[selinux-policy: 2810/3172] Policy for system-config-kdump gui from Dan Walsh

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 23:10:07 UTC 2010 

commit 46fc0d39e39848b43ea334aad1af57c64063ccaf
Author: Jeremy Solt <jsolt at tresys.com>
Date:   Thu Jul 15 15:16:17 2010 -0400

    Policy for system-config-kdump gui from Dan Walsh
    
    Edits:
     - removed gnome_dontaudit_search_config
     - removed userdom_dontaudit_search_admin_dir
     - whitespace and style fixes

 policy/modules/apps/kdumpgui.fc |    1 +
 policy/modules/apps/kdumpgui.if |    2 +
 policy/modules/apps/kdumpgui.te |   63 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 66 insertions(+), 0 deletions(-)
---
diff --git a/policy/modules/apps/kdumpgui.fc b/policy/modules/apps/kdumpgui.fc
new file mode 100644
index 0000000..f97c6e9
--- /dev/null
+++ b/policy/modules/apps/kdumpgui.fc
@@ -0,0 +1 @@
+/usr/share/system-config-kdump/system-config-kdump-backend.py		--	gen_context(system_u:object_r:kdumpgui_exec_t,s0)
diff --git a/policy/modules/apps/kdumpgui.if b/policy/modules/apps/kdumpgui.if
new file mode 100644
index 0000000..d6af9b0
--- /dev/null
+++ b/policy/modules/apps/kdumpgui.if
@@ -0,0 +1,2 @@
+## <summary>system-config-kdump GUI</summary>
+
diff --git a/policy/modules/apps/kdumpgui.te b/policy/modules/apps/kdumpgui.te
new file mode 100644
index 0000000..777acf4
--- /dev/null
+++ b/policy/modules/apps/kdumpgui.te
@@ -0,0 +1,63 @@
+policy_module(kdumpgui, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type kdumpgui_t;
+type kdumpgui_exec_t;
+
+dbus_system_domain(kdumpgui_t, kdumpgui_exec_t)
+
+######################################
+#
+# system-config-kdump local policy
+#
+
+allow kdumpgui_t self:capability { net_admin sys_admin sys_rawio };
+allow kdumpgui_t self:fifo_file rw_fifo_file_perms;
+
+allow kdumpgui_t self:netlink_kobject_uevent_socket create_socket_perms;
+
+kernel_read_system_state(kdumpgui_t)
+kernel_read_network_state(kdumpgui_t)
+
+corecmd_exec_bin(kdumpgui_t)
+corecmd_exec_shell(kdumpgui_t)
+
+dev_dontaudit_getattr_all_chr_files(kdumpgui_t)
+dev_read_sysfs(kdumpgui_t)
+
+# for blkid.tab
+files_manage_etc_runtime_files(kdumpgui_t)
+files_etc_filetrans_etc_runtime(kdumpgui_t, file)
+
+files_manage_boot_files(kdumpgui_t)
+files_manage_boot_symlinks(kdumpgui_t)
+# Needed for running chkconfig
+files_manage_etc_symlinks(kdumpgui_t)
+
+storage_raw_read_fixed_disk(kdumpgui_t)
+storage_raw_write_fixed_disk(kdumpgui_t)
+
+auth_use_nsswitch(kdumpgui_t)
+
+consoletype_exec(kdumpgui_t)
+
+kdump_manage_config(kdumpgui_t)
+kdump_initrc_domtrans(kdumpgui_t)
+
+logging_send_syslog_msg(kdumpgui_t)
+
+miscfiles_read_localization(kdumpgui_t)
+
+init_dontaudit_read_all_script_files(kdumpgui_t)
+
+optional_policy(`
+	dev_rw_lvm_control(kdumpgui_t)
+')
+
+optional_policy(`
+	policykit_dbus_chat(kdumpgui_t)
+')

More information about the scm-commits mailing list