[selinux-policy: 2538/3172] Style fixes and module version bumps for 38fc1bd.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 22:45:36 UTC 2010 

commit 827060cb0427192e1f22944f70cc1e4d329a356c
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Wed Mar 17 09:28:18 2010 -0400

    Style fixes and module version bumps for 38fc1bd.

 Changelog                               |    1 +
 policy/modules/kernel/corenetwork.te.in |    2 +-
 policy/modules/kernel/files.if          |   36 +++++++-------
 policy/modules/kernel/files.te          |    2 +-
 policy/modules/services/kerberos.if     |    1 -
 policy/modules/services/kerberos.te     |    2 +-
 policy/modules/services/likewise.fc     |   76 +++++++++++++++---------------
 policy/modules/services/likewise.if     |   10 ++--
 policy/modules/services/likewise.te     |   72 +++++-------------------------
 policy/modules/system/authlogin.te      |    2 +-
 10 files changed, 77 insertions(+), 127 deletions(-)
---
diff --git a/Changelog b/Changelog
index f9ac844..5554a20 100644
--- a/Changelog
+++ b/Changelog
@@ -4,6 +4,7 @@
 	cobbler (Dominick Grift)
 	dbadm (KaiGai Kohei)
 	nut (Stefan Schulze Frielinghaus, Miroslav Grepl)
+	likewise (Scott Salley)
 	pyicqt (Stefan Schulze Frielinghaus)
 	sectoolm (Miroslav Grepl)
 
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 9a5a82a..d4d3dc6 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -1,5 +1,5 @@
 
-policy_module(corenetwork, 1.13.8)
+policy_module(corenetwork, 1.13.9)
 
 ########################################
 #
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 03a8781..4f1e6e9 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -2923,24 +2923,6 @@ interface(`files_dontaudit_getattr_home_dir',`
 
 ########################################
 ## <summary>
-##	Relabel to user home root (/home).
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`files_relabelto_home',`
-	gen_require(`
-		type home_root_t;
-	')
-
-	allow $1 home_root_t:dir relabelto;
-')
-
-########################################
-## <summary>
 ##	Search home directories root (/home).
 ## </summary>
 ## <param name="domain">
@@ -3015,6 +2997,24 @@ interface(`files_list_home',`
 
 ########################################
 ## <summary>
+##	Relabel to user home root (/home).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_relabelto_home',`
+	gen_require(`
+		type home_root_t;
+	')
+
+	allow $1 home_root_t:dir relabelto;
+')
+
+########################################
+## <summary>
 ##	Create objects in /home.
 ## </summary>
 ## <param name="domain">
diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te
index 6515807..c915c73 100644
--- a/policy/modules/kernel/files.te
+++ b/policy/modules/kernel/files.te
@@ -1,5 +1,5 @@
 
-policy_module(files, 1.12.3)
+policy_module(files, 1.12.4)
 
 ########################################
 #
diff --git a/policy/modules/services/kerberos.if b/policy/modules/services/kerberos.if
index d3cedf6..0c7f12f 100644
--- a/policy/modules/services/kerberos.if
+++ b/policy/modules/services/kerberos.if
@@ -202,7 +202,6 @@ interface(`kerberos_read_keytab',`
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
-## <rolecap/>
 #
 interface(`kerberos_rw_keytab',`
 	gen_require(`
diff --git a/policy/modules/services/kerberos.te b/policy/modules/services/kerberos.te
index 736ee13..c7a148c 100644
--- a/policy/modules/services/kerberos.te
+++ b/policy/modules/services/kerberos.te
@@ -1,5 +1,5 @@
 
-policy_module(kerberos, 1.10.1)
+policy_module(kerberos, 1.10.2)
 
 ########################################
 #
diff --git a/policy/modules/services/likewise.fc b/policy/modules/services/likewise.fc
index 6d29b1e..057a4e4 100644
--- a/policy/modules/services/likewise.fc
+++ b/policy/modules/services/likewise.fc
@@ -1,54 +1,54 @@
-/etc/likewise-open(/.*)?		gen_context(system_u:object_r:likewise_etc_t,s0)
-/etc/likewise-open/.pstore.lock	--	gen_context(system_u:object_r:likewise_pstore_lock_t,s0)
-/etc/likewise-open/likewise-krb5-ad.conf	--	gen_context(system_u:object_r:likewise_krb5_ad_t,s0)
+/etc/likewise-open(/.*)?			gen_context(system_u:object_r:likewise_etc_t,s0)
+/etc/likewise-open/.pstore.lock		--	gen_context(system_u:object_r:likewise_pstore_lock_t,s0)
+/etc/likewise-open/likewise-krb5-ad.conf --	gen_context(system_u:object_r:likewise_krb5_ad_t,s0)
 
-/etc/rc\.d/init\.d/dcerpcd	--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/eventlogd	--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/lsassd	--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/lwiod	--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/lwregd	--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/lwsmd	--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/netlogond	--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/srvsvcd	--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/dcerpcd		--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/eventlogd		--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/lsassd		--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/lwiod		--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/lwregd		--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/lwsmd		--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/netlogond		--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/srvsvcd		--	gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
 
-/usr/sbin/dcerpcd	--	gen_context(system_u:object_r:dcerpcd_exec_t,s0)
-/usr/sbin/eventlogd	--	gen_context(system_u:object_r:eventlogd_exec_t,s0)
-/usr/sbin/lsassd	--	gen_context(system_u:object_r:lsassd_exec_t,s0)
-/usr/sbin/lwiod	--	gen_context(system_u:object_r:lwiod_exec_t,s0)
-/usr/sbin/lwregd	--	gen_context(system_u:object_r:lwregd_exec_t,s0)
-/usr/sbin/lwsmd	--	gen_context(system_u:object_r:lwsmd_exec_t,s0)
-/usr/sbin/netlogond	--	gen_context(system_u:object_r:netlogond_exec_t,s0)
-/usr/sbin/srvsvcd	--	gen_context(system_u:object_r:srvsvcd_exec_t,s0)
+/usr/sbin/dcerpcd			--	gen_context(system_u:object_r:dcerpcd_exec_t,s0)
+/usr/sbin/eventlogd			--	gen_context(system_u:object_r:eventlogd_exec_t,s0)
+/usr/sbin/lsassd			--	gen_context(system_u:object_r:lsassd_exec_t,s0)
+/usr/sbin/lwiod				--	gen_context(system_u:object_r:lwiod_exec_t,s0)
+/usr/sbin/lwregd			--	gen_context(system_u:object_r:lwregd_exec_t,s0)
+/usr/sbin/lwsmd				--	gen_context(system_u:object_r:lwsmd_exec_t,s0)
+/usr/sbin/netlogond			--	gen_context(system_u:object_r:netlogond_exec_t,s0)
+/usr/sbin/srvsvcd			--	gen_context(system_u:object_r:srvsvcd_exec_t,s0)
 
-/var/lib/likewise-open(/.*)?		gen_context(system_u:object_r:likewise_var_lib_t,s0)
-/var/lib/likewise-open/\.lsassd	-s	gen_context(system_u:object_r:lsassd_var_socket_t,s0)
-/var/lib/likewise-open/\.lwiod	-s	gen_context(system_u:object_r:lwiod_var_socket_t,s0)
-/var/lib/likewise-open/\.regsd	-s	gen_context(system_u:object_r:lwregd_var_socket_t,s0)
-/var/lib/likewise-open/\.lwsm	-s	gen_context(system_u:object_r:lwsmd_var_socket_t,s0)
+/var/lib/likewise-open(/.*)?			gen_context(system_u:object_r:likewise_var_lib_t,s0)
+/var/lib/likewise-open/\.lsassd		-s	gen_context(system_u:object_r:lsassd_var_socket_t,s0)
+/var/lib/likewise-open/\.lwiod		-s	gen_context(system_u:object_r:lwiod_var_socket_t,s0)
+/var/lib/likewise-open/\.regsd		-s	gen_context(system_u:object_r:lwregd_var_socket_t,s0)
+/var/lib/likewise-open/\.lwsm		-s	gen_context(system_u:object_r:lwsmd_var_socket_t,s0)
 /var/lib/likewise-open/\.netlogond	-s	gen_context(system_u:object_r:netlogond_var_socket_t,s0)
-/var/lib/likewise-open/\.ntlmd	-s	gen_context(system_u:object_r:lsassd_var_socket_t,s0)
-/var/lib/likewise-open/krb5-affinity.conf	--	gen_context(system_u:object_r:netlogond_var_lib_t, s0)
+/var/lib/likewise-open/\.ntlmd		-s	gen_context(system_u:object_r:lsassd_var_socket_t,s0)
+/var/lib/likewise-open/krb5-affinity.conf --	gen_context(system_u:object_r:netlogond_var_lib_t, s0)
 /var/lib/likewise-open/krb5ccr_lsass	--	gen_context(system_u:object_r:lsassd_var_lib_t, s0)
 /var/lib/likewise-open/LWNetsd\.err	--	gen_context(system_u:object_r:netlogond_var_lib_t,s0)
 /var/lib/likewise-open/lsasd\.err	--	gen_context(system_u:object_r:lsassd_var_lib_t,s0)
 /var/lib/likewise-open/regsd\.err	--	gen_context(system_u:object_r:lwregd_var_lib_t,s0)
-/var/lib/likewise-open/db	-d	gen_context(system_u:object_r:likewise_var_lib_t,s0)
+/var/lib/likewise-open/db		-d	gen_context(system_u:object_r:likewise_var_lib_t,s0)
 /var/lib/likewise-open/db/lwi_events.db	--	gen_context(system_u:object_r:eventlogd_var_lib_t,s0)
 /var/lib/likewise-open/db/sam\.db	--	gen_context(system_u:object_r:lsassd_var_lib_t,s0)
-/var/lib/likewise-open/db/lsass-adcache\.db	--	gen_context(system_u:object_r:lsassd_var_lib_t,s0)
-/var/lib/likewise-open/db/lsass-adstate\.filedb	--	gen_context(system_u:object_r:lsassd_var_lib_t,s0)
+/var/lib/likewise-open/db/lsass-adcache\.db --	gen_context(system_u:object_r:lsassd_var_lib_t,s0)
+/var/lib/likewise-open/db/lsass-adstate\.filedb -- gen_context(system_u:object_r:lsassd_var_lib_t,s0)
 /var/lib/likewise-open/db/registry\.db	--	gen_context(system_u:object_r:lwregd_var_lib_t,s0)
-/var/lib/likewise-open/rpc	-d	gen_context(system_u:object_r:likewise_var_lib_t,s0)
+/var/lib/likewise-open/rpc		-d	gen_context(system_u:object_r:likewise_var_lib_t,s0)
 /var/lib/likewise-open/rpc/epmapper	-s	gen_context(system_u:object_r:dcerpcd_var_socket_t, s0)
 /var/lib/likewise-open/rpc/lsass	-s	gen_context(system_u:object_r:lsassd_var_socket_t, s0)
-/var/lib/likewise-open/rpc/socket	-s	gen_context(system_u:object_r:eventlogd_var_socket_t, s0)
-/var/lib/likewise-open/run	-d	gen_context(system_u:object_r:likewise_var_lib_t,s0)
+/var/lib/likewise-open/rpc/socket 	-s	gen_context(system_u:object_r:eventlogd_var_socket_t, s0)
+/var/lib/likewise-open/run		-d	gen_context(system_u:object_r:likewise_var_lib_t,s0)
 /var/lib/likewise-open/run/rpcdep.dat	--	gen_context(system_u:object_r:dcerpcd_var_lib_t, s0)
 
-/var/run/eventlogd.pid	--	gen_context(system_u:object_r:eventlogd_var_run_t,s0)
-/var/run/lsassd.pid	--	gen_context(system_u:object_r:lsassd_var_run_t,s0)
-/var/run/lwiod.pid	--	gen_context(system_u:object_r:lwiod_var_run_t,s0)
-/var/run/lwregd.pid	--	gen_context(system_u:object_r:lwregd_var_run_t,s0)
-/var/run/netlogond.pid	--	gen_context(system_u:object_r:netlogond_var_run_t,s0)
-/var/run/srvsvcd.pid	--	gen_context(system_u:object_r:srvsvcd_var_run_t,s0)
+/var/run/eventlogd.pid			--	gen_context(system_u:object_r:eventlogd_var_run_t,s0)
+/var/run/lsassd.pid			--	gen_context(system_u:object_r:lsassd_var_run_t,s0)
+/var/run/lwiod.pid			--	gen_context(system_u:object_r:lwiod_var_run_t,s0)
+/var/run/lwregd.pid			--	gen_context(system_u:object_r:lwregd_var_run_t,s0)
+/var/run/netlogond.pid			--	gen_context(system_u:object_r:netlogond_var_run_t,s0)
+/var/run/srvsvcd.pid			--	gen_context(system_u:object_r:srvsvcd_var_run_t,s0)
 
diff --git a/policy/modules/services/likewise.if b/policy/modules/services/likewise.if
index 549da5d..771e04b 100644
--- a/policy/modules/services/likewise.if
+++ b/policy/modules/services/likewise.if
@@ -1,10 +1,10 @@
 ## <summary>Likewise Active Directory support for UNIX.</summary>
 ## <desc>
-##     <p>
-##     Likewise Open is a free, open source application that joins Linux, Unix,
-##     and Mac machines to Microsoft Active Directory to securely authenticate
-##     users with their domain credentials.
-##     </p>
+##	<p>
+##	Likewise Open is a free, open source application that joins Linux, Unix,
+##	and Mac machines to Microsoft Active Directory to securely authenticate
+##	users with their domain credentials.
+##	</p>
 ## </desc>
 
 #######################################
diff --git a/policy/modules/services/likewise.te b/policy/modules/services/likewise.te
index 731399f..5f2bded 100644
--- a/policy/modules/services/likewise.te
+++ b/policy/modules/services/likewise.te
@@ -3,7 +3,7 @@ policy_module(likewise, 1.0.0)
 
 #################################
 #
-# Likewise global personal declarations.
+# Declarations
 #
 
 attribute likewise_domains;
@@ -23,69 +23,25 @@ files_type(likewise_pstore_lock_t)
 type likewise_krb5_ad_t;
 files_type(likewise_krb5_ad_t)
 
-#############################
-#
-# Likewise dcerpcd personal declarations.
-#
-
 likewise_domain_template(dcerpcd)
 
-#############################
-#
-# Likewise eventlogd personal declarations.
-#
-
 likewise_domain_template(eventlogd)
 
-#############################
-#
-# Likewise lsassd personal declarations.
-#
-
 likewise_domain_template(lsassd)
 
 type lsassd_tmp_t;
 files_tmp_file(lsassd_tmp_t)
 
-#############################
-#
-# Likewise lwiod personal declarations.
-#
-
 likewise_domain_template(lwiod)
 
-#############################
-#
-# Likewise lwregd personal declarations.
-#
-
 likewise_domain_template(lwregd)
 
-#############################
-#
-# Likewise lwsmd personal declarations.
-#
-
 likewise_domain_template(lwsmd)
 
-#############################
-#
-# Likewise netlogond personal declarations.
-#
-
 likewise_domain_template(netlogond)
 
-#############################
-#
-# Likewise srvsvcd personal declarations.
-#
-
 likewise_domain_template(srvsvcd)
 
-##################################
-#
-# Likewise global personal policy.
-
 #################################
 #
 # Likewise dcerpcd personal policy
@@ -134,8 +90,8 @@ corenet_udp_sendrecv_generic_port(eventlogd_t)
 # Likewise Authentication service local policy
 #
 
-allow lsassd_t self:capability {fowner chown fsetid dac_override sys_time};
-allow lsassd_t self:unix_stream_socket {create_stream_socket_perms connectto};
+allow lsassd_t self:capability { fowner chown fsetid dac_override sys_time };
+allow lsassd_t self:unix_stream_socket { create_stream_socket_perms connectto };
 allow lsassd_t self:netlink_route_socket rw_netlink_socket_perms;
 
 allow lsassd_t likewise_krb5_ad_t:file read_file_perms;
@@ -152,6 +108,11 @@ stream_connect_pattern(lsassd_t, likewise_var_lib_t, lwiod_var_socket_t, lwiod_t
 stream_connect_pattern(lsassd_t, likewise_var_lib_t, lwregd_var_socket_t, lwregd_t)
 stream_connect_pattern(lsassd_t, likewise_var_lib_t, netlogond_var_socket_t, netlogond_t)
 
+kernel_read_system_state(lsassd_t)
+kernel_getattr_proc_files(lsassd_t)
+kernel_list_all_proc(lsassd_t)
+kernel_list_proc(lsassd_t)
+
 corecmd_exec_bin(lsassd_t)
 corecmd_exec_shell(lsassd_t)
 
@@ -164,19 +125,13 @@ corenet_tcp_bind_generic_node(lsassd_t)
 corenet_tcp_connect_epmap_port(lsassd_t)
 corenet_tcp_sendrecv_epmap_port(lsassd_t)
 
+domain_obj_id_change_exemption(lsassd_t)
+
 files_manage_etc_files(lsassd_t)
 files_manage_etc_symlinks(lsassd_t)
 files_manage_etc_runtime_files(lsassd_t)
-
 files_relabelto_home(lsassd_t)
 
-kernel_read_system_state(lsassd_t)
-kernel_getattr_proc_files(lsassd_t)
-kernel_list_all_proc(lsassd_t)
-kernel_list_proc(lsassd_t)
-
-domain_obj_id_change_exemption(lsassd_t)
-
 selinux_get_fs_mount(lsassd_t)
 selinux_validate_context(lsassd_t)
 
@@ -201,7 +156,7 @@ optional_policy(`
 # Likewise I/O service local policy
 #
 
-allow lwiod_t self:capability {fowner chown fsetid dac_override };
+allow lwiod_t self:capability { fowner chown fsetid dac_override };
 allow lwiod_t self:netlink_route_socket rw_netlink_socket_perms;
 
 allow lwiod_t likewise_krb5_ad_t:file read_file_perms;
@@ -230,11 +185,6 @@ optional_policy(`
 
 #################################
 #
-# Likewise Registry server local policy
-#
-
-#################################
-#
 # Likewise Service Manager service local policy
 #
 
diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
index 09c5002..39cf811 100644
--- a/policy/modules/system/authlogin.te
+++ b/policy/modules/system/authlogin.te
@@ -1,5 +1,5 @@
 
-policy_module(authlogin, 2.1.2)
+policy_module(authlogin, 2.1.3)
 
 ########################################
 #

More information about the scm-commits mailing list