[selinux-policy: 2538/3172] Style fixes and module version bumps for 38fc1bd.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:45:36 UTC 2010
commit 827060cb0427192e1f22944f70cc1e4d329a356c
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed Mar 17 09:28:18 2010 -0400
Style fixes and module version bumps for 38fc1bd.
Changelog | 1 +
policy/modules/kernel/corenetwork.te.in | 2 +-
policy/modules/kernel/files.if | 36 +++++++-------
policy/modules/kernel/files.te | 2 +-
policy/modules/services/kerberos.if | 1 -
policy/modules/services/kerberos.te | 2 +-
policy/modules/services/likewise.fc | 76 +++++++++++++++---------------
policy/modules/services/likewise.if | 10 ++--
policy/modules/services/likewise.te | 72 +++++-------------------------
policy/modules/system/authlogin.te | 2 +-
10 files changed, 77 insertions(+), 127 deletions(-)
---
diff --git a/Changelog b/Changelog
index f9ac844..5554a20 100644
--- a/Changelog
+++ b/Changelog
@@ -4,6 +4,7 @@
cobbler (Dominick Grift)
dbadm (KaiGai Kohei)
nut (Stefan Schulze Frielinghaus, Miroslav Grepl)
+ likewise (Scott Salley)
pyicqt (Stefan Schulze Frielinghaus)
sectoolm (Miroslav Grepl)
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 9a5a82a..d4d3dc6 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -1,5 +1,5 @@
-policy_module(corenetwork, 1.13.8)
+policy_module(corenetwork, 1.13.9)
########################################
#
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 03a8781..4f1e6e9 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -2923,24 +2923,6 @@ interface(`files_dontaudit_getattr_home_dir',`
########################################
## <summary>
-## Relabel to user home root (/home).
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`files_relabelto_home',`
- gen_require(`
- type home_root_t;
- ')
-
- allow $1 home_root_t:dir relabelto;
-')
-
-########################################
-## <summary>
## Search home directories root (/home).
## </summary>
## <param name="domain">
@@ -3015,6 +2997,24 @@ interface(`files_list_home',`
########################################
## <summary>
+## Relabel to user home root (/home).
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`files_relabelto_home',`
+ gen_require(`
+ type home_root_t;
+ ')
+
+ allow $1 home_root_t:dir relabelto;
+')
+
+########################################
+## <summary>
## Create objects in /home.
## </summary>
## <param name="domain">
diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te
index 6515807..c915c73 100644
--- a/policy/modules/kernel/files.te
+++ b/policy/modules/kernel/files.te
@@ -1,5 +1,5 @@
-policy_module(files, 1.12.3)
+policy_module(files, 1.12.4)
########################################
#
diff --git a/policy/modules/services/kerberos.if b/policy/modules/services/kerberos.if
index d3cedf6..0c7f12f 100644
--- a/policy/modules/services/kerberos.if
+++ b/policy/modules/services/kerberos.if
@@ -202,7 +202,6 @@ interface(`kerberos_read_keytab',`
## Domain allowed access.
## </summary>
## </param>
-## <rolecap/>
#
interface(`kerberos_rw_keytab',`
gen_require(`
diff --git a/policy/modules/services/kerberos.te b/policy/modules/services/kerberos.te
index 736ee13..c7a148c 100644
--- a/policy/modules/services/kerberos.te
+++ b/policy/modules/services/kerberos.te
@@ -1,5 +1,5 @@
-policy_module(kerberos, 1.10.1)
+policy_module(kerberos, 1.10.2)
########################################
#
diff --git a/policy/modules/services/likewise.fc b/policy/modules/services/likewise.fc
index 6d29b1e..057a4e4 100644
--- a/policy/modules/services/likewise.fc
+++ b/policy/modules/services/likewise.fc
@@ -1,54 +1,54 @@
-/etc/likewise-open(/.*)? gen_context(system_u:object_r:likewise_etc_t,s0)
-/etc/likewise-open/.pstore.lock -- gen_context(system_u:object_r:likewise_pstore_lock_t,s0)
-/etc/likewise-open/likewise-krb5-ad.conf -- gen_context(system_u:object_r:likewise_krb5_ad_t,s0)
+/etc/likewise-open(/.*)? gen_context(system_u:object_r:likewise_etc_t,s0)
+/etc/likewise-open/.pstore.lock -- gen_context(system_u:object_r:likewise_pstore_lock_t,s0)
+/etc/likewise-open/likewise-krb5-ad.conf -- gen_context(system_u:object_r:likewise_krb5_ad_t,s0)
-/etc/rc\.d/init\.d/dcerpcd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/eventlogd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/lsassd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/lwiod -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/lwregd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/lwsmd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/netlogond -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/srvsvcd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/dcerpcd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/eventlogd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/lsassd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/lwiod -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/lwregd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/lwsmd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/netlogond -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/srvsvcd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0)
-/usr/sbin/dcerpcd -- gen_context(system_u:object_r:dcerpcd_exec_t,s0)
-/usr/sbin/eventlogd -- gen_context(system_u:object_r:eventlogd_exec_t,s0)
-/usr/sbin/lsassd -- gen_context(system_u:object_r:lsassd_exec_t,s0)
-/usr/sbin/lwiod -- gen_context(system_u:object_r:lwiod_exec_t,s0)
-/usr/sbin/lwregd -- gen_context(system_u:object_r:lwregd_exec_t,s0)
-/usr/sbin/lwsmd -- gen_context(system_u:object_r:lwsmd_exec_t,s0)
-/usr/sbin/netlogond -- gen_context(system_u:object_r:netlogond_exec_t,s0)
-/usr/sbin/srvsvcd -- gen_context(system_u:object_r:srvsvcd_exec_t,s0)
+/usr/sbin/dcerpcd -- gen_context(system_u:object_r:dcerpcd_exec_t,s0)
+/usr/sbin/eventlogd -- gen_context(system_u:object_r:eventlogd_exec_t,s0)
+/usr/sbin/lsassd -- gen_context(system_u:object_r:lsassd_exec_t,s0)
+/usr/sbin/lwiod -- gen_context(system_u:object_r:lwiod_exec_t,s0)
+/usr/sbin/lwregd -- gen_context(system_u:object_r:lwregd_exec_t,s0)
+/usr/sbin/lwsmd -- gen_context(system_u:object_r:lwsmd_exec_t,s0)
+/usr/sbin/netlogond -- gen_context(system_u:object_r:netlogond_exec_t,s0)
+/usr/sbin/srvsvcd -- gen_context(system_u:object_r:srvsvcd_exec_t,s0)
-/var/lib/likewise-open(/.*)? gen_context(system_u:object_r:likewise_var_lib_t,s0)
-/var/lib/likewise-open/\.lsassd -s gen_context(system_u:object_r:lsassd_var_socket_t,s0)
-/var/lib/likewise-open/\.lwiod -s gen_context(system_u:object_r:lwiod_var_socket_t,s0)
-/var/lib/likewise-open/\.regsd -s gen_context(system_u:object_r:lwregd_var_socket_t,s0)
-/var/lib/likewise-open/\.lwsm -s gen_context(system_u:object_r:lwsmd_var_socket_t,s0)
+/var/lib/likewise-open(/.*)? gen_context(system_u:object_r:likewise_var_lib_t,s0)
+/var/lib/likewise-open/\.lsassd -s gen_context(system_u:object_r:lsassd_var_socket_t,s0)
+/var/lib/likewise-open/\.lwiod -s gen_context(system_u:object_r:lwiod_var_socket_t,s0)
+/var/lib/likewise-open/\.regsd -s gen_context(system_u:object_r:lwregd_var_socket_t,s0)
+/var/lib/likewise-open/\.lwsm -s gen_context(system_u:object_r:lwsmd_var_socket_t,s0)
/var/lib/likewise-open/\.netlogond -s gen_context(system_u:object_r:netlogond_var_socket_t,s0)
-/var/lib/likewise-open/\.ntlmd -s gen_context(system_u:object_r:lsassd_var_socket_t,s0)
-/var/lib/likewise-open/krb5-affinity.conf -- gen_context(system_u:object_r:netlogond_var_lib_t, s0)
+/var/lib/likewise-open/\.ntlmd -s gen_context(system_u:object_r:lsassd_var_socket_t,s0)
+/var/lib/likewise-open/krb5-affinity.conf -- gen_context(system_u:object_r:netlogond_var_lib_t, s0)
/var/lib/likewise-open/krb5ccr_lsass -- gen_context(system_u:object_r:lsassd_var_lib_t, s0)
/var/lib/likewise-open/LWNetsd\.err -- gen_context(system_u:object_r:netlogond_var_lib_t,s0)
/var/lib/likewise-open/lsasd\.err -- gen_context(system_u:object_r:lsassd_var_lib_t,s0)
/var/lib/likewise-open/regsd\.err -- gen_context(system_u:object_r:lwregd_var_lib_t,s0)
-/var/lib/likewise-open/db -d gen_context(system_u:object_r:likewise_var_lib_t,s0)
+/var/lib/likewise-open/db -d gen_context(system_u:object_r:likewise_var_lib_t,s0)
/var/lib/likewise-open/db/lwi_events.db -- gen_context(system_u:object_r:eventlogd_var_lib_t,s0)
/var/lib/likewise-open/db/sam\.db -- gen_context(system_u:object_r:lsassd_var_lib_t,s0)
-/var/lib/likewise-open/db/lsass-adcache\.db -- gen_context(system_u:object_r:lsassd_var_lib_t,s0)
-/var/lib/likewise-open/db/lsass-adstate\.filedb -- gen_context(system_u:object_r:lsassd_var_lib_t,s0)
+/var/lib/likewise-open/db/lsass-adcache\.db -- gen_context(system_u:object_r:lsassd_var_lib_t,s0)
+/var/lib/likewise-open/db/lsass-adstate\.filedb -- gen_context(system_u:object_r:lsassd_var_lib_t,s0)
/var/lib/likewise-open/db/registry\.db -- gen_context(system_u:object_r:lwregd_var_lib_t,s0)
-/var/lib/likewise-open/rpc -d gen_context(system_u:object_r:likewise_var_lib_t,s0)
+/var/lib/likewise-open/rpc -d gen_context(system_u:object_r:likewise_var_lib_t,s0)
/var/lib/likewise-open/rpc/epmapper -s gen_context(system_u:object_r:dcerpcd_var_socket_t, s0)
/var/lib/likewise-open/rpc/lsass -s gen_context(system_u:object_r:lsassd_var_socket_t, s0)
-/var/lib/likewise-open/rpc/socket -s gen_context(system_u:object_r:eventlogd_var_socket_t, s0)
-/var/lib/likewise-open/run -d gen_context(system_u:object_r:likewise_var_lib_t,s0)
+/var/lib/likewise-open/rpc/socket -s gen_context(system_u:object_r:eventlogd_var_socket_t, s0)
+/var/lib/likewise-open/run -d gen_context(system_u:object_r:likewise_var_lib_t,s0)
/var/lib/likewise-open/run/rpcdep.dat -- gen_context(system_u:object_r:dcerpcd_var_lib_t, s0)
-/var/run/eventlogd.pid -- gen_context(system_u:object_r:eventlogd_var_run_t,s0)
-/var/run/lsassd.pid -- gen_context(system_u:object_r:lsassd_var_run_t,s0)
-/var/run/lwiod.pid -- gen_context(system_u:object_r:lwiod_var_run_t,s0)
-/var/run/lwregd.pid -- gen_context(system_u:object_r:lwregd_var_run_t,s0)
-/var/run/netlogond.pid -- gen_context(system_u:object_r:netlogond_var_run_t,s0)
-/var/run/srvsvcd.pid -- gen_context(system_u:object_r:srvsvcd_var_run_t,s0)
+/var/run/eventlogd.pid -- gen_context(system_u:object_r:eventlogd_var_run_t,s0)
+/var/run/lsassd.pid -- gen_context(system_u:object_r:lsassd_var_run_t,s0)
+/var/run/lwiod.pid -- gen_context(system_u:object_r:lwiod_var_run_t,s0)
+/var/run/lwregd.pid -- gen_context(system_u:object_r:lwregd_var_run_t,s0)
+/var/run/netlogond.pid -- gen_context(system_u:object_r:netlogond_var_run_t,s0)
+/var/run/srvsvcd.pid -- gen_context(system_u:object_r:srvsvcd_var_run_t,s0)
diff --git a/policy/modules/services/likewise.if b/policy/modules/services/likewise.if
index 549da5d..771e04b 100644
--- a/policy/modules/services/likewise.if
+++ b/policy/modules/services/likewise.if
@@ -1,10 +1,10 @@
## <summary>Likewise Active Directory support for UNIX.</summary>
## <desc>
-## <p>
-## Likewise Open is a free, open source application that joins Linux, Unix,
-## and Mac machines to Microsoft Active Directory to securely authenticate
-## users with their domain credentials.
-## </p>
+## <p>
+## Likewise Open is a free, open source application that joins Linux, Unix,
+## and Mac machines to Microsoft Active Directory to securely authenticate
+## users with their domain credentials.
+## </p>
## </desc>
#######################################
diff --git a/policy/modules/services/likewise.te b/policy/modules/services/likewise.te
index 731399f..5f2bded 100644
--- a/policy/modules/services/likewise.te
+++ b/policy/modules/services/likewise.te
@@ -3,7 +3,7 @@ policy_module(likewise, 1.0.0)
#################################
#
-# Likewise global personal declarations.
+# Declarations
#
attribute likewise_domains;
@@ -23,69 +23,25 @@ files_type(likewise_pstore_lock_t)
type likewise_krb5_ad_t;
files_type(likewise_krb5_ad_t)
-#############################
-#
-# Likewise dcerpcd personal declarations.
-#
-
likewise_domain_template(dcerpcd)
-#############################
-#
-# Likewise eventlogd personal declarations.
-#
-
likewise_domain_template(eventlogd)
-#############################
-#
-# Likewise lsassd personal declarations.
-#
-
likewise_domain_template(lsassd)
type lsassd_tmp_t;
files_tmp_file(lsassd_tmp_t)
-#############################
-#
-# Likewise lwiod personal declarations.
-#
-
likewise_domain_template(lwiod)
-#############################
-#
-# Likewise lwregd personal declarations.
-#
-
likewise_domain_template(lwregd)
-#############################
-#
-# Likewise lwsmd personal declarations.
-#
-
likewise_domain_template(lwsmd)
-#############################
-#
-# Likewise netlogond personal declarations.
-#
-
likewise_domain_template(netlogond)
-#############################
-#
-# Likewise srvsvcd personal declarations.
-#
-
likewise_domain_template(srvsvcd)
-##################################
-#
-# Likewise global personal policy.
-
#################################
#
# Likewise dcerpcd personal policy
@@ -134,8 +90,8 @@ corenet_udp_sendrecv_generic_port(eventlogd_t)
# Likewise Authentication service local policy
#
-allow lsassd_t self:capability {fowner chown fsetid dac_override sys_time};
-allow lsassd_t self:unix_stream_socket {create_stream_socket_perms connectto};
+allow lsassd_t self:capability { fowner chown fsetid dac_override sys_time };
+allow lsassd_t self:unix_stream_socket { create_stream_socket_perms connectto };
allow lsassd_t self:netlink_route_socket rw_netlink_socket_perms;
allow lsassd_t likewise_krb5_ad_t:file read_file_perms;
@@ -152,6 +108,11 @@ stream_connect_pattern(lsassd_t, likewise_var_lib_t, lwiod_var_socket_t, lwiod_t
stream_connect_pattern(lsassd_t, likewise_var_lib_t, lwregd_var_socket_t, lwregd_t)
stream_connect_pattern(lsassd_t, likewise_var_lib_t, netlogond_var_socket_t, netlogond_t)
+kernel_read_system_state(lsassd_t)
+kernel_getattr_proc_files(lsassd_t)
+kernel_list_all_proc(lsassd_t)
+kernel_list_proc(lsassd_t)
+
corecmd_exec_bin(lsassd_t)
corecmd_exec_shell(lsassd_t)
@@ -164,19 +125,13 @@ corenet_tcp_bind_generic_node(lsassd_t)
corenet_tcp_connect_epmap_port(lsassd_t)
corenet_tcp_sendrecv_epmap_port(lsassd_t)
+domain_obj_id_change_exemption(lsassd_t)
+
files_manage_etc_files(lsassd_t)
files_manage_etc_symlinks(lsassd_t)
files_manage_etc_runtime_files(lsassd_t)
-
files_relabelto_home(lsassd_t)
-kernel_read_system_state(lsassd_t)
-kernel_getattr_proc_files(lsassd_t)
-kernel_list_all_proc(lsassd_t)
-kernel_list_proc(lsassd_t)
-
-domain_obj_id_change_exemption(lsassd_t)
-
selinux_get_fs_mount(lsassd_t)
selinux_validate_context(lsassd_t)
@@ -201,7 +156,7 @@ optional_policy(`
# Likewise I/O service local policy
#
-allow lwiod_t self:capability {fowner chown fsetid dac_override };
+allow lwiod_t self:capability { fowner chown fsetid dac_override };
allow lwiod_t self:netlink_route_socket rw_netlink_socket_perms;
allow lwiod_t likewise_krb5_ad_t:file read_file_perms;
@@ -230,11 +185,6 @@ optional_policy(`
#################################
#
-# Likewise Registry server local policy
-#
-
-#################################
-#
# Likewise Service Manager service local policy
#
diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
index 09c5002..39cf811 100644
--- a/policy/modules/system/authlogin.te
+++ b/policy/modules/system/authlogin.te
@@ -1,5 +1,5 @@
-policy_module(authlogin, 2.1.2)
+policy_module(authlogin, 2.1.3)
########################################
#
More information about the scm-commits
mailing list