[selinux-policy: 1980/3172] trunk: missed fixes on previous commit.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:56:02 UTC 2010
commit 7aabe358f47bacd619d10357b675d052940dcabe
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Thu Aug 7 14:45:37 2008 +0000
trunk: missed fixes on previous commit.
policy/modules/apps/usernetctl.if | 2 +-
policy/modules/kernel/storage.if | 23 ++---------------------
policy/modules/services/rsync.te | 5 +++--
3 files changed, 6 insertions(+), 24 deletions(-)
---
diff --git a/policy/modules/apps/usernetctl.if b/policy/modules/apps/usernetctl.if
index 2dbc328..63b5167 100644
--- a/policy/modules/apps/usernetctl.if
+++ b/policy/modules/apps/usernetctl.if
@@ -66,6 +66,6 @@ interface(`usernetctl_run',`
optional_policy(`
- ppp_run(usernetctl_t,$2,$3)
+ ppp_run(usernetctl_t, $2, $3)
')
')
diff --git a/policy/modules/kernel/storage.if b/policy/modules/kernel/storage.if
index 63e7842..c711e97 100644
--- a/policy/modules/kernel/storage.if
+++ b/policy/modules/kernel/storage.if
@@ -81,26 +81,6 @@ interface(`storage_dontaudit_setattr_fixed_disk_dev',`
########################################
## <summary>
-## dontaudit the caller attempts to read from a fixed disk.
-## </summary>
-## <param name="domain">
-## <summary>
-## The type of the process performing this action.
-## </summary>
-## </param>
-#
-interface(`storage_dontaudit_raw_read_fixed_disk',`
- gen_require(`
- attribute fixed_disk_raw_read;
- type fixed_disk_device_t;
- ')
-
- dontaudit $1 fixed_disk_device_t:blk_file read_blk_file_perms;
- dontaudit $1 fixed_disk_device_t:chr_file read_chr_file_perms;
-')
-
-########################################
-## <summary>
## Allow the caller to directly read from a fixed disk.
## This is extremly dangerous as it can bypass the
## SELinux protections for filesystem objects, and
@@ -141,7 +121,8 @@ interface(`storage_dontaudit_read_fixed_disk',`
')
- dontaudit $1 fixed_disk_device_t:blk_file { getattr ioctl read };
+ dontaudit $1 fixed_disk_device_t:blk_file read_blk_file_perms;
+ dontaudit $1 fixed_disk_device_t:chr_file read_chr_file_perms;
')
########################################
diff --git a/policy/modules/services/rsync.te b/policy/modules/services/rsync.te
index d7547bb..958e813 100644
--- a/policy/modules/services/rsync.te
+++ b/policy/modules/services/rsync.te
@@ -61,6 +61,9 @@ allow rsync_t rsync_data_t:dir list_dir_perms;
read_files_pattern(rsync_t, rsync_data_t, rsync_data_t)
read_lnk_files_pattern(rsync_t, rsync_data_t, rsync_data_t)
+manage_files_pattern(rsync_t, rsync_log_t, rsync_log_t)
+logging_log_filetrans(rsync_t, rsync_log_t, file)
+
manage_dirs_pattern(rsync_t, rsync_tmp_t, rsync_tmp_t)
manage_files_pattern(rsync_t, rsync_tmp_t, rsync_tmp_t)
files_tmp_filetrans(rsync_t, rsync_tmp_t, { file dir })
@@ -97,8 +100,6 @@ libs_use_ld_so(rsync_t)
libs_use_shared_libs(rsync_t)
logging_send_syslog_msg(rsync_t)
-manage_files_pattern(rsync_t,rsync_log_t,rsync_log_t)
-logging_log_filetrans(rsync_t,rsync_log_t,file)
miscfiles_read_localization(rsync_t)
miscfiles_read_public_files(rsync_t)
More information about the scm-commits
mailing list