[selinux-policy: 2970/3172] Use ps_process_pattern to read state. Access to get attributes of target afs_t domain is included wi

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 23:24:25 UTC 2010 

commit 39e118bc1559366b015d2ad0c0952b7089bb7686
Author: Dominick Grift <domg472 at gmail.com>
Date:   Wed Sep 15 10:20:36 2010 +0200

    Use ps_process_pattern to read state. Access to get attributes of target afs_t domain is included with ps_process_pattern.
    
    Use ps_process_pattern to read state. Access to get attributes of target boinc_t domain is included with ps_process_pattern.
    
    Use ps_process_pattern to read state. Access to get attributes of target cobblerd_t domain is included with ps_process_pattern.
    
    Use ps_process_pattern to read state. Permission to get attributes of target exim_t domain is included with ps_process_pattern.
    
    Use ps_process_pattern to read state. Access to get attributes of target plymouthd_t domain is included with ps_process_pattern.
    
    Use ps_process_pattern to read state. Access to get attributes of target pportreserve_t domain is included with ps_process_pattern.
    
    Use ps_process_pattern to read state. Access to get attributes of target postfix domains is included with ps_process_pattern.
    
    Use ps_process_pattern to read state. Permission to get attributes of target qpidd_t domain is included with ps_process_pattern.
    
    Signed-off-by: Dominick Grift <domg472 at gmail.com>

 policy/modules/services/afs.if         |    4 ++--
 policy/modules/services/boinc.if       |    4 ++--
 policy/modules/services/cobbler.if     |    4 ++--
 policy/modules/services/exim.if        |    4 ++--
 policy/modules/services/plymouthd.if   |    4 ++--
 policy/modules/services/portreserve.if |    4 ++--
 policy/modules/services/postfix.if     |   28 ++++++++++++++--------------
 policy/modules/services/qpidd.if       |    4 ++--
 8 files changed, 28 insertions(+), 28 deletions(-)
---
diff --git a/policy/modules/services/afs.if b/policy/modules/services/afs.if
index 8559cdc..49c0cc8 100644
--- a/policy/modules/services/afs.if
+++ b/policy/modules/services/afs.if
@@ -97,8 +97,8 @@ interface(`afs_admin',`
 		type afs_t, afs_initrc_exec_t;
 	')
 
-	allow $1 afs_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1, afs_t, afs_t)
+	allow $1 afs_t:process { ptrace signal_perms };
+	ps_process_pattern($1, afs_t)
 
 	# Allow afs_admin to restart the afs service
 	afs_initrc_domtrans($1)
diff --git a/policy/modules/services/boinc.if b/policy/modules/services/boinc.if
index 9f4885c..272bf74 100644
--- a/policy/modules/services/boinc.if
+++ b/policy/modules/services/boinc.if
@@ -138,8 +138,8 @@ interface(`boinc_admin',`
 		type boinc_var_lib_t;
 	')
 
-	allow $1 boinc_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1, boinc_t, boinc_t)
+	allow $1 boinc_t:process { ptrace signal_perms };
+	ps_process_pattern($1, boinc_t)
 
 	boinc_initrc_domtrans($1)
 	domain_system_change_exemption($1)
diff --git a/policy/modules/services/cobbler.if b/policy/modules/services/cobbler.if
index 1bdfe84..b2198bb 100644
--- a/policy/modules/services/cobbler.if
+++ b/policy/modules/services/cobbler.if
@@ -191,8 +191,8 @@ interface(`cobblerd_admin',`
 		type httpd_cobbler_content_rw_t;
 	')
 
-	allow $1 cobblerd_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1, cobblerd_t, cobblerd_t)
+	allow $1 cobblerd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, cobblerd_t)
 
 	files_search_etc($1)
 	admin_pattern($1, cobbler_etc_t)
diff --git a/policy/modules/services/exim.if b/policy/modules/services/exim.if
index 0217906..1685c5d 100644
--- a/policy/modules/services/exim.if
+++ b/policy/modules/services/exim.if
@@ -235,8 +235,8 @@ interface(`exim_admin', `
 		type exim_tmp_t, exim_spool_t,  exim_var_run_t;
 	')
 
-	allow $1 exim_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1, exim_t, exim_t)	
+	allow $1 exim_t:process { ptrace signal_perms };
+	ps_process_pattern($1, exim_t)
 
 	exim_initrc_domtrans($1)
 	domain_system_change_exemption($1)
diff --git a/policy/modules/services/plymouthd.if b/policy/modules/services/plymouthd.if
index e90b2a1..fecc0dc 100644
--- a/policy/modules/services/plymouthd.if
+++ b/policy/modules/services/plymouthd.if
@@ -249,8 +249,8 @@ interface(`plymouthd_admin', `
 		type plymouthd_var_run_t;
 	')
 
-	allow $1 plymouthd_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1, plymouthd_t, plymouthd_t)
+	allow $1 plymouthd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, plymouthd_t)
 
 	files_search_var_lib($1)
 	admin_pattern($1, plymouthd_spool_t)
diff --git a/policy/modules/services/portreserve.if b/policy/modules/services/portreserve.if
index 4af4422..d91c1f5 100644
--- a/policy/modules/services/portreserve.if
+++ b/policy/modules/services/portreserve.if
@@ -105,8 +105,8 @@ interface(`portreserve_admin', `
 		type portreserve_initrc_exec_t, portreserve_var_run_t;
 	')
 
-	allow $1 portreserve_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1,  portreserve_t,  portreserve_t)
+	allow $1 portreserve_t:process { ptrace signal_perms };
+	ps_process_pattern($1, portreserve_t)
 	
 	portreserve_initrc_domtrans($1)
 	domain_system_change_exemption($1)
diff --git a/policy/modules/services/postfix.if b/policy/modules/services/postfix.if
index b6d763d..cfcbac7 100644
--- a/policy/modules/services/postfix.if
+++ b/policy/modules/services/postfix.if
@@ -691,26 +691,26 @@ interface(`postfix_admin', `
 		type postfix_map_tmp_t, postfix_prng_t, postfix_public_t;
 	')
 
-	allow $1 postfix_bounce_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1, postfix_bounce_t, postfix_bounce_t)
+	allow $1 postfix_bounce_t:process { ptrace signal_perms };
+	ps_process_pattern($1, postfix_bounce_t)
 
-	allow $1 postfix_cleanup_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1, postfix_cleanup_t, postfix_cleanup_t)
+	allow $1 postfix_cleanup_t:process { ptrace signal_perms };
+	ps_process_pattern($1, postfix_cleanup_t)
 
-	allow $1 postfix_local_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1, postfix_local_t, postfix_local_t)
+	allow $1 postfix_local_t:process { ptrace signal_perms };
+	ps_process_pattern($1, postfix_local_t)
 
-	allow $1 postfix_master_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1, postfix_master_t, postfix_master_t)
+	allow $1 postfix_master_t:process { ptrace signal_perms };
+	ps_process_pattern($1, postfix_master_t)
 
-	allow $1 postfix_pickup_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1, postfix_pickup_t, postfix_pickup_t)
+	allow $1 postfix_pickup_t:process { ptrace signal_perms };
+	ps_process_pattern($1, postfix_pickup_t)
 
-	allow $1 postfix_qmgr_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1, postfix_qmgr_t, postfix_qmgr_t)
+	allow $1 postfix_qmgr_t:process { ptrace signal_perms };
+	ps_process_pattern($1, postfix_qmgr_t)
 
-	allow $1 postfix_smtpd_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1, postfix_smtpd_t, postfix_smtpd_t)
+	allow $1 postfix_smtpd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, postfix_smtpd_t)
 
 	postfix_run_map($1,$2)
 	postfix_run_postdrop($1,$2)
diff --git a/policy/modules/services/qpidd.if b/policy/modules/services/qpidd.if
index 039bd27..5dbca44 100644
--- a/policy/modules/services/qpidd.if
+++ b/policy/modules/services/qpidd.if
@@ -179,8 +179,8 @@ interface(`qpidd_admin',`
 		type qpidd_t;
 	')
 
-	allow $1 qpidd_t:process { ptrace signal_perms getattr };
-	read_files_pattern($1, qpidd_t, qpidd_t)
+	allow $1 qpidd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, qpidd_t)
 	        
 
 	gen_require(`

More information about the scm-commits mailing list