[selinux-policy: 1530/3172] change eventpollfs labeling to task sid

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 21:17:30 UTC 2010 

commit 81a016f501493b04c0fb881fc333fd2539f1b23c
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Wed Jun 28 20:28:09 2006 +0000

    change eventpollfs labeling to task sid

 refpolicy/Changelog                           |    1 +
 refpolicy/policy/modules/kernel/filesystem.if |   18 +++++++++++-------
 refpolicy/policy/modules/kernel/filesystem.te |    6 ++++--
 refpolicy/policy/modules/services/apache.if   |    1 -
 refpolicy/policy/modules/services/apache.te   |    2 +-
 refpolicy/policy/modules/services/mta.te      |    4 +---
 6 files changed, 18 insertions(+), 14 deletions(-)
---
diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index 031d0eb..c79ac18 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -1,3 +1,4 @@
+- Change eventpollfs to task SID labeling.
 - Add key support from Michael LeMay.
 - Add ftpdctl domain to ftp, from Paul Howarth.
 - Fix build system to not move type declarations out of optionals.
diff --git a/refpolicy/policy/modules/kernel/filesystem.if b/refpolicy/policy/modules/kernel/filesystem.if
index 133b9d5..6fea2a1 100644
--- a/refpolicy/policy/modules/kernel/filesystem.if
+++ b/refpolicy/policy/modules/kernel/filesystem.if
@@ -1019,8 +1019,17 @@ interface(`fs_relabelfrom_dos_fs',`
 
 ########################################
 ## <summary>
-##	Read eventpollfs files
+##	Read eventpollfs files.
 ## </summary>
+## <desc>
+##	<p>
+##	Read eventpollfs files
+##	</p>
+##	<p>
+##	This interface has been deprecated, and will
+##	be removed in the future.
+##	</p>
+## </desc>
 ## <param name="domain">
 ##	<summary>
 ##	Domain allowed access.
@@ -1028,12 +1037,7 @@ interface(`fs_relabelfrom_dos_fs',`
 ## </param>
 #
 interface(`fs_read_eventpollfs',`
-	gen_require(`
-		type eventpollfs_t;
-	')
-
-	allow $1 eventpollfs_t:dir search_dir_perms;
-	allow $1 eventpollfs_t:file r_file_perms;
+	errprint(__file__:__line__:` $0($*) has been deprecated.'__endline__)
 ')
 
 ########################################
diff --git a/refpolicy/policy/modules/kernel/filesystem.te b/refpolicy/policy/modules/kernel/filesystem.te
index ebcabc4..104b56b 100644
--- a/refpolicy/policy/modules/kernel/filesystem.te
+++ b/refpolicy/policy/modules/kernel/filesystem.te
@@ -1,5 +1,5 @@
 
-policy_module(filesystem,1.3.11)
+policy_module(filesystem,1.3.12)
 
 ########################################
 #
@@ -32,6 +32,7 @@ fs_use_xattr xfs gen_context(system_u:object_r:fs_t,s0);
 # This is appropriate for pseudo filesystems that represent objects
 # like pipes and sockets, so that these objects are labeled with the same
 # type as the creating task.  
+fs_use_task eventpollfs gen_context(system_u:object_r:fs_t,s0);
 fs_use_task pipefs gen_context(system_u:object_r:fs_t,s0);
 fs_use_task sockfs gen_context(system_u:object_r:fs_t,s0);
 
@@ -58,7 +59,8 @@ genfscon configfs / gen_context(system_u:object_r:configfs_t,s0)
 
 type eventpollfs_t;
 fs_type(eventpollfs_t)
-genfscon eventpollfs / gen_context(system_u:object_r:eventpollfs_t,s0)
+# change to task SID 20060628
+#genfscon eventpollfs / gen_context(system_u:object_r:eventpollfs_t,s0)
 
 type futexfs_t;
 fs_type(futexfs_t)
diff --git a/refpolicy/policy/modules/services/apache.if b/refpolicy/policy/modules/services/apache.if
index 98cbfb0..d263fc3 100644
--- a/refpolicy/policy/modules/services/apache.if
+++ b/refpolicy/policy/modules/services/apache.if
@@ -179,7 +179,6 @@ template(`apache_content_template',`
 		dev_read_urand(httpd_$1_script_t)
 
 		fs_getattr_xattr_fs(httpd_$1_script_t)
-		fs_read_eventpollfs(httpd_$1_script_t)
 
 		files_read_etc_runtime_files(httpd_$1_script_t)
 		files_read_usr_files(httpd_$1_script_t)
diff --git a/refpolicy/policy/modules/services/apache.te b/refpolicy/policy/modules/services/apache.te
index 6951300..e92d29d 100644
--- a/refpolicy/policy/modules/services/apache.te
+++ b/refpolicy/policy/modules/services/apache.te
@@ -1,5 +1,5 @@
 
-policy_module(apache,1.3.14)
+policy_module(apache,1.3.15)
 
 #
 # NOTES: 
diff --git a/refpolicy/policy/modules/services/mta.te b/refpolicy/policy/modules/services/mta.te
index fc62d0b..2e9d8a7 100644
--- a/refpolicy/policy/modules/services/mta.te
+++ b/refpolicy/policy/modules/services/mta.te
@@ -1,5 +1,5 @@
 
-policy_module(mta,1.3.6)
+policy_module(mta,1.3.7)
 
 ########################################
 #
@@ -56,8 +56,6 @@ kernel_read_network_state(system_mail_t)
 dev_read_rand(system_mail_t)
 dev_read_urand(system_mail_t)
 
-fs_read_eventpollfs(system_mail_t)
-
 init_use_script_ptys(system_mail_t)
 
 userdom_use_sysadm_terms(system_mail_t)

More information about the scm-commits mailing list