[selinux-policy: 2077/3172] trunk: add sysadm_entry_spec_domtrans_to() interface from clip.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:04:18 UTC 2010
commit 64daa85393e97875ad924a72df38f92ecb600666
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Thu Jan 15 15:07:37 2009 +0000
trunk: add sysadm_entry_spec_domtrans_to() interface from clip.
policy/modules/roles/sysadm.if | 35 +++++++++++++++++++++++++++++++++++
policy/modules/roles/sysadm.te | 2 +-
2 files changed, 36 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/roles/sysadm.if b/policy/modules/roles/sysadm.if
index 42be030..ff92430 100644
--- a/policy/modules/roles/sysadm.if
+++ b/policy/modules/roles/sysadm.if
@@ -116,6 +116,41 @@ interface(`sysadm_entry_spec_domtrans',`
########################################
## <summary>
+## Allow sysadm to execute all entrypoint files in
+## a specified domain. This is an explicit transition,
+## requiring the caller to use setexeccon().
+## </summary>
+## <desc>
+## <p>
+## Allow sysadm to execute all entrypoint files in
+## a specified domain. This is an explicit transition,
+## requiring the caller to use setexeccon().
+## </p>
+## <p>
+## This is a interface to support third party modules
+## and its use is not allowed in upstream reference
+## policy.
+## </p>
+## </desc>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`sysadm_entry_spec_domtrans_to',`
+ gen_require(`
+ type sysadm_t;
+ ')
+
+ domain_entry_file_spec_domtrans(sysadm_t, $1)
+ allow $1 sysadm_t:fd use;
+ allow $1 sysadm_t:fifo_file rw_file_perms;
+ allow $1 sysadm_t:process sigchld;
+')
+
+########################################
+## <summary>
## Allow sysadm to execute a generic bin program in
## a specified domain. This is an explicit transition,
## requiring the caller to use setexeccon().
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index e69ab7c..b17984d 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -1,5 +1,5 @@
-policy_module(sysadm, 2.0.0)
+policy_module(sysadm, 2.0.1)
########################################
#
More information about the scm-commits
mailing list