[selinux-policy: 1872/3172] trunk: another round of nsswitch from dan.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 21:46:53 UTC 2010 

commit 09e21686ea24531a3f616500ea7e4da80d5af42e
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Thu Dec 6 16:04:14 2007 +0000

    trunk: another round of nsswitch from dan.

 policy/modules/admin/vpn.te           |   12 +++---------
 policy/modules/apps/thunderbird.if    |   15 ++-------------
 policy/modules/apps/thunderbird.te    |    2 +-
 policy/modules/services/mta.if        |   13 ++-----------
 policy/modules/services/mta.te        |    2 +-
 policy/modules/services/postgresql.te |   12 +++---------
 policy/modules/services/rshd.te       |   10 +++-------
 policy/modules/services/samba.te      |   16 +++-------------
 policy/modules/services/sendmail.te   |   16 +++-------------
 policy/modules/services/xserver.te    |    5 -----
 policy/modules/system/authlogin.te    |    8 --------
 policy/modules/system/mount.te        |    4 ----
 12 files changed, 21 insertions(+), 94 deletions(-)
---
diff --git a/policy/modules/admin/vpn.te b/policy/modules/admin/vpn.te
index 889e581..a725aff 100644
--- a/policy/modules/admin/vpn.te
+++ b/policy/modules/admin/vpn.te
@@ -1,5 +1,5 @@
 
-policy_module(vpn,1.6.0)
+policy_module(vpn,1.6.1)
 
 ########################################
 #
@@ -82,6 +82,8 @@ files_read_etc_runtime_files(vpnc_t)
 files_read_etc_files(vpnc_t)
 files_dontaudit_search_home(vpnc_t)
 
+auth_use_nsswitch(vpnc_t)
+
 libs_exec_ld_so(vpnc_t)
 libs_exec_lib_files(vpnc_t)
 libs_use_ld_so(vpnc_t)
@@ -110,11 +112,3 @@ optional_policy(`
 		networkmanager_dbus_chat(vpnc_t)
 	')
 ')
-
-optional_policy(`
-        nis_use_ypbind(vpnc_t)
-')
-
-optional_policy(`
-	nscd_socket_use(vpnc_t)
-')
diff --git a/policy/modules/apps/thunderbird.if b/policy/modules/apps/thunderbird.if
index 80e87d5..ee4d4b2 100644
--- a/policy/modules/apps/thunderbird.if
+++ b/policy/modules/apps/thunderbird.if
@@ -62,7 +62,6 @@ template(`thunderbird_per_role_template',`
 	allow $1_thunderbird_t self:unix_stream_socket { create accept connect write getattr read listen bind };
 	allow $1_thunderbird_t self:tcp_socket create_socket_perms;
 	allow $1_thunderbird_t self:shm { read write create destroy unix_read unix_write };
- 	allow $1_thunderbird_t self:netlink_route_socket r_netlink_socket_perms;
 
 	# Access ~/.thunderbird
 	manage_dirs_pattern($1_thunderbird_t,$1_thunderbird_home_t,$1_thunderbird_home_t)
@@ -146,16 +145,14 @@ template(`thunderbird_per_role_template',`
 	# Access ~/.thunderbird
 	fs_search_auto_mountpoints($1_thunderbird_t)
 	
+	auth_use_nsswitch($1_thunderbird_t)
+
 	libs_use_shared_libs($1_thunderbird_t)
 	libs_use_ld_so($1_thunderbird_t)
 
 	miscfiles_read_fonts($1_thunderbird_t)
 	miscfiles_read_localization($1_thunderbird_t)
 
-	sysnet_read_config($1_thunderbird_t)
-	# Allow DNS
-	sysnet_dns_name_resolve($1_thunderbird_t)
-
 	userdom_manage_user_tmp_dirs($1,$1_thunderbird_t)
 	userdom_read_user_tmp_files($1,$1_thunderbird_t)
 	userdom_write_user_tmp_sockets($1,$1_thunderbird_t)
@@ -341,14 +338,6 @@ template(`thunderbird_per_role_template',`
 		mozilla_dbus_chat($1, $1_thunderbird_t)
 	')
 
-	optional_policy(`
-		nis_use_ypbind($1_thunderbird_t)
-	')
-
-	optional_policy(`
-		nscd_socket_use($1_thunderbird_t)
-	')
-
 	ifdef(`TODO',`
 		# FIXME: Rules were removed to centralize policy in a gnome_app macro
 		# A similar thing might be necessary for mozilla compiled without GNOME
diff --git a/policy/modules/apps/thunderbird.te b/policy/modules/apps/thunderbird.te
index eeb4681..ef28806 100644
--- a/policy/modules/apps/thunderbird.te
+++ b/policy/modules/apps/thunderbird.te
@@ -1,5 +1,5 @@
 
-policy_module(thunderbird,1.4.1)
+policy_module(thunderbird,1.4.2)
 
 ########################################
 #
diff --git a/policy/modules/services/mta.if b/policy/modules/services/mta.if
index b701897..c000e40 100644
--- a/policy/modules/services/mta.if
+++ b/policy/modules/services/mta.if
@@ -87,6 +87,8 @@ template(`mta_base_mail_template',`
 	# It wants to check for nscd
 	files_dontaudit_search_pids($1_mail_t)
 
+	auth_use_nsswitch($1_mail_t)
+
 	libs_use_ld_so($1_mail_t)
 	libs_use_shared_libs($1_mail_t)
 
@@ -94,17 +96,6 @@ template(`mta_base_mail_template',`
 
 	miscfiles_read_localization($1_mail_t)
 
-	sysnet_read_config($1_mail_t)
-	sysnet_dns_name_resolve($1_mail_t)
-
-	optional_policy(`
-		nis_use_ypbind($1_mail_t)
-	')
-
-	optional_policy(`
-		nscd_socket_use($1_mail_t)
-	')
-
 	optional_policy(`
 		postfix_domtrans_user_mail_handler($1_mail_t)
 	')
diff --git a/policy/modules/services/mta.te b/policy/modules/services/mta.te
index 01bfa9f..fb5475d 100644
--- a/policy/modules/services/mta.te
+++ b/policy/modules/services/mta.te
@@ -1,5 +1,5 @@
 
-policy_module(mta,1.8.1)
+policy_module(mta,1.8.2)
 
 ########################################
 #
diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te
index 2d60404..98a82ac 100644
--- a/policy/modules/services/postgresql.te
+++ b/policy/modules/services/postgresql.te
@@ -1,5 +1,5 @@
 
-policy_module(postgresql,1.4.2)
+policy_module(postgresql,1.4.3)
 
 #################################
 #
@@ -42,7 +42,6 @@ allow postgresql_t self:tcp_socket create_stream_socket_perms;
 allow postgresql_t self:udp_socket create_stream_socket_perms;
 allow postgresql_t self:unix_dgram_socket create_socket_perms;
 allow postgresql_t self:unix_stream_socket create_stream_socket_perms;
-allow postgresql_t self:netlink_route_socket r_netlink_socket_perms;
 
 manage_dirs_pattern(postgresql_t,postgresql_db_t,postgresql_db_t)
 manage_files_pattern(postgresql_t,postgresql_db_t,postgresql_db_t)
@@ -116,6 +115,8 @@ files_search_etc(postgresql_t)
 files_read_etc_runtime_files(postgresql_t)
 files_read_usr_files(postgresql_t)
 
+auth_use_nsswitch(postgresql_t)
+
 init_read_utmp(postgresql_t)
 
 libs_use_ld_so(postgresql_t)
@@ -127,9 +128,6 @@ miscfiles_read_localization(postgresql_t)
 
 seutil_dontaudit_search_config(postgresql_t)
 
-sysnet_read_config(postgresql_t)
-sysnet_use_ldap(postgresql_t)
-
 userdom_dontaudit_search_sysadm_home_dirs(postgresql_t)
 userdom_dontaudit_use_sysadm_ttys(postgresql_t)
 userdom_dontaudit_use_unpriv_user_fds(postgresql_t)
@@ -162,10 +160,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	nis_use_ypbind(postgresql_t)
-')
-
-optional_policy(`
 	seutil_sigchld_newrole(postgresql_t)
 ')
 
diff --git a/policy/modules/services/rshd.te b/policy/modules/services/rshd.te
index b9abd31..08b6841 100644
--- a/policy/modules/services/rshd.te
+++ b/policy/modules/services/rshd.te
@@ -1,5 +1,5 @@
 
-policy_module(rshd,1.4.1)
+policy_module(rshd,1.4.2)
 
 ########################################
 #
@@ -52,6 +52,8 @@ files_list_home(rshd_t)
 files_read_etc_files(rshd_t)
 files_search_tmp(rshd_t)
 
+auth_use_nsswitch(rshd_t)
+
 libs_use_ld_so(rshd_t)
 libs_use_shared_libs(rshd_t)
 
@@ -62,8 +64,6 @@ miscfiles_read_localization(rshd_t)
 seutil_read_config(rshd_t)
 seutil_read_default_contexts(rshd_t)
 
-sysnet_read_config(rshd_t)
-
 userdom_search_all_users_home_content(rshd_t)
 
 tunable_policy(`use_nfs_home_dirs',`
@@ -81,10 +81,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	nscd_socket_use(rshd_t)
-')
-
-optional_policy(`
 	tcpd_wrapped_domain(rshd_t,rshd_exec_t)
 ')
 
diff --git a/policy/modules/services/samba.te b/policy/modules/services/samba.te
index 19aaa10..38c6b4d 100644
--- a/policy/modules/services/samba.te
+++ b/policy/modules/services/samba.te
@@ -1,5 +1,5 @@
 
-policy_module(samba,1.6.3)
+policy_module(samba,1.6.4)
 
 #################################
 #
@@ -197,10 +197,6 @@ optional_policy(`
 	kerberos_use(samba_net_t)
 ')
 
-optional_policy(`
-	nscd_socket_use(samba_net_t)
-')
-
 ########################################
 #
 # smbd Local policy
@@ -728,10 +724,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	nscd_socket_use(winbind_t)
-')
-
-optional_policy(`
 	seutil_sigchld_newrole(winbind_t)
 ')
 
@@ -760,6 +752,8 @@ term_list_ptys(winbind_helper_t)
 
 domain_use_interactive_fds(winbind_helper_t)
 
+auth_use_nsswitch(winbind_helper_t)
+
 libs_use_ld_so(winbind_helper_t)
 libs_use_shared_libs(winbind_helper_t)
 
@@ -768,10 +762,6 @@ logging_send_syslog_msg(winbind_helper_t)
 miscfiles_read_localization(winbind_helper_t) 
 
 optional_policy(`
-	nscd_socket_use(winbind_helper_t)
-')
-
-optional_policy(`
 	squid_read_log(winbind_helper_t)
 	squid_append_log(winbind_helper_t)
 ')
diff --git a/policy/modules/services/sendmail.te b/policy/modules/services/sendmail.te
index 5fce93b..d1c8e55 100644
--- a/policy/modules/services/sendmail.te
+++ b/policy/modules/services/sendmail.te
@@ -1,5 +1,5 @@
 
-policy_module(sendmail,1.6.1)
+policy_module(sendmail,1.6.2)
 
 ########################################
 #
@@ -32,7 +32,6 @@ allow sendmail_t self:unix_stream_socket create_stream_socket_perms;
 allow sendmail_t self:unix_dgram_socket create_socket_perms;
 allow sendmail_t self:tcp_socket create_stream_socket_perms;
 allow sendmail_t self:udp_socket create_socket_perms;
-allow sendmail_t self:netlink_route_socket r_netlink_socket_perms;
 
 allow sendmail_t sendmail_log_t:dir setattr;
 manage_files_pattern(sendmail_t,sendmail_log_t,sendmail_log_t)
@@ -84,6 +83,8 @@ init_use_script_ptys(sendmail_t)
 init_read_utmp(sendmail_t)
 init_dontaudit_write_utmp(sendmail_t)
 
+auth_use_nsswitch(sendmail_t)
+
 libs_use_ld_so(sendmail_t)
 libs_use_shared_libs(sendmail_t)
 # Read /usr/lib/sasl2/.*
@@ -94,9 +95,6 @@ logging_send_syslog_msg(sendmail_t)
 miscfiles_read_certs(sendmail_t)
 miscfiles_read_localization(sendmail_t)
 
-sysnet_dns_name_resolve(sendmail_t)
-sysnet_read_config(sendmail_t)
-
 userdom_dontaudit_use_unpriv_user_fds(sendmail_t)
 userdom_dontaudit_search_sysadm_home_dirs(sendmail_t)
 
@@ -113,14 +111,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	nis_use_ypbind(sendmail_t)
-')
-
-optional_policy(`
-	nscd_socket_use(sendmail_t)
-')
-
-optional_policy(`
 	postfix_exec_master(sendmail_t)
 	postfix_read_config(sendmail_t)
 	postfix_search_spool(sendmail_t)
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index 919dd78..c52e26a 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -101,7 +101,6 @@ allow xdm_t self:fifo_file rw_fifo_file_perms;
 allow xdm_t self:shm create_shm_perms;
 allow xdm_t self:sem create_sem_perms;
 allow xdm_t self:unix_stream_socket { connectto create_stream_socket_perms };
-allow xdm_t self:netlink_route_socket r_netlink_socket_perms;
 allow xdm_t self:unix_dgram_socket create_socket_perms;
 allow xdm_t self:tcp_socket create_stream_socket_perms;
 allow xdm_t self:udp_socket create_socket_perms;
@@ -336,10 +335,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	nscd_socket_use(xdm_t)
-')
-
-optional_policy(`
 	seutil_sigchld_newrole(xdm_t)
 ')
 
diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
index c9b2cc6..1d1c2ed 100644
--- a/policy/modules/system/authlogin.te
+++ b/policy/modules/system/authlogin.te
@@ -126,14 +126,6 @@ optional_policy(`
 	locallogin_use_fds(pam_t)
 ')
 
-optional_policy(`
-	nis_use_ypbind(pam_t)
-')
-
-optional_policy(`
-	nscd_socket_use(pam_t)
-')
-
 ########################################
 #
 # PAM console local policy
diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
index 7cb9ab8..86d0ad7 100644
--- a/policy/modules/system/mount.te
+++ b/policy/modules/system/mount.te
@@ -184,10 +184,6 @@ optional_policy(`
 	samba_domtrans_smbmount(mount_t)
 ')
 
-optional_policy(`
-	nscd_socket_use(mount_t)
-')
-
 ########################################
 #
 # Unconfined mount local policy

More information about the scm-commits mailing list