[selinux-policy: 894/3172] fixes uncovered by sediff

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 20:22:19 UTC 2010 

commit 62841791a588c3a0bf80983608e0198544d596c1
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Mon Oct 31 14:55:34 2005 +0000

    fixes uncovered by sediff

 refpolicy/policy/modules/services/mta.te    |    1 +
 refpolicy/policy/modules/services/telnet.te |    4 ++++
 2 files changed, 5 insertions(+), 0 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/mta.te b/refpolicy/policy/modules/services/mta.te
index 1752cdd..5334c09 100644
--- a/refpolicy/policy/modules/services/mta.te
+++ b/refpolicy/policy/modules/services/mta.te
@@ -75,6 +75,7 @@ corenet_raw_sendrecv_all_nodes(system_mail_t)
 corenet_tcp_sendrecv_all_ports(system_mail_t)
 corenet_tcp_bind_all_nodes(system_mail_t)
 corenet_tcp_connect_smtp_port(system_mail_t)
+corenet_tcp_connect_all_ports(system_mail_t)
 
 dev_read_rand(system_mail_t)
 dev_read_urand(system_mail_t)
diff --git a/refpolicy/policy/modules/services/telnet.te b/refpolicy/policy/modules/services/telnet.te
index 007787f..23b1d72 100644
--- a/refpolicy/policy/modules/services/telnet.te
+++ b/refpolicy/policy/modules/services/telnet.te
@@ -34,12 +34,14 @@ allow telnetd_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
 allow telnetd_t self:capability { setuid setgid };
 
 allow telnetd_t telnetd_devpts_t:chr_file { rw_file_perms setattr };
+term_create_pty(telnetd_t,telnetd_devpts_t)
 
 allow telnetd_t telnetd_tmp_t:dir create_dir_perms;
 allow telnetd_t telnetd_tmp_t:file create_file_perms;
 files_create_tmp_files(telnetd_t, telnetd_tmp_t, { file dir })
 
 allow telnetd_t telnetd_var_run_t:file create_file_perms;
+allow telnetd_t telnetd_var_run_t:dir rw_file_perms;
 files_create_pid(telnetd_t,telnetd_var_run_t)
 
 kernel_read_kernel_sysctl(telnetd_t)
@@ -63,6 +65,8 @@ fs_getattr_xattr_fs(telnetd_t)
 
 auth_rw_login_records(telnetd_t)
 
+corecmd_search_sbin(telnetd_t)
+
 files_read_etc_files(telnetd_t)
 files_read_etc_runtime_files(telnetd_t)
 # for identd; cjp: this should probably only be inetd_child rules?

More information about the scm-commits mailing list