[selinux-policy: 802/3172] sediff fixes
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:14:21 UTC 2010
commit 1dd86c43cd8157364cb34ad90c6cef25a01798da
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Mon Oct 24 12:38:45 2005 +0000
sediff fixes
refpolicy/policy/modules/services/cron.te | 5 +++++
refpolicy/policy/modules/system/authlogin.if | 25 ++++++++++++-------------
refpolicy/policy/modules/system/sysnetwork.te | 22 ++++++++++++++++++++++
refpolicy/policy/modules/system/unconfined.te | 4 ++++
refpolicy/policy/modules/system/userdomain.if | 17 +++++++++++------
5 files changed, 54 insertions(+), 19 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te
index 5ca4305..615bba7 100644
--- a/refpolicy/policy/modules/services/cron.te
+++ b/refpolicy/policy/modules/services/cron.te
@@ -50,6 +50,11 @@ files_lock_file(system_crond_lock_t)
type system_crond_tmp_t;
files_tmp_file(system_crond_tmp_t)
+ifdef(`targeted_policy',`
+ type sysadm_cron_spool_t;
+ files_type(sysadm_cron_spool_t)
+')
+
########################################
#
# Cron Local policy
diff --git a/refpolicy/policy/modules/system/authlogin.if b/refpolicy/policy/modules/system/authlogin.if
index 1829987..6af6581 100644
--- a/refpolicy/policy/modules/system/authlogin.if
+++ b/refpolicy/policy/modules/system/authlogin.if
@@ -136,20 +136,19 @@ template(`authlogin_per_userdomain_template',`
## </param>
#
template(`auth_domtrans_user_chk_passwd',`
- gen_require(`
- type chkpwd_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
- ')
+ ifdef(`targeted_policy',`',`
+ gen_require(`
+ type chkpwd_exec_t;
+ ')
- corecmd_search_bin($1)
- domain_auto_trans($1,chkpwd_exec_t,$2_chkpwd_t)
+ corecmd_search_bin($1)
+ domain_auto_trans($1,chkpwd_exec_t,$2_chkpwd_t)
- allow $1 $2_chkpwd_t:fd use;
- allow $2_chkpwd_t $1:fd use;
- allow $2_chkpwd_t $1:fifo_file rw_file_perms;
- allow $2_chkpwd_t $1:process sigchld;
+ allow $1 $2_chkpwd_t:fd use;
+ allow $2_chkpwd_t $1:fd use;
+ allow $2_chkpwd_t $1:fifo_file rw_file_perms;
+ allow $2_chkpwd_t $1:process sigchld;
+ ')
')
########################################
diff --git a/refpolicy/policy/modules/system/sysnetwork.te b/refpolicy/policy/modules/system/sysnetwork.te
index b998b18..9a44ac6 100644
--- a/refpolicy/policy/modules/system/sysnetwork.te
+++ b/refpolicy/policy/modules/system/sysnetwork.te
@@ -158,6 +158,28 @@ optional_policy(`consoletype.te',`
consoletype_domtrans(dhcpc_t)
')
+optional_policy(`dbus.te',`
+ gen_require(`
+ class dbus send_msg;
+ ')
+
+ allow dhcpc_t self:dbus send_msg;
+
+ dbus_system_bus_client_template(dhcpc,dhcpc_t)
+ dbus_connect_system_bus(dhcpc_t)
+ dbus_send_system_bus_msg(dhcpc_t)
+
+ domain_auto_trans(system_dbusd_t, dhcpc_exec_t, dhcpc_t)
+
+ allow { NetworkManager_t initrc_t } dhcpc_t:dbus send_msg;
+ allow dhcpc_t { NetworkManager_t initrc_t }:dbus send_msg;
+
+ ifdef(`unconfined.te', `
+ allow unconfined_t dhcpc_t:dbus send_msg;
+ allow dhcpc_t unconfined_t:dbus send_msg;
+ ')
+')
+
optional_policy(`hostname.te',`
hostname_domtrans(dhcpc_t)
')
diff --git a/refpolicy/policy/modules/system/unconfined.te b/refpolicy/policy/modules/system/unconfined.te
index a03604b..6e5acc9 100644
--- a/refpolicy/policy/modules/system/unconfined.te
+++ b/refpolicy/policy/modules/system/unconfined.te
@@ -35,6 +35,10 @@ ifdef(`targeted_policy',`
userdom_unconfined(unconfined_t)
+ optional_policy(`su.te',`
+ su_per_userdomain_template(sysadm,unconfined_t,system_r)
+ ')
+
ifdef(`TODO',`
ifdef(`samba.te', `samba_domain(user)')
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index 5cef4cc..a1b75af 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -1432,13 +1432,18 @@ template(`userdom_manage_user_tmp_sockets',`
## </param>
#
template(`userdom_use_user_terminals',`
- gen_require(`
- type $1_tty_device_t, $1_devpts_t;
- ')
+ ifdef(`targeted_policy',`
+ term_use_unallocated_tty($2)
+ term_use_generic_pty($2)
+ ',`
+ gen_require(`
+ type $1_tty_device_t, $1_devpts_t;
+ ')
- allow $2 $1_tty_device_t:chr_file rw_term_perms;
- allow $2 $1_devpts_t:chr_file rw_term_perms;
- term_list_ptys($2)
+ allow $2 $1_tty_device_t:chr_file rw_term_perms;
+ allow $2 $1_devpts_t:chr_file rw_term_perms;
+ term_list_ptys($2)
+ ')
')
########################################
More information about the scm-commits
mailing list