selinux/dirsrv-admin.te | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
New commits:
commit 2b661e56ff991d7e60e2aa4fea02748b3ebad255
Author: Nathan Kinder <nkinder(a)redhat.com>
Date: Mon Apr 5 13:34:01 2010 -0700
Bug 570912 - dirsrv-admin SELinux module fails to install on F-13
The dirsrv-admin policy was calling two different macros that were
not designed to be used together. This worked in the past, but it
causes a conflicting rule to result on F-13. We really only need
to use the init_daemon_domain macro.
During testing, I also encountered an AVC when restarting the
dirsrv-admin service. We needed to add ioctl permission for
dirsrvadmin_t fifo files to the dirsrvadmin_t domain.
diff --git a/selinux/dirsrv-admin.te b/selinux/dirsrv-admin.te
index 2bcb359..65eda09 100644
--- a/selinux/dirsrv-admin.te
+++ b/selinux/dirsrv-admin.te
@@ -18,7 +18,6 @@ type dirsrvadmin_exec_t;
files_type(dirsrvadmin_exec_t)
# Start from initrc
-init_domain(dirsrvadmin_t, dirsrvadmin_exec_t)
init_daemon_domain(dirsrvadmin_t, dirsrvadmin_exec_t)
role system_r types dirsrvadmin_t;
@@ -53,7 +52,7 @@ files_tmp_filetrans(dirsrvadmin_t, dirsrvadmin_tmp_t, { file dir })
files_manage_generic_tmp_files(dirsrvadmin_t)
# Things needed by the start script (before transition to httpd domain)
-allow dirsrvadmin_t self:fifo_file { write read getattr };
+allow dirsrvadmin_t self:fifo_file { write read getattr ioctl };
allow dirsrvadmin_t self:capability { dac_read_search dac_override sys_tty_config };
logging_search_logs(dirsrvadmin_t)
corecmd_exec_bin(dirsrvadmin_t)
Show replies by date