[selinux-policy: 1939/3172] trunk: start adding open perm to obvious places.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:52:34 UTC 2010
commit cbe82b179b9b1952fe1d3670f23e1fe2f289066d
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Fri May 23 18:22:57 2008 +0000
trunk: start adding open perm to obvious places.
policy/modules/admin/amanda.te | 2 +-
policy/modules/services/gpm.te | 4 ++--
policy/support/obj_perm_sets.spt | 14 +++++++-------
3 files changed, 10 insertions(+), 10 deletions(-)
---
diff --git a/policy/modules/admin/amanda.te b/policy/modules/admin/amanda.te
index a5f6f45..f3a48e3 100644
--- a/policy/modules/admin/amanda.te
+++ b/policy/modules/admin/amanda.te
@@ -94,7 +94,7 @@ can_exec(amanda_t,amanda_inetd_exec_t)
# access to amanda_gnutarlists_t (/var/lib/amanda/gnutar-lists)
allow amanda_t amanda_gnutarlists_t:dir rw_dir_perms;
allow amanda_t amanda_gnutarlists_t:file manage_file_perms;
-allow amanda_t amanda_gnutarlists_t:lnk_file manage_file_perms;
+allow amanda_t amanda_gnutarlists_t:lnk_file manage_lnk_file_perms;
manage_dirs_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t)
manage_files_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t)
diff --git a/policy/modules/services/gpm.te b/policy/modules/services/gpm.te
index ad75558..653c2c9 100644
--- a/policy/modules/services/gpm.te
+++ b/policy/modules/services/gpm.te
@@ -41,8 +41,8 @@ files_tmp_filetrans(gpm_t, gpm_tmp_t, { file dir })
allow gpm_t gpm_var_run_t:file manage_file_perms;
files_pid_filetrans(gpm_t,gpm_var_run_t,file)
-allow gpm_t gpmctl_t:sock_file manage_file_perms;
-allow gpm_t gpmctl_t:fifo_file manage_file_perms;
+allow gpm_t gpmctl_t:sock_file manage_sock_file_perms;
+allow gpm_t gpmctl_t:fifo_file manage_fifo_file_perms;
dev_filetrans(gpm_t,gpmctl_t,{ sock_file fifo_file })
kernel_read_kernel_sysctls(gpm_t)
diff --git a/policy/support/obj_perm_sets.spt b/policy/support/obj_perm_sets.spt
index 5b5e992..d308697 100644
--- a/policy/support/obj_perm_sets.spt
+++ b/policy/support/obj_perm_sets.spt
@@ -193,7 +193,7 @@ define(`del_entry_dir_perms',`{ getattr search lock ioctl write remove_name }')
define(`create_dir_perms',`{ getattr create }')
define(`rename_dir_perms',`{ getattr rename }')
define(`delete_dir_perms',`{ getattr rmdir }')
-define(`manage_dir_perms',`{ create getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl }')
+define(`manage_dir_perms',`{ create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl }')
define(`relabelfrom_dir_perms',`{ getattr relabelfrom }')
define(`relabelto_dir_perms',`{ getattr relabelto }')
define(`relabel_dir_perms',`{ getattr relabelfrom relabelto }')
@@ -209,10 +209,10 @@ define(`exec_file_perms',`{ getattr read execute execute_no_trans }')
define(`append_file_perms',`{ getattr append lock ioctl }')
define(`write_file_perms',`{ getattr write append lock ioctl }')
define(`rw_file_perms',`{ getattr read write append ioctl lock }')
-define(`create_file_perms',`{ getattr create }')
+define(`create_file_perms',`{ getattr create open }')
define(`rename_file_perms',`{ getattr rename }')
define(`delete_file_perms',`{ getattr unlink }')
-define(`manage_file_perms',`{ create getattr setattr read write append rename link unlink ioctl lock }')
+define(`manage_file_perms',`{ create open getattr setattr read write append rename link unlink ioctl lock }')
define(`relabelfrom_file_perms',`{ getattr relabelfrom }')
define(`relabelto_file_perms',`{ getattr relabelto }')
define(`relabel_file_perms',`{ getattr relabelfrom relabelto }')
@@ -243,10 +243,10 @@ define(`read_fifo_file_perms',`{ getattr read lock ioctl }')
define(`append_fifo_file_perms',`{ getattr append lock ioctl }')
define(`write_fifo_file_perms',`{ getattr write append lock ioctl }')
define(`rw_fifo_file_perms',`{ getattr read write append ioctl lock }')
-define(`create_fifo_file_perms',`{ getattr create }')
+define(`create_fifo_file_perms',`{ getattr create open }')
define(`rename_fifo_file_perms',`{ getattr rename }')
define(`delete_fifo_file_perms',`{ getattr unlink }')
-define(`manage_fifo_file_perms',`{ create getattr setattr read write append rename link unlink ioctl lock }')
+define(`manage_fifo_file_perms',`{ create open getattr setattr read write append rename link unlink ioctl lock }')
define(`relabelfrom_fifo_file_perms',`{ getattr relabelfrom }')
define(`relabelto_fifo_file_perms',`{ getattr relabelto }')
define(`relabel_fifo_file_perms',`{ getattr relabelfrom relabelto }')
@@ -279,7 +279,7 @@ define(`rw_blk_file_perms',`{ getattr read write append ioctl lock }')
define(`create_blk_file_perms',`{ getattr create }')
define(`rename_blk_file_perms',`{ getattr rename }')
define(`delete_blk_file_perms',`{ getattr unlink }')
-define(`manage_blk_file_perms',`{ create getattr setattr read write append rename link unlink ioctl lock }')
+define(`manage_blk_file_perms',`{ create open getattr setattr read write append rename link unlink ioctl lock }')
define(`relabelfrom_blk_file_perms',`{ getattr relabelfrom }')
define(`relabelto_blk_file_perms',`{ getattr relabelto }')
define(`relabel_blk_file_perms',`{ getattr relabelfrom relabelto }')
@@ -296,7 +296,7 @@ define(`rw_chr_file_perms',`{ getattr read write append ioctl lock }')
define(`create_chr_file_perms',`{ getattr create }')
define(`rename_chr_file_perms',`{ getattr rename }')
define(`delete_chr_file_perms',`{ getattr unlink }')
-define(`manage_chr_file_perms',`{ create getattr setattr read write append rename link unlink ioctl lock }')
+define(`manage_chr_file_perms',`{ create open getattr setattr read write append rename link unlink ioctl lock }')
define(`relabelfrom_chr_file_perms',`{ getattr relabelfrom }')
define(`relabelto_chr_file_perms',`{ getattr relabelto }')
define(`relabel_chr_file_perms',`{ getattr relabelfrom relabelto }')
More information about the scm-commits
mailing list