[selinux-policy: 2345/3172] Kerberos patch from Dan Walsh.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:28:12 UTC 2010
commit e1b8b54739e5774eb9616997110da0e5b58a9851
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Fri Dec 18 10:40:53 2009 -0500
Kerberos patch from Dan Walsh.
policy/modules/services/kerberos.te | 15 ++++++++++++++-
1 files changed, 14 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/services/kerberos.te b/policy/modules/services/kerberos.te
index e5d40f4..736ee13 100644
--- a/policy/modules/services/kerberos.te
+++ b/policy/modules/services/kerberos.te
@@ -1,5 +1,5 @@
-policy_module(kerberos, 1.10.0)
+policy_module(kerberos, 1.10.1)
########################################
#
@@ -277,6 +277,8 @@ optional_policy(`
#
allow kpropd_t self:capability net_bind_service;
+allow kpropd_t self:process setfscreate;
+
allow kpropd_t self:fifo_file rw_file_perms;
allow kpropd_t self:unix_stream_socket create_stream_socket_perms;
allow kpropd_t self:tcp_socket create_stream_socket_perms;
@@ -285,10 +287,17 @@ allow kpropd_t krb5_host_rcache_t:file rw_file_perms;
allow kpropd_t krb5_keytab_t:file read_file_perms;
+read_files_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_conf_t)
+
manage_files_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_lock_t)
+filetrans_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_lock_t, file)
manage_files_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_principal_t)
+manage_dirs_pattern(kpropd_t, krb5kdc_tmp_t, krb5kdc_tmp_t)
+manage_files_pattern(kpropd_t, krb5kdc_tmp_t, krb5kdc_tmp_t)
+files_tmp_filetrans(kpropd_t, krb5kdc_tmp_t, { file dir })
+
corecmd_exec_bin(kpropd_t)
corenet_all_recvfrom_unlabeled(kpropd_t)
@@ -303,10 +312,14 @@ dev_read_urand(kpropd_t)
files_read_etc_files(kpropd_t)
files_search_tmp(kpropd_t)
+selinux_validate_context(kpropd_t)
+
logging_send_syslog_msg(kpropd_t)
miscfiles_read_localization(kpropd_t)
+seutil_read_file_contexts(kpropd_t)
+
sysnet_dns_name_resolve(kpropd_t)
kerberos_use(kpropd_t)
More information about the scm-commits
mailing list