[selinux-policy: 1825/3172] trunk: reorganize amanda and bind

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 21:42:54 UTC 2010 

commit f48782758e8acb82aaf5ad319745d3e152301b38
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri Oct 12 17:50:11 2007 +0000

    trunk: reorganize amanda and bind

 policy/modules/admin/amanda.te  |   24 ++++++++++++------------
 policy/modules/services/bind.te |   15 +++++++--------
 2 files changed, 19 insertions(+), 20 deletions(-)
---
diff --git a/policy/modules/admin/amanda.te b/policy/modules/admin/amanda.te
index 9c9a23f..e1d63e5 100644
--- a/policy/modules/admin/amanda.te
+++ b/policy/modules/admin/amanda.te
@@ -112,8 +112,8 @@ kernel_read_kernel_sysctls(amanda_t)
 kernel_dontaudit_getattr_unlabeled_files(amanda_t)
 kernel_dontaudit_read_proc_symlinks(amanda_t)
 
-# Added for targeted policy
-term_use_unallocated_ttys(amanda_t)
+corecmd_exec_shell(amanda_t)
+corecmd_exec_bin(amanda_t)
 
 corenet_all_recvfrom_unlabeled(amanda_t)
 corenet_all_recvfrom_netlabel(amanda_t)
@@ -132,11 +132,6 @@ corenet_tcp_bind_all_rpc_ports(amanda_t)
 dev_getattr_all_blk_files(amanda_t)
 dev_getattr_all_chr_files(amanda_t)
 
-fs_getattr_xattr_fs(amanda_t)
-fs_list_all(amanda_t)
-
-storage_raw_read_fixed_disk(amanda_t)
-
 files_read_etc_files(amanda_t)
 files_read_etc_runtime_files(amanda_t)
 files_list_all(amanda_t)
@@ -147,8 +142,13 @@ files_read_all_chr_files(amanda_t)
 files_getattr_all_pipes(amanda_t)
 files_getattr_all_sockets(amanda_t)
 
-corecmd_exec_shell(amanda_t)
-corecmd_exec_bin(amanda_t)
+fs_getattr_xattr_fs(amanda_t)
+fs_list_all(amanda_t)
+
+storage_raw_read_fixed_disk(amanda_t)
+
+# Added for targeted policy
+term_use_unallocated_ttys(amanda_t)
 
 auth_use_nsswitch(amanda_t)
 auth_read_shadow(amanda_t)
@@ -193,6 +193,9 @@ files_tmp_filetrans(amanda_recover_t,amanda_tmp_t,{ dir file lnk_file sock_file
 kernel_read_system_state(amanda_recover_t)
 kernel_read_kernel_sysctls(amanda_recover_t)
 
+corecmd_exec_shell(amanda_recover_t)
+corecmd_exec_bin(amanda_recover_t)
+
 corenet_all_recvfrom_unlabeled(amanda_recover_t)
 corenet_all_recvfrom_netlabel(amanda_recover_t)
 corenet_tcp_sendrecv_all_if(amanda_recover_t)
@@ -207,9 +210,6 @@ corenet_tcp_bind_reserved_port(amanda_recover_t)
 corenet_tcp_connect_amanda_port(amanda_recover_t)
 corenet_sendrecv_amanda_client_packets(amanda_recover_t)
 
-corecmd_exec_shell(amanda_recover_t)
-corecmd_exec_bin(amanda_recover_t)
-
 domain_use_interactive_fds(amanda_recover_t)
 
 files_read_etc_files(amanda_recover_t)
diff --git a/policy/modules/services/bind.te b/policy/modules/services/bind.te
index 21636a7..d06e411 100644
--- a/policy/modules/services/bind.te
+++ b/policy/modules/services/bind.te
@@ -100,6 +100,8 @@ kernel_read_kernel_sysctls(named_t)
 kernel_read_system_state(named_t)
 kernel_read_network_state(named_t)
 
+corecmd_search_bin(named_t)
+
 corenet_all_recvfrom_unlabeled(named_t)
 corenet_all_recvfrom_netlabel(named_t)
 corenet_tcp_sendrecv_all_if(named_t)
@@ -122,12 +124,6 @@ corenet_udp_bind_all_unreserved_ports(named_t)
 
 dev_read_sysfs(named_t)
 dev_read_rand(named_t)
-
-fs_getattr_all_fs(named_t)
-fs_search_auto_mountpoints(named_t)
-
-corecmd_search_bin(named_t)
-
 dev_read_urand(named_t)
 
 domain_use_interactive_fds(named_t)
@@ -135,6 +131,9 @@ domain_use_interactive_fds(named_t)
 files_read_etc_files(named_t)
 files_read_etc_runtime_files(named_t)
 
+fs_getattr_all_fs(named_t)
+fs_search_auto_mountpoints(named_t)
+
 auth_use_nsswitch(named_t)
 
 libs_use_ld_so(named_t)
@@ -232,13 +231,13 @@ corenet_tcp_sendrecv_all_ports(ndc_t)
 corenet_tcp_connect_rndc_port(ndc_t)
 corenet_sendrecv_rndc_client_packets(ndc_t)
 
-fs_getattr_xattr_fs(ndc_t)
-
 domain_use_interactive_fds(ndc_t)
 
 files_read_etc_files(ndc_t)
 files_search_pids(ndc_t)
 
+fs_getattr_xattr_fs(ndc_t)
+
 init_use_fds(ndc_t)
 init_use_script_ptys(ndc_t)

More information about the scm-commits mailing list