[selinux-policy: 1656/3172] Patch for misc fixes to nis ypxfr policy from Dan Walsh.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:28:13 UTC 2010
commit 46852138570c0d40703fcb5f414aeb7c15763aed
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Fri Feb 23 19:52:52 2007 +0000
Patch for misc fixes to nis ypxfr policy from Dan Walsh.
Changelog | 1 +
policy/modules/services/nis.te | 19 ++++++++++++++++---
2 files changed, 17 insertions(+), 3 deletions(-)
---
diff --git a/Changelog b/Changelog
index 58a2252..98bd993 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Patch for misc fixes to nis ypxfr policy from Dan Walsh.
- Patch to allow apmd to telinit from Dan Walsh.
- Patch for additional labeling of samba files from Stefan Schulze
Frielinghaus.
diff --git a/policy/modules/services/nis.te b/policy/modules/services/nis.te
index f8cbabd..fc4eea4 100644
--- a/policy/modules/services/nis.te
+++ b/policy/modules/services/nis.te
@@ -1,5 +1,5 @@
-policy_module(nis,1.3.1)
+policy_module(nis,1.3.2)
########################################
#
@@ -325,15 +325,17 @@ optional_policy(`
#
allow ypxfr_t self:unix_stream_socket create_stream_socket_perms;
-allow ypxfr_t self:tcp_socket connected_socket_perms;
+allow ypxfr_t self:unix_dgram_socket create_stream_socket_perms;
+allow ypxfr_t self:tcp_socket create_stream_socket_perms;
allow ypxfr_t self:udp_socket create_socket_perms;
+allow ypxfr_t self:netlink_route_socket r_netlink_socket_perms;
manage_files_pattern(ypxfr_t, var_yp_t, var_yp_t)
allow ypxfr_t ypserv_t:tcp_socket { read write };
allow ypxfr_t ypserv_t:udp_socket { read write };
-read_files_pattern(ypxfr_t,var_yp_t,var_yp_t)
+allow ypxfr_t ypserv_conf_t:file { getattr read };
corenet_non_ipsec_sendrecv(ypxfr_t)
corenet_tcp_sendrecv_all_if(ypxfr_t)
@@ -355,7 +357,18 @@ corenet_sendrecv_all_client_packets(ypxfr_t)
files_read_etc_files(ypxfr_t)
files_search_usr(ypxfr_t)
+init_use_fds(ypxfr_t)
+
libs_use_shared_libs(ypxfr_t)
libs_use_ld_so(ypxfr_t)
+logging_send_syslog_msg(ypxfr_t)
+
+miscfiles_read_localization(ypxfr_t)
+
sysnet_read_config(ypxfr_t)
+
+ifdef(`targeted_policy',`
+ term_dontaudit_use_unallocated_ttys(ypxfr_t)
+ term_dontaudit_use_generic_ptys(ypxfr_t)
+')
More information about the scm-commits
mailing list