[selinux-policy: 867/3172] fixes from sediff

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 20:20:01 UTC 2010 

commit fc6198ced0f31151a367ac7910a1ace618e000d6
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Thu Oct 27 14:08:53 2005 +0000

    fixes from sediff

 refpolicy/policy/modules/services/nis.te   |    1 +
 refpolicy/policy/modules/services/zebra.te |    8 +++++---
 2 files changed, 6 insertions(+), 3 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/nis.te b/refpolicy/policy/modules/services/nis.te
index 12acd84..75523d3 100644
--- a/refpolicy/policy/modules/services/nis.te
+++ b/refpolicy/policy/modules/services/nis.te
@@ -51,6 +51,7 @@ allow ypbind_t ypbind_tmp_t:file create_file_perms;
 files_create_tmp_files(ypbind_t, ypbind_tmp_t, { file dir })
 
 allow ypbind_t ypbind_var_run_t:file manage_file_perms;
+allow ypbind_t ypbind_var_run_t:dir rw_dir_perms;
 files_create_pid(ypbind_t,ypbind_var_run_t)
 
 allow ypbind_t var_yp_t:dir rw_dir_perms;
diff --git a/refpolicy/policy/modules/services/zebra.te b/refpolicy/policy/modules/services/zebra.te
index de58ab6..6d6c5f2 100644
--- a/refpolicy/policy/modules/services/zebra.te
+++ b/refpolicy/policy/modules/services/zebra.te
@@ -27,7 +27,7 @@ files_pid_file(zebra_var_run_t)
 # Local policy
 #
 
-allow zebra_t self:capability { setgid setuid net_admin net_raw };
+allow zebra_t self:capability { setgid setuid net_admin net_raw net_bind_service };
 dontaudit zebra_t self:capability sys_tty_config;
 allow zebra_t self:process setcap;
 allow zebra_t self:file { ioctl read write getattr lock append };
@@ -35,8 +35,8 @@ allow zebra_t self:unix_dgram_socket create_socket_perms;
 allow zebra_t self:unix_stream_socket { connectto create_stream_socket_perms };
 allow zebra_t self:netlink_route_socket r_netlink_socket_perms;
 allow zebra_t self:tcp_socket create_stream_socket_perms;
+allow zebra_t self:udp_socket create_socket_perms;
 allow zebra_t self:rawip_socket create_socket_perms;
-allow zebra_t self:capability net_bind_service;
 
 allow zebra_t zebra_conf_t:dir r_dir_perms;
 allow zebra_t zebra_conf_t:file r_file_perms;
@@ -51,7 +51,9 @@ logging_create_log(zebra_t,zebra_log_t,{ sock_file file dir })
 allow zebra_t zebra_tmp_t:sock_file create_file_perms;
 files_create_tmp_files(zebra_t,zebra_tmp_t,sock_file)
 
-allow zebra_t zebra_var_run_t:file create_file_perms;
+allow zebra_t zebra_var_run_t:file manage_file_perms;
+allow zebra_t zebra_var_run_t:sock_file manage_file_perms;
+allow zebra_t zebra_var_run_t:dir rw_dir_perms;
 files_create_pid(zebra_t,zebra_var_run_t, { file sock_file })
 
 kernel_read_system_state(zebra_t)

More information about the scm-commits mailing list