[selinux-policy: 2298/3172] clean up 0bca409 and add changelog entry.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:24:03 UTC 2010
commit 222d5b598773461ded17cb46a2c97f288a20b70b
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Nov 3 09:25:37 2009 -0500
clean up 0bca409 and add changelog entry.
Changelog | 1 +
policy/modules/services/tgtd.fc | 6 +++---
policy/modules/services/tgtd.if | 12 ++++++------
policy/modules/services/tgtd.te | 13 +++++--------
4 files changed, 15 insertions(+), 17 deletions(-)
---
diff --git a/Changelog b/Changelog
index b03fb48..1631197 100644
--- a/Changelog
+++ b/Changelog
@@ -22,6 +22,7 @@
rtkit (Dan Walsh)
seunshare (Dan Walsh)
shorewall (Dan Walsh)
+ tgtd (Matthew Ife)
tuned (Miroslav Grepl)
xscreensaver (Corentin Labbe)
diff --git a/policy/modules/services/tgtd.fc b/policy/modules/services/tgtd.fc
index 5812689..8294f6f 100644
--- a/policy/modules/services/tgtd.fc
+++ b/policy/modules/services/tgtd.fc
@@ -1,3 +1,3 @@
-/etc/rc\.d/init\.d/tgtd -- gen_context(system_u:object_r:tgtd_initrc_exec_t, s0)
-/usr/sbin/tgtd -- gen_context(system_u:object_r:tgtd_exec_t, s0)
-/var/lib/tgtd(/.*)? gen_context(system_u:object_r:tgtd_var_lib_t, s0)
+/etc/rc\.d/init\.d/tgtd -- gen_context(system_u:object_r:tgtd_initrc_exec_t,s0)
+/usr/sbin/tgtd -- gen_context(system_u:object_r:tgtd_exec_t,s0)
+/var/lib/tgtd(/.*)? gen_context(system_u:object_r:tgtd_var_lib_t,s0)
diff --git a/policy/modules/services/tgtd.if b/policy/modules/services/tgtd.if
index d497936..2c0bc5c 100644
--- a/policy/modules/services/tgtd.if
+++ b/policy/modules/services/tgtd.if
@@ -1,11 +1,11 @@
## <summary>Linux Target Framework Daemon.</summary>
## <desc>
-## <p>
-## Linux target framework (tgt) aims to simplify various
-## SCSI target driver (iSCSI, Fibre Channel, SRP, etc) creation
-## and maintenance. Our key goals are the clean integration into
-## the scsi-mid layer and implementing a great portion of tgt
+## <p>
+## Linux target framework (tgt) aims to simplify various
+## SCSI target driver (iSCSI, Fibre Channel, SRP, etc) creation
+## and maintenance. Our key goals are the clean integration into
+## the scsi-mid layer and implementing a great portion of tgt
## in user space.
-## </p>
+## </p>
## </desc>
diff --git a/policy/modules/services/tgtd.te b/policy/modules/services/tgtd.te
index ca91b84..e0e1d4b 100644
--- a/policy/modules/services/tgtd.te
+++ b/policy/modules/services/tgtd.te
@@ -1,3 +1,4 @@
+
policy_module(tgtd, 1.0.0)
########################################
@@ -32,7 +33,7 @@ allow tgtd_t self:fifo_file rw_fifo_file_perms;
allow tgtd_t self:netlink_route_socket { create_socket_perms nlmsg_read };
allow tgtd_t self:shm create_shm_perms;
allow tgtd_t self:sem create_sem_perms;
-allow tgtd_t self:tcp_socket { create_socket_perms accept listen };
+allow tgtd_t self:tcp_socket create_stream_socket_perms;
allow tgtd_t self:udp_socket create_socket_perms;
allow tgtd_t self:unix_dgram_socket create_socket_perms;
@@ -46,25 +47,21 @@ manage_dirs_pattern(tgtd_t, tgtd_var_lib_t, tgtd_var_lib_t)
manage_files_pattern(tgtd_t, tgtd_var_lib_t, tgtd_var_lib_t)
files_var_lib_filetrans(tgtd_t, tgtd_var_lib_t, { dir file })
+kernel_read_fs_sysctls(tgtd_t)
+
corenet_all_recvfrom_netlabel(tgtd_t)
corenet_all_recvfrom_unlabeled(tgtd_t)
-
corenet_sendrecv_iscsi_server_packets(tgtd_t)
-
corenet_tcp_bind_generic_node(tgtd_t)
corenet_tcp_bind_iscsi_port(tgtd_t)
-
corenet_tcp_sendrecv_generic_if(tgtd_t)
corenet_tcp_sendrecv_generic_node(tgtd_t)
-
corenet_tcp_sendrecv_iscsi_port(tgtd_t)
files_read_etc_files(tgtd_t)
-kernel_read_fs_sysctls(tgtd_t)
+storage_getattr_fixed_disk_dev(tgtd_t)
logging_send_syslog_msg(tgtd_t)
miscfiles_read_localization(tgtd_t)
-
-storage_getattr_fixed_disk_dev(tgtd_t)
More information about the scm-commits
mailing list