[selinux-policy: 836/3172] module build fixes

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 20:17:21 UTC 2010 

commit 28e730b8e21305a37747a30b75b50bea625386c0
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Tue Oct 25 01:17:55 2005 +0000

    module build fixes

 refpolicy/policy/modules/services/portmap.te |    9 +++++++++
 refpolicy/policy/modules/services/rpc.te     |    5 -----
 refpolicy/policy/modules/services/samba.te   |    7 +++++++
 3 files changed, 16 insertions(+), 5 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/portmap.te b/refpolicy/policy/modules/services/portmap.te
index 5c4e9ce..3e7c5a8 100644
--- a/refpolicy/policy/modules/services/portmap.te
+++ b/refpolicy/policy/modules/services/portmap.te
@@ -202,3 +202,12 @@ optional_policy(`mount.te',`
 optional_policy(`nis.te',`
 	nis_use_ypbind(portmap_helper_t)
 ')
+
+# temporary:
+gen_require(`
+	type rpcd_t, nfsd_t;
+')
+# rpcd_t needs to talk to the portmap_t domain
+portmap_udp_sendrecv(rpcd_t) 
+portmap_tcp_connect(nfsd_t) 
+portmap_udp_sendrecv(nfsd_t)
diff --git a/refpolicy/policy/modules/services/rpc.te b/refpolicy/policy/modules/services/rpc.te
index 91303af..710646a 100644
--- a/refpolicy/policy/modules/services/rpc.te
+++ b/refpolicy/policy/modules/services/rpc.te
@@ -58,8 +58,6 @@ term_use_controlling_term(rpcd_t)
 
 seutil_dontaudit_search_config(rpcd_t)
 
-# rpcd_t needs to talk to the portmap_t domain
-portmap_udp_sendrecv(rpcd_t) 
 
 ifdef(`distro_redhat', `
 	allow rpcd_t self:capability { chown dac_override setgid setuid };
@@ -93,9 +91,6 @@ files_search_pids(nfsd_t)
 # for exportfs and rpc.mountd
 files_getattr_tmp_dir(nfsd_t) 
 
-portmap_tcp_connect(nfsd_t) 
-portmap_udp_sendrecv(nfsd_t)	
-				
 tunable_policy(`nfs_export_all_rw',`
 	auth_read_all_dirs_except_shadow(nfsd_t) 
 	fs_read_noxattr_fs_files(nfsd_t) 
diff --git a/refpolicy/policy/modules/services/samba.te b/refpolicy/policy/modules/services/samba.te
index 28efc5a..d53dffc 100644
--- a/refpolicy/policy/modules/services/samba.te
+++ b/refpolicy/policy/modules/services/samba.te
@@ -314,9 +314,16 @@ optional_policy(`rhgb.te',`
 ') dnl end TODO
 
 ifdef(`hide_broken_symptoms', `
+gen_require(`
+	type boot_t, default_t, tmpfs_t;
+')
 dontaudit smbd_t { devpts_t boot_t default_t tmpfs_t }:dir getattr;
 dontaudit smbd_t devpts_t:dir getattr;
 ')
+
+gen_require(`
+	type mtrr_device_t;
+')
 allow smbd_t mtrr_device_t:file getattr;
 
 ########################################

More information about the scm-commits mailing list