uucp patch from Dan Walsh

"Executes ssh to setup connection"
This commit is contained in:
Jeremy Solt 2010-11-12 11:33:22 -05:00 committed by Chris PeBenito
parent 00ea7bbb84
commit e7d6384c07
2 changed files with 27 additions and 4 deletions

View File

@ -1,5 +1,24 @@
## <summary>Unix to Unix Copy</summary>
########################################
## <summary>
## Execute the uucico program in the
## uucpd_t domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`uucp_domtrans',`
gen_require(`
type uucpd_t, uucpd_exec_t;
')
domtrans_pattern($1, uucpd_exec_t, uucpd_t)
')
########################################
## <summary>
## Allow the specified domain to append
@ -80,7 +99,7 @@ interface(`uucp_admin',`
type uucpd_var_run_t;
')
allow $1 uucpd_t:process { ptrace signal_perms getattr };
allow $1 uucpd_t:process { ptrace signal_perms };
ps_process_pattern($1, uucpd_t)
logging_list_logs($1)

View File

@ -7,7 +7,6 @@ policy_module(uucp, 1.11.0)
type uucpd_t;
type uucpd_exec_t;
inetd_tcp_service_domain(uucpd_t, uucpd_exec_t)
role system_r types uucpd_t;
type uucpd_lock_t;
files_lock_file(uucpd_lock_t)
@ -83,6 +82,7 @@ corenet_tcp_sendrecv_generic_node(uucpd_t)
corenet_udp_sendrecv_generic_node(uucpd_t)
corenet_tcp_sendrecv_all_ports(uucpd_t)
corenet_udp_sendrecv_all_ports(uucpd_t)
corenet_tcp_connect_ssh_port(uucpd_t)
dev_read_urand(uucpd_t)
@ -113,13 +113,17 @@ optional_policy(`
kerberos_use(uucpd_t)
')
optional_policy(`
ssh_exec(uucpd_t)
')
########################################
#
# UUX Local policy
#
allow uux_t self:capability { setuid setgid };
allow uux_t self:fifo_file write_file_perms;
allow uux_t self:fifo_file write_fifo_file_perms;
uucp_append_log(uux_t)
uucp_manage_spool(uux_t)