[selinux-policy: 2350/3172] Mysql patch from Dan Walsh.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:28:39 UTC 2010
commit 80f0587459ee00eb557477dde144e6f28425f3f9
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Fri Dec 18 10:44:35 2009 -0500
Mysql patch from Dan Walsh.
policy/modules/services/mysql.te | 15 ++++++++++-----
1 files changed, 10 insertions(+), 5 deletions(-)
---
diff --git a/policy/modules/services/mysql.te b/policy/modules/services/mysql.te
index 728f500..d42ffa3 100644
--- a/policy/modules/services/mysql.te
+++ b/policy/modules/services/mysql.te
@@ -1,5 +1,5 @@
-policy_module(mysql, 1.11.0)
+policy_module(mysql, 1.11.1)
########################################
#
@@ -64,7 +64,7 @@ files_tmp_filetrans(mysqld_t, mysqld_tmp_t, { file dir })
manage_files_pattern(mysqld_t, mysqld_var_run_t, mysqld_var_run_t)
manage_sock_files_pattern(mysqld_t, mysqld_var_run_t, mysqld_var_run_t)
-files_pid_filetrans(mysqld_t, mysqld_var_run_t,{ file sock_file })
+files_pid_filetrans(mysqld_t, mysqld_var_run_t, { file sock_file })
kernel_read_system_state(mysqld_t)
kernel_read_kernel_sysctls(mysqld_t)
@@ -137,9 +137,14 @@ allow mysqld_safe_t self:fifo_file rw_fifo_file_perms;
domtrans_pattern(mysqld_safe_t, mysqld_exec_t, mysqld_t)
allow mysqld_safe_t mysqld_log_t:file manage_file_perms;
+
+allow mysqld_safe_t mysqld_var_run_t:sock_file unlink;
+
+domain_read_all_domains_state(mysqld_safe_t)
+
logging_log_filetrans(mysqld_safe_t, mysqld_log_t, file)
-kernel_read_system_state(mysqld_safe_t)
+kernel_read_system_state(mysqld_safe_t)
dev_list_sysfs(mysqld_safe_t)
@@ -150,9 +155,9 @@ corecmd_exec_bin(mysqld_safe_t)
hostname_exec(mysqld_safe_t)
-miscfiles_read_localization(mysqld_safe_t)
+miscfiles_read_localization(mysqld_safe_t)
-mysql_append_db_files(mysqld_safe_t)
+mysql_manage_db_files(mysqld_safe_t)
mysql_read_config(mysqld_safe_t)
mysql_search_pid_files(mysqld_safe_t)
mysql_write_log(mysqld_safe_t)
More information about the scm-commits
mailing list