[selinux-policy: 2633/3172] Djbdns patch from Dan Walsh.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:54:08 UTC 2010
commit 44b3808ba519ee0be4abc5fcb5d06708c4336fdf
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Apr 20 09:32:25 2010 -0400
Djbdns patch from Dan Walsh.
policy/modules/services/djbdns.if | 40 ++++++++++++++++++++++++++++++++++++-
policy/modules/services/djbdns.te | 9 +++++++-
2 files changed, 47 insertions(+), 2 deletions(-)
---
diff --git a/policy/modules/services/djbdns.if b/policy/modules/services/djbdns.if
index 00f84bb..ade3079 100644
--- a/policy/modules/services/djbdns.if
+++ b/policy/modules/services/djbdns.if
@@ -2,7 +2,7 @@
########################################
## <summary>
-## Create a set of derived types for djbdns
+## Create a set of derived types for djbdns
## components that are directly supervised by daemontools.
## </summary>
## <param name="prefix">
@@ -26,6 +26,8 @@ template(`djbdns_daemontools_domain_template',`
daemontools_read_svc(djbdns_$1_t)
allow djbdns_$1_t self:capability { net_bind_service setgid setuid sys_chroot };
+ allow djbdns_$1_t self:process signal;
+ allow djbdns_$1_t self:fifo_file rw_fifo_file_perms;
allow djbdns_$1_t self:tcp_socket create_stream_socket_perms;
allow djbdns_$1_t self:udp_socket create_socket_perms;
@@ -50,3 +52,39 @@ template(`djbdns_daemontools_domain_template',`
files_search_var(djbdns_$1_t)
')
+
+#####################################
+## <summary>
+## Allow search the djbdns-tinydns key ring.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`djbdns_search_tinydns_keys',`
+ gen_require(`
+ type djbdns_tinydns_t;
+ ')
+
+ allow $1 djbdns_tinydns_t:key search;
+')
+
+#####################################
+## <summary>
+## Allow link to the djbdns-tinydns key ring.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`djbdns_link_tinydns_keys',`
+ gen_require(`
+ type djbdns_tinydn_t;
+ ')
+
+ allow $1 djbdns_tinydn_t:key link;
+')
diff --git a/policy/modules/services/djbdns.te b/policy/modules/services/djbdns.te
index 89ab808..25006e9 100644
--- a/policy/modules/services/djbdns.te
+++ b/policy/modules/services/djbdns.te
@@ -1,5 +1,5 @@
-policy_module(djbdns, 1.3.0)
+policy_module(djbdns, 1.3.1)
########################################
#
@@ -42,3 +42,10 @@ allow djbdns_axfrdns_t djbdns_tinydns_conf_t:file read_file_perms;
files_search_var(djbdns_axfrdns_t)
ucspitcp_service_domain(djbdns_axfrdns_t, djbdns_axfrdns_exec_t)
+
+########################################
+#
+# Local policy for tinydns
+#
+
+init_dontaudit_use_script_fds(djbdns_tinydns_t)
More information about the scm-commits
mailing list