[selinux-policy: 2358/3172] gpsd patch from Dan Walsh.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:29:21 UTC 2010
commit f37b7bd0cbde28c14dc84b443fb66f7d2579df97
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Thu Jan 7 08:59:38 2010 -0500
gpsd patch from Dan Walsh.
policy/modules/services/gpsd.fc | 7 ++++++-
policy/modules/services/gpsd.if | 8 +-------
policy/modules/services/gpsd.te | 16 +++++++++++++---
3 files changed, 20 insertions(+), 11 deletions(-)
---
diff --git a/policy/modules/services/gpsd.fc b/policy/modules/services/gpsd.fc
index e7bbeb1..5e81e33 100644
--- a/policy/modules/services/gpsd.fc
+++ b/policy/modules/services/gpsd.fc
@@ -1 +1,6 @@
-/usr/sbin/gpsd -- gen_context(system_u:object_r:gpsd_exec_t,s0)
+/etc/rc\.d/init\.d/gpsd -- gen_context(system_u:object_r:gpsd_initrc_exec_t,s0)
+
+/usr/sbin/gpsd -- gen_context(system_u:object_r:gpsd_exec_t,s0)
+
+/var/run/gpsd\.pid -- gen_context(system_u:object_r:gpsd_var_run_t,s0)
+/var/run/gpsd\.sock -s gen_context(system_u:object_r:gpsd_var_run_t,s0)
diff --git a/policy/modules/services/gpsd.if b/policy/modules/services/gpsd.if
index 7597332..39fc12f 100644
--- a/policy/modules/services/gpsd.if
+++ b/policy/modules/services/gpsd.if
@@ -33,11 +33,6 @@ interface(`gpsd_domtrans',`
## The role to be allowed the gpsd domain.
## </summary>
## </param>
-## <param name="terminal">
-## <summary>
-## The type of the role's terminal.
-## </summary>
-## </param>
#
interface(`gpsd_run',`
gen_require(`
@@ -46,11 +41,10 @@ interface(`gpsd_run',`
gpsd_domtrans($1)
role $2 types gpsd_t;
- allow gpsd_t $3:chr_file rw_term_perms;
')
########################################
-## <summary>
+## <summary>
## Read and write gpsd shared memory.
## </summary>
## <param name="domain">
diff --git a/policy/modules/services/gpsd.te b/policy/modules/services/gpsd.te
index 9cdc1f1..d8c1654 100644
--- a/policy/modules/services/gpsd.te
+++ b/policy/modules/services/gpsd.te
@@ -1,5 +1,5 @@
-policy_module(gpsd, 1.0.0)
+policy_module(gpsd, 1.0.1)
########################################
#
@@ -11,15 +11,21 @@ type gpsd_exec_t;
application_domain(gpsd_t, gpsd_exec_t)
init_daemon_domain(gpsd_t, gpsd_exec_t)
+type gpsd_initrc_exec_t;
+init_script_file(gpsd_initrc_exec_t)
+
type gpsd_tmpfs_t;
files_tmpfs_file(gpsd_tmpfs_t)
+type gpsd_var_run_t;
+files_pid_file(gpsd_var_run_t)
+
########################################
#
# gpsd local policy
#
-allow gpsd_t self:capability { setuid sys_nice setgid fowner };
+allow gpsd_t self:capability { fsetid setuid sys_nice setgid fowner };
allow gpsd_t self:process setsched;
allow gpsd_t self:shm create_shm_perms;
allow gpsd_t self:unix_dgram_socket { create_socket_perms sendto };
@@ -29,6 +35,10 @@ manage_dirs_pattern(gpsd_t, gpsd_tmpfs_t, gpsd_tmpfs_t)
manage_files_pattern(gpsd_t, gpsd_tmpfs_t, gpsd_tmpfs_t)
fs_tmpfs_filetrans(gpsd_t, gpsd_tmpfs_t, { dir file })
+manage_files_pattern(gpsd_t, gpsd_var_run_t, gpsd_var_run_t)
+manage_sock_files_pattern(gpsd_t, gpsd_var_run_t, gpsd_var_run_t)
+files_pid_filetrans(gpsd_t, gpsd_var_run_t, { file sock_file })
+
corenet_all_recvfrom_unlabeled(gpsd_t)
corenet_all_recvfrom_netlabel(gpsd_t)
corenet_tcp_sendrecv_generic_if(gpsd_t)
@@ -51,5 +61,5 @@ optional_policy(`
')
optional_policy(`
- ntpd_rw_shm(gpsd_t)
+ ntp_rw_shm(gpsd_t)
')
More information about the scm-commits
mailing list