[selinux-policy: 3160/3172] Start adding support for use_fusefs_home_dirs Add /var/lib/syslog directory file context Add /etc/lo

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 23:41:04 UTC 2010 

commit d1c6ba20d583299341917ba381e828ef742ef28a
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Mon Oct 4 14:45:52 2010 -0400

    Start adding support for use_fusefs_home_dirs
    Add /var/lib/syslog directory file context
    Add /etc/localtime as locale file context

 policy/global_tunables             |    7 +++++++
 policy/modules/apps/mozilla.te     |    1 +
 policy/modules/services/xserver.te |   26 ++++++++++++++++++++++++--
 policy/modules/system/logging.fc   |    1 +
 policy/modules/system/miscfiles.fc |    1 +
 5 files changed, 34 insertions(+), 2 deletions(-)
---
diff --git a/policy/global_tunables b/policy/global_tunables
index f85244d..6e82b1e 100644
--- a/policy/global_tunables
+++ b/policy/global_tunables
@@ -89,6 +89,13 @@ gen_tunable(use_samba_home_dirs,false)
 
 ## <desc>
 ## <p>
+## Support fusefs home directories
+## </p>
+## </desc>
+gen_tunable(use_fusefs_home_dirs,false)
+
+## <desc>
+## <p>
 ## Allow users to run TCP servers (bind to ports and accept connection from
 ## the same domain and outside users)  disabling this forces FTP passive mode
 ## and may change other protocols.
diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
index cc87b60..d4cb9c4 100644
--- a/policy/modules/apps/mozilla.te
+++ b/policy/modules/apps/mozilla.te
@@ -369,6 +369,7 @@ userdom_dontaudit_use_user_ptys(mozilla_plugin_t)
 userdom_manage_user_tmp_sockets(mozilla_plugin_t)
 
 userdom_list_user_tmp(mozilla_plugin_t)
+userdom_manage_user_tmp_dirs(mozilla_plugin_t)
 userdom_read_user_tmp_files(mozilla_plugin_t)
 userdom_read_user_tmp_symlinks(mozilla_plugin_t)
 userdom_read_user_home_content_files(mozilla_plugin_t)
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index f37e8ae..44cd738 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -280,6 +280,10 @@ userdom_use_user_terminals(iceauth_t)
 userdom_read_user_tmp_files(iceauth_t)
 userdom_read_all_users_state(iceauth_t)
 
+tunable_policy(`use_fusefs_home_dirs',`
+	fs_manage_fusefs_files(iceauth_t)
+')
+
 tunable_policy(`use_nfs_home_dirs',`
 	fs_manage_nfs_files(iceauth_t)
 ')
@@ -369,6 +373,11 @@ ifdef(`hide_broken_symptoms',`
 	miscfiles_read_fonts(xauth_t)
 ')
 
+tunable_policy(`use_fusefs_home_dirs',`
+	fs_manage_fusefs_files(xauth_t)
+	fs_read_fusefs_symlinks(xauth_t)
+')
+
 tunable_policy(`use_nfs_home_dirs',`
 	fs_manage_nfs_files(xauth_t)
 	fs_read_nfs_symlinks(xauth_t)
@@ -661,6 +670,13 @@ ifdef(`distro_rhel4',`
 	allow xdm_t self:process { execheap execmem };
 ')
 
+tunable_policy(`use_fusefs_home_dirs',`
+	fs_manage_fusefs_dirs(xdm_t)
+	fs_manage_fusefs_files(xdm_t)
+	fs_manage_fusefs_symlinks(xdm_t)
+	fs_exec_fusefs_files(xdm_t)
+')
+
 tunable_policy(`use_nfs_home_dirs',`
 	fs_manage_nfs_dirs(xdm_t)
 	fs_manage_nfs_files(xdm_t)
@@ -1151,6 +1167,12 @@ tunable_policy(`use_nfs_home_dirs',`
 	fs_manage_nfs_symlinks(xserver_t)
 ')
 
+tunable_policy(`use_fusefs_home_dirs',`
+	fs_manage_fusefs_dirs(xserver_t)
+	fs_manage_fusefs_files(xserver_t)
+	fs_manage_fusefs_symlinks(xserver_t)
+')
+
 tunable_policy(`use_samba_home_dirs',`
 	fs_manage_cifs_dirs(xserver_t)
 	fs_manage_cifs_files(xserver_t)
@@ -1338,8 +1360,8 @@ tunable_policy(`use_nfs_home_dirs',`
 	fs_append_nfs_files(xdmhomewriter)
 ')
 
-tunable_policy(`use_samba_home_dirs',`
-	fs_append_cifs_files(xdmhomewriter)
+tunable_policy(`use_nfs_home_dirs',`
+	fs_append_nfs_files(xdmhomewriter)
 ')
 
 optional_policy(`
diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc
index a76d2fc..ca6409c 100644
--- a/policy/modules/system/logging.fc
+++ b/policy/modules/system/logging.fc
@@ -29,6 +29,7 @@
 /usr/sbin/syslogd	--	gen_context(system_u:object_r:syslogd_exec_t,s0)
 
 /var/lib/syslog-ng(/.*)? 	gen_context(system_u:object_r:syslogd_var_lib_t,s0)
+/var/lib/syslog(/.*)?		gen_context(system_u:object_r:syslogd_var_lib_t,s0)
 /var/lib/syslog-ng.persist --	gen_context(system_u:object_r:syslogd_var_lib_t,s0)
 
 ifdef(`distro_suse', `
diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
index 1f0ccfd..a8bd9fe 100644
--- a/policy/modules/system/miscfiles.fc
+++ b/policy/modules/system/miscfiles.fc
@@ -10,6 +10,7 @@ ifdef(`distro_gentoo',`
 #
 /etc/avahi/etc/localtime --	gen_context(system_u:object_r:locale_t,s0)
 /etc/localtime		--	gen_context(system_u:object_r:locale_t,s0)
+/etc/timezone		--	gen_context(system_u:object_r:locale_t,s0)
 /etc/pki(/.*)?			gen_context(system_u:object_r:cert_t,s0)
 /etc/httpd/alias/[^/]*\.db(\.[^/]*)*	-- 	gen_context(system_u:object_r:cert_t,s0)

More information about the scm-commits mailing list