[selinux-policy: 836/3172] module build fixes
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:17:21 UTC 2010
commit 28e730b8e21305a37747a30b75b50bea625386c0
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Oct 25 01:17:55 2005 +0000
module build fixes
refpolicy/policy/modules/services/portmap.te | 9 +++++++++
refpolicy/policy/modules/services/rpc.te | 5 -----
refpolicy/policy/modules/services/samba.te | 7 +++++++
3 files changed, 16 insertions(+), 5 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/portmap.te b/refpolicy/policy/modules/services/portmap.te
index 5c4e9ce..3e7c5a8 100644
--- a/refpolicy/policy/modules/services/portmap.te
+++ b/refpolicy/policy/modules/services/portmap.te
@@ -202,3 +202,12 @@ optional_policy(`mount.te',`
optional_policy(`nis.te',`
nis_use_ypbind(portmap_helper_t)
')
+
+# temporary:
+gen_require(`
+ type rpcd_t, nfsd_t;
+')
+# rpcd_t needs to talk to the portmap_t domain
+portmap_udp_sendrecv(rpcd_t)
+portmap_tcp_connect(nfsd_t)
+portmap_udp_sendrecv(nfsd_t)
diff --git a/refpolicy/policy/modules/services/rpc.te b/refpolicy/policy/modules/services/rpc.te
index 91303af..710646a 100644
--- a/refpolicy/policy/modules/services/rpc.te
+++ b/refpolicy/policy/modules/services/rpc.te
@@ -58,8 +58,6 @@ term_use_controlling_term(rpcd_t)
seutil_dontaudit_search_config(rpcd_t)
-# rpcd_t needs to talk to the portmap_t domain
-portmap_udp_sendrecv(rpcd_t)
ifdef(`distro_redhat', `
allow rpcd_t self:capability { chown dac_override setgid setuid };
@@ -93,9 +91,6 @@ files_search_pids(nfsd_t)
# for exportfs and rpc.mountd
files_getattr_tmp_dir(nfsd_t)
-portmap_tcp_connect(nfsd_t)
-portmap_udp_sendrecv(nfsd_t)
-
tunable_policy(`nfs_export_all_rw',`
auth_read_all_dirs_except_shadow(nfsd_t)
fs_read_noxattr_fs_files(nfsd_t)
diff --git a/refpolicy/policy/modules/services/samba.te b/refpolicy/policy/modules/services/samba.te
index 28efc5a..d53dffc 100644
--- a/refpolicy/policy/modules/services/samba.te
+++ b/refpolicy/policy/modules/services/samba.te
@@ -314,9 +314,16 @@ optional_policy(`rhgb.te',`
') dnl end TODO
ifdef(`hide_broken_symptoms', `
+gen_require(`
+ type boot_t, default_t, tmpfs_t;
+')
dontaudit smbd_t { devpts_t boot_t default_t tmpfs_t }:dir getattr;
dontaudit smbd_t devpts_t:dir getattr;
')
+
+gen_require(`
+ type mtrr_device_t;
+')
allow smbd_t mtrr_device_t:file getattr;
########################################
More information about the scm-commits
mailing list