/refpolicy/policy/modules/system/selinuxutil.if
+++ b/refpolicy/policy/modules/system/selinuxutil.if
@@ -140,7 +140,7 @@ interface(`seutil_exec_loadpol',`
 interface(`seutil_read_loadpol',`
 	gen_require(`
 		type load_policy_exec_t;
-		class file r_file_perms
+		class file r_file_perms;
 	')
 
 	corecmd_search_sbin($1)
diff --git a/refpolicy/policy/modules/system/udev.te b/refpolicy/policy/modules/system/udev.te
index a11919c..81071aa 100644
--- a/refpolicy/policy/modules/system/udev.te
+++ b/refpolicy/policy/modules/system/udev.te
@@ -165,9 +165,9 @@ optional_policy(`sysnetwork.te',`
 	sysnet_domtrans_dhcpc(udev_t)
 ')
 
-optional_policy(`xserver.te',`
-	xserver_read_xdm_pid(udev_t)
-')
+#optional_policy(`xserver.te',`
+#	xserver_read_xdm_pid(udev_t)
+#')
 
 ifdef(`TODO',`
 dontaudit udev_t ttyfile:chr_file unlink;
