[selinux-policy: 2970/3172] Use ps_process_pattern to read state. Access to get attributes of target afs_t domain is included wi
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 23:24:25 UTC 2010
commit 39e118bc1559366b015d2ad0c0952b7089bb7686
Author: Dominick Grift <domg472 at gmail.com>
Date: Wed Sep 15 10:20:36 2010 +0200
Use ps_process_pattern to read state. Access to get attributes of target afs_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Access to get attributes of target boinc_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Access to get attributes of target cobblerd_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Permission to get attributes of target exim_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Access to get attributes of target plymouthd_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Access to get attributes of target pportreserve_t domain is included with ps_process_pattern.
Use ps_process_pattern to read state. Access to get attributes of target postfix domains is included with ps_process_pattern.
Use ps_process_pattern to read state. Permission to get attributes of target qpidd_t domain is included with ps_process_pattern.
Signed-off-by: Dominick Grift <domg472 at gmail.com>
policy/modules/services/afs.if | 4 ++--
policy/modules/services/boinc.if | 4 ++--
policy/modules/services/cobbler.if | 4 ++--
policy/modules/services/exim.if | 4 ++--
policy/modules/services/plymouthd.if | 4 ++--
policy/modules/services/portreserve.if | 4 ++--
policy/modules/services/postfix.if | 28 ++++++++++++++--------------
policy/modules/services/qpidd.if | 4 ++--
8 files changed, 28 insertions(+), 28 deletions(-)
---
diff --git a/policy/modules/services/afs.if b/policy/modules/services/afs.if
index 8559cdc..49c0cc8 100644
--- a/policy/modules/services/afs.if
+++ b/policy/modules/services/afs.if
@@ -97,8 +97,8 @@ interface(`afs_admin',`
type afs_t, afs_initrc_exec_t;
')
- allow $1 afs_t:process { ptrace signal_perms getattr };
- read_files_pattern($1, afs_t, afs_t)
+ allow $1 afs_t:process { ptrace signal_perms };
+ ps_process_pattern($1, afs_t)
# Allow afs_admin to restart the afs service
afs_initrc_domtrans($1)
diff --git a/policy/modules/services/boinc.if b/policy/modules/services/boinc.if
index 9f4885c..272bf74 100644
--- a/policy/modules/services/boinc.if
+++ b/policy/modules/services/boinc.if
@@ -138,8 +138,8 @@ interface(`boinc_admin',`
type boinc_var_lib_t;
')
- allow $1 boinc_t:process { ptrace signal_perms getattr };
- read_files_pattern($1, boinc_t, boinc_t)
+ allow $1 boinc_t:process { ptrace signal_perms };
+ ps_process_pattern($1, boinc_t)
boinc_initrc_domtrans($1)
domain_system_change_exemption($1)
diff --git a/policy/modules/services/cobbler.if b/policy/modules/services/cobbler.if
index 1bdfe84..b2198bb 100644
--- a/policy/modules/services/cobbler.if
+++ b/policy/modules/services/cobbler.if
@@ -191,8 +191,8 @@ interface(`cobblerd_admin',`
type httpd_cobbler_content_rw_t;
')
- allow $1 cobblerd_t:process { ptrace signal_perms getattr };
- read_files_pattern($1, cobblerd_t, cobblerd_t)
+ allow $1 cobblerd_t:process { ptrace signal_perms };
+ ps_process_pattern($1, cobblerd_t)
files_search_etc($1)
admin_pattern($1, cobbler_etc_t)
diff --git a/policy/modules/services/exim.if b/policy/modules/services/exim.if
index 0217906..1685c5d 100644
--- a/policy/modules/services/exim.if
+++ b/policy/modules/services/exim.if
@@ -235,8 +235,8 @@ interface(`exim_admin', `
type exim_tmp_t, exim_spool_t, exim_var_run_t;
')
- allow $1 exim_t:process { ptrace signal_perms getattr };
- read_files_pattern($1, exim_t, exim_t)
+ allow $1 exim_t:process { ptrace signal_perms };
+ ps_process_pattern($1, exim_t)
exim_initrc_domtrans($1)
domain_system_change_exemption($1)
diff --git a/policy/modules/services/plymouthd.if b/policy/modules/services/plymouthd.if
index e90b2a1..fecc0dc 100644
--- a/policy/modules/services/plymouthd.if
+++ b/policy/modules/services/plymouthd.if
@@ -249,8 +249,8 @@ interface(`plymouthd_admin', `
type plymouthd_var_run_t;
')
- allow $1 plymouthd_t:process { ptrace signal_perms getattr };
- read_files_pattern($1, plymouthd_t, plymouthd_t)
+ allow $1 plymouthd_t:process { ptrace signal_perms };
+ ps_process_pattern($1, plymouthd_t)
files_search_var_lib($1)
admin_pattern($1, plymouthd_spool_t)
diff --git a/policy/modules/services/portreserve.if b/policy/modules/services/portreserve.if
index 4af4422..d91c1f5 100644
--- a/policy/modules/services/portreserve.if
+++ b/policy/modules/services/portreserve.if
@@ -105,8 +105,8 @@ interface(`portreserve_admin', `
type portreserve_initrc_exec_t, portreserve_var_run_t;
')
- allow $1 portreserve_t:process { ptrace signal_perms getattr };
- read_files_pattern($1, portreserve_t, portreserve_t)
+ allow $1 portreserve_t:process { ptrace signal_perms };
+ ps_process_pattern($1, portreserve_t)
portreserve_initrc_domtrans($1)
domain_system_change_exemption($1)
diff --git a/policy/modules/services/postfix.if b/policy/modules/services/postfix.if
index b6d763d..cfcbac7 100644
--- a/policy/modules/services/postfix.if
+++ b/policy/modules/services/postfix.if
@@ -691,26 +691,26 @@ interface(`postfix_admin', `
type postfix_map_tmp_t, postfix_prng_t, postfix_public_t;
')
- allow $1 postfix_bounce_t:process { ptrace signal_perms getattr };
- read_files_pattern($1, postfix_bounce_t, postfix_bounce_t)
+ allow $1 postfix_bounce_t:process { ptrace signal_perms };
+ ps_process_pattern($1, postfix_bounce_t)
- allow $1 postfix_cleanup_t:process { ptrace signal_perms getattr };
- read_files_pattern($1, postfix_cleanup_t, postfix_cleanup_t)
+ allow $1 postfix_cleanup_t:process { ptrace signal_perms };
+ ps_process_pattern($1, postfix_cleanup_t)
- allow $1 postfix_local_t:process { ptrace signal_perms getattr };
- read_files_pattern($1, postfix_local_t, postfix_local_t)
+ allow $1 postfix_local_t:process { ptrace signal_perms };
+ ps_process_pattern($1, postfix_local_t)
- allow $1 postfix_master_t:process { ptrace signal_perms getattr };
- read_files_pattern($1, postfix_master_t, postfix_master_t)
+ allow $1 postfix_master_t:process { ptrace signal_perms };
+ ps_process_pattern($1, postfix_master_t)
- allow $1 postfix_pickup_t:process { ptrace signal_perms getattr };
- read_files_pattern($1, postfix_pickup_t, postfix_pickup_t)
+ allow $1 postfix_pickup_t:process { ptrace signal_perms };
+ ps_process_pattern($1, postfix_pickup_t)
- allow $1 postfix_qmgr_t:process { ptrace signal_perms getattr };
- read_files_pattern($1, postfix_qmgr_t, postfix_qmgr_t)
+ allow $1 postfix_qmgr_t:process { ptrace signal_perms };
+ ps_process_pattern($1, postfix_qmgr_t)
- allow $1 postfix_smtpd_t:process { ptrace signal_perms getattr };
- read_files_pattern($1, postfix_smtpd_t, postfix_smtpd_t)
+ allow $1 postfix_smtpd_t:process { ptrace signal_perms };
+ ps_process_pattern($1, postfix_smtpd_t)
postfix_run_map($1,$2)
postfix_run_postdrop($1,$2)
diff --git a/policy/modules/services/qpidd.if b/policy/modules/services/qpidd.if
index 039bd27..5dbca44 100644
--- a/policy/modules/services/qpidd.if
+++ b/policy/modules/services/qpidd.if
@@ -179,8 +179,8 @@ interface(`qpidd_admin',`
type qpidd_t;
')
- allow $1 qpidd_t:process { ptrace signal_perms getattr };
- read_files_pattern($1, qpidd_t, qpidd_t)
+ allow $1 qpidd_t:process { ptrace signal_perms };
+ ps_process_pattern($1, qpidd_t)
gen_require(`
More information about the scm-commits
mailing list