[selinux-policy: 894/3172] fixes uncovered by sediff
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:22:19 UTC 2010
commit 62841791a588c3a0bf80983608e0198544d596c1
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Mon Oct 31 14:55:34 2005 +0000
fixes uncovered by sediff
refpolicy/policy/modules/services/mta.te | 1 +
refpolicy/policy/modules/services/telnet.te | 4 ++++
2 files changed, 5 insertions(+), 0 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/mta.te b/refpolicy/policy/modules/services/mta.te
index 1752cdd..5334c09 100644
--- a/refpolicy/policy/modules/services/mta.te
+++ b/refpolicy/policy/modules/services/mta.te
@@ -75,6 +75,7 @@ corenet_raw_sendrecv_all_nodes(system_mail_t)
corenet_tcp_sendrecv_all_ports(system_mail_t)
corenet_tcp_bind_all_nodes(system_mail_t)
corenet_tcp_connect_smtp_port(system_mail_t)
+corenet_tcp_connect_all_ports(system_mail_t)
dev_read_rand(system_mail_t)
dev_read_urand(system_mail_t)
diff --git a/refpolicy/policy/modules/services/telnet.te b/refpolicy/policy/modules/services/telnet.te
index 007787f..23b1d72 100644
--- a/refpolicy/policy/modules/services/telnet.te
+++ b/refpolicy/policy/modules/services/telnet.te
@@ -34,12 +34,14 @@ allow telnetd_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
allow telnetd_t self:capability { setuid setgid };
allow telnetd_t telnetd_devpts_t:chr_file { rw_file_perms setattr };
+term_create_pty(telnetd_t,telnetd_devpts_t)
allow telnetd_t telnetd_tmp_t:dir create_dir_perms;
allow telnetd_t telnetd_tmp_t:file create_file_perms;
files_create_tmp_files(telnetd_t, telnetd_tmp_t, { file dir })
allow telnetd_t telnetd_var_run_t:file create_file_perms;
+allow telnetd_t telnetd_var_run_t:dir rw_file_perms;
files_create_pid(telnetd_t,telnetd_var_run_t)
kernel_read_kernel_sysctl(telnetd_t)
@@ -63,6 +65,8 @@ fs_getattr_xattr_fs(telnetd_t)
auth_rw_login_records(telnetd_t)
+corecmd_search_sbin(telnetd_t)
+
files_read_etc_files(telnetd_t)
files_read_etc_runtime_files(telnetd_t)
# for identd; cjp: this should probably only be inetd_child rules?
More information about the scm-commits
mailing list