[selinux-policy: 1939/3172] trunk: start adding open perm to obvious places.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 21:52:34 UTC 2010 

commit cbe82b179b9b1952fe1d3670f23e1fe2f289066d
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri May 23 18:22:57 2008 +0000

    trunk: start adding open perm to obvious places.

 policy/modules/admin/amanda.te   |    2 +-
 policy/modules/services/gpm.te   |    4 ++--
 policy/support/obj_perm_sets.spt |   14 +++++++-------
 3 files changed, 10 insertions(+), 10 deletions(-)
---
diff --git a/policy/modules/admin/amanda.te b/policy/modules/admin/amanda.te
index a5f6f45..f3a48e3 100644
--- a/policy/modules/admin/amanda.te
+++ b/policy/modules/admin/amanda.te
@@ -94,7 +94,7 @@ can_exec(amanda_t,amanda_inetd_exec_t)
 # access to amanda_gnutarlists_t (/var/lib/amanda/gnutar-lists)
 allow amanda_t amanda_gnutarlists_t:dir rw_dir_perms;
 allow amanda_t amanda_gnutarlists_t:file manage_file_perms;
-allow amanda_t amanda_gnutarlists_t:lnk_file manage_file_perms;
+allow amanda_t amanda_gnutarlists_t:lnk_file manage_lnk_file_perms;
 
 manage_dirs_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t)
 manage_files_pattern(amanda_t,amanda_var_lib_t,amanda_var_lib_t)
diff --git a/policy/modules/services/gpm.te b/policy/modules/services/gpm.te
index ad75558..653c2c9 100644
--- a/policy/modules/services/gpm.te
+++ b/policy/modules/services/gpm.te
@@ -41,8 +41,8 @@ files_tmp_filetrans(gpm_t, gpm_tmp_t, { file dir })
 allow gpm_t gpm_var_run_t:file manage_file_perms;
 files_pid_filetrans(gpm_t,gpm_var_run_t,file)
 
-allow gpm_t gpmctl_t:sock_file manage_file_perms;
-allow gpm_t gpmctl_t:fifo_file manage_file_perms;
+allow gpm_t gpmctl_t:sock_file manage_sock_file_perms;
+allow gpm_t gpmctl_t:fifo_file manage_fifo_file_perms;
 dev_filetrans(gpm_t,gpmctl_t,{ sock_file fifo_file })
 
 kernel_read_kernel_sysctls(gpm_t)
diff --git a/policy/support/obj_perm_sets.spt b/policy/support/obj_perm_sets.spt
index 5b5e992..d308697 100644
--- a/policy/support/obj_perm_sets.spt
+++ b/policy/support/obj_perm_sets.spt
@@ -193,7 +193,7 @@ define(`del_entry_dir_perms',`{ getattr search lock ioctl write remove_name }')
 define(`create_dir_perms',`{ getattr create }')
 define(`rename_dir_perms',`{ getattr rename }')
 define(`delete_dir_perms',`{ getattr rmdir }')
-define(`manage_dir_perms',`{ create getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl }')
+define(`manage_dir_perms',`{ create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl }')
 define(`relabelfrom_dir_perms',`{ getattr relabelfrom }')
 define(`relabelto_dir_perms',`{ getattr relabelto }')
 define(`relabel_dir_perms',`{ getattr relabelfrom relabelto }')
@@ -209,10 +209,10 @@ define(`exec_file_perms',`{ getattr read execute execute_no_trans }')
 define(`append_file_perms',`{ getattr append lock ioctl }')
 define(`write_file_perms',`{ getattr write append lock ioctl }')
 define(`rw_file_perms',`{ getattr read write append ioctl lock }')
-define(`create_file_perms',`{ getattr create }')
+define(`create_file_perms',`{ getattr create open }')
 define(`rename_file_perms',`{ getattr rename }')
 define(`delete_file_perms',`{ getattr unlink }')
-define(`manage_file_perms',`{ create getattr setattr read write append rename link unlink ioctl lock }')
+define(`manage_file_perms',`{ create open getattr setattr read write append rename link unlink ioctl lock }')
 define(`relabelfrom_file_perms',`{ getattr relabelfrom }')
 define(`relabelto_file_perms',`{ getattr relabelto }')
 define(`relabel_file_perms',`{ getattr relabelfrom relabelto }')
@@ -243,10 +243,10 @@ define(`read_fifo_file_perms',`{ getattr read lock ioctl }')
 define(`append_fifo_file_perms',`{ getattr append lock ioctl }')
 define(`write_fifo_file_perms',`{ getattr write append lock ioctl }')
 define(`rw_fifo_file_perms',`{ getattr read write append ioctl lock }')
-define(`create_fifo_file_perms',`{ getattr create }')
+define(`create_fifo_file_perms',`{ getattr create open }')
 define(`rename_fifo_file_perms',`{ getattr rename }')
 define(`delete_fifo_file_perms',`{ getattr unlink }')
-define(`manage_fifo_file_perms',`{ create getattr setattr read write append rename link unlink ioctl lock }')
+define(`manage_fifo_file_perms',`{ create open getattr setattr read write append rename link unlink ioctl lock }')
 define(`relabelfrom_fifo_file_perms',`{ getattr relabelfrom }')
 define(`relabelto_fifo_file_perms',`{ getattr relabelto }')
 define(`relabel_fifo_file_perms',`{ getattr relabelfrom relabelto }')
@@ -279,7 +279,7 @@ define(`rw_blk_file_perms',`{ getattr read write append ioctl lock }')
 define(`create_blk_file_perms',`{ getattr create }')
 define(`rename_blk_file_perms',`{ getattr rename }')
 define(`delete_blk_file_perms',`{ getattr unlink }')
-define(`manage_blk_file_perms',`{ create getattr setattr read write append rename link unlink ioctl lock }')
+define(`manage_blk_file_perms',`{ create open getattr setattr read write append rename link unlink ioctl lock }')
 define(`relabelfrom_blk_file_perms',`{ getattr relabelfrom }')
 define(`relabelto_blk_file_perms',`{ getattr relabelto }')
 define(`relabel_blk_file_perms',`{ getattr relabelfrom relabelto }')
@@ -296,7 +296,7 @@ define(`rw_chr_file_perms',`{ getattr read write append ioctl lock }')
 define(`create_chr_file_perms',`{ getattr create }')
 define(`rename_chr_file_perms',`{ getattr rename }')
 define(`delete_chr_file_perms',`{ getattr unlink }')
-define(`manage_chr_file_perms',`{ create getattr setattr read write append rename link unlink ioctl lock }')
+define(`manage_chr_file_perms',`{ create open getattr setattr read write append rename link unlink ioctl lock }')
 define(`relabelfrom_chr_file_perms',`{ getattr relabelfrom }')
 define(`relabelto_chr_file_perms',`{ getattr relabelto }')
 define(`relabel_chr_file_perms',`{ getattr relabelfrom relabelto }')

More information about the scm-commits mailing list