[selinux-policy: 1115/3172] fix compile errors
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:41:25 UTC 2010
commit 625caeb34f545327ccb71a06af548ba4d755b544
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed Jan 18 15:58:52 2006 +0000
fix compile errors
refpolicy/policy/modules/admin/portage.if | 6 +++---
refpolicy/policy/modules/admin/portage.te | 24 +++++++++++++-----------
2 files changed, 16 insertions(+), 14 deletions(-)
---
diff --git a/refpolicy/policy/modules/admin/portage.if b/refpolicy/policy/modules/admin/portage.if
index cc54a09..cdeea5e 100644
--- a/refpolicy/policy/modules/admin/portage.if
+++ b/refpolicy/policy/modules/admin/portage.if
@@ -119,14 +119,14 @@ template(`portage_compile_domain_template',`
allow $1_t $1_tmp_t:lnk_file create_lnk_perms;
allow $1_t $1_tmp_t:fifo_file manage_file_perms;
allow $1_t $1_tmp_t:sock_file manage_file_perms;
- files_create_tmp($1_t,$1_tmp_t,{ dir file lnk_file sock_file fifo_file })
+ files_filetrans_tmp($1_t,$1_tmp_t,{ dir file lnk_file sock_file fifo_file })
allow $1_t $1_tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t $1_tmpfs_t:file { create ioctl read getattr lock write setattr append link unlink rename };
allow $1_t $1_tmpfs_t:lnk_file { create read getattr setattr link unlink rename };
allow $1_t $1_tmpfs_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename };
allow $1_t $1_tmpfs_t:fifo_file { create ioctl read getattr lock write setattr append link unlink rename };
- fs_create_tmpfs_data($1_t,$1_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+ fs_filetrans_tmpfs($1_t,$1_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
# write merge logs
allow $1_t portage_log_t:dir setattr;
@@ -160,7 +160,7 @@ template(`portage_compile_domain_template',`
dev_read_urand($1_t)
domain_exec_all_entry_files($1_t)
- domain_use_wide_inhert_fds($1_t)
+ domain_use_wide_inherit_fd($1_t)
files_exec_etc_files($1_t)
files_exec_usr_src_files($1_t)
diff --git a/refpolicy/policy/modules/admin/portage.te b/refpolicy/policy/modules/admin/portage.te
index a863f9b..e8125c3 100644
--- a/refpolicy/policy/modules/admin/portage.te
+++ b/refpolicy/policy/modules/admin/portage.te
@@ -9,10 +9,10 @@ policy_module(portage,1.0.0)
type portage_exec_t;
files_type(portage_exec_t)
-portage_compile_domain(portage)
+portage_compile_domain_template(portage)
domain_obj_id_change_exempt(portage_t)
-portage_compile_domain(portage_sandbox)
+portage_compile_domain_template(portage_sandbox)
# the shell is the entrypoint if regular sandbox is disabled
# portage_exec_t is the entrypoint if regular sandbox is enabled
corecmd_shell_entry_type(portage_sandbox_t)
@@ -55,7 +55,7 @@ allow portage_fetch_t portage_t:fifo_file rw_file_perms;
allow portage_fetch_t portage_t:process sigchld;
allow portage_t portage_log_t:file create_file_perms;
-logging_create_log(portage_t,portage_log_t)
+logging_filetrans_log(portage_t,portage_log_t)
# transition to sandbox for compiling
domain_trans(portage_t,portage_exec_t,portage_sandbox_t)
@@ -65,7 +65,7 @@ allow portage_sandbox_t portage_t:fifo_file rw_file_perms;
allow portage_sandbox_t portage_t:process sigchld;
# run scripts out of the build directory
-can_exec($1_t,portage_tmp_t)
+can_exec(portage_t,portage_tmp_t)
# merging baselayout will need this:
kernel_write_proc_file(portage_t)
@@ -89,7 +89,7 @@ optional_policy(`bootloader',`
optional_policy(`modutils',`
modutils_domtrans_depmod(portage_t)
- modutils_domtrans_update_modules(portage_t)
+ modutils_domtrans_update_mods(portage_t)
#dontaudit update_modules_t portage_tmp_t:dir search_dir_perms;
')
@@ -98,10 +98,12 @@ optional_policy(`usermanage',`
usermanage_domtrans_useradd(portage_t)
')
+ifdef(`TODO',`
# seems to work ok without these
dontaudit portage_t device_t:{ blk_file chr_file } getattr;
dontaudit portage_t proc_t:dir setattr;
dontaudit portage_t device_type:{ chr_file blk_file } r_file_perms;
+')
##########################################
#
@@ -122,7 +124,7 @@ allow portage_fetch_t portage_ebuild_t:file manage_file_perms;
allow portage_fetch_t portage_fetch_tmp_t:dir create_dir_perms;
allow portage_fetch_t portage_fetch_tmp_t:file create_file_perms;
-files_create_tmp_files(portage_fetch_t, portage_fetch_tmp_t, { file dir })
+files_filetrans_tmp(portage_fetch_t, portage_fetch_tmp_t, { file dir })
# portage makes home dir the portage tmp dir, so
# wget looks for .wgetrc there
@@ -143,16 +145,17 @@ corenet_tcp_sendrecv_all_ports(portage_fetch_t)
corenet_tcp_connect_all_reserved_ports(portage_fetch_t)
corenet_tcp_connect_generic_port(portage_fetch_t)
-dev_search_ptys(portage_fetch_t)
dev_dontaudit_read_rand(portage_fetch_t)
-domain_use_wide_inherit_fds(portage_fetch_t)
+domain_use_wide_inherit_fd(portage_fetch_t)
files_read_etc_files(portage_fetch_t)
files_read_etc_runtime_files(portage_fetch_t)
files_search_var(portage_fetch_t)
files_dontaudit_search_pids(portage_fetch_t)
+term_search_ptys(portage_fetch_t)
+
libs_use_ld_so(portage_fetch_t)
libs_use_shared_libs(portage_fetch_t)
@@ -167,9 +170,8 @@ ifdef(`hide_broken_symptoms',`
dontaudit portage_fetch_t portage_cache_t:file read;
')
-ifdef(`TODO',`
-domain_auto_trans(portage_t, rsyncd_exec_t, portage_fetch_t)
-')
+# TODO:
+#domain_auto_trans(portage_t, rsyncd_exec_t, portage_fetch_t)
##########################################
#
More information about the scm-commits
mailing list