[selinux-policy: 867/3172] fixes from sediff
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:20:01 UTC 2010
commit fc6198ced0f31151a367ac7910a1ace618e000d6
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Thu Oct 27 14:08:53 2005 +0000
fixes from sediff
refpolicy/policy/modules/services/nis.te | 1 +
refpolicy/policy/modules/services/zebra.te | 8 +++++---
2 files changed, 6 insertions(+), 3 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/nis.te b/refpolicy/policy/modules/services/nis.te
index 12acd84..75523d3 100644
--- a/refpolicy/policy/modules/services/nis.te
+++ b/refpolicy/policy/modules/services/nis.te
@@ -51,6 +51,7 @@ allow ypbind_t ypbind_tmp_t:file create_file_perms;
files_create_tmp_files(ypbind_t, ypbind_tmp_t, { file dir })
allow ypbind_t ypbind_var_run_t:file manage_file_perms;
+allow ypbind_t ypbind_var_run_t:dir rw_dir_perms;
files_create_pid(ypbind_t,ypbind_var_run_t)
allow ypbind_t var_yp_t:dir rw_dir_perms;
diff --git a/refpolicy/policy/modules/services/zebra.te b/refpolicy/policy/modules/services/zebra.te
index de58ab6..6d6c5f2 100644
--- a/refpolicy/policy/modules/services/zebra.te
+++ b/refpolicy/policy/modules/services/zebra.te
@@ -27,7 +27,7 @@ files_pid_file(zebra_var_run_t)
# Local policy
#
-allow zebra_t self:capability { setgid setuid net_admin net_raw };
+allow zebra_t self:capability { setgid setuid net_admin net_raw net_bind_service };
dontaudit zebra_t self:capability sys_tty_config;
allow zebra_t self:process setcap;
allow zebra_t self:file { ioctl read write getattr lock append };
@@ -35,8 +35,8 @@ allow zebra_t self:unix_dgram_socket create_socket_perms;
allow zebra_t self:unix_stream_socket { connectto create_stream_socket_perms };
allow zebra_t self:netlink_route_socket r_netlink_socket_perms;
allow zebra_t self:tcp_socket create_stream_socket_perms;
+allow zebra_t self:udp_socket create_socket_perms;
allow zebra_t self:rawip_socket create_socket_perms;
-allow zebra_t self:capability net_bind_service;
allow zebra_t zebra_conf_t:dir r_dir_perms;
allow zebra_t zebra_conf_t:file r_file_perms;
@@ -51,7 +51,9 @@ logging_create_log(zebra_t,zebra_log_t,{ sock_file file dir })
allow zebra_t zebra_tmp_t:sock_file create_file_perms;
files_create_tmp_files(zebra_t,zebra_tmp_t,sock_file)
-allow zebra_t zebra_var_run_t:file create_file_perms;
+allow zebra_t zebra_var_run_t:file manage_file_perms;
+allow zebra_t zebra_var_run_t:sock_file manage_file_perms;
+allow zebra_t zebra_var_run_t:dir rw_dir_perms;
files_create_pid(zebra_t,zebra_var_run_t, { file sock_file })
kernel_read_system_state(zebra_t)
More information about the scm-commits
mailing list