[selinux-policy: 1623/3172] fix ticket #16
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:25:25 UTC 2010
commit aeaae5185e8d6fad6d7b04df48f6fa2bb4c4f0f8
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Mon Oct 16 16:51:57 2006 +0000
fix ticket #16
policy/modules/kernel/terminal.if | 46 +++++++++++++++++++++++++---------
policy/modules/system/userdomain.if | 2 +-
2 files changed, 35 insertions(+), 13 deletions(-)
---
diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if
index a12cdaa..d67884a 100644
--- a/policy/modules/kernel/terminal.if
+++ b/policy/modules/kernel/terminal.if
@@ -87,25 +87,47 @@ interface(`term_tty',`
type tty_device_t;
')
- typeattribute $2 ttynode, serial_device;
- type_change $1 tty_device_t:chr_file $2;
+ typeattribute $1 ttynode, serial_device;
+
+ # cjp: ?
+ files_associate_tmp($1)
+
+ # static /dev:
+ fs_associate($1)
+ # udev:
+ fs_associate_tmpfs($1)
+')
+
+########################################
+## <summary>
+## Transform specified type into a user tty type.
+## </summary>
+## <param name="domain">
+## <summary>
+## User domain that is related to this tty.
+## </summary>
+## </param>
+## <param name="tty_type">
+## <summary>
+## An object type that will applied to a tty.
+## </summary>
+## </param>
+#
+interface(`term_user_tty',`
+ gen_require(`
+ attribute ttynode;
+ type tty_device_t;
+ ')
+
+ term_tty($2)
- fs_associate($2)
- files_associate_tmp($2)
+ type_change $1 tty_device_t:chr_file $2;
# Debian login is from shadow utils and does not allow resetting the perms.
# have to fix this!
ifdef(`distro_debian',`
type_change $1 ttynode:chr_file $2;
')
-
- ifdef(`distro_gentoo',`
- fs_associate_tmpfs($2)
- ')
-
- ifdef(`distro_redhat',`
- fs_associate_tmpfs($2)
- ')
')
########################################
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 713adba..6497d33 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -38,7 +38,7 @@ template(`userdom_base_user_template',`
files_type($1_devpts_t)
type $1_tty_device_t;
- term_tty($1_t,$1_tty_device_t)
+ term_user_tty($1_t,$1_tty_device_t)
allow $1_t self:process { signal_perms getsched setsched share getpgid setpgid setcap getsession };
allow $1_t self:fd use;
More information about the scm-commits
mailing list