[selinux-policy: 2969/3172] Allow pads_admin to search parent directories to be able to interact with pads content.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 23:24:20 UTC 2010
commit 1215dfb87cb9773baa25e6d9be4718a53f90578b
Author: Dominick Grift <domg472 at gmail.com>
Date: Wed Sep 15 13:05:32 2010 +0200
Allow pads_admin to search parent directories to be able to interact with pads content.
Allow plymouthd_admin to search parent directories to be able to interact with plymouthd content.
Allow postgresql admin to search parent directories to be able to manage postgresql content.
Allow prelude_admin to search parent directories to be able to manage prelude content.
Signed-off-by: Dominick Grift <domg472 at gmail.com>
policy/modules/services/pads.if | 3 +++
policy/modules/services/plymouthd.if | 2 ++
policy/modules/services/postgresql.if | 3 +++
policy/modules/services/prelude.if | 7 +++++++
4 files changed, 15 insertions(+), 0 deletions(-)
---
diff --git a/policy/modules/services/pads.if b/policy/modules/services/pads.if
index 8ac407e..4452d3b 100644
--- a/policy/modules/services/pads.if
+++ b/policy/modules/services/pads.if
@@ -39,6 +39,9 @@ interface(`pads_admin', `
role_transition $2 pads_initrc_exec_t system_r;
allow $2 system_r;
+ files_search_pids($1)
admin_pattern($1, pads_var_run_t)
+
+ files_search_etc($1)
admin_pattern($1, pads_config_t)
')
diff --git a/policy/modules/services/plymouthd.if b/policy/modules/services/plymouthd.if
index 9759ed8..e90b2a1 100644
--- a/policy/modules/services/plymouthd.if
+++ b/policy/modules/services/plymouthd.if
@@ -252,9 +252,11 @@ interface(`plymouthd_admin', `
allow $1 plymouthd_t:process { ptrace signal_perms getattr };
read_files_pattern($1, plymouthd_t, plymouthd_t)
+ files_search_var_lib($1)
admin_pattern($1, plymouthd_spool_t)
admin_pattern($1, plymouthd_var_lib_t)
+ files_search_pids($1)
admin_pattern($1, plymouthd_var_run_t)
')
diff --git a/policy/modules/services/postgresql.if b/policy/modules/services/postgresql.if
index 539a7c9..85699e5 100644
--- a/policy/modules/services/postgresql.if
+++ b/policy/modules/services/postgresql.if
@@ -441,10 +441,13 @@ interface(`postgresql_admin',`
admin_pattern($1, postgresql_var_run_t)
+ files_search_var_lib($1)
admin_pattern($1, postgresql_db_t)
+ files_search_etc($1)
admin_pattern($1, postgresql_etc_t)
+ logging_search_logs($1)
admin_pattern($1, postgresql_log_t)
admin_pattern($1, postgresql_tmp_t)
diff --git a/policy/modules/services/prelude.if b/policy/modules/services/prelude.if
index 2316653..e4d8797 100644
--- a/policy/modules/services/prelude.if
+++ b/policy/modules/services/prelude.if
@@ -136,9 +136,16 @@ interface(`prelude_admin',`
allow $2 system_r;
admin_pattern($1, prelude_spool_t)
+
+ files_search_var_lib($1)
admin_pattern($1, prelude_var_lib_t)
+
+ files_search_pids($1)
admin_pattern($1, prelude_var_run_t)
admin_pattern($1, prelude_audisp_var_run_t)
+
+ files_search_tmp($1)
admin_pattern($1, prelude_lml_tmp_t)
+
admin_pattern($1, prelude_lml_var_run_t)
')
More information about the scm-commits
mailing list