[policycoreutils/f17] Allow stream sock_files to be stored in /tmp and etc_rw_t directories by sepolgen

Daniel J Walsh dwalsh at fedoraproject.org
Fri May 18 15:43:26 UTC 2012 

commit 93276dba0a068dc0dfc80c19b8fe1e9dca229254
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Fri May 18 11:43:21 2012 -0400

    Allow stream sock_files to be stored in /tmp and etc_rw_t directories by sepolgen
    
    - Trigger on selinux-policy needs to change to selinux-policy-devel
    - Update translations
    - Fix semanage dontaudit off/on exception

 policycoreutils-rhat.patch |   60 +++++++++++++++++++++++++++++++++++++++++---
 policycoreutils.spec       |    9 +++---
 2 files changed, 60 insertions(+), 9 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 0ec44a7..47bf144 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -12227,10 +12227,10 @@ index 0000000..f7af4d8
 +
 diff --git a/policycoreutils/gui/templates/etc_rw.py b/policycoreutils/gui/templates/etc_rw.py
 new file mode 100644
-index 0000000..0d3dbfe
+index 0000000..1cea8b1
 --- /dev/null
 +++ b/policycoreutils/gui/templates/etc_rw.py
-@@ -0,0 +1,112 @@
+@@ -0,0 +1,138 @@
 +# Copyright (C) 2007-2012 Red Hat
 +# see file 'COPYING' for use and warranty information
 +#
@@ -12265,6 +12265,11 @@ index 0000000..0d3dbfe
 +files_etc_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, { dir file })
 +"""
 +
++te_stream_rules="""
++allow TEMPLATETYPE_t TEMPLATETYPE_etc_rw_t:sock_file manage_sock_file_perms;
++files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, sock_file)
++"""
++
 +########################### Interface File #############################
 +if_rules="""
 +########################################
@@ -12327,6 +12332,27 @@ index 0000000..0d3dbfe
 +
 +"""
 +
++if_stream_rules="""\
++########################################
++## <summary>
++##	Connect to TEMPLATETYPE over a unix stream socket.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`TEMPLATETYPE_stream_connect',`
++	gen_require(`
++		type TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t;
++	')
++
++	files_search_pids($1)
++	stream_connect_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_t)
++')
++"""
++
 +if_admin_types="""
 +		type TEMPLATETYPE_etc_rw_t;"""
 +
@@ -13218,10 +13244,10 @@ index 0000000..194fb2c
 +
 diff --git a/policycoreutils/gui/templates/tmp.py b/policycoreutils/gui/templates/tmp.py
 new file mode 100644
-index 0000000..d2adaa4
+index 0000000..33d4340
 --- /dev/null
 +++ b/policycoreutils/gui/templates/tmp.py
-@@ -0,0 +1,102 @@
+@@ -0,0 +1,128 @@
 +# Copyright (C) 2007-2012 Red Hat
 +# see file 'COPYING' for use and warranty information
 +#
@@ -13256,6 +13282,11 @@ index 0000000..d2adaa4
 +files_tmp_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, { dir file })
 +"""
 +
++te_stream_rules="""
++allow TEMPLATETYPE_t TEMPLATETYPE_tmp_t:sock_file manage_sock_file_perms;
++files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, sock_file)
++"""
++
 +if_rules="""
 +########################################
 +## <summary>
@@ -13317,6 +13348,27 @@ index 0000000..d2adaa4
 +')
 +"""
 +
++if_stream_rules="""\
++########################################
++## <summary>
++##	Connect to TEMPLATETYPE over a unix stream socket.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`TEMPLATETYPE_stream_connect',`
++	gen_require(`
++		type TEMPLATETYPE_t, TEMPLATETYPE_tmp_t;
++	')
++
++	files_search_pids($1)
++	stream_connect_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_t)
++')
++"""
++
 +if_admin_types="""
 +		type TEMPLATETYPE_tmp_t;"""
 +
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 713e202..eb3e58b 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -1,13 +1,13 @@
 %define	libauditver	2.1.3-4
 %define libsepolver 	2.1.5-3
-%define	libsemanagever	2.1.7-1
+%define	libsemanagever	2.1.6-3
 %define	libselinuxver	2.1.10-1
 %define	sepolgenver	1.1.6
 
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.1.11
-Release: 14%{?dist}
+Release: 15%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@@ -340,10 +340,9 @@ fi
 %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
 
 %changelog
-* Fri May 18 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.11-14
+* Fri May 18 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.11-15
+- Allow stream sock_files to be stored in /tmp and etc_rw_t directories by sepolgen
 - Trigger on selinux-policy needs to change to selinux-policy-devel
-
-* Fri May 18 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.11-13
 - Update translations
 - Fix semanage dontaudit off/on exception

More information about the scm-commits mailing list