[selinux-policy: 2077/3172] trunk: add sysadm_entry_spec_domtrans_to() interface from clip.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 22:04:18 UTC 2010 

commit 64daa85393e97875ad924a72df38f92ecb600666
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Thu Jan 15 15:07:37 2009 +0000

    trunk: add sysadm_entry_spec_domtrans_to() interface from clip.

 policy/modules/roles/sysadm.if |   35 +++++++++++++++++++++++++++++++++++
 policy/modules/roles/sysadm.te |    2 +-
 2 files changed, 36 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/roles/sysadm.if b/policy/modules/roles/sysadm.if
index 42be030..ff92430 100644
--- a/policy/modules/roles/sysadm.if
+++ b/policy/modules/roles/sysadm.if
@@ -116,6 +116,41 @@ interface(`sysadm_entry_spec_domtrans',`
 
 ########################################
 ## <summary>
+##	Allow sysadm to execute all entrypoint files in
+##	a specified domain.  This is an explicit transition,
+##	requiring the caller to use setexeccon().
+## </summary>
+## <desc>
+##	<p>
+##	Allow sysadm to execute all entrypoint files in
+##	a specified domain.  This is an explicit transition,
+##	requiring the caller to use setexeccon().
+##	</p>
+##	<p>
+##	This is a interface to support third party modules
+##	and its use is not allowed in upstream reference
+##	policy.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`sysadm_entry_spec_domtrans_to',`
+	gen_require(`
+		type sysadm_t;
+	')
+
+	domain_entry_file_spec_domtrans(sysadm_t, $1)
+	allow $1 sysadm_t:fd use;
+	allow $1 sysadm_t:fifo_file rw_file_perms;
+	allow $1 sysadm_t:process sigchld;
+')
+
+########################################
+## <summary>
 ##	Allow sysadm to execute a generic bin program in
 ##	a specified domain.  This is an explicit transition,
 ##	requiring the caller to use setexeccon().
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index e69ab7c..b17984d 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -1,5 +1,5 @@
 
-policy_module(sysadm, 2.0.0)
+policy_module(sysadm, 2.0.1)
 
 ########################################
 #

More information about the scm-commits mailing list