[selinux-policy] - Fixes for lvm to work with systemd

Miroslav Grepl mgrepl at fedoraproject.org
Tue Dec 7 14:11:06 UTC 2010 

commit 7b62a83f6b1e07c8e0283ce4dec5f7e9f3a3e8a3
Author: Miroslav Grepl <mgrepl at redhat.com>
Date:   Tue Dec 7 15:10:29 2010 +0000

    - Fixes for lvm to work with systemd

 policy-F15.patch    |   25 +++++++++++++++++++++----
 selinux-policy.spec |    5 ++++-
 2 files changed, 25 insertions(+), 5 deletions(-)
---
diff --git a/policy-F15.patch b/policy-F15.patch
index 9fcff4d..ae8d5e9 100644
--- a/policy-F15.patch
+++ b/policy-F15.patch
@@ -43754,7 +43754,7 @@ index aa2b0a6..304fbba 100644
  ')
  
 diff --git a/policy/modules/system/lvm.fc b/policy/modules/system/lvm.fc
-index 879bb1e..31efcb2 100644
+index 879bb1e..5ce52c0 100644
 --- a/policy/modules/system/lvm.fc
 +++ b/policy/modules/system/lvm.fc
 @@ -28,10 +28,12 @@ ifdef(`distro_gentoo',`
@@ -43770,6 +43770,14 @@ index 879bb1e..31efcb2 100644
  /sbin/cryptsetup	--	gen_context(system_u:object_r:lvm_exec_t,s0)
  /sbin/dmraid		--	gen_context(system_u:object_r:lvm_exec_t,s0)
  /sbin/dmsetup		--	gen_context(system_u:object_r:lvm_exec_t,s0)
+@@ -97,5 +99,7 @@ ifdef(`distro_gentoo',`
+ /var/cache/multipathd(/.*)?	gen_context(system_u:object_r:lvm_metadata_t,s0)
+ /var/lib/multipath(/.*)?	gen_context(system_u:object_r:lvm_var_lib_t,s0)
+ /var/lock/lvm(/.*)?		gen_context(system_u:object_r:lvm_lock_t,s0)
++/var/run/lvm(/.*)?     gen_context(system_u:object_r:lvm_var_run_t,s0)
+ /var/run/multipathd\.sock -s	gen_context(system_u:object_r:lvm_var_run_t,s0)
++/var/run/clvmd\.pid --  gen_context(system_u:object_r:clvmd_var_run_t,s0)
+ /var/run/dmevent.*		gen_context(system_u:object_r:lvm_var_run_t,s0)
 diff --git a/policy/modules/system/lvm.if b/policy/modules/system/lvm.if
 index 58bc27f..b4f0663 100644
 --- a/policy/modules/system/lvm.if
@@ -43797,7 +43805,7 @@ index 58bc27f..b4f0663 100644
 +	allow $1 clvmd_tmpfs_t:file rw_file_perms;
 +')
 diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
-index 86ef2da..17aeb3e 100644
+index 86ef2da..a251276 100644
 --- a/policy/modules/system/lvm.te
 +++ b/policy/modules/system/lvm.te
 @@ -12,6 +12,9 @@ init_daemon_domain(clvmd_t, clvmd_exec_t)
@@ -43861,6 +43869,15 @@ index 86ef2da..17aeb3e 100644
  
  manage_dirs_pattern(lvm_t, lvm_var_lib_t, lvm_var_lib_t)
  manage_files_pattern(lvm_t, lvm_var_lib_t, lvm_var_lib_t)
+@@ -200,7 +214,7 @@ files_var_lib_filetrans(lvm_t, lvm_var_lib_t, { dir file })
+ manage_dirs_pattern(lvm_t, lvm_var_run_t, lvm_var_run_t)
+ manage_files_pattern(lvm_t, lvm_var_run_t, lvm_var_run_t)
+ manage_sock_files_pattern(lvm_t, lvm_var_run_t, lvm_var_run_t)
+-files_pid_filetrans(lvm_t, lvm_var_run_t, { file sock_file })
++files_pid_filetrans(lvm_t, lvm_var_run_t, { dir file sock_file })
+ 
+ read_files_pattern(lvm_t, lvm_etc_t, lvm_etc_t)
+ read_lnk_files_pattern(lvm_t, lvm_etc_t, lvm_etc_t)
 @@ -210,12 +224,15 @@ filetrans_pattern(lvm_t, lvm_etc_t, lvm_metadata_t, file)
  files_etc_filetrans(lvm_t, lvm_metadata_t, file)
  files_search_mnt(lvm_t)
@@ -47269,7 +47286,7 @@ index db75976..392d1ee 100644
 +HOME_DIR/\.gvfs(/.*)?	<<none>>
 +HOME_DIR/\.debug(/.*)?	<<none>>
 diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
-index 35f1476..d74e327 100644
+index 35f1476..1571559 100644
 --- a/policy/modules/system/userdomain.if
 +++ b/policy/modules/system/userdomain.if
 @@ -30,8 +30,9 @@ template(`userdom_base_user_template',`
@@ -49473,7 +49490,7 @@ index 35f1476..d74e327 100644
 +		type home_cert_t;
 +	')
 +
-+	userdom_search_user_home_dirs($1)
++	userdom_search_user_home_content($1)
 +	allow $1 home_cert_t:dir list_dir_perms;
 +	read_files_pattern($1, home_cert_t, home_cert_t)
 +	read_lnk_files_pattern($1, home_cert_t, home_cert_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 5802923..625f0b6 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -21,7 +21,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.9.10
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -471,6 +471,9 @@ exit 0
 %endif
 
 %changelog
+* Tue Dec 7 2010 Miroslav Grepl <mgrepl at redhat.com> 3.9.9-8
+- Fixes for lvm to work with systemd
+
 * Mon Dec 6 2010 Miroslav Grepl <mgrepl at redhat.com> 3.9.9-7
 - Fix the label for wicd log
 - plymouthd creates force-display-on-active-vt file

More information about the scm-commits mailing list