[selinux-policy: 1576/3172] more strict testing fixes

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 21:21:26 UTC 2010 

commit 98de871cee02223ff6fcf88280d9f75abbfd867d
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Wed Aug 23 19:36:04 2006 +0000

    more strict testing fixes

 policy/modules/system/authlogin.if   |    2 +-
 policy/modules/system/authlogin.te   |    2 +-
 policy/modules/system/init.fc        |    6 +++++-
 policy/modules/system/init.te        |   13 +++++++++----
 policy/modules/system/selinuxutil.te |    4 +++-
 policy/modules/system/sysnetwork.fc  |    6 +++++-
 policy/modules/system/sysnetwork.te  |    2 +-
 7 files changed, 25 insertions(+), 10 deletions(-)
---
diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
index 51428d5..b947f0a 100644
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -654,7 +654,7 @@ interface(`auth_rw_lastlog',`
 	')
 
 	logging_search_logs($1)
-	allow $1 lastlog_t:file { getattr read write setattr };
+	allow $1 lastlog_t:file { getattr read write lock setattr };
 ')
 
 ########################################
diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
index e1d1da5..1006dc4 100644
--- a/policy/modules/system/authlogin.te
+++ b/policy/modules/system/authlogin.te
@@ -1,5 +1,5 @@
 
-policy_module(authlogin,1.3.11)
+policy_module(authlogin,1.3.12)
 
 ########################################
 #
diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
index 46ef80a..0c0dfda 100644
--- a/policy/modules/system/init.fc
+++ b/policy/modules/system/init.fc
@@ -9,7 +9,11 @@
 
 /etc/rc\.d/init\.d/.*	--	gen_context(system_u:object_r:initrc_exec_t,s0)
 
-ifdef(`targeted_policy', `', `
+ifdef(`distro_gentoo',`
+/etc/vmware/init\.d/vmware --	gen_context(system_u:object_r:initrc_exec_t,s0)
+')
+
+ifdef(`strict_policy',`
 /etc/X11/prefdm		--	gen_context(system_u:object_r:initrc_exec_t,s0)
 ')
 
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 07e4469..ab9d4b3 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -1,5 +1,5 @@
 
-policy_module(init,1.3.21)
+policy_module(init,1.3.22)
 
 gen_require(`
 	class passwd rootok;
@@ -221,9 +221,10 @@ term_create_pty(initrc_t,initrc_devpts_t)
 
 can_exec(initrc_t,initrc_exec_t)
 
-allow initrc_t initrc_state_t:dir create_dir_perms;
-allow initrc_t initrc_state_t:file create_file_perms;
-allow initrc_t initrc_state_t:lnk_file { create read getattr setattr unlink rename };
+allow initrc_t initrc_state_t:dir manage_dir_perms;
+allow initrc_t initrc_state_t:file manage_file_perms;
+allow initrc_t initrc_state_t:fifo_file manage_file_perms;
+allow initrc_t initrc_state_t:lnk_file create_lnk_perms;
 
 allow initrc_t initrc_var_run_t:file create_file_perms;
 files_pid_filetrans(initrc_t,initrc_var_run_t,file)
@@ -466,6 +467,10 @@ ifdef(`distro_redhat',`
 	miscfiles_read_fonts(initrc_t)
 	miscfiles_read_hwdata(initrc_t)
 
+	# for integrated run_init to read run_init_type.
+	# happens during boot (/sbin/rc execs init scripts)
+	seutil_read_default_contexts(initrc_t)
+
 	optional_policy(`
 		bind_manage_config_dirs(initrc_t)
 		bind_write_config(initrc_t)
diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
index ec991b1..2e89f2b 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -1,5 +1,5 @@
 
-policy_module(selinuxutil,1.2.11)
+policy_module(selinuxutil,1.2.12)
 
 ifdef(`strict_policy',`
 	gen_require(`
@@ -565,6 +565,8 @@ corecmd_exec_sbin(semanage_t)
 
 dev_read_urand(semanage_t)
 
+domain_use_interactive_fds(semanage_t)
+
 files_read_etc_files(semanage_t)
 files_read_usr_files(semanage_t)
 files_list_pids(semanage_t)
diff --git a/policy/modules/system/sysnetwork.fc b/policy/modules/system/sysnetwork.fc
index f58df4f..eb2e4df 100644
--- a/policy/modules/system/sysnetwork.fc
+++ b/policy/modules/system/sysnetwork.fc
@@ -50,7 +50,11 @@ ifdef(`distro_redhat',`
 /var/lib/dhcp3?		-d	gen_context(system_u:object_r:dhcp_state_t,s0)
 /var/lib/dhcp3?/dhclient.*	gen_context(system_u:object_r:dhcpc_state_t,s0)
 /var/lib/dhcpcd(/.*)?		gen_context(system_u:object_r:dhcpc_state_t,s0)
-
 /var/lib/dhclient(/.*)?		gen_context(system_u:object_r:dhcpc_state_t,s0)
+
 /var/run/dhclient.*\.pid --	gen_context(system_u:object_r:dhcpc_var_run_t,s0)
 /var/run/dhclient.*\.leases --	gen_context(system_u:object_r:dhcpc_var_run_t,s0)
+
+ifdef(`distro_gentoo',`
+/var/lib/dhcpc(/.*)?		gen_context(system_u:object_r:dhcpc_state_t,s0)
+')
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
index fb01981..e19103a 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -1,5 +1,5 @@
 
-policy_module(sysnetwork,1.1.9)
+policy_module(sysnetwork,1.1.10)
 
 ########################################
 #

More information about the scm-commits mailing list