[selinux-policy: 1902/3172] trunk: Backup update on Debian from Vaclav Ovsik.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 21:49:24 UTC 2010 

commit 45b56b01e8051dd4193d5894f5d00cca0d6cda08
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Tue Feb 19 14:26:59 2008 +0000

    trunk: Backup update on Debian from Vaclav Ovsik.

 Changelog                         |    3 ++-
 policy/modules/admin/backup.fc    |    6 ++++++
 policy/modules/admin/backup.te    |    5 +++--
 policy/modules/admin/logrotate.fc |    1 -
 policy/modules/admin/logrotate.te |    2 +-
 5 files changed, 12 insertions(+), 5 deletions(-)
---
diff --git a/Changelog b/Changelog
index acaf378..b1f7917 100644
--- a/Changelog
+++ b/Changelog
@@ -1,4 +1,5 @@
-- Cracklib update on Deban from Vaclav Ovsik.
+- Backup update on Debian from Vaclav Ovsik.
+- Cracklib update on Debian from Vaclav Ovsik.
 - Label /proc/kallsyms with system_map_t.
 - 64-bit capabilities from Stephen Smalley.
 - Labeled networking peer object class updates.
diff --git a/policy/modules/admin/backup.fc b/policy/modules/admin/backup.fc
index b4671ae..223b7f2 100644
--- a/policy/modules/admin/backup.fc
+++ b/policy/modules/admin/backup.fc
@@ -4,4 +4,10 @@
 # backup_store_t, Debian uses /var/backups
 
 #/usr/local/bin/backup-script	--	gen_context(system_u:object_r:backup_exec_t,s0)
+
+ifdef(`distro_debian',`
+/etc/cron.daily/aptitude	--	gen_context(system_u:object_r:backup_exec_t,s0)
+/etc/cron.daily/standard	--	gen_context(system_u:object_r:backup_exec_t,s0)
+')
+
 /var/backups(/.*)?			gen_context(system_u:object_r:backup_store_t,s0)
diff --git a/policy/modules/admin/backup.te b/policy/modules/admin/backup.te
index b72d4d6..64c2be4 100644
--- a/policy/modules/admin/backup.te
+++ b/policy/modules/admin/backup.te
@@ -1,5 +1,5 @@
 
-policy_module(backup,1.2.0)
+policy_module(backup,1.2.1)
 
 ########################################
 #
@@ -27,7 +27,7 @@ allow backup_t self:tcp_socket create_socket_perms;
 allow backup_t self:udp_socket create_socket_perms;
 
 allow backup_t backup_store_t:file setattr;
-create_files_pattern(backup_t,backup_store_t,backup_store_t)
+manage_files_pattern(backup_t,backup_store_t,backup_store_t)
 rw_files_pattern(backup_t,backup_store_t,backup_store_t)
 read_lnk_files_pattern(backup_t,backup_store_t,backup_store_t)
 
@@ -35,6 +35,7 @@ kernel_read_system_state(backup_t)
 kernel_read_kernel_sysctls(backup_t)
 
 corecmd_exec_bin(backup_t)
+corecmd_exec_shell(backup_t)
 
 corenet_all_recvfrom_unlabeled(backup_t)
 corenet_all_recvfrom_netlabel(backup_t)
diff --git a/policy/modules/admin/logrotate.fc b/policy/modules/admin/logrotate.fc
index e058a17..36c8de7 100644
--- a/policy/modules/admin/logrotate.fc
+++ b/policy/modules/admin/logrotate.fc
@@ -3,7 +3,6 @@
 /usr/sbin/logrotate	--	gen_context(system_u:object_r:logrotate_exec_t,s0)
 
 ifdef(`distro_debian', `
-/usr/bin/savelog	--	gen_context(system_u:object_r:logrotate_exec_t,s0)
 /var/lib/logrotate(/.*)?	gen_context(system_u:object_r:logrotate_var_lib_t,s0)
 ', `
 /var/lib/logrotate\.status --	gen_context(system_u:object_r:logrotate_var_lib_t,s0)
diff --git a/policy/modules/admin/logrotate.te b/policy/modules/admin/logrotate.te
index e2742d2..5b11e37 100644
--- a/policy/modules/admin/logrotate.te
+++ b/policy/modules/admin/logrotate.te
@@ -1,5 +1,5 @@
 
-policy_module(logrotate,1.7.0)
+policy_module(logrotate,1.7.1)
 
 ########################################
 #

More information about the scm-commits mailing list