[selinux-policy: 1311/3172] semodule needs to manage the file contexts
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:58:40 UTC 2010
commit 55b190552b2cd55e465803fbb5443b5423579751
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed Mar 29 19:18:00 2006 +0000
semodule needs to manage the file contexts
refpolicy/policy/modules/system/selinuxutil.if | 21 +++++++++++++++++++++
refpolicy/policy/modules/system/selinuxutil.te | 4 ++--
2 files changed, 23 insertions(+), 2 deletions(-)
---
diff --git a/refpolicy/policy/modules/system/selinuxutil.if b/refpolicy/policy/modules/system/selinuxutil.if
index 7dfe562..c812f6b 100644
--- a/refpolicy/policy/modules/system/selinuxutil.if
+++ b/refpolicy/policy/modules/system/selinuxutil.if
@@ -703,6 +703,27 @@ interface(`seutil_rw_file_contexts',`
')
########################################
+## <summary>
+## Create, read, write, and delete the file_contexts files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`seutil_manage_file_contexts',`
+ gen_require(`
+ type selinux_config_t, file_context_t;
+ ')
+
+ files_search_etc($1)
+ allow $1 selinux_config_t:dir search_dir_perms;
+ allow $1 file_context_t:dir rw_dir_perms;
+ allow $1 file_context_t:file manage_file_perms;
+')
+
+########################################
#
# seutil_read_bin_policy(domain)
#
diff --git a/refpolicy/policy/modules/system/selinuxutil.te b/refpolicy/policy/modules/system/selinuxutil.te
index 632acdb..f0201fe 100644
--- a/refpolicy/policy/modules/system/selinuxutil.te
+++ b/refpolicy/policy/modules/system/selinuxutil.te
@@ -1,5 +1,5 @@
-policy_module(selinuxutil,1.2.1)
+policy_module(selinuxutil,1.2.2)
gen_require(`
bool secure_mode;
@@ -518,7 +518,7 @@ libs_use_shared_libs(semanage_t)
libs_use_lib_files(semanage_t)
seutil_search_default_contexts(semanage_t)
-seutil_rw_file_contexts(semanage_t)
+seutil_manage_file_contexts(semanage_t)
seutil_manage_selinux_config(semanage_t)
seutil_domtrans_setfiles(semanage_t)
seutil_domtrans_loadpolicy(semanage_t)
More information about the scm-commits
mailing list