[selinux-policy: 2892/3172] Allow mozilla_plugin to create nsplugin_home_t directories Allow hugetlbfs_t to be on device_t file
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 23:17:31 UTC 2010
commit da073333456c1446709d584314a4153c50ab4d0a
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Sep 9 09:55:31 2010 -0400
Allow mozilla_plugin to create nsplugin_home_t directories
Allow hugetlbfs_t to be on device_t file system
Fix for ajaxterm policy
Fix type in dbus_delete_pid_files
Change openvpn to only allow search of users home dir
policy/modules/apps/mozilla.te | 1 +
policy/modules/apps/nsplugin.if | 18 ++++++++++++++++++
policy/modules/kernel/filesystem.te | 1 +
policy/modules/services/ajaxterm.te | 2 +-
policy/modules/services/dbus.if | 2 +-
policy/modules/services/openvpn.te | 2 +-
6 files changed, 23 insertions(+), 3 deletions(-)
---
diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
index 58899ca..ec6a1ff 100644
--- a/policy/modules/apps/mozilla.te
+++ b/policy/modules/apps/mozilla.te
@@ -355,6 +355,7 @@ optional_policy(`
optional_policy(`
nsplugin_domtrans(mozilla_plugin_t)
nsplugin_rw_exec(mozilla_plugin_t)
+ nsplugin_manage_home_dirs(mozilla_plugin_t)
nsplugin_manage_home_files(mozilla_plugin_t)
')
diff --git a/policy/modules/apps/nsplugin.if b/policy/modules/apps/nsplugin.if
index 4dd9d05..c779d44 100644
--- a/policy/modules/apps/nsplugin.if
+++ b/policy/modules/apps/nsplugin.if
@@ -284,6 +284,24 @@ interface(`nsplugin_manage_home_files',`
########################################
## <summary>
+## manage nnsplugin home dirs.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`nsplugin_manage_home_dirs',`
+ gen_require(`
+ type nsplugin_home_t;
+ ')
+
+ manage_dirs_pattern($1, nsplugin_home_t, nsplugin_home_t)
+')
+
+########################################
+## <summary>
## Allow attempts to read and write to
## nsplugin named pipes.
## </summary>
diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
index 930062c..31ebaa7 100644
--- a/policy/modules/kernel/filesystem.te
+++ b/policy/modules/kernel/filesystem.te
@@ -102,6 +102,7 @@ type hugetlbfs_t;
fs_type(hugetlbfs_t)
files_mountpoint(hugetlbfs_t)
fs_use_trans hugetlbfs gen_context(system_u:object_r:hugetlbfs_t,s0);
+dev_associate_sysfs(hugetlbfs_t)
type ibmasmfs_t;
fs_type(ibmasmfs_t)
diff --git a/policy/modules/services/ajaxterm.te b/policy/modules/services/ajaxterm.te
index cba5f93..3441758 100644
--- a/policy/modules/services/ajaxterm.te
+++ b/policy/modules/services/ajaxterm.te
@@ -30,7 +30,7 @@ allow ajaxterm_t self:fifo_file rw_fifo_file_perms;
allow ajaxterm_t self:unix_stream_socket create_stream_socket_perms;
allow ajaxterm_t self:tcp_socket create_stream_socket_perms;
-allow ajaxterm_t ajaxterm_devpts_t:chr_file { rw_chr_file_perms setattr getattr relabelfrom;
+allow ajaxterm_t ajaxterm_devpts_t:chr_file { rw_chr_file_perms setattr getattr relabelfrom };
term_create_pty(ajaxterm_t, ajaxterm_devpts_t)
manage_dirs_pattern(ajaxterm_t, ajaxterm_var_run_t, ajaxterm_var_run_t)
diff --git a/policy/modules/services/dbus.if b/policy/modules/services/dbus.if
index 63c82b7..87fc055 100644
--- a/policy/modules/services/dbus.if
+++ b/policy/modules/services/dbus.if
@@ -516,7 +516,7 @@ interface(`dbus_unconfined',`
#
interface(`dbus_delete_pid_files',`
gen_require(`
- type dbus_var_run_t;
+ type system_dbusd_var_run_t;
')
delete_files_pattern($1, system_dbusd_var_run_t, system_dbusd_var_run_t)
diff --git a/policy/modules/services/openvpn.te b/policy/modules/services/openvpn.te
index 196f2a2..80161cd 100644
--- a/policy/modules/services/openvpn.te
+++ b/policy/modules/services/openvpn.te
@@ -125,7 +125,7 @@ userdom_read_home_certs(openvpn_t)
userdom_attach_admin_tun_iface(openvpn_t)
tunable_policy(`openvpn_enable_homedirs',`
- userdom_read_user_home_content_files(openvpn_t)
+ userdom_search_user_home_dirs(openvpn_t)
')
tunable_policy(`openvpn_enable_homedirs && use_nfs_home_dirs',`
More information about the scm-commits
mailing list