[selinux-policy: 2298/3172] clean up 0bca409 and add changelog entry.

Thu Oct 7 22:24:03 UTC 2010

commit 222d5b598773461ded17cb46a2c97f288a20b70b
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Tue Nov 3 09:25:37 2009 -0500

    clean up 0bca409 and add changelog entry.

 Changelog                       |    1 +
 policy/modules/services/tgtd.fc |    6 +++---
 policy/modules/services/tgtd.if |   12 ++++++------
 policy/modules/services/tgtd.te |   13 +++++--------
 4 files changed, 15 insertions(+), 17 deletions(-)
---

diff --git a/Changelog b/Changelog
index b03fb48..1631197 100644
--- a/Changelog
+++ b/Changelog
@@ -22,6 +22,7 @@
 	rtkit (Dan Walsh)
 	seunshare (Dan Walsh)
 	shorewall (Dan Walsh)
+	tgtd (Matthew Ife)
 	tuned (Miroslav Grepl)
 	xscreensaver (Corentin Labbe)
 
diff --git a/policy/modules/services/tgtd.fc b/policy/modules/services/tgtd.fc
index 5812689..8294f6f 100644
--- a/policy/modules/services/tgtd.fc
+++ b/policy/modules/services/tgtd.fc
@@ -1,3 +1,3 @@
-/etc/rc\.d/init\.d/tgtd		--	gen_context(system_u:object_r:tgtd_initrc_exec_t, s0)
-/usr/sbin/tgtd			--	gen_context(system_u:object_r:tgtd_exec_t, s0)
-/var/lib/tgtd(/.*)?			gen_context(system_u:object_r:tgtd_var_lib_t, s0)
+/etc/rc\.d/init\.d/tgtd		--	gen_context(system_u:object_r:tgtd_initrc_exec_t,s0)
+/usr/sbin/tgtd			--	gen_context(system_u:object_r:tgtd_exec_t,s0)
+/var/lib/tgtd(/.*)?			gen_context(system_u:object_r:tgtd_var_lib_t,s0)
diff --git a/policy/modules/services/tgtd.if b/policy/modules/services/tgtd.if
index d497936..2c0bc5c 100644
--- a/policy/modules/services/tgtd.if
+++ b/policy/modules/services/tgtd.if
@@ -1,11 +1,11 @@
 ## <summary>Linux Target Framework Daemon.</summary>
 ## <desc>
-##      <p>
-##	Linux target framework (tgt) aims to simplify various 
-##	SCSI target driver (iSCSI, Fibre Channel, SRP, etc) creation 
-##	and maintenance. Our key goals are the clean integration into 
-##	the scsi-mid layer and implementing a great portion of tgt 
+##	<p>
+##	Linux target framework (tgt) aims to simplify various
+##	SCSI target driver (iSCSI, Fibre Channel, SRP, etc) creation
+##	and maintenance. Our key goals are the clean integration into
+##	the scsi-mid layer and implementing a great portion of tgt
 ##	in user space.
-##      </p>
+##	</p>
 ## </desc>
 
diff --git a/policy/modules/services/tgtd.te b/policy/modules/services/tgtd.te
index ca91b84..e0e1d4b 100644
--- a/policy/modules/services/tgtd.te
+++ b/policy/modules/services/tgtd.te
@@ -1,3 +1,4 @@
+
 policy_module(tgtd, 1.0.0)
 
 ########################################
@@ -32,7 +33,7 @@ allow tgtd_t self:fifo_file rw_fifo_file_perms;
 allow tgtd_t self:netlink_route_socket { create_socket_perms nlmsg_read };
 allow tgtd_t self:shm create_shm_perms;
 allow tgtd_t self:sem create_sem_perms;
-allow tgtd_t self:tcp_socket { create_socket_perms accept listen };
+allow tgtd_t self:tcp_socket create_stream_socket_perms;
 allow tgtd_t self:udp_socket create_socket_perms;
 allow tgtd_t self:unix_dgram_socket create_socket_perms;
 
@@ -46,25 +47,21 @@ manage_dirs_pattern(tgtd_t, tgtd_var_lib_t, tgtd_var_lib_t)
 manage_files_pattern(tgtd_t, tgtd_var_lib_t, tgtd_var_lib_t)
 files_var_lib_filetrans(tgtd_t, tgtd_var_lib_t, { dir file })
 
+kernel_read_fs_sysctls(tgtd_t)
+
 corenet_all_recvfrom_netlabel(tgtd_t)
 corenet_all_recvfrom_unlabeled(tgtd_t)
-
 corenet_sendrecv_iscsi_server_packets(tgtd_t)
-
 corenet_tcp_bind_generic_node(tgtd_t)
 corenet_tcp_bind_iscsi_port(tgtd_t)
-
 corenet_tcp_sendrecv_generic_if(tgtd_t)
 corenet_tcp_sendrecv_generic_node(tgtd_t)
-
 corenet_tcp_sendrecv_iscsi_port(tgtd_t)
 
 files_read_etc_files(tgtd_t)
 
-kernel_read_fs_sysctls(tgtd_t)
+storage_getattr_fixed_disk_dev(tgtd_t)
 
 logging_send_syslog_msg(tgtd_t)
 
 miscfiles_read_localization(tgtd_t)
-
-storage_getattr_fixed_disk_dev(tgtd_t)
