[policycoreutils/f17] Allow stream sock_files to be stored in /tmp and etc_rw_t directories by sepolgen
Daniel J Walsh
dwalsh at fedoraproject.org
Fri May 18 15:43:26 UTC 2012
commit 93276dba0a068dc0dfc80c19b8fe1e9dca229254
Author: Dan Walsh <dwalsh at redhat.com>
Date: Fri May 18 11:43:21 2012 -0400
Allow stream sock_files to be stored in /tmp and etc_rw_t directories by sepolgen
- Trigger on selinux-policy needs to change to selinux-policy-devel
- Update translations
- Fix semanage dontaudit off/on exception
policycoreutils-rhat.patch | 60 +++++++++++++++++++++++++++++++++++++++++---
policycoreutils.spec | 9 +++---
2 files changed, 60 insertions(+), 9 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 0ec44a7..47bf144 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -12227,10 +12227,10 @@ index 0000000..f7af4d8
+
diff --git a/policycoreutils/gui/templates/etc_rw.py b/policycoreutils/gui/templates/etc_rw.py
new file mode 100644
-index 0000000..0d3dbfe
+index 0000000..1cea8b1
--- /dev/null
+++ b/policycoreutils/gui/templates/etc_rw.py
-@@ -0,0 +1,112 @@
+@@ -0,0 +1,138 @@
+# Copyright (C) 2007-2012 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -12265,6 +12265,11 @@ index 0000000..0d3dbfe
+files_etc_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, { dir file })
+"""
+
++te_stream_rules="""
++allow TEMPLATETYPE_t TEMPLATETYPE_etc_rw_t:sock_file manage_sock_file_perms;
++files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, sock_file)
++"""
++
+########################### Interface File #############################
+if_rules="""
+########################################
@@ -12327,6 +12332,27 @@ index 0000000..0d3dbfe
+
+"""
+
++if_stream_rules="""\
++########################################
++## <summary>
++## Connect to TEMPLATETYPE over a unix stream socket.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`TEMPLATETYPE_stream_connect',`
++ gen_require(`
++ type TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t;
++ ')
++
++ files_search_pids($1)
++ stream_connect_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_t)
++')
++"""
++
+if_admin_types="""
+ type TEMPLATETYPE_etc_rw_t;"""
+
@@ -13218,10 +13244,10 @@ index 0000000..194fb2c
+
diff --git a/policycoreutils/gui/templates/tmp.py b/policycoreutils/gui/templates/tmp.py
new file mode 100644
-index 0000000..d2adaa4
+index 0000000..33d4340
--- /dev/null
+++ b/policycoreutils/gui/templates/tmp.py
-@@ -0,0 +1,102 @@
+@@ -0,0 +1,128 @@
+# Copyright (C) 2007-2012 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -13256,6 +13282,11 @@ index 0000000..d2adaa4
+files_tmp_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, { dir file })
+"""
+
++te_stream_rules="""
++allow TEMPLATETYPE_t TEMPLATETYPE_tmp_t:sock_file manage_sock_file_perms;
++files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, sock_file)
++"""
++
+if_rules="""
+########################################
+## <summary>
@@ -13317,6 +13348,27 @@ index 0000000..d2adaa4
+')
+"""
+
++if_stream_rules="""\
++########################################
++## <summary>
++## Connect to TEMPLATETYPE over a unix stream socket.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`TEMPLATETYPE_stream_connect',`
++ gen_require(`
++ type TEMPLATETYPE_t, TEMPLATETYPE_tmp_t;
++ ')
++
++ files_search_pids($1)
++ stream_connect_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_t)
++')
++"""
++
+if_admin_types="""
+ type TEMPLATETYPE_tmp_t;"""
+
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 713e202..eb3e58b 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -1,13 +1,13 @@
%define libauditver 2.1.3-4
%define libsepolver 2.1.5-3
-%define libsemanagever 2.1.7-1
+%define libsemanagever 2.1.6-3
%define libselinuxver 2.1.10-1
%define sepolgenver 1.1.6
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.11
-Release: 14%{?dist}
+Release: 15%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -340,10 +340,9 @@ fi
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
-* Fri May 18 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.11-14
+* Fri May 18 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.11-15
+- Allow stream sock_files to be stored in /tmp and etc_rw_t directories by sepolgen
- Trigger on selinux-policy needs to change to selinux-policy-devel
-
-* Fri May 18 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.11-13
- Update translations
- Fix semanage dontaudit off/on exception
More information about the scm-commits
mailing list