trunk: Logrotate and Bind updates from Vaclav Ovsik.

2008-09-03 14:12:56 +00:00 · 2008-09-03 14:12:56 +00:00 · e40fa634b2
parent 6cc3f35635
commit e40fa634b2
6 changed files with 29 additions and 3 deletions
--- a/1
+++ b/1
@ -1,3 +1,4 @@
+- Logrotate and Bind updates from Vaclav Ovsik.
 - Init script file and domain support.
 - Glibc 2.7 fix from Vaclav Ovsik.
 - Samba/winbind update from Mike Edenfield.
--- a/policy/modules/admin/logrotate.te
+++ b/policy/modules/admin/logrotate.te
@ -1,5 +1,5 @@

-policy_module(logrotate, 1.9.1)
+policy_module(logrotate, 1.9.2)

 ########################################
 #
@ -133,6 +133,9 @@ ifdef(`distro_debian', `

 	# for syslogd-listfiles
 	logging_read_syslog_config(logrotate_t)
+
+        # for "test -x /sbin/syslogd"
+	logging_check_exec_syslog(logrotate_t)
 ')

 optional_policy(`
--- a/policy/modules/services/bind.fc
+++ b/policy/modules/services/bind.fc
@ -15,6 +15,8 @@
 ifdef(`distro_debian',`
 /etc/bind(/.*)?			gen_context(system_u:object_r:named_zone_t,s0)
 /etc/bind/named\.conf	--	gen_context(system_u:object_r:named_conf_t,s0)
+/etc/bind/named\.conf\.local --	gen_context(system_u:object_r:named_conf_t,s0)
+/etc/bind/named\.conf\.options -- gen_context(system_u:object_r:named_conf_t,s0)
 /etc/bind/rndc\.key	--	gen_context(system_u:object_r:dnssec_t,s0)
 /var/cache/bind(/.*)?		gen_context(system_u:object_r:named_cache_t,s0)
 ')
--- a/policy/modules/services/bind.te
+++ b/policy/modules/services/bind.te
@ -1,5 +1,5 @@

-policy_module(bind, 1.7.0)
+policy_module(bind, 1.7.1)

 ########################################
 #
--- a/policy/modules/system/logging.if
+++ b/policy/modules/system/logging.if
@ -366,6 +366,26 @@ interface(`logging_domtrans_klog',`
 	domtrans_pattern($1,klogd_exec_t,klogd_t)
 ')

+########################################
+## <summary>
+##	Check if syslogd is executable.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`logging_check_exec_syslog',`
+	gen_require(`
+		syslogd_exec_t;
+	')
+
+	corecmd_list_bin($1)
+	corecmd_read_bin_symlinks($1)
+	allow $1 syslogd_exec_t:file execute;
+')
+
 ########################################
 ## <summary>
 ##	Execute syslogd in the syslog domain.
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@ -1,5 +1,5 @@

-policy_module(logging, 1.11.2)
+policy_module(logging, 1.11.3)

 ########################################
 #