[selinux-policy: 2884/3172] Allow crond to manage user_spool_cron_t link files Allow init to delete dbus message.pid Allow init
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 23:16:48 UTC 2010
commit ee4b1e0aad3c0043a464803289b51b019646fc7c
Author: Dan Walsh <dwalsh at redhat.com>
Date: Wed Sep 8 17:54:31 2010 -0400
Allow crond to manage user_spool_cron_t link files
Allow init to delete dbus message.pid
Allow init and udev to create hugetlbfs directories
policy/modules/services/cron.te | 2 +-
policy/modules/services/dbus.if | 19 +++++++++++++++++++
policy/modules/system/init.te | 2 ++
policy/modules/system/udev.te | 1 +
4 files changed, 23 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/services/cron.te b/policy/modules/services/cron.te
index 38a83ea..c72dd92 100644
--- a/policy/modules/services/cron.te
+++ b/policy/modules/services/cron.te
@@ -678,7 +678,7 @@ list_dirs_pattern(crond_t, user_cron_spool_t, user_cron_spool_t)
rw_dirs_pattern(crond_t, user_cron_spool_t, user_cron_spool_t)
read_files_pattern(crond_t, user_cron_spool_t, user_cron_spool_t)
read_lnk_files_pattern(crond_t, user_cron_spool_t, user_cron_spool_t)
-allow cronjob_t user_cron_spool_t:file manage_lnk_file_perms;
+allow crond_t user_cron_spool_t:file manage_lnk_file_perms;
tunable_policy(`fcron_crond', `
allow crond_t user_cron_spool_t:file manage_file_perms;
diff --git a/policy/modules/services/dbus.if b/policy/modules/services/dbus.if
index e385f2f..63c82b7 100644
--- a/policy/modules/services/dbus.if
+++ b/policy/modules/services/dbus.if
@@ -503,3 +503,22 @@ interface(`dbus_unconfined',`
typeattribute $1 dbusd_unconfined;
')
+
+########################################
+## <summary>
+## Delete all dbus pid files
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`dbus_delete_pid_files',`
+ gen_require(`
+ type dbus_var_run_t;
+ ')
+
+ delete_files_pattern($1, system_dbusd_var_run_t, system_dbusd_var_run_t)
+')
+
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 477612e..d96bf27 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -246,6 +246,7 @@ tunable_policy(`init_systemd',`
files_manage_all_pids_dirs(init_t)
fs_manage_cgroup_dirs(init_t)
+ fs_manage_hugetlbfs_dirs(init_t)
fs_manage_tmpfs_dirs(init_t)
fs_mount_all_fs(init_t)
fs_list_auto_mountpoints(init_t)
@@ -275,6 +276,7 @@ optional_policy(`
optional_policy(`
dbus_connect_system_bus(init_t)
dbus_system_bus_client(init_t)
+ dbus_delete_pid_files(init_t)
')
optional_policy(`
diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index 9f316ca..4867243 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -192,6 +192,7 @@ ifdef(`distro_redhat',`
fs_manage_tmpfs_chr_files(udev_t)
fs_relabel_tmpfs_blk_file(udev_t)
fs_relabel_tmpfs_chr_file(udev_t)
+ fs_manage_hugetlbfs_dirs(udev_t)
term_search_ptys(udev_t)
More information about the scm-commits
mailing list