[selinux-policy: 2920/3172] nut patch from Dan Walsh
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 23:19:57 UTC 2010
commit 5271920764523bf0a951a32e97d84e8236dfc6d1
Author: Jeremy Solt <jsolt at tresys.com>
Date: Mon Aug 30 12:36:53 2010 -0400
nut patch from Dan Walsh
policy/modules/services/nut.te | 7 ++++++-
1 files changed, 6 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/services/nut.te b/policy/modules/services/nut.te
index 181bd88..58e9487 100644
--- a/policy/modules/services/nut.te
+++ b/policy/modules/services/nut.te
@@ -41,7 +41,7 @@ read_files_pattern(nut_upsd_t, nut_conf_t, nut_conf_t)
manage_files_pattern(nut_upsd_t, nut_var_run_t, nut_var_run_t)
manage_dirs_pattern(nut_upsd_t, nut_var_run_t, nut_var_run_t)
manage_sock_files_pattern(nut_upsd_t, nut_var_run_t, nut_var_run_t)
-files_pid_filetrans(nut_upsd_t, nut_var_run_t, { file sock_file })
+files_pid_filetrans(nut_upsd_t, nut_var_run_t, { dir file sock_file })
kernel_read_kernel_sysctls(nut_upsd_t)
@@ -65,6 +65,7 @@ miscfiles_read_localization(nut_upsd_t)
allow nut_upsmon_t self:capability { dac_override dac_read_search setgid setuid };
allow nut_upsmon_t self:fifo_file rw_fifo_file_perms;
allow nut_upsmon_t self:unix_dgram_socket { create_socket_perms sendto };
+allow nut_upsmon_t self:unix_stream_socket { create_socket_perms connectto };
allow nut_upsmon_t self:tcp_socket create_socket_perms;
read_files_pattern(nut_upsmon_t, nut_conf_t, nut_conf_t)
@@ -103,6 +104,10 @@ miscfiles_read_localization(nut_upsmon_t)
mta_send_mail(nut_upsmon_t)
+optional_policy(`
+ shutdown_domtrans(nut_upsmon_t)
+')
+
########################################
#
# Local policy for upsdrvctl
More information about the scm-commits
mailing list