[selinux-policy: 1188/3172] fix userdom_create_sysadm_home
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:47:39 UTC 2010
commit ee9500ec86756f4e487e381618c3bc1b274e9f99
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Fri Feb 3 14:48:12 2006 +0000
fix userdom_create_sysadm_home
refpolicy/policy/modules/admin/amanda.te | 2 +-
refpolicy/policy/modules/system/userdomain.if | 24 +++++++-----------------
2 files changed, 8 insertions(+), 18 deletions(-)
---
diff --git a/refpolicy/policy/modules/admin/amanda.te b/refpolicy/policy/modules/admin/amanda.te
index ccb9d98..b4e07e0 100644
--- a/refpolicy/policy/modules/admin/amanda.te
+++ b/refpolicy/policy/modules/admin/amanda.te
@@ -206,7 +206,7 @@ allow amanda_recover_t amanda_recover_dir_t:file create_file_perms;
allow amanda_recover_t amanda_recover_dir_t:lnk_file create_lnk_perms;
allow amanda_recover_t amanda_recover_dir_t:sock_file create_file_perms;
allow amanda_recover_t amanda_recover_dir_t:fifo_file create_file_perms;
-userdom_create_sysadm_home(amanda_recover_t,amanda_recover_dir_t,{ dir file lnk_file sock_file fifo_file })
+userdom_filetrans_sysadm_home_dir(amanda_recover_t,amanda_recover_dir_t,{ dir file lnk_file sock_file fifo_file })
allow amanda_recover_t amanda_tmp_t:dir create_dir_perms;
allow amanda_recover_t amanda_tmp_t:file create_file_perms;
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index d95ac0c..3212b7d 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -3202,31 +3202,21 @@ interface(`userdom_dontaudit_read_sysadm_home_files',`
## <param name="domain">
## Domain allowed access.
## </param>
-## <param name="object_class" optional="true">
+## <param name="private type">
+## The type of the object to be created.
+## </param>
+## <param name="object_class">
## The class of the object to be created.
## If not specified, file is used.
## </param>
#
-interface(`userdom_create_sysadm_home',`
+interface(`userdom_filetrans_sysadm_home_dir',`
gen_require(`
- type sysadm_home_dir_t, sysadm_home_t;
+ type sysadm_home_dir_t;
')
allow $1 sysadm_home_dir_t:dir rw_dir_perms;
-
- ifelse(`$2',`',`
- ifelse(`$3',`',`
- type_transition $1 sysadm_home_dir_t:file sysadm_home_t;
- ',`
- type_transition $1 sysadm_home_dir_t:$3 sysadm_home_t;
- ')
- ',`
- ifelse(`$3',`',`
- type_transition $1 sysadm_home_dir_t:file $2;
- ',`
- type_transition $1 sysadm_home_dir_t:$3 $2;
- ')
- ')
+ type_transition $1 sysadm_home_dir_t:$3 $2;
')
########################################
More information about the scm-commits
mailing list