[selinux-policy] Fix typo
Miroslav Grepl
mgrepl at fedoraproject.org
Fri Jul 26 15:16:57 UTC 2013
commit 4c142c0a6c03d0d501e804725c519c2fe051288f
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Fri Jul 26 17:16:36 2013 +0200
Fix typo
policy-rawhide-contrib.patch | 109 +++++++++++++++++++++++++-----------------
1 files changed, 65 insertions(+), 44 deletions(-)
---
diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index 1ab902e..2fccd35 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -13080,7 +13080,7 @@ index 3fe3cb8..b8e08c6 100644
+ ')
')
diff --git a/condor.te b/condor.te
-index 3f2b672..8dee63d 100644
+index 3f2b672..95daaa7 100644
--- a/condor.te
+++ b/condor.te
@@ -46,6 +46,9 @@ files_lock_file(condor_var_lock_t)
@@ -13111,7 +13111,14 @@ index 3f2b672..8dee63d 100644
manage_dirs_pattern(condor_domain, condor_log_t, condor_log_t)
append_files_pattern(condor_domain, condor_log_t, condor_log_t)
-@@ -91,8 +99,6 @@ kernel_read_system_state(condor_domain)
+@@ -86,13 +94,12 @@ allow condor_domain condor_master_t:tcp_socket getattr;
+
+ kernel_read_kernel_sysctls(condor_domain)
+ kernel_read_network_state(condor_domain)
+-kernel_read_system_state(condor_domain)
++
++
+
corecmd_exec_bin(condor_domain)
corecmd_exec_shell(condor_domain)
@@ -13120,7 +13127,7 @@ index 3f2b672..8dee63d 100644
corenet_tcp_sendrecv_generic_if(condor_domain)
corenet_tcp_sendrecv_generic_node(condor_domain)
-@@ -106,9 +112,7 @@ dev_read_rand(condor_domain)
+@@ -106,9 +113,7 @@ dev_read_rand(condor_domain)
dev_read_sysfs(condor_domain)
dev_read_urand(condor_domain)
@@ -13131,7 +13138,7 @@ index 3f2b672..8dee63d 100644
tunable_policy(`condor_tcp_network_connect',`
corenet_sendrecv_all_client_packets(condor_domain)
-@@ -125,7 +129,7 @@ optional_policy(`
+@@ -125,7 +130,7 @@ optional_policy(`
# Master local policy
#
@@ -13140,18 +13147,16 @@ index 3f2b672..8dee63d 100644
allow condor_master_t condor_domain:process { sigkill signal };
-@@ -133,6 +137,10 @@ manage_dirs_pattern(condor_master_t, condor_master_tmp_t, condor_master_tmp_t)
+@@ -133,6 +138,8 @@ manage_dirs_pattern(condor_master_t, condor_master_tmp_t, condor_master_tmp_t)
manage_files_pattern(condor_master_t, condor_master_tmp_t, condor_master_tmp_t)
files_tmp_filetrans(condor_master_t, condor_master_tmp_t, { file dir })
+can_exec(condor_master_t, condor_master_exec_t)
+
-+kernel_read_system_state(condor_master_tmp_t)
-+
corenet_udp_sendrecv_generic_if(condor_master_t)
corenet_udp_sendrecv_generic_node(condor_master_t)
corenet_tcp_bind_generic_node(condor_master_t)
-@@ -150,7 +158,7 @@ corenet_tcp_sendrecv_amqp_port(condor_master_t)
+@@ -150,7 +157,7 @@ corenet_tcp_sendrecv_amqp_port(condor_master_t)
domain_read_all_domains_state(condor_master_t)
@@ -13160,7 +13165,7 @@ index 3f2b672..8dee63d 100644
optional_policy(`
mta_send_mail(condor_master_t)
-@@ -169,6 +177,8 @@ allow condor_collector_t condor_master_t:udp_socket rw_socket_perms;
+@@ -169,6 +176,8 @@ allow condor_collector_t condor_master_t:udp_socket rw_socket_perms;
kernel_read_network_state(condor_collector_t)
@@ -13169,7 +13174,7 @@ index 3f2b672..8dee63d 100644
#####################################
#
# Negotiator local policy
-@@ -178,6 +188,8 @@ allow condor_negotiator_t self:capability { setuid setgid };
+@@ -178,6 +187,8 @@ allow condor_negotiator_t self:capability { setuid setgid };
allow condor_negotiator_t condor_master_t:tcp_socket rw_stream_socket_perms;
allow condor_negotiator_t condor_master_t:udp_socket getattr;
@@ -13178,7 +13183,7 @@ index 3f2b672..8dee63d 100644
######################################
#
# Procd local policy
-@@ -201,6 +213,8 @@ allow condor_schedd_t condor_master_t:udp_socket getattr;
+@@ -201,6 +212,8 @@ allow condor_schedd_t condor_master_t:udp_socket getattr;
allow condor_schedd_t condor_var_lock_t:dir manage_file_perms;
@@ -13187,7 +13192,7 @@ index 3f2b672..8dee63d 100644
domtrans_pattern(condor_schedd_t, condor_procd_exec_t, condor_procd_t)
domtrans_pattern(condor_schedd_t, condor_startd_exec_t, condor_startd_t)
-@@ -209,6 +223,8 @@ manage_files_pattern(condor_schedd_t, condor_schedd_tmp_t, condor_schedd_tmp_t)
+@@ -209,6 +222,8 @@ manage_files_pattern(condor_schedd_t, condor_schedd_tmp_t, condor_schedd_tmp_t)
relabel_files_pattern(condor_schedd_t, condor_schedd_tmp_t, condor_schedd_tmp_t)
files_tmp_filetrans(condor_schedd_t, condor_schedd_tmp_t, { file dir })
@@ -13196,7 +13201,7 @@ index 3f2b672..8dee63d 100644
#####################################
#
# Startd local policy
-@@ -233,11 +249,10 @@ domain_read_all_domains_state(condor_startd_t)
+@@ -233,11 +248,10 @@ domain_read_all_domains_state(condor_startd_t)
mcs_process_set_categories(condor_startd_t)
init_domtrans_script(condor_startd_t)
@@ -13209,7 +13214,7 @@ index 3f2b672..8dee63d 100644
optional_policy(`
ssh_basic_client_template(condor_startd, condor_startd_t, system_r)
ssh_domtrans(condor_startd_t)
-@@ -249,3 +264,7 @@ optional_policy(`
+@@ -249,3 +263,7 @@ optional_policy(`
kerberos_use(condor_startd_ssh_t)
')
')
@@ -52546,10 +52551,10 @@ index 96db654..ff3aadd 100644
+ virt_rw_svirt_dev(pcscd_t)
+')
diff --git a/pegasus.fc b/pegasus.fc
-index dfd46e4..0aaa891 100644
+index dfd46e4..6667b8a 100644
--- a/pegasus.fc
+++ b/pegasus.fc
-@@ -1,15 +1,24 @@
+@@ -1,15 +1,20 @@
-/etc/Pegasus(/.*)? gen_context(system_u:object_r:pegasus_conf_t,s0)
+
+/etc/Pegasus(/.*)? gen_context(system_u:object_r:pegasus_conf_t,s0)
@@ -52558,28 +52563,24 @@ index dfd46e4..0aaa891 100644
-/etc/rc\.d/init\.d/tog-pegasus -- gen_context(system_u:object_r:pegasus_initrc_exec_t,s0)
+/usr/sbin/cimserver -- gen_context(system_u:object_r:pegasus_exec_t,s0)
+/usr/sbin/init_repository -- gen_context(system_u:object_r:pegasus_exec_t,s0)
-+
-+/var/lib/Pegasus(/.*)? gen_context(system_u:object_r:pegasus_data_t,s0)
-+
-+/var/run/tog-pegasus(/.*)? gen_context(system_u:object_r:pegasus_var_run_t,s0)
-+
-+/usr/share/Pegasus/mof(/.*)?/.*\.mof gen_context(system_u:object_r:pegasus_mof_t,s0)
-+
-+#openlmi agents
-+/usr/libexec/pegasus/cmpiLMI_Account-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_account_exec_t,s0)
-+/usr/libexec/pegasus/cmpiLMI_LogicalFile-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_logicalfile_exec_t,s0)
-+/usr/libexec/pegasus/cmpiLMI_Networking-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_networking_exec_t,s0)
-+/usr/libexec/pegasus/pycmpiLMI_Storage-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_storage_exec_t,s0)
-+
-/usr/sbin/cimserver -- gen_context(system_u:object_r:pegasus_exec_t,s0)
-/usr/sbin/init_repository -- gen_context(system_u:object_r:pegasus_exec_t,s0)
++/var/lib/Pegasus(/.*)? gen_context(system_u:object_r:pegasus_data_t,s0)
-/var/cache/Pegasus(/.*)? gen_context(system_u:object_r:pegasus_cache_t,s0)
++/var/run/tog-pegasus(/.*)? gen_context(system_u:object_r:pegasus_var_run_t,s0)
-/var/lib/Pegasus(/.*)? gen_context(system_u:object_r:pegasus_data_t,s0)
++/usr/share/Pegasus/mof(/.*)?/.*\.mof gen_context(system_u:object_r:pegasus_mof_t,s0)
-/var/run/tog-pegasus(/.*)? gen_context(system_u:object_r:pegasus_var_run_t,s0)
++#openlmi agents
++/usr/libexec/pegasus/cmpiLMI_Account-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_account_exec_t,s0)
++/usr/libexec/pegasus/cmpiLMI_LogicalFile-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_logicalfile_exec_t,s0)
++/usr/libexec/pegasus/cmpiLMI_Networking-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_networking_exec_t,s0)
++/usr/libexec/pegasus/cmpiLMI_Service-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_service_exec_t,s0)
++/usr/libexec/pegasus/pycmpiLMI_Storage-cimprovagt -- gen_context(system_u:object_r:pegasus_openlmi_storage_exec_t,s0)
-/usr/share/Pegasus/mof(/.*)?/.*\.mof gen_context(system_u:object_r:pegasus_mof_t,s0)
diff --git a/pegasus.if b/pegasus.if
@@ -52683,7 +52684,7 @@ index d2fc677..ded726f 100644
')
+
diff --git a/pegasus.te b/pegasus.te
-index 7bcf327..193d6c3 100644
+index 7bcf327..71ab12b 100644
--- a/pegasus.te
+++ b/pegasus.te
@@ -1,17 +1,16 @@
@@ -52707,7 +52708,7 @@ index 7bcf327..193d6c3 100644
type pegasus_cache_t;
files_type(pegasus_cache_t)
-@@ -30,20 +29,176 @@ files_type(pegasus_mof_t)
+@@ -30,20 +29,196 @@ files_type(pegasus_mof_t)
type pegasus_var_run_t;
files_pid_file(pegasus_var_run_t)
@@ -52715,6 +52716,7 @@ index 7bcf327..193d6c3 100644
+pegasus_openlmi_domain_template(account)
+pegasus_openlmi_domain_template(logicalfile)
+pegasus_openlmi_domain_template(networking)
++pegasus_openlmi_domain_template(service)
+
+pegasus_openlmi_domain_template(storage)
+type pegasus_openlmi_storage_tmp_t;
@@ -52734,8 +52736,6 @@ index 7bcf327..193d6c3 100644
+list_dirs_pattern(pegasus_openlmi_domain, pegasus_data_t, pegasus_data_t)
+rw_files_pattern(pegasus_openlmi_domain, pegasus_data_t, pegasus_data_t)
+
-+kernel_read_system_state(pegasus_openlmi_domain)
-+
+corecmd_exec_bin(pegasus_openlmi_domain)
+corecmd_exec_shell(pegasus_openlmi_domain)
+
@@ -52832,6 +52832,27 @@ index 7bcf327..193d6c3 100644
+
+######################################
+#
++# pegasus openlmi service local policy
++#
++
++
++init_disable_services(pegasus_openlmi_service_t)
++init_enable_services(pegasus_openlmi_service_t)
++init_reload_services(pegasus_openlmi_service_t)
++init_exec(pegasus_openlmi_service_t)
++
++systemd_config_all_services(pegasus_openlmi_service_t)
++systemd_manage_all_unit_files(pegasus_openlmi_service_t)
++systemd_manage_all_unit_lnk_files(pegasus_openlmi_service_t)
++
++allow pegasus_openlmi_service_t self:udp_socket create_socket_perms;
++
++optional_policy(`
++ dbus_system_bus_client(pegasus_openlmi_service_t)
++')
++
++######################################
++#
+# pegasus openlmi storage local policy
+#
+
@@ -52889,7 +52910,7 @@ index 7bcf327..193d6c3 100644
allow pegasus_t pegasus_conf_t:lnk_file read_lnk_file_perms;
manage_dirs_pattern(pegasus_t, pegasus_cache_t, pegasus_cache_t)
-@@ -54,22 +209,22 @@ files_var_filetrans(pegasus_t, pegasus_cache_t, { dir file lnk_file })
+@@ -54,22 +229,22 @@ files_var_filetrans(pegasus_t, pegasus_cache_t, { dir file lnk_file })
manage_dirs_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
manage_files_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
manage_lnk_files_pattern(pegasus_t, pegasus_data_t, pegasus_data_t)
@@ -52920,7 +52941,7 @@ index 7bcf327..193d6c3 100644
kernel_read_network_state(pegasus_t)
kernel_read_kernel_sysctls(pegasus_t)
-@@ -80,27 +235,21 @@ kernel_read_net_sysctls(pegasus_t)
+@@ -80,27 +255,21 @@ kernel_read_net_sysctls(pegasus_t)
kernel_read_xen_state(pegasus_t)
kernel_write_xen_state(pegasus_t)
@@ -52953,7 +52974,7 @@ index 7bcf327..193d6c3 100644
corecmd_exec_bin(pegasus_t)
corecmd_exec_shell(pegasus_t)
-@@ -114,6 +263,7 @@ files_getattr_all_dirs(pegasus_t)
+@@ -114,6 +283,7 @@ files_getattr_all_dirs(pegasus_t)
auth_use_nsswitch(pegasus_t)
auth_domtrans_chk_passwd(pegasus_t)
@@ -52961,7 +52982,7 @@ index 7bcf327..193d6c3 100644
domain_use_interactive_fds(pegasus_t)
domain_read_all_domains_state(pegasus_t)
-@@ -128,18 +278,25 @@ init_stream_connect_script(pegasus_t)
+@@ -128,18 +298,25 @@ init_stream_connect_script(pegasus_t)
logging_send_audit_msgs(pegasus_t)
logging_send_syslog_msg(pegasus_t)
@@ -52979,21 +53000,21 @@ index 7bcf327..193d6c3 100644
- dbus_connect_system_bus(pegasus_t)
+ dbus_system_bus_client(pegasus_t)
+ dbus_connect_system_bus(pegasus_t)
-
-- optional_policy(`
-- networkmanager_dbus_chat(pegasus_t)
-- ')
++
+ optional_policy(`
+ networkmanager_dbus_chat(pegasus_t)
+ ')
+')
-+
+
+- optional_policy(`
+- networkmanager_dbus_chat(pegasus_t)
+- ')
+optional_policy(`
+ rhcs_stream_connect_cluster(pegasus_t)
')
optional_policy(`
-@@ -151,16 +308,24 @@ optional_policy(`
+@@ -151,16 +328,24 @@ optional_policy(`
')
optional_policy(`
@@ -53022,7 +53043,7 @@ index 7bcf327..193d6c3 100644
')
optional_policy(`
-@@ -168,7 +333,7 @@ optional_policy(`
+@@ -168,7 +353,7 @@ optional_policy(`
')
optional_policy(`
More information about the scm-commits
mailing list