[selinux-policy: 1656/3172] Patch for misc fixes to nis ypxfr policy from Dan Walsh.

Thu Oct 7 21:28:13 UTC 2010

commit 46852138570c0d40703fcb5f414aeb7c15763aed
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri Feb 23 19:52:52 2007 +0000

    Patch for misc fixes to nis ypxfr policy from Dan Walsh.

 Changelog                      |    1 +
 policy/modules/services/nis.te |   19 ++++++++++++++++---
 2 files changed, 17 insertions(+), 3 deletions(-)
---

diff --git a/Changelog b/Changelog
index 58a2252..98bd993 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Patch for misc fixes to nis ypxfr policy from Dan Walsh.
 - Patch to allow apmd to telinit from Dan Walsh.
 - Patch for additional labeling of samba files from Stefan Schulze
   Frielinghaus.
diff --git a/policy/modules/services/nis.te b/policy/modules/services/nis.te
index f8cbabd..fc4eea4 100644
--- a/policy/modules/services/nis.te
+++ b/policy/modules/services/nis.te
@@ -1,5 +1,5 @@
 
-policy_module(nis,1.3.1)
+policy_module(nis,1.3.2)
 
 ########################################
 #
@@ -325,15 +325,17 @@ optional_policy(`
 #
 
 allow ypxfr_t self:unix_stream_socket create_stream_socket_perms;
-allow ypxfr_t self:tcp_socket connected_socket_perms;
+allow ypxfr_t self:unix_dgram_socket create_stream_socket_perms;
+allow ypxfr_t self:tcp_socket create_stream_socket_perms;
 allow ypxfr_t self:udp_socket create_socket_perms;
+allow ypxfr_t self:netlink_route_socket r_netlink_socket_perms;
 
 manage_files_pattern(ypxfr_t, var_yp_t, var_yp_t)
 
 allow ypxfr_t ypserv_t:tcp_socket { read write };
 allow ypxfr_t ypserv_t:udp_socket { read write };
 
-read_files_pattern(ypxfr_t,var_yp_t,var_yp_t)
+allow ypxfr_t ypserv_conf_t:file { getattr read };
 
 corenet_non_ipsec_sendrecv(ypxfr_t)
 corenet_tcp_sendrecv_all_if(ypxfr_t)
@@ -355,7 +357,18 @@ corenet_sendrecv_all_client_packets(ypxfr_t)
 files_read_etc_files(ypxfr_t)
 files_search_usr(ypxfr_t)
 
+init_use_fds(ypxfr_t)
+
 libs_use_shared_libs(ypxfr_t)
 libs_use_ld_so(ypxfr_t)
 
+logging_send_syslog_msg(ypxfr_t)
+
+miscfiles_read_localization(ypxfr_t)
+
 sysnet_read_config(ypxfr_t)
+
+ifdef(`targeted_policy',`
+	term_dontaudit_use_unallocated_ttys(ypxfr_t)
+	term_dontaudit_use_generic_ptys(ypxfr_t)
+')
