[selinux-policy: 1908/3172] trunk: rpc update from Vaclav Ovsik.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:49:55 UTC 2010
commit 01e8ff4ab35abeaa873318c43c52901ea597ca76
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Mar 4 19:14:08 2008 +0000
trunk: rpc update from Vaclav Ovsik.
Changelog | 1 +
policy/modules/services/rpc.fc | 1 +
policy/modules/services/rpc.te | 7 ++++++-
3 files changed, 8 insertions(+), 1 deletions(-)
---
diff --git a/Changelog b/Changelog
index 729781f..1d200f1 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- RPC update from Vaclav Ovsik.
- Exim updates on Debian from Devin Carrawy.
- Pam and samba updates from Stefan Schulze Frielinghaus.
- Backup update on Debian from Vaclav Ovsik.
diff --git a/policy/modules/services/rpc.fc b/policy/modules/services/rpc.fc
index 9dc1709..629f473 100644
--- a/policy/modules/services/rpc.fc
+++ b/policy/modules/services/rpc.fc
@@ -7,6 +7,7 @@
# /sbin
#
/sbin/rpc\..* -- gen_context(system_u:object_r:rpcd_exec_t,s0)
+/sbin/sm-notify -- gen_context(system_u:object_r:rpcd_exec_t,s0)
#
# /usr
diff --git a/policy/modules/services/rpc.te b/policy/modules/services/rpc.te
index b01f613..067b02a 100644
--- a/policy/modules/services/rpc.te
+++ b/policy/modules/services/rpc.te
@@ -1,5 +1,5 @@
-policy_module(rpc,1.7.0)
+policy_module(rpc,1.7.1)
########################################
#
@@ -60,10 +60,15 @@ allow rpcd_t rpcd_var_run_t:dir setattr;
manage_files_pattern(rpcd_t,rpcd_var_run_t,rpcd_var_run_t)
files_pid_filetrans(rpcd_t,rpcd_var_run_t,file)
+# rpc.statd executes sm-notify
+can_exec(rpcd_t, rpcd_exec_t)
+corecmd_search_bin(rpcd_t)
+
kernel_read_system_state(rpcd_t)
kernel_search_network_state(rpcd_t)
# for rpc.rquotad
kernel_read_sysctl(rpcd_t)
+kernel_rw_fs_sysctls(rpcd_t)
fs_list_rpc(rpcd_t)
fs_read_rpc_files(rpcd_t)
More information about the scm-commits
mailing list