Kerberos patch from Dan Walsh.

2009-12-18 10:40:53 -05:00 · 2009-12-18 10:40:53 -05:00 · e1b8b54739
parent 7d05af77c3
commit e1b8b54739
1 changed files with 14 additions and 1 deletions
--- a/policy/modules/services/kerberos.te
+++ b/policy/modules/services/kerberos.te
@ -1,5 +1,5 @@

-policy_module(kerberos, 1.10.0)
+policy_module(kerberos, 1.10.1)

 ########################################
 #
@ -277,6 +277,8 @@ optional_policy(`
 #

 allow kpropd_t self:capability net_bind_service;
+allow kpropd_t self:process setfscreate;
+
 allow kpropd_t self:fifo_file rw_file_perms;
 allow kpropd_t self:unix_stream_socket create_stream_socket_perms;
 allow kpropd_t self:tcp_socket create_stream_socket_perms;
@ -285,10 +287,17 @@ allow kpropd_t krb5_host_rcache_t:file rw_file_perms;

 allow kpropd_t krb5_keytab_t:file read_file_perms;

+read_files_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_conf_t)
+
 manage_files_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_lock_t)
+filetrans_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_lock_t, file)

 manage_files_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_principal_t)

+manage_dirs_pattern(kpropd_t, krb5kdc_tmp_t, krb5kdc_tmp_t)
+manage_files_pattern(kpropd_t, krb5kdc_tmp_t, krb5kdc_tmp_t)
+files_tmp_filetrans(kpropd_t, krb5kdc_tmp_t, { file dir })
+
 corecmd_exec_bin(kpropd_t)

 corenet_all_recvfrom_unlabeled(kpropd_t)
@ -303,10 +312,14 @@ dev_read_urand(kpropd_t)
 files_read_etc_files(kpropd_t)
 files_search_tmp(kpropd_t)

+selinux_validate_context(kpropd_t)
+
 logging_send_syslog_msg(kpropd_t)

 miscfiles_read_localization(kpropd_t)

+seutil_read_file_contexts(kpropd_t)
+
 sysnet_dns_name_resolve(kpropd_t)

 kerberos_use(kpropd_t)