[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Updates to dcc [patch]



The attached patch updates the (unused) dcc policy to work with the
changes in the FC strict/1.23.10-2 policy.  It also makes a couple of
tweaks to the policy

David

Index: domains/program/unused/dcc.te
===================================================================
RCS file: /home/cvs/starfury/etc/selinux/strict/src/policy/domains/program/unused/dcc.te,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 dcc.te
--- domains/program/unused/dcc.te	6 Apr 2005 22:35:54 -0000	1.1.1.1
+++ domains/program/unused/dcc.te	13 Apr 2005 21:33:36 -0000
@@ -53,6 +53,8 @@
 dontaudit $1_t root_t:file read;
 ')
 
+allow initrc_t dcc_var_run_t:dir rw_dir_perms;
+
 
 ##########
 ##########
@@ -66,7 +68,6 @@
 # Runs the dbclean program
 allow dccd_t bin_t:dir search;
 domain_auto_trans(dccd_t, dcc_dbclean_exec_t, dcc_dbclean_t)
-#can_exec(dccd_t, dcc_dbclean_t)
 
 # The daemon needs to listen on the dcc ports
 allow dccd_t dcc_port_t:udp_socket name_bind;
@@ -124,6 +125,9 @@
 type dccifd_sock_t, file_type, sysadmfile;
 file_type_auto_trans(dccifd_t, dcc_var_t, dccifd_sock_t, sock_file)
 
+# Reading /proc/meminfo
+allow dccifd_t proc_t:file { getattr read };
+
 
 #
 # dccm  - sendmail milter client
@@ -170,6 +174,7 @@
 # dbclean - database cleanup tool
 #
 application_domain(dcc_dbclean, `, nscd_client_domain')
+role system_r types dcc_dbclean_t;
 dcc_common(dcc_dbclean)
 
 # Updating various files.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]