[389-devel] commit: changed selinux policy to support fifos (named pipes)
Rich Megginson
rmeggins at redhat.com
Tue Nov 24 18:38:19 UTC 2009
To ssh://git.fedorahosted.org/git/389/ds.git
c177c34..b2e2a3f master -> master
commit b2e2a3f5294707e1ccf2b25fd281ce3653dac819
Author: Nathan Kinder <nkinder at redhat.com>
Date: Mon Nov 23 09:48:50 2009 -0800
Allow dirsrv_t to log to a fifo in SELinux policy.
This patch changes the SELinux dirsrv policy to allow ns-slapd to
log to a fifo file.
Author: nkinder (Thanks!)
Tested on RHEL5 i386
diff --git a/selinux/dirsrv.if b/selinux/dirsrv.if
index 80b478f..b8e1a7f 100644
--- a/selinux/dirsrv.if
+++ b/selinux/dirsrv.if
@@ -77,6 +77,7 @@ interface(`dirsrv_manage_log',`
allow $1 dirsrv_var_log_t:dir manage_dir_perms;
allow $1 dirsrv_var_log_t:file manage_file_perms;
+ allow $1 dirsrv_var_log_t:fifo_file: manage_fifo_file_perms;
')
#######################################
diff --git a/selinux/dirsrv.te b/selinux/dirsrv.te
index 60901f2..ef09fb2 100644
--- a/selinux/dirsrv.te
+++ b/selinux/dirsrv.te
@@ -105,6 +105,7 @@ files_var_lib_filetrans(dirsrv_t,dirsrv_var_lib_t, {
file dir sock_file })
# log files
manage_files_pattern(dirsrv_t, dirsrv_var_log_t, dirsrv_var_log_t)
+manage_fifo_files_pattern(dirsrv_t, dirsrv_var_log_t, dirsrv_var_log_t)
allow dirsrv_t dirsrv_var_log_t:dir { setattr };
logging_log_filetrans(dirsrv_t,dirsrv_var_log_t,{ sock_file file dir })
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-devel/attachments/20091124/2f9fb948/attachment.bin
More information about the 389-devel
mailing list