[selinux-policy: 1408/3172] fix up entrypoints
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:07:06 UTC 2010
commit d40c0ecf7acd6745f32017a378b8cba953e78605
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Mon May 1 19:11:54 2006 +0000
fix up entrypoints
refpolicy/policy/modules/apps/games.if | 1 +
refpolicy/policy/modules/apps/java.if | 1 +
refpolicy/policy/modules/services/dbus.if | 6 +-----
refpolicy/policy/modules/system/ipsec.te | 1 +
refpolicy/policy/modules/system/userdomain.if | 4 +++-
5 files changed, 7 insertions(+), 6 deletions(-)
---
diff --git a/refpolicy/policy/modules/apps/games.if b/refpolicy/policy/modules/apps/games.if
index 1e88bbd..319a707 100644
--- a/refpolicy/policy/modules/apps/games.if
+++ b/refpolicy/policy/modules/apps/games.if
@@ -41,6 +41,7 @@ template(`games_per_userdomain_template',`
type $1_games_t;
domain_type($1_games_t)
+ domain_entry_file($1_games_t,games_exec_t)
role $3 types $1_games_t;
type $1_games_devpts_t;
diff --git a/refpolicy/policy/modules/apps/java.if b/refpolicy/policy/modules/apps/java.if
index 0c950ec..cd3d01a 100644
--- a/refpolicy/policy/modules/apps/java.if
+++ b/refpolicy/policy/modules/apps/java.if
@@ -44,6 +44,7 @@ template(`java_per_userdomain_template',`
type $1_javaplugin_t;
domain_type($1_javaplugin_t)
+ domain_entry_file($1_javaplugin_t,java_exec_t)
role $3 types $1_javaplugin_t;
type $1_javaplugin_tmp_t;
diff --git a/refpolicy/policy/modules/services/dbus.if b/refpolicy/policy/modules/services/dbus.if
index a0f6b56..36877e6 100644
--- a/refpolicy/policy/modules/services/dbus.if
+++ b/refpolicy/policy/modules/services/dbus.if
@@ -49,11 +49,6 @@ interface(`dbus_stub',`
## </param>
#
template(`dbus_per_userdomain_template',`
- gen_require(`
- type system_dbusd_t, dbusd_etc_t;
- type system_dbusd_exec_t;
- class dbus { send_msg acquire_svc };
- ')
##############################
#
@@ -61,6 +56,7 @@ template(`dbus_per_userdomain_template',`
#
type $1_dbusd_t;
domain_type($1_dbusd_t)
+ domain_entry_file($1_dbusd_t,system_dbusd_exec_t)
role $3 types $1_dbusd_t;
type $1_dbusd_$1_t;
diff --git a/refpolicy/policy/modules/system/ipsec.te b/refpolicy/policy/modules/system/ipsec.te
index 4b618ef..bf5a5df 100644
--- a/refpolicy/policy/modules/system/ipsec.te
+++ b/refpolicy/policy/modules/system/ipsec.te
@@ -26,6 +26,7 @@ files_pid_file(ipsec_var_run_t)
type ipsec_mgmt_t;
type ipsec_mgmt_exec_t;
init_system_domain(ipsec_mgmt_t,ipsec_mgmt_exec_t)
+corecmd_shell_entry_type(ipsec_mgmt_t)
role system_r types ipsec_mgmt_t;
type ipsec_mgmt_lock_t;
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index 886b035..d0e7c92 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -31,6 +31,8 @@ template(`base_user_template',`
type $1_t, userdomain;
domain_type($1_t)
corecmd_shell_entry_type($1_t)
+ corecmd_bin_entry_type($1_t)
+ corecmd_sbin_entry_type($1_t)
domain_user_exemption_target($1_t)
role $1_r types $1_t;
allow system_r $1_r;
@@ -105,7 +107,7 @@ template(`base_user_template',`
can_exec($1_t,$1_home_t)
# full control of the home directory
- allow $1_t $1_home_t:file { create_file_perms relabelfrom relabelto };
+ allow $1_t $1_home_t:file { create_file_perms relabelfrom relabelto entrypoint };
allow $1_t $1_home_t:lnk_file { create_lnk_perms relabelfrom relabelto };
allow $1_t $1_home_t:dir { create_dir_perms relabelfrom relabelto };
allow $1_t $1_home_t:sock_file { create_file_perms relabelfrom relabelto };
More information about the scm-commits
mailing list