[selinux-policy: 1673/3172] patches for lvm and ricci fixes from Dan Walsh.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:29:39 UTC 2010
commit c5561c777d1f2e5212b3c4202f90f22a86a98e89
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Mar 6 15:35:02 2007 +0000
patches for lvm and ricci fixes from Dan Walsh.
Changelog | 2 ++
policy/modules/services/ricci.te | 7 ++++---
policy/modules/system/lvm.if | 23 ++++++++++++++++++++++-
policy/modules/system/lvm.te | 4 +++-
4 files changed, 31 insertions(+), 5 deletions(-)
---
diff --git a/Changelog b/Changelog
index c92f63e..482a531 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,5 @@
+- Patch for lvm fixes from Dan Walsh.
+- Patch for ricci fixes from Dan Walsh.
- Patch for postfix lmtp labeling and pickup rule fix from Dan Walsh.
- Patch for kerberized telnet fixes from Dan Walsh.
- Patch for kerberized ftp and other ftp fixes from Dan Walsh.
diff --git a/policy/modules/services/ricci.te b/policy/modules/services/ricci.te
index 9ff934b..19ca515 100644
--- a/policy/modules/services/ricci.te
+++ b/policy/modules/services/ricci.te
@@ -1,5 +1,5 @@
-policy_module(ricci,1.0.1)
+policy_module(ricci,1.0.2)
########################################
#
@@ -486,18 +486,19 @@ libs_use_shared_libs(ricci_modstorage_t)
logging_send_syslog_msg(ricci_modstorage_t)
lvm_domtrans(ricci_modstorage_t)
-lvm_read_config(ricci_modstorage_t)
+lvm_manage_config(ricci_modstorage_t)
miscfiles_read_localization(ricci_modstorage_t)
modutils_read_module_deps(ricci_modstorage_t)
optional_policy(`
+ ccs_stream_connect(ricci_modstorage_t)
ccs_read_config(ricci_modstorage_t)
')
optional_policy(`
- lvm_domtrans(ricci_modstorage_t)
+ nscd_socket_use(ricci_modstorage_t)
')
optional_policy(`
diff --git a/policy/modules/system/lvm.if b/policy/modules/system/lvm.if
index a4bd4f3..515f94d 100644
--- a/policy/modules/system/lvm.if
+++ b/policy/modules/system/lvm.if
@@ -63,10 +63,31 @@ interface(`lvm_run',`
#
interface(`lvm_read_config',`
gen_require(`
- type lvm_t, lvm_etc_t;
+ type lvm_etc_t;
')
files_search_etc($1)
allow $1 lvm_etc_t:dir list_dir_perms;
read_files_pattern($1,lvm_etc_t,lvm_etc_t)
')
+
+########################################
+## <summary>
+## Manage LVM configuration files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`lvm_manage_config',`
+ gen_require(`
+ type lvm_etc_t;
+ ')
+
+ files_search_etc($1)
+ manage_dirs_pattern($1,lvm_etc_t,lvm_etc_t)
+ manage_files_pattern($1,lvm_etc_t,lvm_etc_t)
+')
diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
index 360df31..d4c508d 100644
--- a/policy/modules/system/lvm.te
+++ b/policy/modules/system/lvm.te
@@ -1,5 +1,5 @@
-policy_module(lvm,1.5.1)
+policy_module(lvm,1.5.2)
########################################
#
@@ -96,6 +96,7 @@ files_list_usr(clvmd_t)
fs_getattr_all_fs(clvmd_t)
fs_search_auto_mountpoints(clvmd_t)
fs_dontaudit_list_tmpfs(clvmd_t)
+fs_dontaudit_read_removable_files(clvmd_t)
storage_dontaudit_getattr_removable_dev(clvmd_t)
@@ -218,6 +219,7 @@ selinux_compute_relabel_context(lvm_t)
selinux_compute_user_contexts(lvm_t)
dev_create_generic_chr_files(lvm_t)
+dev_delete_generic_dirs(lvm_t)
dev_read_rand(lvm_t)
dev_read_urand(lvm_t)
dev_rw_lvm_control(lvm_t)
More information about the scm-commits
mailing list