[selinux-policy: 1902/3172] trunk: Backup update on Debian from Vaclav Ovsik.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:49:24 UTC 2010
commit 45b56b01e8051dd4193d5894f5d00cca0d6cda08
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Feb 19 14:26:59 2008 +0000
trunk: Backup update on Debian from Vaclav Ovsik.
Changelog | 3 ++-
policy/modules/admin/backup.fc | 6 ++++++
policy/modules/admin/backup.te | 5 +++--
policy/modules/admin/logrotate.fc | 1 -
policy/modules/admin/logrotate.te | 2 +-
5 files changed, 12 insertions(+), 5 deletions(-)
---
diff --git a/Changelog b/Changelog
index acaf378..b1f7917 100644
--- a/Changelog
+++ b/Changelog
@@ -1,4 +1,5 @@
-- Cracklib update on Deban from Vaclav Ovsik.
+- Backup update on Debian from Vaclav Ovsik.
+- Cracklib update on Debian from Vaclav Ovsik.
- Label /proc/kallsyms with system_map_t.
- 64-bit capabilities from Stephen Smalley.
- Labeled networking peer object class updates.
diff --git a/policy/modules/admin/backup.fc b/policy/modules/admin/backup.fc
index b4671ae..223b7f2 100644
--- a/policy/modules/admin/backup.fc
+++ b/policy/modules/admin/backup.fc
@@ -4,4 +4,10 @@
# backup_store_t, Debian uses /var/backups
#/usr/local/bin/backup-script -- gen_context(system_u:object_r:backup_exec_t,s0)
+
+ifdef(`distro_debian',`
+/etc/cron.daily/aptitude -- gen_context(system_u:object_r:backup_exec_t,s0)
+/etc/cron.daily/standard -- gen_context(system_u:object_r:backup_exec_t,s0)
+')
+
/var/backups(/.*)? gen_context(system_u:object_r:backup_store_t,s0)
diff --git a/policy/modules/admin/backup.te b/policy/modules/admin/backup.te
index b72d4d6..64c2be4 100644
--- a/policy/modules/admin/backup.te
+++ b/policy/modules/admin/backup.te
@@ -1,5 +1,5 @@
-policy_module(backup,1.2.0)
+policy_module(backup,1.2.1)
########################################
#
@@ -27,7 +27,7 @@ allow backup_t self:tcp_socket create_socket_perms;
allow backup_t self:udp_socket create_socket_perms;
allow backup_t backup_store_t:file setattr;
-create_files_pattern(backup_t,backup_store_t,backup_store_t)
+manage_files_pattern(backup_t,backup_store_t,backup_store_t)
rw_files_pattern(backup_t,backup_store_t,backup_store_t)
read_lnk_files_pattern(backup_t,backup_store_t,backup_store_t)
@@ -35,6 +35,7 @@ kernel_read_system_state(backup_t)
kernel_read_kernel_sysctls(backup_t)
corecmd_exec_bin(backup_t)
+corecmd_exec_shell(backup_t)
corenet_all_recvfrom_unlabeled(backup_t)
corenet_all_recvfrom_netlabel(backup_t)
diff --git a/policy/modules/admin/logrotate.fc b/policy/modules/admin/logrotate.fc
index e058a17..36c8de7 100644
--- a/policy/modules/admin/logrotate.fc
+++ b/policy/modules/admin/logrotate.fc
@@ -3,7 +3,6 @@
/usr/sbin/logrotate -- gen_context(system_u:object_r:logrotate_exec_t,s0)
ifdef(`distro_debian', `
-/usr/bin/savelog -- gen_context(system_u:object_r:logrotate_exec_t,s0)
/var/lib/logrotate(/.*)? gen_context(system_u:object_r:logrotate_var_lib_t,s0)
', `
/var/lib/logrotate\.status -- gen_context(system_u:object_r:logrotate_var_lib_t,s0)
diff --git a/policy/modules/admin/logrotate.te b/policy/modules/admin/logrotate.te
index e2742d2..5b11e37 100644
--- a/policy/modules/admin/logrotate.te
+++ b/policy/modules/admin/logrotate.te
@@ -1,5 +1,5 @@
-policy_module(logrotate,1.7.0)
+policy_module(logrotate,1.7.1)
########################################
#
More information about the scm-commits
mailing list