[selinux-policy: 2884/3172] Allow crond to manage user_spool_cron_t link files Allow init to delete dbus message.pid Allow init

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 23:16:48 UTC 2010 

commit ee4b1e0aad3c0043a464803289b51b019646fc7c
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Wed Sep 8 17:54:31 2010 -0400

    Allow crond to manage user_spool_cron_t link files
    Allow init to delete dbus message.pid
    Allow init and udev to create hugetlbfs directories

 policy/modules/services/cron.te |    2 +-
 policy/modules/services/dbus.if |   19 +++++++++++++++++++
 policy/modules/system/init.te   |    2 ++
 policy/modules/system/udev.te   |    1 +
 4 files changed, 23 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/services/cron.te b/policy/modules/services/cron.te
index 38a83ea..c72dd92 100644
--- a/policy/modules/services/cron.te
+++ b/policy/modules/services/cron.te
@@ -678,7 +678,7 @@ list_dirs_pattern(crond_t, user_cron_spool_t, user_cron_spool_t)
 rw_dirs_pattern(crond_t, user_cron_spool_t, user_cron_spool_t)
 read_files_pattern(crond_t, user_cron_spool_t, user_cron_spool_t)
 read_lnk_files_pattern(crond_t, user_cron_spool_t, user_cron_spool_t)
-allow cronjob_t user_cron_spool_t:file manage_lnk_file_perms;
+allow crond_t user_cron_spool_t:file manage_lnk_file_perms;
 
 tunable_policy(`fcron_crond', `
 	allow crond_t user_cron_spool_t:file manage_file_perms;
diff --git a/policy/modules/services/dbus.if b/policy/modules/services/dbus.if
index e385f2f..63c82b7 100644
--- a/policy/modules/services/dbus.if
+++ b/policy/modules/services/dbus.if
@@ -503,3 +503,22 @@ interface(`dbus_unconfined',`
 
 	typeattribute $1 dbusd_unconfined;
 ')
+
+########################################
+## <summary>
+##	Delete all dbus pid files
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`dbus_delete_pid_files',`
+	gen_require(`
+		type dbus_var_run_t;
+	')
+
+	delete_files_pattern($1, system_dbusd_var_run_t, system_dbusd_var_run_t)
+')
+
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 477612e..d96bf27 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -246,6 +246,7 @@ tunable_policy(`init_systemd',`
 	files_manage_all_pids_dirs(init_t)
 
 	fs_manage_cgroup_dirs(init_t)
+	fs_manage_hugetlbfs_dirs(init_t)
 	fs_manage_tmpfs_dirs(init_t)
 	fs_mount_all_fs(init_t)
 	fs_list_auto_mountpoints(init_t)
@@ -275,6 +276,7 @@ optional_policy(`
 optional_policy(`
 	dbus_connect_system_bus(init_t)
 	dbus_system_bus_client(init_t)
+	dbus_delete_pid_files(init_t)
 ')
 
 optional_policy(`
diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index 9f316ca..4867243 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -192,6 +192,7 @@ ifdef(`distro_redhat',`
 	fs_manage_tmpfs_chr_files(udev_t)
 	fs_relabel_tmpfs_blk_file(udev_t)
 	fs_relabel_tmpfs_chr_file(udev_t)
+	fs_manage_hugetlbfs_dirs(udev_t)
 
 	term_search_ptys(udev_t)

More information about the scm-commits mailing list