[selinux-policy: 1115/3172] fix compile errors

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 20:41:25 UTC 2010 

commit 625caeb34f545327ccb71a06af548ba4d755b544
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Wed Jan 18 15:58:52 2006 +0000

    fix compile errors

 refpolicy/policy/modules/admin/portage.if |    6 +++---
 refpolicy/policy/modules/admin/portage.te |   24 +++++++++++++-----------
 2 files changed, 16 insertions(+), 14 deletions(-)
---
diff --git a/refpolicy/policy/modules/admin/portage.if b/refpolicy/policy/modules/admin/portage.if
index cc54a09..cdeea5e 100644
--- a/refpolicy/policy/modules/admin/portage.if
+++ b/refpolicy/policy/modules/admin/portage.if
@@ -119,14 +119,14 @@ template(`portage_compile_domain_template',`
 	allow $1_t $1_tmp_t:lnk_file create_lnk_perms;
 	allow $1_t $1_tmp_t:fifo_file manage_file_perms;
 	allow $1_t $1_tmp_t:sock_file manage_file_perms;
-	files_create_tmp($1_t,$1_tmp_t,{ dir file lnk_file sock_file fifo_file })
+	files_filetrans_tmp($1_t,$1_tmp_t,{ dir file lnk_file sock_file fifo_file })
 
 	allow $1_t $1_tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
 	allow $1_t $1_tmpfs_t:file { create ioctl read getattr lock write setattr append link unlink rename };
 	allow $1_t $1_tmpfs_t:lnk_file { create read getattr setattr link unlink rename };
 	allow $1_t $1_tmpfs_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename };
 	allow $1_t $1_tmpfs_t:fifo_file { create ioctl read getattr lock write setattr append link unlink rename };
-	fs_create_tmpfs_data($1_t,$1_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+	fs_filetrans_tmpfs($1_t,$1_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
 
 	# write merge logs
 	allow $1_t portage_log_t:dir setattr;
@@ -160,7 +160,7 @@ template(`portage_compile_domain_template',`
 	dev_read_urand($1_t)
 
 	domain_exec_all_entry_files($1_t)
-	domain_use_wide_inhert_fds($1_t)
+	domain_use_wide_inherit_fd($1_t)
 
 	files_exec_etc_files($1_t)
 	files_exec_usr_src_files($1_t)
diff --git a/refpolicy/policy/modules/admin/portage.te b/refpolicy/policy/modules/admin/portage.te
index a863f9b..e8125c3 100644
--- a/refpolicy/policy/modules/admin/portage.te
+++ b/refpolicy/policy/modules/admin/portage.te
@@ -9,10 +9,10 @@ policy_module(portage,1.0.0)
 type portage_exec_t;
 files_type(portage_exec_t)
 
-portage_compile_domain(portage)
+portage_compile_domain_template(portage)
 domain_obj_id_change_exempt(portage_t)
 
-portage_compile_domain(portage_sandbox)
+portage_compile_domain_template(portage_sandbox)
 # the shell is the entrypoint if regular sandbox is disabled
 # portage_exec_t is the entrypoint if regular sandbox is enabled
 corecmd_shell_entry_type(portage_sandbox_t)
@@ -55,7 +55,7 @@ allow portage_fetch_t portage_t:fifo_file rw_file_perms;
 allow portage_fetch_t portage_t:process sigchld;
 
 allow portage_t portage_log_t:file create_file_perms;
-logging_create_log(portage_t,portage_log_t)
+logging_filetrans_log(portage_t,portage_log_t)
 
 # transition to sandbox for compiling
 domain_trans(portage_t,portage_exec_t,portage_sandbox_t)
@@ -65,7 +65,7 @@ allow portage_sandbox_t portage_t:fifo_file rw_file_perms;
 allow portage_sandbox_t portage_t:process sigchld;
 
 # run scripts out of the build directory
-can_exec($1_t,portage_tmp_t)
+can_exec(portage_t,portage_tmp_t)
 
 # merging baselayout will need this:
 kernel_write_proc_file(portage_t)
@@ -89,7 +89,7 @@ optional_policy(`bootloader',`
 
 optional_policy(`modutils',`
 	modutils_domtrans_depmod(portage_t)
-	modutils_domtrans_update_modules(portage_t)
+	modutils_domtrans_update_mods(portage_t)
 	#dontaudit update_modules_t portage_tmp_t:dir search_dir_perms;
 ')
 
@@ -98,10 +98,12 @@ optional_policy(`usermanage',`
 	usermanage_domtrans_useradd(portage_t)
 ')
 
+ifdef(`TODO',`
 # seems to work ok without these
 dontaudit portage_t device_t:{ blk_file chr_file } getattr;
 dontaudit portage_t proc_t:dir setattr;
 dontaudit portage_t device_type:{ chr_file blk_file } r_file_perms;
+')
 
 ##########################################
 #
@@ -122,7 +124,7 @@ allow portage_fetch_t portage_ebuild_t:file manage_file_perms;
 
 allow portage_fetch_t portage_fetch_tmp_t:dir create_dir_perms;
 allow portage_fetch_t portage_fetch_tmp_t:file create_file_perms;
-files_create_tmp_files(portage_fetch_t, portage_fetch_tmp_t, { file dir })
+files_filetrans_tmp(portage_fetch_t, portage_fetch_tmp_t, { file dir })
 
 # portage makes home dir the portage tmp dir, so
 # wget looks for .wgetrc there
@@ -143,16 +145,17 @@ corenet_tcp_sendrecv_all_ports(portage_fetch_t)
 corenet_tcp_connect_all_reserved_ports(portage_fetch_t)
 corenet_tcp_connect_generic_port(portage_fetch_t)
 
-dev_search_ptys(portage_fetch_t)
 dev_dontaudit_read_rand(portage_fetch_t)
 
-domain_use_wide_inherit_fds(portage_fetch_t)
+domain_use_wide_inherit_fd(portage_fetch_t)
 
 files_read_etc_files(portage_fetch_t)
 files_read_etc_runtime_files(portage_fetch_t)
 files_search_var(portage_fetch_t)
 files_dontaudit_search_pids(portage_fetch_t)
 
+term_search_ptys(portage_fetch_t)
+
 libs_use_ld_so(portage_fetch_t)
 libs_use_shared_libs(portage_fetch_t)
 
@@ -167,9 +170,8 @@ ifdef(`hide_broken_symptoms',`
 	dontaudit portage_fetch_t portage_cache_t:file read;
 ')
 
-ifdef(`TODO',`
-domain_auto_trans(portage_t, rsyncd_exec_t, portage_fetch_t)
-')
+# TODO:
+#domain_auto_trans(portage_t, rsyncd_exec_t, portage_fetch_t)
 
 ##########################################
 #

More information about the scm-commits mailing list