[selinux-policy: 3031/3172] Use stream connect pattern.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 23:29:40 UTC 2010
commit bece7c48bbbbac3f46d1ad40dcb2fa07f20d714c
Author: Dominick Grift <domg472 at gmail.com>
Date: Mon Sep 20 11:54:26 2010 +0200
Use stream connect pattern.
Use stream connect pattern.
policy/modules/services/gpm.if | 3 +--
policy/modules/services/nscd.if | 7 +++++--
2 files changed, 6 insertions(+), 4 deletions(-)
---
diff --git a/policy/modules/services/gpm.if b/policy/modules/services/gpm.if
index 7d97298..7d9378c 100644
--- a/policy/modules/services/gpm.if
+++ b/policy/modules/services/gpm.if
@@ -16,8 +16,7 @@ interface(`gpm_stream_connect',`
type gpmctl_t, gpm_t;
')
- allow $1 gpmctl_t:sock_file rw_sock_file_perms;
- allow $1 gpm_t:unix_stream_socket connectto;
+ stream_connect_pattern($1, gpmctl_t, gpmctl_t, gpm_t)
')
########################################
diff --git a/policy/modules/services/nscd.if b/policy/modules/services/nscd.if
index ded2734..f1ee95b 100644
--- a/policy/modules/services/nscd.if
+++ b/policy/modules/services/nscd.if
@@ -164,8 +164,11 @@ interface(`nscd_shm_use',`
# nscd_socket_domain macro. need to investigate
# if they are all actually required
allow $1 self:unix_stream_socket create_stream_socket_perms;
- allow $1 nscd_t:unix_stream_socket connectto;
- allow $1 nscd_var_run_t:sock_file rw_file_perms;
+
+ # dg: This may not be required.
+ allow $1 nscd_var_run_t:sock_file read_sock_file_perms;
+
+ stream_connect_pattern($1, nscd_var_run_t, nscd_var_run_t, nscd_t)
files_search_pids($1)
allow $1 nscd_t:nscd { getpwd getgrp gethost };
dontaudit $1 nscd_var_run_t:file { getattr read };
More information about the scm-commits
mailing list