[selinux-policy/f19] Additional fix for freeipa and slapd labeling
Miroslav Grepl
mgrepl at fedoraproject.org
Wed Jul 17 08:52:39 UTC 2013
commit a4b2b1096e6efc28ca41445b28dee6bfe234d385
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Wed Jul 17 10:52:03 2013 +0200
Additional fix for freeipa and slapd labeling
policy-rawhide-contrib.patch | 27 +++++++++++++--------------
selinux-policy.spec | 2 +-
2 files changed, 14 insertions(+), 15 deletions(-)
---
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index de0843d..a931140 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -11506,10 +11506,10 @@ index 29782b8..685edff 100644
')
diff --git a/cloudform.fc b/cloudform.fc
new file mode 100644
-index 0000000..cc740da
+index 0000000..3a0de96
--- /dev/null
+++ b/cloudform.fc
-@@ -0,0 +1,29 @@
+@@ -0,0 +1,27 @@
+/etc/rc\.d/init\.d/iwhd -- gen_context(system_u:object_r:iwhd_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/mongod -- gen_context(system_u:object_r:mongod_initrc_exec_t,s0)
+
@@ -11527,16 +11527,14 @@ index 0000000..cc740da
+/var/lib/cloud(/.*)? gen_context(system_u:object_r:cloud_var_lib_t,s0)
+/var/log/cloud-init\.log -- gen_context(system_u:object_r:cloud_log_t,s0)
+/var/lib/iwhd(/.*)? gen_context(system_u:object_r:iwhd_var_lib_t,s0)
-+/var/lib/mongodb(/.*)? gen_context(system_u:object_r:mongod_var_lib_t,s0)
++/var/lib/mongo.* gen_context(system_u:object_r:mongod_var_lib_t,s0)
+
+/var/log/deltacloud-core(/.*)? gen_context(system_u:object_r:deltacloudd_log_t,s0)
+/var/log/iwhd\.log.* -- gen_context(system_u:object_r:iwhd_log_t,s0)
-+/var/log/mongodb(/.*)? gen_context(system_u:object_r:mongod_log_t,s0)
-+/var/log/mongo(/.*)? gen_context(system_u:object_r:mongod_log_t,s0)
-+/var/log/mongo/mongod\.log.* -- gen_context(system_u:object_r:mongod_log_t,s0)
++/var/log/mongo.* gen_context(system_u:object_r:mongod_log_t,s0)
+/var/log/aeolus-conductor/dbomatic\.log.* -- gen_context(system_u:object_r:mongod_log_t,s0)
+
-+/var/run/mongodb(/.*)? gen_context(system_u:object_r:mongod_var_run_t,s0)
++/var/run/mongo.* gen_context(system_u:object_r:mongod_var_run_t,s0)
+/var/run/aeolus/dbomatic\.pid -- gen_context(system_u:object_r:mongod_var_run_t,s0)
+/var/run/iwhd\.pid -- gen_context(system_u:object_r:iwhd_var_run_t,s0)
diff --git a/cloudform.if b/cloudform.if
@@ -20284,7 +20282,7 @@ index 0000000..021c5ae
+
diff --git a/dirsrv.fc b/dirsrv.fc
new file mode 100644
-index 0000000..0ea1ebb
+index 0000000..5d30dab
--- /dev/null
+++ b/dirsrv.fc
@@ -0,0 +1,23 @@
@@ -20302,7 +20300,7 @@ index 0000000..0ea1ebb
+/var/run/ldap-agent\.pid gen_context(system_u:object_r:dirsrv_snmp_var_run_t,s0)
+
+# BZ:
-+/var/run/slapd.* -s gen_context(system_u:object_r:slapd_var_run_t,s0)
++/var/run/slapd.* -s gen_context(system_u:object_r:dirsrv_var_run_t,s0)
+
+/var/lib/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_var_lib_t,s0)
+
@@ -37884,14 +37882,14 @@ index 7e534cf..3652584 100644
+ ')
+')
diff --git a/mongodb.te b/mongodb.te
-index 4de8949..d705316 100644
+index 4de8949..7bd7e35 100644
--- a/mongodb.te
+++ b/mongodb.te
@@ -49,13 +49,11 @@ corenet_all_recvfrom_unlabeled(mongod_t)
corenet_all_recvfrom_netlabel(mongod_t)
corenet_tcp_sendrecv_generic_if(mongod_t)
corenet_tcp_sendrecv_generic_node(mongod_t)
-+corenet_tcp_connect_mongodb_port(mongod_t)
++corenet_tcp_connect_mongod_port(mongod_t)
corenet_tcp_bind_generic_node(mongod_t)
dev_read_sysfs(mongod_t)
@@ -65312,7 +65310,7 @@ index c5ad6de..c67dbef 100644
/var/run/rabbitmq(/.*)? gen_context(system_u:object_r:rabbitmq_var_run_t,s0)
diff --git a/rabbitmq.te b/rabbitmq.te
-index 3698b51..bc25bbc 100644
+index 3698b51..e0198d9 100644
--- a/rabbitmq.te
+++ b/rabbitmq.te
@@ -45,6 +45,8 @@ setattr_files_pattern(rabbitmq_beam_t, rabbitmq_var_log_t, rabbitmq_var_log_t)
@@ -65333,7 +65331,7 @@ index 3698b51..bc25bbc 100644
corenet_all_recvfrom_unlabeled(rabbitmq_beam_t)
corenet_all_recvfrom_netlabel(rabbitmq_beam_t)
corenet_tcp_sendrecv_generic_if(rabbitmq_beam_t)
-@@ -68,20 +72,32 @@ corenet_sendrecv_epmd_client_packets(rabbitmq_beam_t)
+@@ -68,20 +72,33 @@ corenet_sendrecv_epmd_client_packets(rabbitmq_beam_t)
corenet_tcp_connect_epmd_port(rabbitmq_beam_t)
corenet_tcp_sendrecv_epmd_port(rabbitmq_beam_t)
@@ -65348,6 +65346,7 @@ index 3698b51..bc25bbc 100644
+files_getattr_all_mountpoints(rabbitmq_beam_t)
+
+fs_getattr_all_fs(rabbitmq_beam_t)
++fs_getattr_all_dirs(rabbitmq_beam_t)
+fs_getattr_cgroup(rabbitmq_beam_t)
+
+dev_read_sysfs(rabbitmq_beam_t)
@@ -65370,7 +65369,7 @@ index 3698b51..bc25bbc 100644
allow rabbitmq_epmd_t self:process signal;
allow rabbitmq_epmd_t self:fifo_file rw_fifo_file_perms;
allow rabbitmq_epmd_t self:tcp_socket create_stream_socket_perms;
-@@ -99,8 +115,5 @@ corenet_sendrecv_epmd_server_packets(rabbitmq_epmd_t)
+@@ -99,8 +116,5 @@ corenet_sendrecv_epmd_server_packets(rabbitmq_epmd_t)
corenet_tcp_bind_epmd_port(rabbitmq_epmd_t)
corenet_tcp_sendrecv_epmd_port(rabbitmq_epmd_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 6068973..bbcd5b6 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -424,7 +424,7 @@ Obsoletes: cachefilesd-selinux <= 0.10-1
Conflicts: seedit
Conflicts: 389-ds-base < 1.2.7, 389-admin < 1.1.12
Conflicts: pki-selinux < 10-0.0-0.45.b1
-Conflicts: freeipa-server-selinux <= 3.2.1-1
+Conflicts: freeipa-server-selinux < 3.2.2-1
%description targeted
SELinux Reference policy targeted base module.
More information about the scm-commits
mailing list