[selinux-policy: 2315/3172] ISCSI patch from Dan Walsh.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 22:25:33 UTC 2010 

commit 0f982dada26fe04fb62da8be024785f62828155f
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Tue Nov 24 11:08:22 2009 -0500

    ISCSI patch from Dan Walsh.

 policy/modules/system/iscsi.if |   39 +++++++++++++++++++++++++++++++++++++++
 policy/modules/system/iscsi.te |    7 ++++---
 2 files changed, 43 insertions(+), 3 deletions(-)
---
diff --git a/policy/modules/system/iscsi.if b/policy/modules/system/iscsi.if
index 6f0b206..88e3b32 100644
--- a/policy/modules/system/iscsi.if
+++ b/policy/modules/system/iscsi.if
@@ -17,3 +17,42 @@ interface(`iscsid_domtrans',`
 
 	domtrans_pattern($1, iscsid_exec_t, iscsid_t)
 ')
+
+########################################
+## <summary>
+##	Connect to ISCSI using a unix domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	The type of the process performing this action.
+##	</summary>
+## </param>
+#
+interface(`iscsi_stream_connect',`
+	gen_require(`
+		type iscsid_t, iscsi_var_lib_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, iscsi_var_lib_t, iscsi_var_lib_t, iscsid_t)
+')
+
+########################################
+## <summary>
+##	Read iscsi lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`iscsi_read_lib_files',`
+	gen_require(`
+		type iscsi_var_lib_t;
+	')
+
+	read_files_pattern($1, iscsi_var_lib_t, iscsi_var_lib_t)
+	allow $1 iscsi_var_lib_t:dir list_dir_perms;
+	files_search_var_lib($1)
+')
diff --git a/policy/modules/system/iscsi.te b/policy/modules/system/iscsi.te
index c5109df..e53aa29 100644
--- a/policy/modules/system/iscsi.te
+++ b/policy/modules/system/iscsi.te
@@ -1,5 +1,5 @@
 
-policy_module(iscsi, 1.6.0)
+policy_module(iscsi, 1.6.1)
 
 ########################################
 #
@@ -55,6 +55,7 @@ manage_files_pattern(iscsid_t, iscsi_var_run_t, iscsi_var_run_t)
 files_pid_filetrans(iscsid_t, iscsi_var_run_t, file)
 
 kernel_read_system_state(iscsid_t)
+kernel_search_debugfs(iscsid_t)
 
 corenet_all_recvfrom_unlabeled(iscsid_t)
 corenet_all_recvfrom_netlabel(iscsid_t)
@@ -73,6 +74,6 @@ files_read_etc_files(iscsid_t)
 
 logging_send_syslog_msg(iscsid_t)
 
-miscfiles_read_localization(iscsid_t)
+auth_use_nsswitch(iscsid_t)
 
-sysnet_dns_name_resolve(iscsid_t)
+miscfiles_read_localization(iscsid_t)

More information about the scm-commits mailing list