fix typos and import some rules from NSA cvs to make targeted policy work

2005-07-20 14:25:24 +00:00 · 2005-07-20 14:25:24 +00:00 · 689f6ddb35
parent 474f43d13d
commit 689f6ddb35
5 changed files with 26 additions and 3 deletions
--- a/refpolicy/policy/modules/services/nscd.if
+++ b/refpolicy/policy/modules/services/nscd.if
@ -95,6 +95,26 @@ interface(`nscd_use_shared_mem',`
 	dontaudit $1 nscd_var_run_t:file { getattr read };
 ')

+########################################
+## <summary>
+##	Read NSCD pid file.
+## </summary>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+interface(`nscd_read_pid',`
+	gen_require(`
+		type nscd_var_run_t;
+		class dir search;
+		class file { getattr read };
+	')
+
+	files_search_pids($1)
+	allow $1 nscd_var_run_t:dir search;
+	allow $1 nscd_var_run_t:file { getattr read };
+')
+
 ########################################
 ## <summary>
 ##	Unconfined access to NSCD services.
--- a/refpolicy/policy/modules/services/nscd.te
+++ b/refpolicy/policy/modules/services/nscd.te
@ -37,7 +37,7 @@ allow nscd_t self:nscd { admin getstat };

 allow nscd_t nscd_var_run_t:file create_file_perms;
 allow nscd_t nscd_var_run_t:sock_file create_file_perms;
-files_create_pid(nscd_t,nscd_var_run_t,{ file sock_file})
+files_create_pid(nscd_t,nscd_var_run_t,{ file sock_file })

 kernel_read_kernel_sysctl(nscd_t)
 kernel_list_proc(nscd_t)
--- a/refpolicy/policy/modules/system/authlogin.te
+++ b/refpolicy/policy/modules/system/authlogin.te
@ -181,6 +181,8 @@ domain_use_wide_inherit_fd(pam_console_t)
 files_read_etc_files(pam_console_t)
 files_search_pids(pam_console_t)
 files_list_mnt(pam_console_t)
+# read /etc/mtab
+files_read_etc_runtime_files(pam_console_t)

 init_use_fd(pam_console_t)
 init_use_script_pty(pam_console_t)
--- a/refpolicy/policy/modules/system/modutils.te
+++ b/refpolicy/policy/modules/system/modutils.te
@ -107,7 +107,7 @@ ifdef(`hide_broken_symptoms',`
 	dev_dontaudit_rw_cardmgr(insmod_t)
 ')

-ifdef(`tunable_policy',`
+ifdef(`targeted_policy',`
 	unconfined_domain_template(insmod_t)
 ')

--- a/refpolicy/policy/modules/system/sysnetwork.te
+++ b/refpolicy/policy/modules/system/sysnetwork.te
@ -56,7 +56,7 @@ allow dhcpc_t dhcp_etc_t:dir r_dir_perms;
 allow dhcpc_t dhcp_etc_t:lnk_file r_file_perms;
 allow dhcpc_t dhcp_etc_t:file { r_file_perms execute execute_no_trans };

-allow dhcpc_t dhcpc_state_t:dir rw_dir_perms;
+allow dhcpc_t dhcp_state_t:dir rw_dir_perms;
 allow dhcpc_t dhcpc_state_t:file create_file_perms;
 type_transition dhcpc_t dhcp_state_t:file dhcpc_state_t;

@ -181,6 +181,7 @@ optional_policy(`nis.te',`

 optional_policy(`nscd.te',`
 	nscd_domtrans(dhcpc_t)
+	nscd_read_pid(dhcpc_t)
 ')

 optional_policy(`ntpd.te',`