[selinux-policy: 1206/3172] add x_client_domain implementation
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:49:11 UTC 2010
commit 0a30b0086bd2c4b5543ff6f515a844904ab1e1c3
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed Feb 15 16:30:48 2006 +0000
add x_client_domain implementation
docs/macro_conversion_guide | 25 ++++++++++++++++++++-----
1 files changed, 20 insertions(+), 5 deletions(-)
---
diff --git a/docs/macro_conversion_guide b/docs/macro_conversion_guide
index 00be218..97395f6 100644
--- a/docs/macro_conversion_guide
+++ b/docs/macro_conversion_guide
@@ -1197,11 +1197,11 @@ files_filetrans_tmp($1_t, $1_tmp_t, $3)
#
type $1_tmpfs_t;
files_tmpfs_file($1_tmpfs_t)
-allow $1_t $1_tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
-allow $1_t $1_tmpfs_t:file { create ioctl read getattr lock write setattr append link unlink rename };
-allow $1_t $1_tmpfs_t:lnk_file { create read getattr setattr link unlink rename };
-allow $1_t $1_tmpfs_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename };
-allow $1_t $1_tmpfs_t:fifo_file { create ioctl read getattr lock write setattr append link unlink rename };
+allow $1_t $1_tmpfs_t:dir rw_dir_perms;
+allow $1_t $1_tmpfs_t:file manage_file_perms;
+allow $1_t $1_tmpfs_t:lnk_file create_lnk_perms;
+allow $1_t $1_tmpfs_t:sock_file manage_file_perms;
+allow $1_t $1_tmpfs_t:fifo_file manage_file_perms;
fs_filetrans_tmpfs($1_t,$1_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
#
@@ -1254,3 +1254,18 @@ allow $1 $1_var_run_t:dir create_dir_perms;
allow $1 $1_var_run_t:lnk_file create_lnk_perms;
# else:
allow $1 $1_var_run_t:$2 create_file_perms;
+
+#
+# x_client_domain($1,$2): complete
+#
+type $1_tmpfs_t;
+files_tmpfs_file($1_tmpfs_t)
+allow $1_t $1_tmpfs_t:dir rw_dir_perms;
+allow $1_t $1_tmpfs_t:file manage_file_perms;
+allow $1_t $1_tmpfs_t:lnk_file create_lnk_perms;
+allow $1_t $1_tmpfs_t:sock_file manage_file_perms;
+allow $1_t $1_tmpfs_t:fifo_file manage_file_perms;
+fs_filetrans_tmpfs($1_t,$1_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+optional_policy(`xserver',`
+xserver_user_client_template($2,$1_t,$1_tmpfs_t)
+')
More information about the scm-commits
mailing list