[selinux-policy: 2946/3172] Allow iscsid to manage tgtd semaphores
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 23:22:21 UTC 2010
commit 3b0a9c74bb6e9728673e889b55e0503c900e66a7
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Wed Sep 15 16:50:07 2010 +0200
Allow iscsid to manage tgtd semaphores
policy/modules/services/tgtd.if | 18 ++++++++++++++++++
policy/modules/services/tgtd.te | 4 +++-
policy/modules/system/iscsi.te | 2 +-
3 files changed, 22 insertions(+), 2 deletions(-)
---
diff --git a/policy/modules/services/tgtd.if b/policy/modules/services/tgtd.if
index b113b41..74beaaa 100644
--- a/policy/modules/services/tgtd.if
+++ b/policy/modules/services/tgtd.if
@@ -26,3 +26,21 @@ interface(`tgtd_rw_semaphores',`
allow $1 tgtd_t:sem rw_sem_perms;
')
+
+######################################
+## <summary>
+## Manage tgtd sempaphores.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`tgtd_manage_semaphores',`
+ gen_require(`
+ type tgtd_t;
+ ')
+
+ allow $1 tgtd_t:sem create_sem_perms;
+')
diff --git a/policy/modules/services/tgtd.te b/policy/modules/services/tgtd.te
index debff69..108631e 100644
--- a/policy/modules/services/tgtd.te
+++ b/policy/modules/services/tgtd.te
@@ -67,4 +67,6 @@ logging_send_syslog_msg(tgtd_t)
miscfiles_read_localization(tgtd_t)
-iscsi_manage_semaphores(tgtd_t)
+optional_policy(`
+ iscsi_manage_semaphores(tgtd_t)
+')
diff --git a/policy/modules/system/iscsi.te b/policy/modules/system/iscsi.te
index 0787687..3ab3a47 100644
--- a/policy/modules/system/iscsi.te
+++ b/policy/modules/system/iscsi.te
@@ -93,5 +93,5 @@ logging_send_syslog_msg(iscsid_t)
miscfiles_read_localization(iscsid_t)
optional_policy(`
- tgtd_rw_semaphores(iscsid_t)
+ tgtd_manage_semaphores(iscsid_t)
')
More information about the scm-commits
mailing list