[selinux-policy: 3029/3172] Use permission sets where possible.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 23:29:30 UTC 2010
commit 9fa4defbd46761493c09214d6959fccc7cc7b11f
Author: Dominick Grift <domg472 at gmail.com>
Date: Fri Sep 17 09:50:43 2010 +0200
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Use permission sets where possible.
Squash with 84812bc8dd814709734c2b6d1ef2ff2b84adc35d
Syntax error.
policy/modules/services/amavis.if | 2 +-
policy/modules/services/apache.if | 6 +++---
policy/modules/services/apm.if | 4 ++--
policy/modules/services/automount.if | 2 +-
policy/modules/services/bind.if | 6 +++---
policy/modules/services/bluetooth.if | 6 +++---
policy/modules/services/cron.if | 2 +-
policy/modules/services/dhcp.if | 2 +-
8 files changed, 15 insertions(+), 15 deletions(-)
---
diff --git a/policy/modules/services/amavis.if b/policy/modules/services/amavis.if
index ceb2142..e31d92a 100644
--- a/policy/modules/services/amavis.if
+++ b/policy/modules/services/amavis.if
@@ -183,7 +183,7 @@ interface(`amavis_setattr_pid_files',`
type amavis_var_run_t;
')
- allow $1 amavis_var_run_t:file setattr;
+ allow $1 amavis_var_run_t:file setattr_file_perms;
files_search_pids($1)
')
diff --git a/policy/modules/services/apache.if b/policy/modules/services/apache.if
index 0ec0fb0..8846b96 100644
--- a/policy/modules/services/apache.if
+++ b/policy/modules/services/apache.if
@@ -209,7 +209,7 @@ interface(`apache_role',`
allow $2 httpd_user_content_t:{ dir file lnk_file } { relabelto relabelfrom };
- allow $2 httpd_user_htaccess_t:file { manage_file_perms relabelto relabelfrom };
+ allow $2 httpd_user_htaccess_t:file { manage_file_perms relabel_file_perms };
manage_dirs_pattern($2, httpd_user_ra_content_t, httpd_user_ra_content_t)
manage_files_pattern($2, httpd_user_ra_content_t, httpd_user_ra_content_t)
@@ -499,7 +499,7 @@ interface(`apache_setattr_cache_dirs',`
type httpd_cache_t;
')
- allow $1 httpd_cache_t:dir setattr;
+ allow $1 httpd_cache_t:dir setattr_dir_perms;
')
########################################
@@ -730,7 +730,7 @@ interface(`apache_dontaudit_append_log',`
type httpd_log_t;
')
- dontaudit $1 httpd_log_t:file { getattr append };
+ dontaudit $1 httpd_log_t:file append_file_perms;
')
########################################
diff --git a/policy/modules/services/apm.if b/policy/modules/services/apm.if
index 8c1c60c..49e6c74 100644
--- a/policy/modules/services/apm.if
+++ b/policy/modules/services/apm.if
@@ -52,7 +52,7 @@ interface(`apm_write_pipes',`
type apmd_t;
')
- allow $1 apmd_t:fifo_file write;
+ allow $1 apmd_t:fifo_file write_fifo_file_perms;
')
########################################
@@ -89,7 +89,7 @@ interface(`apm_append_log',`
')
logging_search_logs($1)
- allow $1 apmd_log_t:file append;
+ allow $1 apmd_log_t:file append_file_perms;
')
########################################
diff --git a/policy/modules/services/automount.if b/policy/modules/services/automount.if
index 617eead..a43e006 100644
--- a/policy/modules/services/automount.if
+++ b/policy/modules/services/automount.if
@@ -123,7 +123,7 @@ interface(`automount_dontaudit_getattr_tmp_dirs',`
type automount_tmp_t;
')
- dontaudit $1 automount_tmp_t:dir getattr;
+ dontaudit $1 automount_tmp_t:dir getattr_dir_perms;
')
########################################
diff --git a/policy/modules/services/bind.if b/policy/modules/services/bind.if
index b09ef44..7e9d2fb 100644
--- a/policy/modules/services/bind.if
+++ b/policy/modules/services/bind.if
@@ -186,7 +186,7 @@ interface(`bind_write_config',`
')
write_files_pattern($1, named_conf_t, named_conf_t)
- allow $1 named_conf_t:file setattr;
+ allow $1 named_conf_t:file setattr_file_perms;
')
########################################
@@ -266,7 +266,7 @@ interface(`bind_setattr_pid_dirs',`
type named_var_run_t;
')
- allow $1 named_var_run_t:dir setattr;
+ allow $1 named_var_run_t:dir setattr_dir_perms;
')
########################################
@@ -284,7 +284,7 @@ interface(`bind_setattr_zone_dirs',`
type named_zone_t;
')
- allow $1 named_zone_t:dir setattr;
+ allow $1 named_zone_t:dir setattr_dir_perms;
')
########################################
diff --git a/policy/modules/services/bluetooth.if b/policy/modules/services/bluetooth.if
index a01ce9f..fa57a6f 100644
--- a/policy/modules/services/bluetooth.if
+++ b/policy/modules/services/bluetooth.if
@@ -92,7 +92,7 @@ interface(`bluetooth_read_config',`
type bluetooth_conf_t;
')
- allow $1 bluetooth_conf_t:file { getattr read ioctl };
+ allow $1 bluetooth_conf_t:file read_file_perms;
')
########################################
@@ -192,8 +192,8 @@ interface(`bluetooth_dontaudit_read_helper_state',`
type bluetooth_helper_t;
')
- dontaudit $1 bluetooth_helper_t:dir search;
- dontaudit $1 bluetooth_helper_t:file { read getattr };
+ dontaudit $1 bluetooth_helper_t:dir search_dir_perms;
+ dontaudit $1 bluetooth_helper_t:file read_file_perms;
')
########################################
diff --git a/policy/modules/services/cron.if b/policy/modules/services/cron.if
index ffd5436..b6402c9 100644
--- a/policy/modules/services/cron.if
+++ b/policy/modules/services/cron.if
@@ -52,7 +52,7 @@ template(`cron_common_crontab_template',`
files_list_spool($1_t)
# crontab signals crond by updating the mtime on the spooldir
- allow $1_t cron_spool_t:dir setattr;
+ allow $1_t cron_spool_t:dir setattr_dir_perms;
kernel_read_system_state($1_t)
diff --git a/policy/modules/services/dhcp.if b/policy/modules/services/dhcp.if
index aa4da1d..7e129ff 100644
--- a/policy/modules/services/dhcp.if
+++ b/policy/modules/services/dhcp.if
@@ -36,7 +36,7 @@ interface(`dhcpd_setattr_state_files',`
')
sysnet_search_dhcp_state($1)
- allow $1 dhcpd_state_t:file setattr;
+ allow $1 dhcpd_state_t:file setattr_file_perms;
')
########################################
More information about the scm-commits
mailing list