[selinux-policy: 944/3172] fix changed rules
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:26:37 UTC 2010
commit 1904b01047a3e8b07ba4338175329434bec7793b
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Thu Nov 10 16:54:18 2005 +0000
fix changed rules
refpolicy/policy/modules/services/comsat.te | 2 +-
refpolicy/policy/modules/services/cups.te | 4 ++--
refpolicy/policy/modules/system/pcmcia.te | 2 ++
3 files changed, 5 insertions(+), 3 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/comsat.te b/refpolicy/policy/modules/services/comsat.te
index 3f13e1c..ffeb150 100644
--- a/refpolicy/policy/modules/services/comsat.te
+++ b/refpolicy/policy/modules/services/comsat.te
@@ -29,7 +29,7 @@ allow comsat_t self:fifo_file rw_file_perms;
allow comsat_t self:{ lnk_file file } { getattr read };
allow comsat_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
allow comsat_t self:tcp_socket connected_stream_socket_perms;
-allow comsat_t self:udp_socket connected_socket_perms;
+allow comsat_t self:udp_socket create_socket_perms;
allow comsat_t comsat_tmp_t:dir create_dir_perms;
allow comsat_t comsat_tmp_t:file create_file_perms;
diff --git a/refpolicy/policy/modules/services/cups.te b/refpolicy/policy/modules/services/cups.te
index 33ce8a0..281f875 100644
--- a/refpolicy/policy/modules/services/cups.te
+++ b/refpolicy/policy/modules/services/cups.te
@@ -510,7 +510,7 @@ allow cupsd_config_t self:process signal_perms;
allow cupsd_config_t self:fifo_file rw_file_perms;
allow cupsd_config_t self:unix_stream_socket create_socket_perms;
allow cupsd_config_t self:unix_dgram_socket create_socket_perms;
-allow cupsd_config_t self:tcp_socket create_socket_perms;
+allow cupsd_config_t self:tcp_socket create_stream_socket_perms;
allow cupsd_config_t cupsd_t:tcp_socket { connectto recvfrom };
allow cupsd_t cupsd_config_t:tcp_socket { acceptfrom recvfrom };
@@ -720,7 +720,7 @@ allow cupsd_lpd_t cupsd_lpd_var_run_t:dir rw_dir_perms;
files_create_pid(cupsd_lpd_t,cupsd_lpd_var_run_t)
allow cupsd_lpd_t cupsd_rw_etc_t:dir list_dir_perms;
-allow cupsd_lpd_t cupsd_rw_etc_t:file { read getattr };
+allow cupsd_lpd_t cupsd_rw_etc_t:file r_file_perms;
allow cupsd_lpd_t cupsd_rw_etc_t:lnk_file { getattr read };
kernel_read_kernel_sysctl(cupsd_lpd_t)
diff --git a/refpolicy/policy/modules/system/pcmcia.te b/refpolicy/policy/modules/system/pcmcia.te
index 913c88a..f96ee05 100644
--- a/refpolicy/policy/modules/system/pcmcia.te
+++ b/refpolicy/policy/modules/system/pcmcia.te
@@ -119,6 +119,8 @@ userdom_dontaudit_use_unpriv_user_fd(cardmgr_t)
userdom_dontaudit_search_sysadm_home_dir(cardmgr_t)
ifdef(`targeted_policy',`
+ term_use_unallocated_tty(cardmgr_t)
+ term_use_generic_pty(cardmgr_t)
term_dontaudit_use_unallocated_tty(cardmgr_t)
term_dontaudit_use_generic_pty(cardmgr_t)
files_dontaudit_read_root_file(cardmgr_t)
More information about the scm-commits
mailing list