[selinux-policy: 3079/3172] Use permission sets where possible.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 23:33:55 UTC 2010
commit 72ba80bf88951ac39aeaa7e45974d81c29858ba3
Author: Dominick Grift <domg472 at gmail.com>
Date: Wed Sep 22 11:33:39 2010 +0200
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
policy/modules/services/ajaxterm.te | 2 +-
policy/modules/services/amavis.te | 4 ++--
policy/modules/services/avahi.te | 2 +-
policy/modules/services/bind.te | 6 +++---
policy/modules/services/boinc.te | 2 +-
policy/modules/services/gatekeeper.te | 2 +-
6 files changed, 9 insertions(+), 9 deletions(-)
---
diff --git a/policy/modules/services/ajaxterm.te b/policy/modules/services/ajaxterm.te
index 3441758..6382604 100644
--- a/policy/modules/services/ajaxterm.te
+++ b/policy/modules/services/ajaxterm.te
@@ -30,7 +30,7 @@ allow ajaxterm_t self:fifo_file rw_fifo_file_perms;
allow ajaxterm_t self:unix_stream_socket create_stream_socket_perms;
allow ajaxterm_t self:tcp_socket create_stream_socket_perms;
-allow ajaxterm_t ajaxterm_devpts_t:chr_file { rw_chr_file_perms setattr getattr relabelfrom };
+allow ajaxterm_t ajaxterm_devpts_t:chr_file { rw_chr_file_perms setattr_chr_file_perms getattr_chr_file_perms relabelfrom };
term_create_pty(ajaxterm_t, ajaxterm_devpts_t)
manage_dirs_pattern(ajaxterm_t, ajaxterm_var_run_t, ajaxterm_var_run_t)
diff --git a/policy/modules/services/amavis.te b/policy/modules/services/amavis.te
index c3a1903..ec40291 100644
--- a/policy/modules/services/amavis.te
+++ b/policy/modules/services/amavis.te
@@ -76,7 +76,7 @@ files_search_spool(amavis_t)
# tmp files
manage_files_pattern(amavis_t, amavis_tmp_t, amavis_tmp_t)
-allow amavis_t amavis_tmp_t:dir setattr;
+allow amavis_t amavis_tmp_t:dir setattr_dir_perms;
files_tmp_filetrans(amavis_t, amavis_tmp_t, file)
# var/lib files for amavis
@@ -86,7 +86,7 @@ manage_sock_files_pattern(amavis_t, amavis_var_lib_t, amavis_var_lib_t)
files_search_var_lib(amavis_t)
# log files
-allow amavis_t amavis_var_log_t:dir setattr;
+allow amavis_t amavis_var_log_t:dir setattr_dir_perms;
manage_files_pattern(amavis_t, amavis_var_log_t, amavis_var_log_t)
manage_sock_files_pattern(amavis_t, amavis_var_log_t, amavis_var_log_t)
logging_log_filetrans(amavis_t, amavis_var_log_t, { sock_file file dir })
diff --git a/policy/modules/services/avahi.te b/policy/modules/services/avahi.te
index 803adbf..52dcf09 100644
--- a/policy/modules/services/avahi.te
+++ b/policy/modules/services/avahi.te
@@ -40,7 +40,7 @@ files_var_lib_filetrans(avahi_t, avahi_var_lib_t, { dir file })
manage_dirs_pattern(avahi_t, avahi_var_run_t, avahi_var_run_t)
manage_files_pattern(avahi_t, avahi_var_run_t, avahi_var_run_t)
manage_sock_files_pattern(avahi_t, avahi_var_run_t, avahi_var_run_t)
-allow avahi_t avahi_var_run_t:dir setattr;
+allow avahi_t avahi_var_run_t:dir setattr_dir_perms;
files_pid_filetrans(avahi_t, avahi_var_run_t, { dir file })
kernel_read_system_state(avahi_t)
diff --git a/policy/modules/services/bind.te b/policy/modules/services/bind.te
index ece1f1f..0535cb5 100644
--- a/policy/modules/services/bind.te
+++ b/policy/modules/services/bind.te
@@ -202,12 +202,12 @@ allow ndc_t self:tcp_socket create_socket_perms;
allow ndc_t self:netlink_route_socket r_netlink_socket_perms;
allow ndc_t dnssec_t:file read_file_perms;
-allow ndc_t dnssec_t:lnk_file { getattr read };
+allow ndc_t dnssec_t:lnk_file read_lnk_file_perms;
stream_connect_pattern(ndc_t, named_var_run_t, named_var_run_t, named_t)
allow ndc_t named_conf_t:file read_file_perms;
-allow ndc_t named_conf_t:lnk_file { getattr read };
+allow ndc_t named_conf_t:lnk_file read_lnk_file_perms;
allow ndc_t named_zone_t:dir search_dir_perms;
@@ -245,7 +245,7 @@ term_dontaudit_use_console(ndc_t)
# for /etc/rndc.key
ifdef(`distro_redhat',`
- allow ndc_t named_conf_t:dir search;
+ allow ndc_t named_conf_t:dir search_dir_perms;
')
optional_policy(`
diff --git a/policy/modules/services/boinc.te b/policy/modules/services/boinc.te
index 25475f5..077aa01 100644
--- a/policy/modules/services/boinc.te
+++ b/policy/modules/services/boinc.te
@@ -136,7 +136,7 @@ files_var_lib_filetrans(boinc_project_t, boinc_project_var_lib_t, { file dir })
allow boinc_project_t boinc_project_var_lib_t:file execmod;
allow boinc_project_t boinc_t:shm rw_shm_perms;
-allow boinc_project_t boinc_tmpfs_t:file { read write };
+allow boinc_project_t boinc_tmpfs_t:file rw_inherited_file_perms;
list_dirs_pattern(boinc_project_t, boinc_var_lib_t, boinc_var_lib_t)
rw_files_pattern(boinc_project_t, boinc_var_lib_t, boinc_var_lib_t)
diff --git a/policy/modules/services/gatekeeper.te b/policy/modules/services/gatekeeper.te
index 99a94de..6dbc203 100644
--- a/policy/modules/services/gatekeeper.te
+++ b/policy/modules/services/gatekeeper.te
@@ -33,7 +33,7 @@ allow gatekeeper_t self:fifo_file rw_fifo_file_perms;
allow gatekeeper_t self:tcp_socket create_stream_socket_perms;
allow gatekeeper_t self:udp_socket create_socket_perms;
-allow gatekeeper_t gatekeeper_etc_t:lnk_file { getattr read };
+allow gatekeeper_t gatekeeper_etc_t:lnk_file read_lnk_file_perms;
allow gatekeeper_t gatekeeper_etc_t:file read_file_perms;
files_search_etc(gatekeeper_t)
More information about the scm-commits
mailing list