[selinux-policy: 2974/3172] Use stream connect pattern.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 23:24:45 UTC 2010 

commit ac13ad949bc4e64804a7e86a694248e2bcae02ad
Author: Dominick Grift <domg472 at gmail.com>
Date:   Wed Sep 15 13:30:49 2010 +0200

    Use stream connect pattern.
    
    Use stream_connect_pattern.
    
    Use stream_connect_pattern.
    
    Use stream_connect_pattern.
    
    Signed-off-by: Dominick Grift <domg472 at gmail.com>

 policy/modules/services/postgresql.if |    6 ++----
 policy/modules/services/resmgr.if     |    3 +--
 policy/modules/services/ricci.if      |    3 +--
 policy/modules/services/rpcbind.if    |    3 +--
 4 files changed, 5 insertions(+), 10 deletions(-)
---
diff --git a/policy/modules/services/postgresql.if b/policy/modules/services/postgresql.if
index 85699e5..2c6b723 100644
--- a/policy/modules/services/postgresql.if
+++ b/policy/modules/services/postgresql.if
@@ -312,10 +312,8 @@ interface(`postgresql_stream_connect',`
 	')
 
 	files_search_pids($1)
-	allow $1 postgresql_t:unix_stream_socket connectto;
-	allow $1 postgresql_var_run_t:sock_file write;
-	# Some versions of postgresql put the sock file in /tmp
-	allow $1 postgresql_tmp_t:sock_file write;
+	files_search_tmp($1)
+	stream_connect_pattern($1, { postgresql_var_run_t postgresql_tmp_t}, { postgresql_var_run_t postgresql_tmp_t}, postgresql_t)
 ')
 
 ########################################
diff --git a/policy/modules/services/resmgr.if b/policy/modules/services/resmgr.if
index d457736..eabdd78 100644
--- a/policy/modules/services/resmgr.if
+++ b/policy/modules/services/resmgr.if
@@ -16,7 +16,6 @@ interface(`resmgr_stream_connect',`
 		type resmgrd_var_run_t, resmgrd_t;
 	')
 
-	allow $1 resmgrd_t:unix_stream_socket connectto;
-	allow $1 resmgrd_var_run_t:sock_file { getattr write };
 	files_search_pids($1)
+	stream_connect_pattern($1, resmgrd_var_run_t, resmgrd_var_run_t, resmgrd_t)
 ')
diff --git a/policy/modules/services/ricci.if b/policy/modules/services/ricci.if
index f326085..ecc341c 100644
--- a/policy/modules/services/ricci.if
+++ b/policy/modules/services/ricci.if
@@ -108,8 +108,7 @@ interface(`ricci_stream_connect_modclusterd',`
 	')
 
 	files_search_pids($1)
-	allow $1 ricci_modcluster_var_run_t:sock_file write;
-	allow $1 ricci_modclusterd_t:unix_stream_socket connectto;
+	stream_connect_pattern($1, ricci_modcluster_var_run_t, ricci_modcluster_var_run_t, ricci_modclusterd_t)
 ')
 
 ########################################
diff --git a/policy/modules/services/rpcbind.if b/policy/modules/services/rpcbind.if
index ca97ead..bd3c6b8 100644
--- a/policy/modules/services/rpcbind.if
+++ b/policy/modules/services/rpcbind.if
@@ -34,8 +34,7 @@ interface(`rpcbind_stream_connect',`
 	')
 
 	files_search_pids($1)
-	allow $1 rpcbind_var_run_t:sock_file write;
-	allow $1 rpcbind_t:unix_stream_socket connectto;
+	stream_connect_pattern($1, rpcbind_var_run_t, rpcbind_var_run_t, rpcbind_t)
 ')
 
 ########################################

More information about the scm-commits mailing list