[selinux-policy: 165/3172] add privmail attribute and move make_{init, daemon, system}_domain to init
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:19:17 UTC 2010
commit c28c4b03c9bafd1eb865607096f80e446526581e
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Fri May 13 20:39:10 2005 +0000
add privmail attribute and move make_{init,daemon,system}_domain to init
docs/macro_conversion_guide | 16 +++++++++++++---
1 files changed, 13 insertions(+), 3 deletions(-)
---
diff --git a/docs/macro_conversion_guide b/docs/macro_conversion_guide
index a8b6036..d3e9902 100644
--- a/docs/macro_conversion_guide
+++ b/docs/macro_conversion_guide
@@ -266,9 +266,19 @@ domain_make_file_descriptors_widely_inheritable($1)
#
# privlog: complete
+#
logging_send_system_log_message($1)
#
+# privmail:
+#
+mta_send_mail_transition($1)
+# this needs more work:
+allow mta_user_agent $1:fd use;
+allow mta_user_agent $1:process sigchld;
+allow mta_user_agent $1:fifo_file { read write };
+
+#
# privmodule: complete
#
modutils_insmod_transition($1)
@@ -685,7 +695,7 @@ allow $1 $2:lnk_file { create read getattr setattr link unlink rename };
#
type $1_t;
type $1_exec_t;
-domain_make_daemon_domain($1_t,$1_exec_t)
+init_make_daemon_domain($1_t,$1_exec_t)
role system_r types $1_t;
dontaudit $1_t self:capability sys_tty_config;
allow $1_t self:process { sigchld sigkill sigstop signull signal };
@@ -728,7 +738,7 @@ allow $1_t autofs_t:dir { search getattr };
#
type $1_t;
type $1_exec_t;
-domain_make_daemon_domain($1_t,$1_exec_t)
+init_make_daemon_domain($1_t,$1_exec_t)
type $1_var_run_t;
files_make_daemon_runtime_file($1_var_run_t)
allow $1_t $1_var_run_t:file { getattr create read write append setattr unlink };
@@ -891,7 +901,7 @@ role staff_r types $1;
#
type $1_t;
type $1_exec_t;
-domain_make_daemon_domain($1_t,$1_exec_t)
+init_make_daemon_domain($1_t,$1_exec_t)
dontaudit $1_t self:capability sys_tty_config;
kernel_read_hardware_state($1_t)
terminal_ignore_use_console($1_t)
More information about the scm-commits
mailing list