[selinux-policy: 1530/3172] change eventpollfs labeling to task sid
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:17:30 UTC 2010
commit 81a016f501493b04c0fb881fc333fd2539f1b23c
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed Jun 28 20:28:09 2006 +0000
change eventpollfs labeling to task sid
refpolicy/Changelog | 1 +
refpolicy/policy/modules/kernel/filesystem.if | 18 +++++++++++-------
refpolicy/policy/modules/kernel/filesystem.te | 6 ++++--
refpolicy/policy/modules/services/apache.if | 1 -
refpolicy/policy/modules/services/apache.te | 2 +-
refpolicy/policy/modules/services/mta.te | 4 +---
6 files changed, 18 insertions(+), 14 deletions(-)
---
diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index 031d0eb..c79ac18 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -1,3 +1,4 @@
+- Change eventpollfs to task SID labeling.
- Add key support from Michael LeMay.
- Add ftpdctl domain to ftp, from Paul Howarth.
- Fix build system to not move type declarations out of optionals.
diff --git a/refpolicy/policy/modules/kernel/filesystem.if b/refpolicy/policy/modules/kernel/filesystem.if
index 133b9d5..6fea2a1 100644
--- a/refpolicy/policy/modules/kernel/filesystem.if
+++ b/refpolicy/policy/modules/kernel/filesystem.if
@@ -1019,8 +1019,17 @@ interface(`fs_relabelfrom_dos_fs',`
########################################
## <summary>
-## Read eventpollfs files
+## Read eventpollfs files.
## </summary>
+## <desc>
+## <p>
+## Read eventpollfs files
+## </p>
+## <p>
+## This interface has been deprecated, and will
+## be removed in the future.
+## </p>
+## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
@@ -1028,12 +1037,7 @@ interface(`fs_relabelfrom_dos_fs',`
## </param>
#
interface(`fs_read_eventpollfs',`
- gen_require(`
- type eventpollfs_t;
- ')
-
- allow $1 eventpollfs_t:dir search_dir_perms;
- allow $1 eventpollfs_t:file r_file_perms;
+ errprint(__file__:__line__:` $0($*) has been deprecated.'__endline__)
')
########################################
diff --git a/refpolicy/policy/modules/kernel/filesystem.te b/refpolicy/policy/modules/kernel/filesystem.te
index ebcabc4..104b56b 100644
--- a/refpolicy/policy/modules/kernel/filesystem.te
+++ b/refpolicy/policy/modules/kernel/filesystem.te
@@ -1,5 +1,5 @@
-policy_module(filesystem,1.3.11)
+policy_module(filesystem,1.3.12)
########################################
#
@@ -32,6 +32,7 @@ fs_use_xattr xfs gen_context(system_u:object_r:fs_t,s0);
# This is appropriate for pseudo filesystems that represent objects
# like pipes and sockets, so that these objects are labeled with the same
# type as the creating task.
+fs_use_task eventpollfs gen_context(system_u:object_r:fs_t,s0);
fs_use_task pipefs gen_context(system_u:object_r:fs_t,s0);
fs_use_task sockfs gen_context(system_u:object_r:fs_t,s0);
@@ -58,7 +59,8 @@ genfscon configfs / gen_context(system_u:object_r:configfs_t,s0)
type eventpollfs_t;
fs_type(eventpollfs_t)
-genfscon eventpollfs / gen_context(system_u:object_r:eventpollfs_t,s0)
+# change to task SID 20060628
+#genfscon eventpollfs / gen_context(system_u:object_r:eventpollfs_t,s0)
type futexfs_t;
fs_type(futexfs_t)
diff --git a/refpolicy/policy/modules/services/apache.if b/refpolicy/policy/modules/services/apache.if
index 98cbfb0..d263fc3 100644
--- a/refpolicy/policy/modules/services/apache.if
+++ b/refpolicy/policy/modules/services/apache.if
@@ -179,7 +179,6 @@ template(`apache_content_template',`
dev_read_urand(httpd_$1_script_t)
fs_getattr_xattr_fs(httpd_$1_script_t)
- fs_read_eventpollfs(httpd_$1_script_t)
files_read_etc_runtime_files(httpd_$1_script_t)
files_read_usr_files(httpd_$1_script_t)
diff --git a/refpolicy/policy/modules/services/apache.te b/refpolicy/policy/modules/services/apache.te
index 6951300..e92d29d 100644
--- a/refpolicy/policy/modules/services/apache.te
+++ b/refpolicy/policy/modules/services/apache.te
@@ -1,5 +1,5 @@
-policy_module(apache,1.3.14)
+policy_module(apache,1.3.15)
#
# NOTES:
diff --git a/refpolicy/policy/modules/services/mta.te b/refpolicy/policy/modules/services/mta.te
index fc62d0b..2e9d8a7 100644
--- a/refpolicy/policy/modules/services/mta.te
+++ b/refpolicy/policy/modules/services/mta.te
@@ -1,5 +1,5 @@
-policy_module(mta,1.3.6)
+policy_module(mta,1.3.7)
########################################
#
@@ -56,8 +56,6 @@ kernel_read_network_state(system_mail_t)
dev_read_rand(system_mail_t)
dev_read_urand(system_mail_t)
-fs_read_eventpollfs(system_mail_t)
-
init_use_script_ptys(system_mail_t)
userdom_use_sysadm_terms(system_mail_t)
More information about the scm-commits
mailing list